Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/TjkvYClRPLjFUIg4XSPSu3SgS3s.roa
File: TjkvYClRPLjFUIg4XSPSu3SgS3s.roa (raw, json)
Hash identifier: fip7mirGHmumbckq5un/O7Gpv59C8J1UoNvKbngON1s=
Subject key identifier: 4E:39:2F:60:29:51:3C:B8:C5:50:88:38:5D:23:D2:BB:74:A0:4B:7B
Certificate issuer: /CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
Certificate serial: 32F9D5AE
Authority key identifier: EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/TjkvYClRPLjFUIg4XSPSu3SgS3s.roa
Signing time: Sat 01 Jan 2022 15:01:28 +0000
ROA not before: Sat 01 Jan 2022 15:01:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15954
IP address blocks: 37.247.120.0/21 maxlen: 21
91.216.219.0/24 maxlen: 24
185.49.184.0/22 maxlen: 22
217.18.32.0/20 maxlen: 20
31.24.120.0/21 maxlen: 21
194.176.119.0/24 maxlen: 24
185.203.224.0/22 maxlen: 22
185.57.196.0/22 maxlen: 22
31.47.72.0/21 maxlen: 21
2a02:2810::/32 maxlen: 32
2a01:a940::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 855233966 (0x32f9d5ae)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef4f78947341ce55888b7ebf3690143b0cbff3d6
Validity
Not Before: Jan 1 15:01:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4e392f6029513cb8c55088385d23d2bb74a04b7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:f7:3d:b9:86:f2:62:51:e3:1f:c7:4b:93:2e:
a3:d8:5d:cc:b7:8d:46:65:1f:b3:ee:c0:1f:15:0f:
6e:63:17:a3:54:19:81:f2:54:02:e9:c9:49:db:2d:
34:21:94:3c:85:eb:91:1c:44:c6:81:c6:3f:4b:36:
16:2a:ba:98:44:8a:ac:f4:3e:74:16:a7:01:c4:06:
1b:7a:1d:65:83:73:61:7f:0d:be:c8:24:9d:da:2d:
ed:2c:f9:31:eb:33:37:b2:11:84:dd:7a:48:fc:c6:
51:d4:30:3d:35:67:49:d8:fe:d5:b3:3f:c2:ac:31:
a4:2b:2a:98:d4:38:9a:3b:bb:f3:ab:33:cc:b5:ef:
03:ca:37:5a:38:5c:41:23:aa:04:cb:99:be:9d:d3:
71:2f:4d:06:5f:de:68:ea:39:1d:06:fc:6d:d0:6f:
c7:80:ac:74:ba:ea:f4:3b:96:cd:2d:bf:b9:6d:22:
9b:3f:36:c8:0e:0f:9a:85:b4:47:3c:23:5e:0f:01:
4c:31:31:d0:02:95:cd:89:6b:19:d6:1e:a4:69:43:
2c:73:71:e3:62:f2:53:ac:f1:b8:c9:f5:47:79:33:
5e:f3:d4:37:b4:92:1a:a1:7a:ba:9a:45:13:2a:2e:
6e:a1:e5:6f:90:cf:ed:5d:89:75:a8:85:af:dc:e4:
f6:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:39:2F:60:29:51:3C:B8:C5:50:88:38:5D:23:D2:BB:74:A0:4B:7B
X509v3 Authority Key Identifier:
keyid:EF:4F:78:94:73:41:CE:55:88:8B:7E:BF:36:90:14:3B:0C:BF:F3:D6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7094lHNBzlWIi36_NpAUOwy_89Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/TjkvYClRPLjFUIg4XSPSu3SgS3s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/005c9e-fe7c-469a-b6f0-9baa66ca1404/1/7094lHNBzlWIi36_NpAUOwy_89Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.24.120.0/21
31.47.72.0/21
37.247.120.0/21
91.216.219.0/24
185.49.184.0/22
185.57.196.0/22
185.203.224.0/22
194.176.119.0/24
217.18.32.0/20
IPv6:
2a01:a940::/32
2a02:2810::/32
Signature Algorithm: sha256WithRSAEncryption
20:33:8b:88:0e:e0:7a:20:92:f8:e6:bd:07:8c:5b:37:73:f4:
e7:8a:de:62:3d:72:23:46:e2:d2:bb:37:57:bd:d3:65:63:2a:
08:9c:c5:2f:52:37:b7:7d:26:d7:91:20:4e:eb:5c:77:c4:77:
77:35:e4:fa:19:fb:93:5b:6f:93:07:85:22:ba:e8:99:f8:a8:
6a:59:e8:51:3b:4f:46:46:f7:06:bc:e3:2b:2d:4d:05:4c:05:
80:21:cb:5e:e2:2a:15:cb:6e:df:79:10:63:f6:28:d1:6c:f4:
75:db:a1:a1:9d:79:48:97:89:e4:19:8c:d2:ff:46:00:73:6f:
cc:59:a7:1a:08:fa:a6:42:a3:d1:28:50:13:56:a3:16:2f:98:
5e:e7:3d:8a:e1:a2:a5:97:b5:1e:0a:46:a5:ba:1a:03:df:b7:
4e:ae:11:9f:b8:0a:98:b7:7c:9d:98:8f:45:44:3b:22:96:90:
ce:20:14:3e:f5:f9:0f:3f:4b:10:47:68:cc:13:80:6c:67:bf:
f8:fb:35:d4:32:88:6a:0d:33:38:4b:fa:24:82:1c:a6:6e:24:
60:af:35:68:96:5a:7f:3c:2b:df:a7:52:66:1e:3b:64:4e:0c:
0a:47:c9:eb:b8:70:71:f5:4f:e6:35:87:5b:5a:e4:8b:68:16:
e7:82:bf:7e
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIEMvnVrjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ZjRmNzg5NDczNDFjZTU1ODg4YjdlYmYzNjkwMTQzYjBjYmZmM2Q2MB4XDTIyMDEw
MTE1MDEyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGUzOTJmNjAyOTUx
M2NiOGM1NTA4ODM4NWQyM2QyYmI3NGEwNGI3YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANX3PbmG8mJR4x/HS5Muo9hdzLeNRmUfs+7AHxUPbmMXo1QZ
gfJUAunJSdstNCGUPIXrkRxExoHGP0s2Fiq6mESKrPQ+dBanAcQGG3odZYNzYX8N
vsgkndot7Sz5MeszN7IRhN16SPzGUdQwPTVnSdj+1bM/wqwxpCsqmNQ4mju786sz
zLXvA8o3WjhcQSOqBMuZvp3TcS9NBl/eaOo5HQb8bdBvx4CsdLrq9DuWzS2/uW0i
mz82yA4PmoW0RzwjXg8BTDEx0AKVzYlrGdYepGlDLHNx42LyU6zxuMn1R3kzXvPU
N7SSGqF6uppFEyoubqHlb5DP7V2JdaiFr9zk9s8CAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBROOS9gKVE8uMVQiDhdI9K7dKBLezAfBgNVHSMEGDAWgBTvT3iUc0HOVYiL
fr82kBQ7DL/z1jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzcwOTRsSE5CemxXSWkzNl9OcEFVT3d5Xzg5WS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2EvMDA1YzllLWZlN2MtNDY5YS1iNmYwLTliYWE2NmNhMTQwNC8x
L1Rqa3ZZQ2xSUExqRlVJZzRYU1BTdTNTZ1Mzcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Ev
MDA1YzllLWZlN2MtNDY5YS1iNmYwLTliYWE2NmNhMTQwNC8xLzcwOTRsSE5CemxX
SWkzNl9OcEFVT3d5Xzg5WS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwPAQCAAEwNgMEAx8YeAMEAx8vSAMEAyX3eAMEAFvY
2wMEArkxuAMEArk5xAMEArnL4AMEAMKwdwMEBNkSIDAUBAIAAjAOAwUAKgGpQAMF
ACoCKBAwDQYJKoZIhvcNAQELBQADggEBACAzi4gO4HogkvjmvQeMWzdz9OeK3mI9
ciNG4tK7N1e902VjKgicxS9SN7d9JteRIE7rXHfEd3c15PoZ+5Nbb5MHhSK66Jn4
qGpZ6FE7T0ZG9wa84ystTQVMBYAhy17iKhXLbt95EGP2KNFs9HXboaGdeUiXieQZ
jNL/RgBzb8xZpxoI+qZCo9EoUBNWoxYvmF7nPYrhoqWXtR4KRqW6GgPft06uEZ+4
Cpi3fJ2Yj0VEOyKWkM4gFD71+Q8/SxBHaMwTgGxnv/j7NdQyiGoNMzhL+iSCHKZu
JGCvNWiWWn88K9+nUmYeO2RODApHyeu4cHH1T+Y1h1ta5ItoFueCv34=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:53 2023 by rpki-client on console-ams.rpki-client.org