Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/IE2X1AkvAAlB7NHpvC4AB25sUdA.roa
File: IE2X1AkvAAlB7NHpvC4AB25sUdA.roa (raw, json)
Hash identifier: hp4BxClbnyBBSGRr4BDQhyGkwxeN9dDOKFVaFWrhMl8=
Subject key identifier: 20:4D:97:D4:09:2F:00:09:41:EC:D1:E9:BC:2E:00:07:6E:6C:51:D0
Certificate issuer: /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial: 05138764
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/IE2X1AkvAAlB7NHpvC4AB25sUdA.roa
Signing time: Fri 01 Jul 2022 05:36:04 +0000
ROA not before: Fri 01 Jul 2022 05:36:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 198414
IP address blocks: 185.25.148.0/22 maxlen: 24
185.5.96.0/22 maxlen: 24
193.17.184.0/24 maxlen: 24
91.234.146.0/24 maxlen: 24
91.239.66.0/23 maxlen: 24
91.228.196.0/22 maxlen: 24
185.180.204.0/22 maxlen: 24
185.201.112.0/22 maxlen: 24
185.193.112.0/22 maxlen: 22
91.237.52.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 85165924 (0x5138764)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
Validity
Not Before: Jul 1 05:36:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=204d97d4092f000941ecd1e9bc2e00076e6c51d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:43:69:e1:b6:cf:a9:e3:9e:ec:62:06:2b:03:
aa:11:a4:4d:6e:bb:6d:20:74:22:c0:f6:85:c6:50:
fa:f0:64:d4:98:16:b7:5c:8c:6a:0e:22:9d:08:aa:
a4:c1:5e:4f:76:09:aa:93:48:3b:83:1f:c5:00:07:
3a:9f:14:6f:74:3f:07:b0:6a:6f:a0:e3:77:8e:f9:
3e:69:65:82:85:f4:d4:1e:da:85:31:dd:12:e6:e5:
79:0f:bb:ce:3f:57:fa:41:87:be:e9:b3:02:d3:ab:
9e:13:d0:2c:0a:a4:b1:1e:7d:3e:0b:73:f3:9a:86:
3b:4a:af:f4:5f:5d:d6:78:96:10:bd:14:1b:f4:31:
61:e1:c5:6d:d5:6e:1b:b6:94:a9:9d:ed:c6:86:1d:
02:57:c9:af:71:ec:4d:3a:04:51:9c:a9:3b:52:f9:
46:02:ce:03:34:f3:5f:07:3b:08:72:4b:b7:21:d4:
72:58:31:4f:b9:7c:38:80:b6:f2:13:ac:3e:e2:25:
16:d2:d0:27:f6:52:c1:2f:c8:bc:f3:6f:e4:50:2c:
f0:e7:7c:ed:a8:5a:b5:b0:ea:82:cf:7a:5e:d3:79:
9d:ab:4a:2f:1c:a4:ee:e3:ad:24:16:f7:c4:58:00:
ef:7c:e0:cc:a4:3c:b6:9d:d3:2a:97:82:76:db:29:
1f:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:4D:97:D4:09:2F:00:09:41:EC:D1:E9:BC:2E:00:07:6E:6C:51:D0
X509v3 Authority Key Identifier:
keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/IE2X1AkvAAlB7NHpvC4AB25sUdA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.228.196.0/22
91.234.146.0/24
91.237.52.0/24
91.239.66.0/23
185.5.96.0/22
185.25.148.0/22
185.180.204.0/22
185.193.112.0/22
185.201.112.0/22
193.17.184.0/24
Signature Algorithm: sha256WithRSAEncryption
a6:de:63:31:a4:82:df:34:59:ed:9c:56:e1:1f:a8:40:8d:04:
f5:93:54:cd:65:a0:a6:51:ce:eb:5d:a8:8b:8c:73:a4:37:83:
0c:6f:f0:a3:9e:0f:b4:cf:59:aa:60:5f:c3:80:cc:1d:af:1b:
0f:d3:99:b1:69:69:6f:41:72:db:a0:04:46:ec:0c:b6:55:ce:
6c:c7:51:bb:4e:9e:f4:52:2f:70:f9:b0:33:06:66:e5:51:e6:
79:da:cb:5f:6b:f3:6e:58:fb:42:8e:91:e5:9f:a9:6f:4e:38:
86:10:46:67:d2:e7:31:99:4b:6d:56:66:78:0f:b4:72:85:ba:
c9:15:49:88:29:57:a0:f3:36:fa:73:97:03:13:eb:19:b0:88:
d9:13:b5:ae:eb:ac:ed:15:35:0b:32:df:b8:44:43:3e:65:80:
cb:0f:04:f3:c5:ce:fc:f4:df:7b:64:ef:a4:40:70:6c:a8:6b:
0c:b5:f5:6a:65:6e:d0:c8:7e:47:0d:c5:ac:63:ba:48:16:1c:
fb:25:e7:dc:08:41:f9:00:01:ec:7d:c4:bb:18:01:94:2c:99:
3b:de:2f:63:d1:cd:bb:11:f3:e2:bf:fb:15:e6:ea:a8:09:9b:
7d:07:72:79:d7:19:ea:1d:bc:d6:b6:0e:62:49:41:1b:73:c7:
5a:14:cb:b1
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEBROHZDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NmE1YWE5MThjYmZlYjNlMTI5OTdmMzM4OTBmZWIyNTg5MDdiMzQzMB4XDTIyMDcw
MTA1MzYwNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjA0ZDk3ZDQwOTJm
MDAwOTQxZWNkMWU5YmMyZTAwMDc2ZTZjNTFkMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK5DaeG2z6njnuxiBisDqhGkTW67bSB0IsD2hcZQ+vBk1JgW
t1yMag4inQiqpMFeT3YJqpNIO4MfxQAHOp8Ub3Q/B7Bqb6Djd475PmllgoX01B7a
hTHdEubleQ+7zj9X+kGHvumzAtOrnhPQLAqksR59Pgtz85qGO0qv9F9d1niWEL0U
G/QxYeHFbdVuG7aUqZ3txoYdAlfJr3HsTToEUZypO1L5RgLOAzTzXwc7CHJLtyHU
clgxT7l8OIC28hOsPuIlFtLQJ/ZSwS/IvPNv5FAs8Od87ahatbDqgs96XtN5natK
Lxyk7uOtJBb3xFgA73zgzKQ8tp3TKpeCdtspHwsCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBQgTZfUCS8ACUHs0em8LgAHbmxR0DAfBgNVHSMEGDAWgBQmpaqRjL/rPhKZ
fzOJD+sliQezQzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0pxV3FrWXlfNno0U21YOHppUV9ySllrSHMwTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWQvMTQzM2VhLTEwODAtNDZlNS1iNjEyLTI5N2UyODJkNjZhOC8x
L0lFMlgxQWt2QUFsQjdOSHB2QzRBQjI1c1VkQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQv
MTQzM2VhLTEwODAtNDZlNS1iNjEyLTI5N2UyODJkNjZhOC8xL0pxV3FrWXlfNno0
U21YOHppUV9ySllrSHMwTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAlvkxAMEAFvqkgMEAFvtNAMEAVvv
QgMEArkFYAMEArkZlAMEArm0zAMEArnBcAMEArnJcAMEAMERuDANBgkqhkiG9w0B
AQsFAAOCAQEApt5jMaSC3zRZ7ZxW4R+oQI0E9ZNUzWWgplHO612oi4xzpDeDDG/w
o54PtM9ZqmBfw4DMHa8bD9OZsWlpb0Fy26AERuwMtlXObMdRu06e9FIvcPmwMwZm
5VHmedrLX2vzblj7Qo6R5Z+pb044hhBGZ9LnMZlLbVZmeA+0coW6yRVJiClXoPM2
+nOXAxPrGbCI2RO1ruus7RU1CzLfuERDPmWAyw8E88XO/PTfe2TvpEBwbKhrDLX1
amVu0Mh+Rw3FrGO6SBYc+yXn3AhB+QAB7H3EuxgBlCyZO94vY9HNuxHz4r/7Febq
qAmbfQdyedcZ6h281rYOYklBG3PHWhTLsQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:12:10 2024 by rpki-client on console-ams.rpki-client.org