Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/P6sjEXUzVTTpAj9YWG38S-ELBas.roa
File: P6sjEXUzVTTpAj9YWG38S-ELBas.roa (raw, json)
Hash identifier: yMs7Z8CBgAujUr1eHpoTsEUdI6xT3fnd/EAMffzSr8Y=
Subject key identifier: 3F:AB:23:11:75:33:55:34:E9:02:3F:58:58:6D:FC:4B:E1:0B:05:AB
Certificate issuer: /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial: 0184F6C2BED2C30B43DB85921B9DDA62F31B
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/P6sjEXUzVTTpAj9YWG38S-ELBas.roa
Signing time: Fri 09 Dec 2022 12:01:08 +0000
ROA not before: Fri 09 Dec 2022 12:01:08 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 185.86.142.0/23 maxlen: 24
37.34.88.0/21 maxlen: 24
185.86.140.0/23 maxlen: 24
37.218.216.0/21 maxlen: 24
188.215.120.0/22 maxlen: 24
188.215.124.0/22 maxlen: 24
89.46.180.0/22 maxlen: 24
130.255.64.0/22 maxlen: 24
130.255.68.0/22 maxlen: 24
46.20.210.0/23 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:f6:c2:be:d2:c3:0b:43:db:85:92:1b:9d:da:62:f3:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Validity
Not Before: Dec 9 12:01:08 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3fab231175335534e9023f58586dfc4be10b05ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:08:c2:cc:a3:1e:fd:e9:45:82:ce:b1:cd:99:
fc:cd:48:e5:4d:4d:c9:15:e6:9f:3e:10:12:2b:96:
16:a9:75:ea:54:ea:ab:fc:ab:52:54:86:a9:ee:88:
32:60:1c:5d:e4:63:bb:4a:78:60:1a:08:ea:23:0a:
be:61:f7:7e:b9:85:3d:32:66:ce:25:af:25:88:85:
14:2e:06:ca:d9:15:cd:ea:e9:7e:56:15:65:45:bf:
ca:66:a9:6d:85:aa:e8:f3:e3:fa:2f:f2:45:fb:12:
53:fe:15:56:c5:3f:a6:69:b4:3c:60:e1:88:2b:3c:
8a:5a:b0:29:05:e2:8d:3a:ff:1d:65:15:01:ee:34:
ac:00:77:c5:b8:c3:f1:2c:56:4a:f2:99:15:74:67:
f0:8d:fe:e7:c0:61:67:ec:9c:19:37:38:49:df:00:
b8:7c:33:2c:c7:ed:2e:0d:f5:5e:a5:cb:6e:75:14:
c1:0c:04:4a:39:0a:4d:3f:23:79:71:c9:53:1e:66:
26:e8:c8:b1:1d:04:a1:f4:0f:02:06:f3:b3:96:34:
f9:2b:2d:cc:3a:c3:2c:4f:78:36:f1:e1:cc:76:87:
c1:9d:7b:c9:8a:74:06:ef:b8:81:2f:95:b7:3a:5a:
cf:50:21:7e:cc:e9:7f:38:98:d9:f9:a8:e2:e4:bc:
72:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:AB:23:11:75:33:55:34:E9:02:3F:58:58:6D:FC:4B:E1:0B:05:AB
X509v3 Authority Key Identifier:
keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/P6sjEXUzVTTpAj9YWG38S-ELBas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.34.88.0/21
37.218.216.0/21
46.20.210.0/23
89.46.180.0/22
130.255.64.0/21
185.86.140.0/22
188.215.120.0/21
Signature Algorithm: sha256WithRSAEncryption
20:b8:b6:99:a0:48:bd:52:11:f3:7f:31:b3:03:df:44:9d:6a:
64:f8:95:83:14:81:a9:cb:ea:35:f2:b4:a5:e7:ea:a0:00:af:
4d:32:ae:62:a0:3d:09:65:f4:c9:4a:f4:d2:1a:6b:a0:ee:24:
e7:0f:d5:13:62:2d:08:28:bb:de:2b:d8:c5:bf:b7:ee:96:fb:
8e:6b:d7:c0:3a:f2:5e:bd:c3:44:a5:0f:0c:27:f6:9e:aa:72:
b4:35:8c:b3:1f:15:4c:e2:b2:b7:3e:0e:5f:2e:23:7e:7a:ba:
dc:05:3a:0a:5c:db:5c:ff:ad:01:4b:a1:19:7b:b9:63:80:64:
18:59:c8:c6:12:25:97:50:76:b6:bf:58:69:16:bd:e9:c4:df:
e2:de:d8:80:81:65:b6:88:05:32:a4:0f:f0:ee:d8:88:60:a3:
1f:b1:40:cf:cc:02:61:a6:c9:73:90:98:cb:c1:87:d1:71:02:
e1:1e:58:32:b4:fd:c0:93:26:0f:ae:75:d6:de:c1:cf:1a:ef:
a8:06:e2:58:87:22:43:15:e3:ad:c6:fe:72:c5:77:cc:6a:64:
67:5f:ac:16:64:3a:4e:58:56:0c:e2:05:22:25:f3:38:a9:7f:
6c:a5:83:39:e1:92:75:2c:d9:1e:14:9f:da:27:34:0a:57:82:
6a:be:5e:52
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYT2wr7SwwtD24WSG53aYvMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjIxMjA5MTIwMTA4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmFiMjMxMTc1MzM1NTM0ZTkwMjNmNTg1ODZkZmM0YmUxMGIwNWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngjCzKMe/elFgs6xzZn8zUjlTU3J
FeafPhASK5YWqXXqVOqr/KtSVIap7ogyYBxd5GO7SnhgGgjqIwq+Yfd+uYU9MmbO
Ja8liIUULgbK2RXN6ul+VhVlRb/KZqltharo8+P6L/JF+xJT/hVWxT+mabQ8YOGI
KzyKWrApBeKNOv8dZRUB7jSsAHfFuMPxLFZK8pkVdGfwjf7nwGFn7JwZNzhJ3wC4
fDMsx+0uDfVepctudRTBDARKOQpNPyN5cclTHmYm6MixHQSh9A8CBvOzljT5Ky3M
OsMsT3g28eHMdofBnXvJinQG77iBL5W3OlrPUCF+zOl/OJjZ+aji5LxyKQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFD+rIxF1M1U06QI/WFht/EvhCwWrMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvUDZzakVYVXpWVFRwQWo5WVdHMzhTLUVMQmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDJSJYAwQD
JdrYAwQBLhTSAwQCWS60AwQDgv9AAwQCuVaMAwQDvNd4MA0GCSqGSIb3DQEBCwUA
A4IBAQAguLaZoEi9UhHzfzGzA99EnWpk+JWDFIGpy+o18rSl5+qgAK9NMq5ioD0J
ZfTJSvTSGmug7iTnD9UTYi0IKLveK9jFv7fulvuOa9fAOvJevcNEpQ8MJ/aeqnK0
NYyzHxVM4rK3Pg5fLiN+errcBToKXNtc/60BS6EZe7ljgGQYWcjGEiWXUHa2v1hp
Fr3pxN/i3tiAgWW2iAUypA/w7tiIYKMfsUDPzAJhpslzkJjLwYfRcQLhHlgytP3A
kyYPrnXW3sHPGu+oBuJYhyJDFeOtxv5yxXfMamRnX6wWZDpOWFYM4gUiJfM4qX9s
pYM54ZJ1LNkeFJ/aJzQKV4Jqvl5S
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:35 2024 by rpki-client on console-fra.rpki-client.org