Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/mXAW-8E9LlkWPnhgM9B5VOEGdsg.roa
File: mXAW-8E9LlkWPnhgM9B5VOEGdsg.roa (raw, json)
Hash identifier: 8AxxOUtjtzc3/10u8pt6zdcdc87nAZWiTFcr+5itBXg=
Subject key identifier: 99:70:16:FB:C1:3D:2E:59:16:3E:78:60:33:D0:79:54:E1:06:76:C8
Certificate issuer: /CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Certificate serial: 0187BD59A21B9E7049D6A8721AD19DDDC34F
Authority key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/mXAW-8E9LlkWPnhgM9B5VOEGdsg.roa
Signing time: Wed 26 Apr 2023 11:36:20 +0000
ROA not before: Wed 26 Apr 2023 11:36:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 86.38.145.0/24 maxlen: 24
217.9.246.0/24 maxlen: 24
89.117.212.0/24 maxlen: 24
89.117.214.0/24 maxlen: 24
86.38.191.0/24 maxlen: 24
89.117.251.0/24 maxlen: 24
86.38.224.0/24 maxlen: 24
86.38.231.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:bd:59:a2:1b:9e:70:49:d6:a8:72:1a:d1:9d:dd:c3:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Validity
Not Before: Apr 26 11:36:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=997016fbc13d2e59163e786033d07954e10676c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:cf:ab:c0:f1:2a:72:4d:60:3a:75:5c:8f:6d:
b5:7c:b5:25:86:1a:a6:28:c9:16:f1:87:18:e2:80:
ad:01:79:bd:3d:4d:d1:31:d0:8e:61:8b:c9:ea:0f:
9e:6b:14:c0:e2:2a:7b:30:dd:a8:fc:f3:ae:c2:b2:
a8:c9:c9:84:f1:be:7c:cf:32:4a:8d:64:96:9f:41:
29:70:8e:75:c0:6b:19:a7:e8:ed:9d:e6:29:78:ea:
dc:97:10:cd:59:0a:e6:5f:f9:f7:09:e5:47:58:ec:
0d:28:5c:b1:6a:05:d1:06:ae:e9:b0:c1:99:d9:0c:
3b:92:31:97:2b:99:ae:ab:e4:2d:15:2d:e3:f7:8d:
82:7e:75:09:ad:84:30:ce:98:b9:5d:2d:99:dd:2a:
be:fe:a4:92:a6:3f:44:08:b1:1c:2d:56:67:26:b3:
56:cc:20:1c:e3:8c:5c:4e:f1:df:63:46:b1:9b:b4:
83:9c:2f:40:cc:14:91:c1:e3:4e:41:69:a6:f2:11:
e8:2c:f3:94:18:cc:1c:37:fe:89:86:06:f3:0e:7f:
32:fe:77:2b:5b:ca:de:55:b1:66:18:22:30:0e:ac:
ba:67:4d:fc:5f:26:48:e6:5b:0e:04:6e:a2:e6:15:
c8:a9:62:ec:57:4f:5d:59:4c:e4:79:d5:ad:12:d4:
9f:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:70:16:FB:C1:3D:2E:59:16:3E:78:60:33:D0:79:54:E1:06:76:C8
X509v3 Authority Key Identifier:
keyid:F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/mXAW-8E9LlkWPnhgM9B5VOEGdsg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.38.145.0/24
86.38.191.0/24
86.38.224.0/24
86.38.231.0/24
89.117.212.0/24
89.117.214.0/24
89.117.251.0/24
217.9.246.0/24
Signature Algorithm: sha256WithRSAEncryption
63:9b:72:cb:ce:16:46:3b:7f:20:22:67:df:88:f2:fc:70:28:
87:f1:f8:66:cd:d8:01:f8:63:33:8e:59:45:fd:be:9b:e0:53:
a9:0e:38:65:4b:54:da:73:a6:54:3b:14:19:e1:ed:f3:a0:60:
69:1e:59:fe:9d:14:1a:79:56:50:c1:90:f9:ad:7b:c4:66:88:
19:01:3b:a5:0c:9b:36:c5:a0:cf:b8:71:8b:b4:d3:2c:07:4b:
04:eb:fe:6d:ed:90:63:5e:bc:dd:0e:28:f3:79:7d:30:b3:0a:
70:78:27:3c:b5:e7:ae:db:36:18:37:88:37:97:5b:f4:44:98:
bf:4a:63:a3:1b:56:25:4b:e7:36:16:f9:74:a7:53:2e:c8:06:
1b:db:91:11:9e:84:86:ac:5a:d0:bc:8c:5e:87:3e:04:8c:92:
6c:e8:4b:69:11:9b:10:e5:26:62:51:2f:23:30:21:2c:98:04:
1d:bf:e6:be:86:37:8f:c6:3d:22:88:cc:fc:ca:bb:f7:7e:21:
bb:5f:21:b1:d0:56:fd:cf:6a:fe:9d:ad:b7:8b:2c:f9:56:a1:
9b:50:6e:0d:12:60:b6:5d:6c:ac:9b:69:a1:83:69:8e:a6:60:
80:fd:45:7b:21:60:a0:3a:2b:44:d8:06:ee:c4:7f:d3:c7:c4:
17:6d:2e:fe
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYe9WaIbnnBJ1qhyGtGd3cNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZGQ4MWE4MzNkOWIwNDNjN2ZmZDYzNWE1OTg3ZjUzNjk3
MTE4MGQwHhcNMjMwNDI2MTEzNjIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTcwMTZmYmMxM2QyZTU5MTYzZTc4NjAzM2QwNzk1NGUxMDY3NmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnM+rwPEqck1gOnVcj221fLUlhhqm
KMkW8YcY4oCtAXm9PU3RMdCOYYvJ6g+eaxTA4ip7MN2o/POuwrKoycmE8b58zzJK
jWSWn0EpcI51wGsZp+jtneYpeOrclxDNWQrmX/n3CeVHWOwNKFyxagXRBq7psMGZ
2Qw7kjGXK5muq+QtFS3j942CfnUJrYQwzpi5XS2Z3Sq+/qSSpj9ECLEcLVZnJrNW
zCAc44xcTvHfY0axm7SDnC9AzBSRweNOQWmm8hHoLPOUGMwcN/6JhgbzDn8y/ncr
W8reVbFmGCIwDqy6Z038XyZI5lsOBG6i5hXIqWLsV09dWUzkedWtEtSf9QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJlwFvvBPS5ZFj54YDPQeVThBnbIMB8GA1UdIwQY
MBaAFPDdgagz2bBDx//WNaWYf1NpcRgNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUt
MDQ2ODA0MjQ4NmRjLzEvbVhBVy04RTlMbGtXUG5oZ005QjVWT0VHZHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hOGViZTQtZDBiMy00ZTdkLWFmMjUtMDQ2ODA0MjQ4NmRj
LzEvOE4yQnFEUFpzRVBIXzlZMXBaaF9VMmx4R0EwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAViaRAwQA
Via/AwQAVibgAwQAVibnAwQAWXXUAwQAWXXWAwQAWXX7AwQA2Qn2MA0GCSqGSIb3
DQEBCwUAA4IBAQBjm3LLzhZGO38gImffiPL8cCiH8fhmzdgB+GMzjllF/b6b4FOp
DjhlS1Tac6ZUOxQZ4e3zoGBpHln+nRQaeVZQwZD5rXvEZogZATulDJs2xaDPuHGL
tNMsB0sE6/5t7ZBjXrzdDijzeX0wswpweCc8teeu2zYYN4g3l1v0RJi/SmOjG1Yl
S+c2Fvl0p1MuyAYb25ERnoSGrFrQvIxehz4EjJJs6EtpEZsQ5SZiUS8jMCEsmAQd
v+a+hjePxj0iiMz8yrv3fiG7XyGx0Fb9z2r+na23iyz5VqGbUG4NEmC2XWysm2mh
g2mOpmCA/UV7IWCgOitE2AbuxH/Tx8QXbS7+
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:57:14 2025 by rpki-client