Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jn9eYWm-u1N37Z9xqyJYrDqMnf4.roa
File: jn9eYWm-u1N37Z9xqyJYrDqMnf4.roa (raw, json)
Hash identifier: nPMgYXCmnZm/GRPYTe3Ra0Rp3A0OUUCFgWw4DMSHohA=
Subject key identifier: 8E:7F:5E:61:69:BE:BB:53:77:ED:9F:71:AB:22:58:AC:3A:8C:9D:FE
Certificate issuer: /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial: 018417E222592686EC5F9C0E04309F9DA008
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jn9eYWm-u1N37Z9xqyJYrDqMnf4.roa
Signing time: Thu 27 Oct 2022 05:20:06 +0000
ROA not before: Thu 27 Oct 2022 05:20:06 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 188.191.98.0/24 maxlen: 24
188.191.96.0/24 maxlen: 24
188.191.103.0/24 maxlen: 24
188.191.100.0/24 maxlen: 24
188.191.101.0/24 maxlen: 24
188.191.109.0/24 maxlen: 24
188.191.110.0/24 maxlen: 24
91.225.226.0/24 maxlen: 24
91.225.225.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:17:e2:22:59:26:86:ec:5f:9c:0e:04:30:9f:9d:a0:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Validity
Not Before: Oct 27 05:20:06 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8e7f5e6169bebb5377ed9f71ab2258ac3a8c9dfe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:be:c5:69:b8:72:0f:5d:c1:05:64:d0:6c:41:
ee:0f:36:ef:70:c8:5b:21:19:79:cd:50:fb:0f:ee:
65:b1:66:b7:66:10:7a:08:b2:eb:cd:35:7b:a9:28:
f2:b2:ac:8d:01:5d:84:45:2f:3b:4e:71:0d:50:e1:
d4:3d:39:dd:00:a5:a1:3e:3b:06:50:fd:9b:cf:d9:
6e:22:86:31:de:17:b6:fa:d6:35:2f:b5:19:9d:a3:
a1:0d:58:68:1c:4b:bf:18:f5:63:95:b0:da:58:eb:
dd:af:17:be:2d:45:64:aa:36:62:0e:6b:62:a0:4a:
68:05:13:3a:f7:32:ae:7a:09:92:09:55:24:ee:de:
2d:3a:29:2c:c6:d6:31:d9:a3:da:44:c6:00:03:b7:
8a:36:bd:8f:6b:de:f3:67:19:fa:cf:69:59:4c:4e:
71:fb:d9:90:e9:bb:29:3f:42:9f:d7:3f:9e:9c:17:
e9:4c:63:c2:2e:8c:17:d7:75:ba:bb:9d:1d:8b:68:
01:1f:87:82:0a:52:c3:c5:af:d1:d5:22:30:4c:d2:
24:fc:f9:11:1a:64:3b:cb:6e:c1:ac:14:5d:7e:ee:
03:08:a3:a8:8e:78:1e:eb:12:32:25:3c:37:ca:d6:
d8:0b:e1:f4:69:b0:03:92:fe:6c:13:42:20:50:b0:
2c:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:7F:5E:61:69:BE:BB:53:77:ED:9F:71:AB:22:58:AC:3A:8C:9D:FE
X509v3 Authority Key Identifier:
keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jn9eYWm-u1N37Z9xqyJYrDqMnf4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.225.225.0-91.225.226.255
188.191.96.0/24
188.191.98.0/24
188.191.100.0/23
188.191.103.0/24
188.191.109.0-188.191.110.255
Signature Algorithm: sha256WithRSAEncryption
40:fa:c4:47:0e:a3:f5:82:13:8d:21:d3:e0:5d:da:a5:b6:7e:
f3:ad:03:fa:73:8d:81:59:f6:9d:aa:d8:7e:19:cb:4c:74:28:
9d:2b:39:4d:ad:c6:ff:cc:0b:7a:7b:27:ae:a3:71:2d:40:19:
42:68:58:5c:2e:bc:25:41:7e:cf:74:f4:d9:be:88:50:bd:4c:
69:6a:0a:e0:a0:b5:8b:aa:7e:82:dc:e4:36:ff:ae:fb:75:3d:
ba:18:fd:80:a0:0f:c0:8e:08:06:09:93:e0:0d:c2:c0:ee:55:
15:24:c7:1d:33:42:39:81:3a:43:e1:23:e5:fd:69:4e:39:57:
44:32:69:f3:e7:27:8a:01:e0:f3:27:17:c6:7f:2e:95:f6:a6:
08:d6:33:6e:25:d4:d9:41:40:87:76:38:b3:18:ad:b0:01:83:
d4:6d:01:e3:8e:18:b8:15:f7:c1:f2:dc:8f:98:c3:07:b6:f5:
48:fa:b8:42:68:9f:fa:e1:0a:dd:9a:6d:b8:52:9c:32:c9:a5:
37:d5:7a:4b:34:01:f3:f0:2f:23:ab:64:ff:9b:10:e8:d6:76:
ce:3e:b9:e5:46:51:6e:8a:6f:db:bc:f5:e6:03:d2:b7:26:95:
db:ab:e9:dc:bb:b3:5e:eb:fc:c3:94:80:77:48:04:96:33:17:
8b:e0:47:cb
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYQX4iJZJobsX5wOBDCfnaAIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjIxMDI3MDUyMDA2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTdmNWU2MTY5YmViYjUzNzdlZDlmNzFhYjIyNThhYzNhOGM5ZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL7FabhyD13BBWTQbEHuDzbvcMhb
IRl5zVD7D+5lsWa3ZhB6CLLrzTV7qSjysqyNAV2ERS87TnENUOHUPTndAKWhPjsG
UP2bz9luIoYx3he2+tY1L7UZnaOhDVhoHEu/GPVjlbDaWOvdrxe+LUVkqjZiDmti
oEpoBRM69zKuegmSCVUk7t4tOiksxtYx2aPaRMYAA7eKNr2Pa97zZxn6z2lZTE5x
+9mQ6bspP0Kf1z+enBfpTGPCLowX13W6u50di2gBH4eCClLDxa/R1SIwTNIk/PkR
GmQ7y27BrBRdfu4DCKOojnge6xIyJTw3ytbYC+H0abADkv5sE0IgULAscwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFI5/XmFpvrtTd+2fcasiWKw6jJ3+MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvam45ZVlXbS11MU4zN1o5eHF5SllyRHFNbmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0MAwDBABb4eED
BABb4eIDBAC8v2ADBAC8v2IDBAG8v2QDBAC8v2cwDAMEALy/bQMEALy/bjANBgkq
hkiG9w0BAQsFAAOCAQEAQPrERw6j9YITjSHT4F3apbZ+860D+nONgVn2narYfhnL
THQonSs5Ta3G/8wLensnrqNxLUAZQmhYXC68JUF+z3T02b6IUL1MaWoK4KC1i6p+
gtzkNv+u+3U9uhj9gKAPwI4IBgmT4A3CwO5VFSTHHTNCOYE6Q+Ej5f1pTjlXRDJp
8+cnigHg8ycXxn8ulfamCNYzbiXU2UFAh3Y4sxitsAGD1G0B444YuBX3wfLcj5jD
B7b1SPq4Qmif+uEK3ZptuFKcMsmlN9V6SzQB8/AvI6tk/5sQ6NZ2zj655UZRbopv
27z15gPStyaV26vp3LuzXuv8w5SAd0gEljMXi+BHyw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:39 2023 by rpki-client on console-ams.rpki-client.org