Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/iDftFtyxraYJ7Yc87qNcMIiHaew.roa
File: iDftFtyxraYJ7Yc87qNcMIiHaew.roa (raw, json)
Hash identifier: Dg+v6GeuhzaKy9TVQ+WKp53ngZcNMx1bYZWE9EFprnk=
Subject key identifier: 88:37:ED:16:DC:B1:AD:A6:09:ED:87:3C:EE:A3:5C:30:88:87:69:EC
Certificate issuer: /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial: 01856DC19A367DAF99BFD9FCAB6CAD4AC3A1
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/iDftFtyxraYJ7Yc87qNcMIiHaew.roa
Signing time: Sun 01 Jan 2023 14:34:42 +0000
ROA not before: Sun 01 Jan 2023 14:34:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197343
IP address blocks: 5.57.32.0/21 maxlen: 24
185.215.230.0/24 maxlen: 24
185.212.48.0/24 maxlen: 24
185.212.49.0/24 maxlen: 24
178.239.150.0/24 maxlen: 24
178.239.156.0/23 maxlen: 23
178.239.156.0/22 maxlen: 22
5.56.128.0/22 maxlen: 22
37.32.42.0/24 maxlen: 24
37.32.41.0/24 maxlen: 24
37.32.40.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:9a:36:7d:af:99:bf:d9:fc:ab:6c:ad:4a:c3:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Validity
Not Before: Jan 1 14:34:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8837ed16dcb1ada609ed873ceea35c30888769ec
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:53:a1:0d:eb:3b:9f:d6:f1:42:af:8f:73:74:
bb:49:98:21:52:1f:38:9a:a0:be:52:cc:59:75:e8:
a6:db:03:4b:ff:83:ef:d1:db:95:c8:19:80:c9:7f:
98:46:18:80:51:1f:4c:6e:ad:34:2b:65:f5:17:9f:
44:94:d1:7c:76:c4:ed:13:7c:40:55:a2:8d:e0:4c:
27:f4:57:4d:81:db:9a:e3:b6:44:fb:60:24:15:b7:
f6:f4:c9:c3:ab:ec:19:49:ba:62:52:bb:1f:fc:fa:
cb:ee:f8:16:9f:dd:fb:df:62:07:1b:01:36:1c:ec:
2d:08:5f:ef:b9:5c:72:25:4c:45:e1:40:a1:6c:28:
f1:3d:76:7b:64:75:8a:a6:47:e8:cd:b3:a4:2f:31:
cb:5d:ea:08:bc:84:c8:21:f8:7f:6e:a2:2c:af:d3:
bd:ec:de:1f:a1:8f:1f:54:ed:26:1d:f9:af:99:41:
ba:97:38:fe:84:1e:a9:2a:f8:87:ea:8f:49:fd:f0:
ad:1f:45:bb:54:f1:7f:a3:84:86:29:68:a4:80:c6:
17:72:c9:55:31:e3:30:8d:ec:04:80:a7:13:3b:7a:
62:df:90:95:4f:1d:25:51:a5:8e:00:5a:32:db:10:
b9:6d:d5:dc:ad:b1:6f:31:dd:99:57:c7:38:c5:2b:
e2:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:37:ED:16:DC:B1:AD:A6:09:ED:87:3C:EE:A3:5C:30:88:87:69:EC
X509v3 Authority Key Identifier:
keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/iDftFtyxraYJ7Yc87qNcMIiHaew.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.56.128.0/22
5.57.32.0/21
37.32.40.0/22
178.239.150.0/24
178.239.156.0/22
185.212.48.0/23
185.215.230.0/24
Signature Algorithm: sha256WithRSAEncryption
b4:e0:61:ae:b4:98:30:4d:cb:d1:cc:76:dd:61:d9:15:b8:20:
c5:9f:92:06:a5:57:b2:1e:51:c6:ac:29:fe:bc:0f:bd:cc:df:
e5:df:f1:81:8e:b1:da:9a:8d:a7:84:27:d8:51:a5:64:06:d2:
db:e1:9f:be:f3:61:06:73:c9:18:e7:89:17:c4:f4:8d:be:c1:
80:1b:db:4c:51:2c:74:05:16:42:bf:4f:76:04:a5:c3:1a:81:
cc:db:26:58:54:05:af:8c:72:80:4a:88:17:76:f3:33:43:0b:
4f:65:d6:59:7d:52:c3:41:ba:a1:ac:e2:d8:f5:21:ba:01:4e:
98:14:7d:17:76:c2:67:5e:66:a4:42:81:16:52:df:63:08:ff:
f1:10:e9:09:e5:f4:76:00:5b:36:1f:12:eb:78:e4:ac:f2:a6:
31:bd:72:a9:83:db:67:54:17:30:e7:39:ce:c1:f6:62:23:a1:
32:5e:cc:d6:a6:ed:4d:dc:a4:b6:65:d6:25:7d:a2:dd:b9:22:
c6:2b:95:d1:b1:b4:43:5c:9b:46:da:b0:b8:67:d7:12:06:ab:
80:8b:18:9a:2f:f3:b6:b5:90:fb:c0:18:be:f3:32:3a:0f:85:
0b:74:6f:d4:c0:d2:26:7f:92:db:49:f1:03:54:03:08:20:16:
fa:fb:c3:41
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVtwZo2fa+Zv9n8q2ytSsOhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjMwMTAxMTQzNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODM3ZWQxNmRjYjFhZGE2MDllZDg3M2NlZWEzNWMzMDg4ODc2OWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFOhDes7n9bxQq+Pc3S7SZghUh84
mqC+UsxZdeim2wNL/4Pv0duVyBmAyX+YRhiAUR9Mbq00K2X1F59ElNF8dsTtE3xA
VaKN4Ewn9FdNgdua47ZE+2AkFbf29MnDq+wZSbpiUrsf/PrL7vgWn93732IHGwE2
HOwtCF/vuVxyJUxF4UChbCjxPXZ7ZHWKpkfozbOkLzHLXeoIvITIIfh/bqIsr9O9
7N4foY8fVO0mHfmvmUG6lzj+hB6pKviH6o9J/fCtH0W7VPF/o4SGKWikgMYXcslV
MeMwjewEgKcTO3pi35CVTx0lUaWOAFoy2xC5bdXcrbFvMd2ZV8c4xSviowIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIg37Rbcsa2mCe2HPO6jXDCIh2nsMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvaURmdEZ0eXhyYVlKN1ljODdxTmNNSWlIYWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCBTiAAwQD
BTkgAwQCJSAoAwQAsu+WAwQCsu+cAwQBudQwAwQAudfmMA0GCSqGSIb3DQEBCwUA
A4IBAQC04GGutJgwTcvRzHbdYdkVuCDFn5IGpVeyHlHGrCn+vA+9zN/l3/GBjrHa
mo2nhCfYUaVkBtLb4Z++82EGc8kY54kXxPSNvsGAG9tMUSx0BRZCv092BKXDGoHM
2yZYVAWvjHKASogXdvMzQwtPZdZZfVLDQbqhrOLY9SG6AU6YFH0XdsJnXmakQoEW
Ut9jCP/xEOkJ5fR2AFs2HxLreOSs8qYxvXKpg9tnVBcw5znOwfZiI6EyXszWpu1N
3KS2ZdYlfaLduSLGK5XRsbRDXJtG2rC4Z9cSBquAixiaL/O2tZD7wBi+8zI6D4UL
dG/UwNImf5LbSfEDVAMIIBb6+8NB
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:30:07 2025 by rpki-client