Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/BjoJ2XoXwvMUSbEx8hlbKrPIwCQ.roa
File: BjoJ2XoXwvMUSbEx8hlbKrPIwCQ.roa (raw, json)
Hash identifier: lKCiMtE4+RPOuL4cT9o2yzuO7zyi3bw1eV7voVB5Qt4=
Subject key identifier: 06:3A:09:D9:7A:17:C2:F3:14:49:B1:31:F2:19:5B:2A:B3:C8:C0:24
Certificate issuer: /CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Certificate serial: 01824BC2A368ADEDDE3EFAE93980E7DA1FB1
Authority key identifier: 0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/BjoJ2XoXwvMUSbEx8hlbKrPIwCQ.roa
Signing time: Fri 29 Jul 2022 21:00:23 +0000
ROA not before: Fri 29 Jul 2022 21:00:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 9009
IP address blocks: 195.54.171.0/24 maxlen: 24
45.136.196.0/24 maxlen: 24
45.136.197.0/24 maxlen: 24
45.136.198.0/24 maxlen: 24
45.136.199.0/24 maxlen: 24
176.97.64.0/23 maxlen: 23
176.97.70.0/23 maxlen: 23
176.97.68.0/23 maxlen: 23
176.97.66.0/23 maxlen: 23
185.87.148.0/23 maxlen: 23
5.61.62.0/23 maxlen: 23
5.61.60.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:4b:c2:a3:68:ad:ed:de:3e:fa:e9:39:80:e7:da:1f:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ef5cb2f590d041654f4dfdb60a28f9a1544f444
Validity
Not Before: Jul 29 21:00:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=063a09d97a17c2f31449b131f2195b2ab3c8c024
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:f3:8c:d2:5d:81:6c:f5:eb:1f:69:2c:7e:0a:
a9:a9:2e:e5:0e:71:89:19:2f:8e:ca:91:bb:5a:be:
a8:82:64:3d:f6:57:27:1b:a6:7c:10:57:ce:2b:1d:
b8:3d:12:9d:e8:e9:8d:1b:75:11:3a:1c:90:c9:9c:
46:8e:40:7c:f7:e3:68:df:68:77:bb:14:7c:86:91:
ee:10:de:cd:55:96:8b:ba:30:04:e4:8e:37:1d:a3:
5f:d7:94:57:e0:86:45:6b:ea:c4:94:37:e3:2c:ac:
14:59:3e:a2:74:77:c6:ae:04:11:50:77:08:0a:45:
35:07:56:69:35:af:dd:63:d6:62:8c:5d:34:bb:48:
21:fc:8a:45:60:fe:38:04:a9:cb:b4:c1:41:9c:57:
90:96:70:da:ea:ab:5b:7d:52:2e:b3:30:17:a2:3b:
ed:bd:4b:f4:ca:6a:fb:8b:81:4c:70:8e:a2:3d:67:
37:30:fb:ad:7b:fe:96:4c:2d:15:b4:02:3a:c2:71:
94:68:37:f5:08:5c:c8:7a:53:d9:e0:c0:2c:c8:0f:
72:0c:c2:47:32:2a:86:df:ec:a5:54:14:e4:eb:61:
b9:5a:8f:f5:b5:fb:c0:0c:3f:b2:a8:01:d6:21:42:
00:cc:fb:1e:ec:cd:27:02:41:24:c6:31:3e:ca:ec:
e6:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:3A:09:D9:7A:17:C2:F3:14:49:B1:31:F2:19:5B:2A:B3:C8:C0:24
X509v3 Authority Key Identifier:
keyid:0E:F5:CB:2F:59:0D:04:16:54:F4:DF:DB:60:A2:8F:9A:15:44:F4:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/BjoJ2XoXwvMUSbEx8hlbKrPIwCQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/226f04-f7db-491a-bafb-ee435d3cd585/1/DvXLL1kNBBZU9N_bYKKPmhVE9EQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.60.0/22
45.136.196.0/22
176.97.64.0/21
185.87.148.0/23
195.54.171.0/24
Signature Algorithm: sha256WithRSAEncryption
54:d6:5b:b1:d5:e0:af:e1:f3:42:de:af:eb:2a:fb:18:c7:07:
9f:e8:85:9b:e1:e8:0b:f7:70:34:bb:1b:9f:c7:e5:11:db:86:
65:9a:d0:b7:f9:cb:87:4f:f9:f4:cd:4e:c6:2a:79:33:71:59:
45:5d:14:27:fb:0f:eb:d4:c7:37:fd:b6:48:18:e2:28:ec:c5:
87:03:17:44:c0:ad:ec:5a:99:61:86:ec:a4:9d:de:f7:33:0a:
82:1e:4b:75:4d:a6:01:00:e5:8d:39:37:0a:1e:8d:fa:af:2b:
f1:53:22:a3:f4:3e:28:d7:b7:ac:cb:b0:de:15:18:98:2c:82:
d6:90:68:94:4a:8a:ba:f1:69:a9:d3:f3:5b:0e:4d:90:3b:21:
2b:10:bd:38:19:72:32:c8:e0:8b:c2:9f:90:72:6c:03:30:29:
ac:92:5e:35:61:84:60:80:7f:fb:21:a2:7f:14:c2:01:dd:23:
ba:62:99:f3:e7:cf:e4:cb:17:25:89:33:20:57:24:00:fb:59:
a7:02:03:86:54:86:c7:2d:53:41:2d:95:32:d7:6f:e0:28:e2:
f9:02:eb:83:ca:76:eb:35:6f:b5:14:ce:4e:7d:8b:d5:39:93:
fe:7b:ff:63:36:df:c3:f4:93:e0:fc:42:0c:f8:79:16:9a:49:
b7:af:63:3c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYJLwqNore3ePvrpOYDn2h+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZjVjYjJmNTkwZDA0MTY1NGY0ZGZkYjYwYTI4ZjlhMTU0
NGY0NDQwHhcNMjIwNzI5MjEwMDIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjNhMDlkOTdhMTdjMmYzMTQ0OWIxMzFmMjE5NWIyYWIzYzhjMDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fOM0l2BbPXrH2ksfgqpqS7lDnGJ
GS+OypG7Wr6ogmQ99lcnG6Z8EFfOKx24PRKd6OmNG3UROhyQyZxGjkB89+No32h3
uxR8hpHuEN7NVZaLujAE5I43HaNf15RX4IZFa+rElDfjLKwUWT6idHfGrgQRUHcI
CkU1B1ZpNa/dY9ZijF00u0gh/IpFYP44BKnLtMFBnFeQlnDa6qtbfVIuszAXojvt
vUv0ymr7i4FMcI6iPWc3MPute/6WTC0VtAI6wnGUaDf1CFzIelPZ4MAsyA9yDMJH
MiqG3+ylVBTk62G5Wo/1tfvADD+yqAHWIUIAzPse7M0nAkEkxjE+yuzmYQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFAY6Cdl6F8LzFEmxMfIZWyqzyMAkMB8GA1UdIwQY
MBaAFA71yy9ZDQQWVPTf22Cij5oVRPREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmIt
ZWU0MzVkM2NkNTg1LzEvQmpvSjJYb1h3dk1VU2JFeDhobGJLclBJd0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8yMjZmMDQtZjdkYi00OTFhLWJhZmItZWU0MzVkM2NkNTg1
LzEvRHZYTEwxa05CQlpVOU5fYllLS1BtaFZFOUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCBT08AwQC
LYjEAwQDsGFAAwQBuVeUAwQAwzarMA0GCSqGSIb3DQEBCwUAA4IBAQBU1lux1eCv
4fNC3q/rKvsYxwef6IWb4egL93A0uxufx+UR24ZlmtC3+cuHT/n0zU7GKnkzcVlF
XRQn+w/r1Mc3/bZIGOIo7MWHAxdEwK3sWplhhuyknd73MwqCHkt1TaYBAOWNOTcK
Ho36ryvxUyKj9D4o17esy7DeFRiYLILWkGiUSoq68Wmp0/NbDk2QOyErEL04GXIy
yOCLwp+QcmwDMCmskl41YYRggH/7IaJ/FMIB3SO6Ypnz58/kyxcliTMgVyQA+1mn
AgOGVIbHLVNBLZUy12/gKOL5AuuDynbrNW+1FM5OfYvVOZP+e/9jNt/D9JPg/EIM
+HkWmkm3r2M8
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:58:57 2023 by rpki-client on console-fra.rpki-client.org