Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/rgkHV34HjCnYh35w4efGTXilOyc.roa
File: rgkHV34HjCnYh35w4efGTXilOyc.roa (raw, json)
Hash identifier: BDzmaZvrqjJ4Q4cEAht56z/g2BgIgaxcfjF/d8B7ZkU=
Subject key identifier: AE:09:07:57:7E:07:8C:29:D8:87:7E:70:E1:E7:C6:4D:78:A5:3B:27
Certificate issuer: /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial: 01843BAA20A29804E25E458CB9F54A08C359
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/rgkHV34HjCnYh35w4efGTXilOyc.roa
Signing time: Thu 03 Nov 2022 04:05:15 +0000
ROA not before: Thu 03 Nov 2022 04:05:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 188.191.98.0/24 maxlen: 24
188.191.96.0/24 maxlen: 24
188.191.97.0/24 maxlen: 24
188.191.102.0/24 maxlen: 24
188.191.103.0/24 maxlen: 24
188.191.100.0/24 maxlen: 24
188.191.101.0/24 maxlen: 24
188.191.109.0/24 maxlen: 24
188.191.110.0/24 maxlen: 24
188.191.108.0/24 maxlen: 24
91.225.226.0/24 maxlen: 24
91.225.225.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:3b:aa:20:a2:98:04:e2:5e:45:8c:b9:f5:4a:08:c3:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Validity
Not Before: Nov 3 04:05:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ae0907577e078c29d8877e70e1e7c64d78a53b27
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:60:aa:1f:ac:15:e6:46:71:38:51:72:92:d8:
09:45:7b:0b:e5:a0:17:51:81:9b:4e:b1:a3:31:0e:
48:f8:be:70:93:c4:6d:f1:a5:ef:19:6f:23:7c:bb:
3e:75:ab:3f:69:db:c0:13:14:ed:e7:16:ca:ec:72:
c5:99:77:51:65:f4:23:27:a7:78:46:7d:e5:11:aa:
4f:8b:aa:02:8a:6e:be:5a:3e:01:55:da:b0:40:dc:
69:30:94:87:c8:5c:29:48:ab:4d:ca:8e:37:15:27:
ba:1c:28:09:00:a3:4b:7e:34:59:82:fb:7e:96:4a:
df:a1:48:c7:71:a6:19:d7:0e:cf:c8:d1:ee:12:3f:
75:31:ee:97:b2:0f:76:f9:ae:dd:5e:97:1a:cc:8e:
6f:c6:b1:89:dc:6d:4a:3c:57:ff:2d:ae:3f:31:d5:
63:92:c2:b9:22:aa:1a:95:19:24:51:38:a4:6d:d1:
f6:90:4f:37:82:4b:4d:3e:5b:9d:e2:86:17:0e:1a:
0d:ae:6a:cf:b4:c9:b2:12:8c:e6:89:fa:d7:c1:58:
cf:fa:b6:c7:90:09:8e:b9:8e:9d:23:8c:fb:bd:0b:
dd:1f:24:fa:36:45:f6:ca:72:35:cf:57:45:01:9a:
cb:24:76:cf:e9:ec:3e:e1:67:04:a7:1c:db:a4:f2:
76:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:09:07:57:7E:07:8C:29:D8:87:7E:70:E1:E7:C6:4D:78:A5:3B:27
X509v3 Authority Key Identifier:
keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/rgkHV34HjCnYh35w4efGTXilOyc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.225.225.0-91.225.226.255
188.191.96.0-188.191.98.255
188.191.100.0/22
188.191.108.0-188.191.110.255
Signature Algorithm: sha256WithRSAEncryption
14:d2:39:e2:51:9b:cb:28:af:75:19:57:c1:d1:3a:a7:d5:9e:
11:e3:63:8d:f4:ff:3f:24:6a:be:e8:a8:41:5c:27:b0:56:eb:
df:79:69:24:82:6a:64:4c:8c:3e:70:95:6e:b2:22:14:ab:67:
4c:63:e4:ab:5b:26:f7:69:60:f6:85:db:c4:2f:0b:10:a1:d7:
54:d4:4f:bd:bd:3b:a5:bf:3f:11:d6:63:60:8b:1d:e1:78:7b:
8c:d2:cc:be:3c:4f:5c:28:56:5a:4e:15:a4:23:ba:e2:d4:2b:
dd:5f:ee:16:49:69:de:85:94:10:57:f7:35:0c:bd:a2:7e:63:
61:42:fa:0f:af:0c:3a:d3:5f:9d:c0:cd:a8:11:da:0b:2d:02:
76:d4:87:90:93:e1:ac:77:ba:c0:ec:f5:5c:30:f1:d0:32:59:
ff:da:81:b2:c5:93:dd:bf:58:9d:f3:da:f2:a6:90:08:7c:38:
cd:15:6c:fc:3b:7a:fe:e3:04:fc:02:90:97:ff:25:00:64:3c:
34:f3:f7:7d:69:72:a9:8e:c5:09:9b:bd:c4:eb:9f:23:b3:9a:
2c:e1:be:44:17:fe:9d:06:93:5a:83:23:94:13:6b:61:8c:89:
93:1c:db:fc:35:29:f2:4a:83:3c:e2:43:35:85:dc:95:4b:13:
32:c2:8c:3e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYQ7qiCimATiXkWMufVKCMNZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjIxMTAzMDQwNTE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTA5MDc1NzdlMDc4YzI5ZDg4NzdlNzBlMWU3YzY0ZDc4YTUzYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2CqH6wV5kZxOFFyktgJRXsL5aAX
UYGbTrGjMQ5I+L5wk8Rt8aXvGW8jfLs+das/advAExTt5xbK7HLFmXdRZfQjJ6d4
Rn3lEapPi6oCim6+Wj4BVdqwQNxpMJSHyFwpSKtNyo43FSe6HCgJAKNLfjRZgvt+
lkrfoUjHcaYZ1w7PyNHuEj91Me6Xsg92+a7dXpcazI5vxrGJ3G1KPFf/La4/MdVj
ksK5IqoalRkkUTikbdH2kE83gktNPlud4oYXDhoNrmrPtMmyEozmifrXwVjP+rbH
kAmOuY6dI4z7vQvdHyT6NkX2ynI1z1dFAZrLJHbP6ew+4WcEpxzbpPJ2swIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFK4JB1d+B4wp2Id+cOHnxk14pTsnMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvcmdrSFYzNEhqQ25ZaDM1dzRlZkdUWGlsT3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwMAwDBABb4eED
BABb4eIwDAMEBby/YAMEALy/YgMEAry/ZDAMAwQCvL9sAwQAvL9uMA0GCSqGSIb3
DQEBCwUAA4IBAQAU0jniUZvLKK91GVfB0Tqn1Z4R42ON9P8/JGq+6KhBXCewVuvf
eWkkgmpkTIw+cJVusiIUq2dMY+SrWyb3aWD2hdvELwsQoddU1E+9vTulvz8R1mNg
ix3heHuM0sy+PE9cKFZaThWkI7ri1CvdX+4WSWnehZQQV/c1DL2ifmNhQvoPrww6
01+dwM2oEdoLLQJ21IeQk+Gsd7rA7PVcMPHQMln/2oGyxZPdv1id89ryppAIfDjN
FWz8O3r+4wT8ApCX/yUAZDw08/d9aXKpjsUJm73E658js5os4b5EF/6dBpNagyOU
E2thjImTHNv8NSnySoM84kM1hdyVSxMywow+
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:31:06 2024 by rpki-client on console-fra.rpki-client.org