Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/3ZBN39D8bbyS7Z8ZObqm4ijZo7I.roa
File: 3ZBN39D8bbyS7Z8ZObqm4ijZo7I.roa (raw, json)
Hash identifier: AjIoyLT44ZaT/YH3zbLvuSWSEKVSXAkkJqrPA9vp6ZQ=
Subject key identifier: DD:90:4D:DF:D0:FC:6D:BC:92:ED:9F:19:39:BA:A6:E2:28:D9:A3:B2
Certificate issuer: /CN=480b4e6530f58db338e41d434e5c248eb8b49eb5
Certificate serial: 01856FF058FA279D0A90987FCE67784BCAA8
Authority key identifier: 48:0B:4E:65:30:F5:8D:B3:38:E4:1D:43:4E:5C:24:8E:B8:B4:9E:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/3ZBN39D8bbyS7Z8ZObqm4ijZo7I.roa
Signing time: Mon 02 Jan 2023 00:45:00 +0000
ROA not before: Mon 02 Jan 2023 00:45:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44628
IP address blocks: 91.211.176.0/24 maxlen: 24
91.211.178.0/24 maxlen: 24
91.211.179.0/24 maxlen: 24
91.237.232.0/24 maxlen: 24
195.42.136.0/23 maxlen: 23
91.237.233.0/24 maxlen: 24
91.237.234.0/24 maxlen: 24
91.237.235.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:f0:58:fa:27:9d:0a:90:98:7f:ce:67:78:4b:ca:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=480b4e6530f58db338e41d434e5c248eb8b49eb5
Validity
Not Before: Jan 2 00:45:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd904ddfd0fc6dbc92ed9f1939baa6e228d9a3b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:bc:9f:57:02:12:2b:d2:4c:ea:41:e0:c7:ee:
c1:ea:8c:f2:38:33:10:79:fc:21:dd:4d:37:3c:4b:
92:c1:1e:24:36:5a:60:f3:52:87:88:f7:76:df:aa:
93:e1:de:82:e9:3e:a2:9f:20:a5:16:da:8d:82:24:
b0:58:33:b2:5f:71:ad:a3:e0:cd:e1:62:ab:4e:11:
57:28:b7:17:98:7f:f9:c8:4c:00:d0:34:f7:49:09:
eb:b3:dc:d1:57:ca:9e:55:e1:b5:27:ed:64:58:26:
56:ac:98:a9:63:b3:bd:57:32:96:c3:3c:16:35:a6:
42:a6:8d:c4:7f:85:9e:e1:4a:79:78:28:da:f2:35:
c2:ba:10:64:7a:ab:e8:9b:33:98:a7:b6:f4:18:f9:
5d:1e:a2:04:4a:ad:be:fa:e5:52:e7:ef:35:b8:85:
9e:02:ce:86:8b:d0:e7:2e:7f:f9:f8:db:48:59:ff:
fc:02:3c:b2:93:f0:2b:3c:dd:a0:1a:cb:ee:14:0c:
2f:8b:f8:c5:f7:d8:d0:85:8c:b3:7f:19:2d:e7:85:
70:64:ea:bd:4e:33:aa:05:9d:02:0b:ae:63:6d:0c:
a9:01:0d:07:93:7c:00:32:76:76:9a:0a:4c:54:3d:
37:89:92:40:1b:92:e3:6d:56:29:a4:ea:45:aa:9a:
14:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:90:4D:DF:D0:FC:6D:BC:92:ED:9F:19:39:BA:A6:E2:28:D9:A3:B2
X509v3 Authority Key Identifier:
keyid:48:0B:4E:65:30:F5:8D:B3:38:E4:1D:43:4E:5C:24:8E:B8:B4:9E:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAtOZTD1jbM45B1DTlwkjri0nrU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/3ZBN39D8bbyS7Z8ZObqm4ijZo7I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/2a72ee-ec1f-40c6-ad9d-5a4df896fc3e/1/SAtOZTD1jbM45B1DTlwkjri0nrU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.211.176.0/24
91.211.178.0/23
91.237.232.0/22
195.42.136.0/23
Signature Algorithm: sha256WithRSAEncryption
6b:8d:9a:51:d2:fd:0d:d3:b7:68:5d:c7:92:ab:a3:ee:81:1c:
59:70:1b:b5:a9:53:a3:f8:63:2c:8d:cb:62:9c:6e:0d:cd:d4:
42:78:7c:58:bf:6e:1c:a0:b4:c7:a2:9a:92:fd:58:f0:57:89:
ee:69:d7:c9:8b:8b:bf:2a:d0:46:df:bb:96:d0:c4:78:23:b3:
49:f2:12:26:9b:9d:0b:bf:2c:03:3f:f4:7b:2d:4c:25:27:4e:
16:1e:9f:c5:f5:1e:44:54:fc:fe:27:f3:b3:e9:75:24:4d:bc:
02:9e:2e:14:75:55:3e:20:c2:92:cb:04:d8:95:82:3a:88:96:
84:16:3d:ff:4b:1c:90:3d:be:3a:f6:ff:4d:65:12:73:16:62:
4a:83:cf:67:e8:19:93:af:3c:ec:fb:60:a2:5f:90:f3:4a:12:
ce:5b:19:df:83:95:91:5f:a6:c3:ef:9d:8c:4b:2b:f1:55:a3:
a3:99:45:07:38:da:76:59:51:ec:ca:a3:91:1c:66:58:1c:5e:
51:92:2d:45:eb:cd:ab:0f:4b:e9:fb:4d:92:0f:a1:02:40:2f:
c3:5a:61:76:6d:0a:f4:c2:3f:9d:92:17:b8:7b:2c:58:a4:25:
e7:b2:cf:64:3a:56:7e:5e:c7:60:57:80:c8:0e:6c:ed:18:7a:
f0:13:50:05
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVv8Fj6J50KkJh/zmd4S8qoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MGI0ZTY1MzBmNThkYjMzOGU0MWQ0MzRlNWMyNDhlYjhi
NDllYjUwHhcNMjMwMTAyMDA0NTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDkwNGRkZmQwZmM2ZGJjOTJlZDlmMTkzOWJhYTZlMjI4ZDlhM2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjryfVwISK9JM6kHgx+7B6ozyODMQ
efwh3U03PEuSwR4kNlpg81KHiPd236qT4d6C6T6inyClFtqNgiSwWDOyX3Gto+DN
4WKrThFXKLcXmH/5yEwA0DT3SQnrs9zRV8qeVeG1J+1kWCZWrJipY7O9VzKWwzwW
NaZCpo3Ef4We4Up5eCja8jXCuhBkeqvomzOYp7b0GPldHqIESq2++uVS5+81uIWe
As6Gi9DnLn/5+NtIWf/8Ajyyk/ArPN2gGsvuFAwvi/jF99jQhYyzfxkt54VwZOq9
TjOqBZ0CC65jbQypAQ0Hk3wAMnZ2mgpMVD03iZJAG5LjbVYppOpFqpoUHwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFN2QTd/Q/G28ku2fGTm6puIo2aOyMB8GA1UdIwQY
MBaAFEgLTmUw9Y2zOOQdQ05cJI64tJ61MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0F0T1pURDFqYk00NUIxRFRsd2tqcmkwbnJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi8yYTcyZWUtZWMxZi00MGM2LWFkOWQt
NWE0ZGY4OTZmYzNlLzEvM1pCTjM5RDhiYnlTN1o4Wk9icW00aWpabzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi8yYTcyZWUtZWMxZi00MGM2LWFkOWQtNWE0ZGY4OTZmYzNl
LzEvU0F0T1pURDFqYk00NUIxRFRsd2tqcmkwbnJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW9OwAwQB
W9OyAwQCW+3oAwQBwyqIMA0GCSqGSIb3DQEBCwUAA4IBAQBrjZpR0v0N07doXceS
q6PugRxZcBu1qVOj+GMsjctinG4NzdRCeHxYv24coLTHopqS/VjwV4nuadfJi4u/
KtBG37uW0MR4I7NJ8hImm50LvywDP/R7LUwlJ04WHp/F9R5EVPz+J/Oz6XUkTbwC
ni4UdVU+IMKSywTYlYI6iJaEFj3/SxyQPb469v9NZRJzFmJKg89n6BmTrzzs+2Ci
X5DzShLOWxnfg5WRX6bD752MSyvxVaOjmUUHONp2WVHsyqORHGZYHF5Rki1F682r
D0vp+02SD6ECQC/DWmF2bQr0wj+dkhe4eyxYpCXnss9kOlZ+XsdgV4DIDmztGHrw
E1AF
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:36:00 2025 by rpki-client