Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/swM3_uCOZT10YHv9n5GXmA1PzXU.roa
File: swM3_uCOZT10YHv9n5GXmA1PzXU.roa (raw, json)
Hash identifier: dorIwwWFGrUDTVy7ovmj3xUTJzqUn3DTKFwACzFKnY0=
Subject key identifier: B3:03:37:FE:E0:8E:65:3D:74:60:7B:FD:9F:91:97:98:0D:4F:CD:75
Certificate issuer: /CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
Certificate serial: 05FBC5AC
Authority key identifier: D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/swM3_uCOZT10YHv9n5GXmA1PzXU.roa
Signing time: Thu 24 Mar 2022 11:52:52 +0000
ROA not before: Thu 24 Mar 2022 11:52:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12570
IP address blocks: 212.96.160.0/19 maxlen: 19
80.78.144.0/20 maxlen: 20
89.190.40.0/21 maxlen: 21
109.105.32.0/19 maxlen: 19
89.190.48.0/20 maxlen: 20
212.4.128.0/19 maxlen: 19
185.8.188.0/22 maxlen: 22
88.83.224.0/19 maxlen: 19
213.211.32.0/19 maxlen: 19
2001:4ba8::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 100386220 (0x5fbc5ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4ff0fecd7bf44148931788dfe7f20d67a67a0db
Validity
Not Before: Mar 24 11:52:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b30337fee08e653d74607bfd9f9197980d4fcd75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:a4:96:96:71:3d:2a:11:bb:fa:20:a9:81:06:
35:ce:0c:83:6f:2c:61:ad:d8:5d:8e:a9:62:e3:95:
7f:80:30:40:2b:b8:6d:6d:b4:39:dc:99:2a:09:54:
09:89:1e:ce:ec:93:90:a4:66:29:d4:87:8f:f3:ed:
a2:70:23:c1:25:82:83:55:8b:b0:6a:2d:2f:df:11:
ad:92:09:bf:13:a3:dc:79:b7:a6:67:62:5b:89:bf:
7c:fc:46:0a:54:92:83:7c:39:73:6b:ec:a8:85:59:
df:55:54:83:8e:f7:f5:b6:32:01:0b:8b:dd:9b:60:
38:6f:ad:cb:e0:7e:a1:c8:06:f9:c3:07:0a:d2:9e:
5e:e6:05:ca:9a:ac:30:ba:ba:21:ce:d6:73:13:eb:
cf:17:71:93:35:c0:3d:42:d8:3e:96:7b:5b:03:ef:
00:df:33:b8:df:02:f5:c8:60:e1:39:a9:f2:4b:7e:
f2:f3:7d:9f:e1:24:89:06:2e:93:74:11:49:36:43:
29:2d:2c:2c:81:dc:5b:4a:e7:88:ac:4b:f8:3f:f2:
c5:05:b0:c3:8a:b5:a3:e8:b5:17:9e:c2:ed:60:60:
7d:b7:19:72:68:ba:74:7b:cc:cf:19:d5:89:f6:21:
da:56:1c:45:f4:24:f6:95:7d:2a:67:ac:c1:c0:82:
18:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:03:37:FE:E0:8E:65:3D:74:60:7B:FD:9F:91:97:98:0D:4F:CD:75
X509v3 Authority Key Identifier:
keyid:D4:FF:0F:EC:D7:BF:44:14:89:31:78:8D:FE:7F:20:D6:7A:67:A0:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1P8P7Ne_RBSJMXiN_n8g1npnoNs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/swM3_uCOZT10YHv9n5GXmA1PzXU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0c0c65-9f82-4450-9165-f0c21f8186f0/1/1P8P7Ne_RBSJMXiN_n8g1npnoNs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.78.144.0/20
88.83.224.0/19
89.190.40.0-89.190.63.255
109.105.32.0/19
185.8.188.0/22
212.4.128.0/19
212.96.160.0/19
213.211.32.0/19
IPv6:
2001:4ba8::/29
Signature Algorithm: sha256WithRSAEncryption
4b:0a:00:f9:ec:60:c2:7c:47:6f:c9:c0:b2:26:0d:e1:3d:03:
28:cd:73:92:56:99:51:a0:c9:33:ac:06:c7:e6:c5:a2:86:8f:
de:8a:ba:66:94:a2:9d:27:26:85:fc:51:97:aa:ce:6a:21:03:
5a:b1:db:07:8b:50:70:de:85:13:89:b7:10:30:dd:dc:11:dc:
8e:12:07:88:66:c5:74:81:31:11:e7:11:c9:43:a3:3f:c8:16:
f7:8f:c7:a3:7e:e0:8c:fe:40:f6:e9:a6:b7:25:a5:f3:ba:53:
90:a1:e0:6e:08:5f:05:04:5b:3b:ea:ec:5a:d0:df:5f:fb:d2:
b1:e0:53:3c:c3:66:1e:b2:b5:da:bf:45:bd:14:cc:9c:08:7a:
19:ec:d0:29:3a:41:6b:9d:fd:fd:e3:7e:18:dd:de:22:d9:74:
60:e1:99:64:32:7c:22:a7:2a:22:67:bf:89:12:1f:a9:d7:43:
c8:7a:de:c7:9b:c5:5a:7d:e8:d8:c5:1c:64:83:11:c0:8d:48:
2b:71:5d:38:6a:29:8e:b6:25:f2:db:87:03:8f:69:50:c8:22:
63:66:2e:fc:64:d3:e1:fc:b0:d3:50:94:7b:30:b5:c5:80:e7:
e1:6d:cc:ef:a3:20:10:a4:56:47:23:e0:53:8b:76:9f:08:0b:
1d:5f:71:dc
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIEBfvFrDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NGZmMGZlY2Q3YmY0NDE0ODkzMTc4OGRmZTdmMjBkNjdhNjdhMGRiMB4XDTIyMDMy
NDExNTI1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjMwMzM3ZmVlMDhl
NjUzZDc0NjA3YmZkOWY5MTk3OTgwZDRmY2Q3NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKaklpZxPSoRu/ogqYEGNc4Mg28sYa3YXY6pYuOVf4AwQCu4
bW20OdyZKglUCYkezuyTkKRmKdSHj/PtonAjwSWCg1WLsGotL98RrZIJvxOj3Hm3
pmdiW4m/fPxGClSSg3w5c2vsqIVZ31VUg4739bYyAQuL3ZtgOG+ty+B+ocgG+cMH
CtKeXuYFypqsMLq6Ic7WcxPrzxdxkzXAPULYPpZ7WwPvAN8zuN8C9chg4Tmp8kt+
8vN9n+EkiQYuk3QRSTZDKS0sLIHcW0rniKxL+D/yxQWww4q1o+i1F57C7WBgfbcZ
cmi6dHvMzxnVifYh2lYcRfQk9pV9KmeswcCCGHUCAwEAAaOCAkowggJGMB0GA1Ud
DgQWBBSzAzf+4I5lPXRge/2fkZeYDU/NdTAfBgNVHSMEGDAWgBTU/w/s179EFIkx
eI3+fyDWemeg2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzFQOFA3TmVfUkJTSk1YaU5fbjhnMW5wbm9Ocy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNmIvMGMwYzY1LTlmODItNDQ1MC05MTY1LWYwYzIxZjgxODZmMC8x
L3N3TTNfdUNPWlQxMFlIdjluNUdYbUExUHpYVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIv
MGMwYzY1LTlmODItNDQ1MC05MTY1LWYwYzIxZjgxODZmMC8xLzFQOFA3TmVfUkJT
Sk1YaU5fbjhnMW5wbm9Ocy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBg
BggrBgEFBQcBBwEB/wRRME8wPgQCAAEwOAMEBFBOkAMEBVhT4DAMAwQDWb4oAwQG
Wb4AAwQFbWkgAwQCuQi8AwQF1ASAAwQF1GCgAwQF1dMgMA0EAgACMAcDBQMgAUuo
MA0GCSqGSIb3DQEBCwUAA4IBAQBLCgD57GDCfEdvycCyJg3hPQMozXOSVplRoMkz
rAbH5sWiho/eirpmlKKdJyaF/FGXqs5qIQNasdsHi1Bw3oUTibcQMN3cEdyOEgeI
ZsV0gTER5xHJQ6M/yBb3j8ejfuCM/kD26aa3JaXzulOQoeBuCF8FBFs76uxa0N9f
+9Kx4FM8w2YesrXav0W9FMycCHoZ7NApOkFrnf39434Y3d4i2XRg4ZlkMnwipyoi
Z7+JEh+p10PIet7Hm8VafejYxRxkgxHAjUgrcV04aimOtiXy24cDj2lQyCJjZi78
ZNPh/LDTUJR7MLXFgOfhbczvoyAQpFZHI+BTi3afCAsdX3Hc
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:18 2024 by rpki-client on console-ams.rpki-client.org