Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/tiWKiiTb7AVjK5e9OYPWfDPm2U0.roa
File: tiWKiiTb7AVjK5e9OYPWfDPm2U0.roa (raw, json)
Hash identifier: UvkA+LrBYMDDAvn6oMGMJe8WbAc0PZ+n/x4IwTV7xL4=
Subject key identifier: B6:25:8A:8A:24:DB:EC:05:63:2B:97:BD:39:83:D6:7C:33:E6:D9:4D
Certificate issuer: /CN=e0d435784da8c218e0ff107cdcfe24ca4569c949
Certificate serial: 018571955441DC333B72542E659DAA150951
Authority key identifier: E0:D4:35:78:4D:A8:C2:18:E0:FF:10:7C:DC:FE:24:CA:45:69:C9:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/4NQ1eE2owhjg_xB83P4kykVpyUk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/tiWKiiTb7AVjK5e9OYPWfDPm2U0.roa
Signing time: Mon 02 Jan 2023 08:24:49 +0000
ROA not before: Mon 02 Jan 2023 08:24:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202463
IP address blocks: 185.73.236.0/24 maxlen: 24
185.73.238.0/24 maxlen: 24
185.73.237.0/24 maxlen: 24
87.243.69.0/24 maxlen: 24
87.243.71.0/24 maxlen: 24
87.243.77.0/24 maxlen: 24
87.243.79.0/24 maxlen: 24
185.49.88.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:54:41:dc:33:3b:72:54:2e:65:9d:aa:15:09:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e0d435784da8c218e0ff107cdcfe24ca4569c949
Validity
Not Before: Jan 2 08:24:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b6258a8a24dbec05632b97bd3983d67c33e6d94d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:f1:d9:c1:50:87:2d:89:94:74:01:de:35:15:
ea:a4:91:fa:67:37:cf:29:8b:94:b4:e8:d7:66:f3:
fc:d7:d7:6e:7e:ef:47:ee:7f:e8:23:cc:56:ba:92:
9f:13:00:87:54:68:21:cf:3f:0b:0a:29:a5:10:61:
db:e2:0d:75:bc:b1:82:32:f2:8d:9e:56:12:50:e5:
0a:e9:45:9e:84:d2:86:d1:70:b4:fd:06:54:5e:de:
17:a5:9a:b8:2d:2f:bf:6d:1d:e4:36:31:a7:f7:a1:
1c:89:53:2d:dd:91:15:8f:d0:55:12:f8:47:3b:26:
cc:15:35:03:02:7f:62:5c:38:a6:75:0b:6b:b1:d1:
fb:23:6f:7c:ce:2a:02:87:b6:57:b0:a5:51:a5:29:
0f:38:84:ae:34:0b:fa:6d:07:37:a2:4e:00:55:46:
29:31:6f:2b:92:ef:11:9e:21:b2:1b:ff:b7:06:fc:
7b:a4:b4:fa:db:92:32:37:ae:cc:07:0b:99:7d:23:
81:96:43:9a:ce:5b:8c:58:7c:73:75:33:c7:f5:e4:
09:46:3f:bc:67:cb:cd:45:62:57:bd:8a:26:f9:17:
ef:be:0a:fa:8d:41:71:97:f6:95:2d:6f:cb:be:2c:
39:3b:bf:1b:df:9e:21:59:b2:e6:2a:3d:58:9d:c3:
75:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:25:8A:8A:24:DB:EC:05:63:2B:97:BD:39:83:D6:7C:33:E6:D9:4D
X509v3 Authority Key Identifier:
keyid:E0:D4:35:78:4D:A8:C2:18:E0:FF:10:7C:DC:FE:24:CA:45:69:C9:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4NQ1eE2owhjg_xB83P4kykVpyUk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/tiWKiiTb7AVjK5e9OYPWfDPm2U0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/a05eba-9d85-489b-aec7-ed42d3a625a4/1/4NQ1eE2owhjg_xB83P4kykVpyUk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.243.69.0/24
87.243.71.0/24
87.243.77.0/24
87.243.79.0/24
185.49.88.0/22
185.73.236.0-185.73.238.255
Signature Algorithm: sha256WithRSAEncryption
7c:a7:86:a4:23:51:ed:ae:d2:a6:31:a4:94:91:4f:4b:97:06:
f4:8d:c8:b5:f0:90:20:6a:9d:09:2e:1d:a3:85:8a:c1:27:d2:
da:64:18:8b:ee:21:ed:62:00:3f:76:04:cb:53:3e:72:ab:9c:
e6:e1:80:93:2e:2d:fd:f3:70:87:a8:4e:0d:85:1f:62:81:fe:
94:25:a7:f0:c5:20:56:5b:fa:77:61:7b:95:8e:1f:a2:1e:5d:
71:64:87:f9:5e:f1:36:8c:15:f2:e6:5a:e3:5c:a0:57:29:73:
d6:40:f9:a3:06:35:4c:7f:94:f6:27:70:c6:71:6d:dc:2f:9e:
0e:83:62:44:7e:cf:0c:91:d7:5e:7a:ae:2d:0a:ea:6d:85:0d:
77:7b:81:62:47:00:8b:8e:f7:5e:44:53:9f:45:df:16:dc:73:
8b:e8:f5:f2:a6:5a:27:e8:29:cd:7c:a4:bc:c1:c6:fd:22:14:
58:a1:90:72:f6:32:cf:e3:7b:7c:53:1f:96:77:3c:ee:88:da:
bd:d3:84:dc:47:48:4f:b3:b1:44:a1:70:29:95:5c:2a:0a:2e:
dd:c8:a3:68:e0:be:f9:ad:ea:d9:e4:ad:51:c0:d4:25:2d:73:
25:aa:a0:90:09:dd:d5:e1:1c:6e:21:e3:9d:e7:a9:7c:91:97:
84:f7:e8:dd
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVxlVRB3DM7clQuZZ2qFQlRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZDQzNTc4NGRhOGMyMThlMGZmMTA3Y2RjZmUyNGNhNDU2
OWM5NDkwHhcNMjMwMTAyMDgyNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjI1OGE4YTI0ZGJlYzA1NjMyYjk3YmQzOTgzZDY3YzMzZTZkOTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovHZwVCHLYmUdAHeNRXqpJH6ZzfP
KYuUtOjXZvP819dufu9H7n/oI8xWupKfEwCHVGghzz8LCimlEGHb4g11vLGCMvKN
nlYSUOUK6UWehNKG0XC0/QZUXt4XpZq4LS+/bR3kNjGn96EciVMt3ZEVj9BVEvhH
OybMFTUDAn9iXDimdQtrsdH7I298zioCh7ZXsKVRpSkPOISuNAv6bQc3ok4AVUYp
MW8rku8RniGyG/+3Bvx7pLT625IyN67MBwuZfSOBlkOazluMWHxzdTPH9eQJRj+8
Z8vNRWJXvYom+Rfvvgr6jUFxl/aVLW/Lviw5O78b354hWbLmKj1YncN1lwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFLYliook2+wFYyuXvTmD1nwz5tlNMB8GA1UdIwQY
MBaAFODUNXhNqMIY4P8QfNz+JMpFaclJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE5RMWVFMm93aGpnX3hCODNQNGt5a1ZweVVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9hMDVlYmEtOWQ4NS00ODliLWFlYzct
ZWQ0MmQzYTYyNWE0LzEvdGlXS2lpVGI3QVZqSzVlOU9ZUFdmRFBtMlUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9hMDVlYmEtOWQ4NS00ODliLWFlYzctZWQ0MmQzYTYyNWE0
LzEvNE5RMWVFMm93aGpnX3hCODNQNGt5a1ZweVVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAV/NFAwQA
V/NHAwQAV/NNAwQAV/NPAwQCuTFYMAwDBAK5SewDBAC5Se4wDQYJKoZIhvcNAQEL
BQADggEBAHynhqQjUe2u0qYxpJSRT0uXBvSNyLXwkCBqnQkuHaOFisEn0tpkGIvu
Ie1iAD92BMtTPnKrnObhgJMuLf3zcIeoTg2FH2KB/pQlp/DFIFZb+ndhe5WOH6Ie
XXFkh/le8TaMFfLmWuNcoFcpc9ZA+aMGNUx/lPYncMZxbdwvng6DYkR+zwyR1156
ri0K6m2FDXd7gWJHAIuO915EU59F3xbcc4vo9fKmWifoKc18pLzBxv0iFFihkHL2
Ms/je3xTH5Z3PO6I2r3ThNxHSE+zsUShcCmVXCoKLt3Io2jgvvmt6tnkrVHA1CUt
cyWqoJAJ3dXhHG4h453nqXyRl4T36N0=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:19:54 2025 by rpki-client