Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/3qtz9rV4M4740TfwnvX4_NTuHzg.roa
File: 3qtz9rV4M4740TfwnvX4_NTuHzg.roa (raw, json)
Hash identifier: 32xm5OgB+GZitGj7JHfSei/31yVA/sm79AhD/ZUvXH0=
Subject key identifier: DE:AB:73:F6:B5:78:33:8E:F8:D1:37:F0:9E:F5:F8:FC:D4:EE:1F:38
Certificate issuer: /CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
Certificate serial: 37C83E92
Authority key identifier: BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/3qtz9rV4M4740TfwnvX4_NTuHzg.roa
Signing time: Sat 01 Jan 2022 10:58:23 +0000
ROA not before: Sat 01 Jan 2022 10:58:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50596
IP address blocks: 188.68.8.0/21 maxlen: 21
46.254.160.0/21 maxlen: 21
37.75.200.0/21 maxlen: 21
185.8.220.0/22 maxlen: 22
93.179.104.0/21 maxlen: 21
188.68.168.0/21 maxlen: 21
109.201.96.0/21 maxlen: 21
188.68.192.0/21 maxlen: 21
178.57.208.0/21 maxlen: 21
109.201.104.0/21 maxlen: 21
109.201.112.0/20 maxlen: 20
2a03:3cc0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 935870098 (0x37c83e92)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ba0e1264e07b3708bcb9db5a14e7cc9270863958
Validity
Not Before: Jan 1 10:58:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=deab73f6b578338ef8d137f09ef5f8fcd4ee1f38
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:98:0f:88:12:66:c7:85:15:f0:22:48:bc:de:
7e:a5:62:77:c8:31:14:72:cb:12:df:5f:77:14:13:
fb:53:75:8b:5b:54:54:d6:d0:fa:65:70:e6:23:ce:
85:12:7a:ed:02:2a:d8:e0:33:91:a7:97:c7:fd:fd:
d3:77:c3:48:d9:71:d4:82:2c:8b:31:55:fa:b4:e7:
7a:ab:8e:26:22:9b:53:75:be:7e:5a:75:a9:43:fd:
5e:b2:aa:91:3f:6e:19:e0:0a:f3:34:4f:76:ab:b9:
b8:f6:dd:d9:1c:a5:84:1c:de:83:63:cb:02:76:62:
cd:63:2d:4a:f2:9d:6f:0a:83:82:8c:c0:a0:4d:88:
c9:69:16:fd:1e:93:13:9c:9a:20:3d:26:49:56:02:
9e:3a:8c:71:ce:a5:00:0c:85:9b:3a:5c:7c:0c:d4:
aa:ef:df:a8:9c:de:8c:06:12:e2:22:9f:8a:25:c4:
2c:7e:98:e2:c9:46:fe:0f:7d:92:a7:9b:18:57:a5:
cb:35:2c:c6:08:c7:a4:0e:60:dc:27:1b:d2:7c:f8:
62:7e:83:df:43:0c:8e:44:e2:3c:a7:ef:eb:51:93:
65:aa:15:b7:14:bb:2c:aa:1d:2c:5c:35:33:4c:ec:
80:db:10:87:ab:70:aa:a0:1a:26:e6:bc:dc:75:cd:
b0:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:AB:73:F6:B5:78:33:8E:F8:D1:37:F0:9E:F5:F8:FC:D4:EE:1F:38
X509v3 Authority Key Identifier:
keyid:BA:0E:12:64:E0:7B:37:08:BC:B9:DB:5A:14:E7:CC:92:70:86:39:58
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ug4SZOB7Nwi8udtaFOfMknCGOVg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/3qtz9rV4M4740TfwnvX4_NTuHzg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/64c2fa-df54-47ff-a8c9-bfe0ccb79fcc/1/ug4SZOB7Nwi8udtaFOfMknCGOVg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.75.200.0/21
46.254.160.0/21
93.179.104.0/21
109.201.96.0/19
178.57.208.0/21
185.8.220.0/22
188.68.8.0/21
188.68.168.0/21
188.68.192.0/21
IPv6:
2a03:3cc0::/29
Signature Algorithm: sha256WithRSAEncryption
68:64:5e:f6:29:bd:cd:68:fd:3e:68:62:4b:18:da:1b:6b:2e:
5d:a6:fb:86:68:72:9d:0c:df:a3:fe:08:8f:ce:f6:58:2a:cb:
e6:b0:45:2d:94:18:26:5c:86:63:6b:1f:78:cb:b4:d5:37:0a:
b0:d3:da:cb:54:03:09:f2:91:0e:2e:4a:27:50:48:27:cd:78:
38:ce:30:eb:28:08:d2:8a:9c:9d:45:5e:69:50:97:a5:7e:9d:
80:93:3e:ca:d3:06:e4:c9:69:7a:a2:4a:bf:79:f1:8f:c9:69:
6c:d4:1c:c5:42:5e:f1:af:53:e2:46:52:ab:cd:04:1a:00:6b:
5b:9b:e0:90:15:0e:6b:da:23:69:f9:a1:f9:00:8c:64:95:00:
a1:24:83:e3:40:07:ac:cd:b7:38:b3:71:9a:3d:c8:b0:70:45:
25:bb:da:83:2e:60:2b:ff:93:f4:de:d3:1d:b6:ae:f6:73:1a:
82:99:02:b9:a8:9f:68:ea:ce:df:eb:54:94:88:90:4a:9a:6a:
67:6f:18:b9:b9:f2:33:20:ec:ca:87:af:b5:11:67:e7:2e:ab:
c4:de:2f:0f:dd:b5:40:18:8a:a3:4a:47:eb:52:d0:16:2b:98:
91:ab:25:b1:f1:69:c3:c2:6c:7a:ec:f3:8f:7a:f8:a1:d3:a1:
38:f4:c7:a6
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIEN8g+kjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
YTBlMTI2NGUwN2IzNzA4YmNiOWRiNWExNGU3Y2M5MjcwODYzOTU4MB4XDTIyMDEw
MTEwNTgyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGVhYjczZjZiNTc4
MzM4ZWY4ZDEzN2YwOWVmNWY4ZmNkNGVlMWYzODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANmYD4gSZseFFfAiSLzefqVid8gxFHLLEt9fdxQT+1N1i1tU
VNbQ+mVw5iPOhRJ67QIq2OAzkaeXx/3903fDSNlx1IIsizFV+rTnequOJiKbU3W+
flp1qUP9XrKqkT9uGeAK8zRPdqu5uPbd2RylhBzeg2PLAnZizWMtSvKdbwqDgozA
oE2IyWkW/R6TE5yaID0mSVYCnjqMcc6lAAyFmzpcfAzUqu/fqJzejAYS4iKfiiXE
LH6Y4slG/g99kqebGFelyzUsxgjHpA5g3Ccb0nz4Yn6D30MMjkTiPKfv61GTZaoV
txS7LKodLFw1M0zsgNsQh6twqqAaJua83HXNsAcCAwEAAaOCAkgwggJEMB0GA1Ud
DgQWBBTeq3P2tXgzjvjRN/Ce9fj81O4fODAfBgNVHSMEGDAWgBS6DhJk4Hs3CLy5
21oU58yScIY5WDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3VnNFNaT0I3TndpOHVkdGFGT2ZNa25DR09WZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYWEvNjRjMmZhLWRmNTQtNDdmZi1hOGM5LWJmZTBjY2I3OWZjYy8x
LzNxdHo5clY0TTQ3NDBUZndudlg0X05UdUh6Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWEv
NjRjMmZhLWRmNTQtNDdmZi1hOGM5LWJmZTBjY2I3OWZjYy8xL3VnNFNaT0I3Tndp
OHVkdGFGT2ZNa25DR09WZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBe
BggrBgEFBQcBBwEB/wRPME0wPAQCAAEwNgMEAyVLyAMEAy7+oAMEA12zaAMEBW3J
YAMEA7I50AMEArkI3AMEA7xECAMEA7xEqAMEA7xEwDANBAIAAjAHAwUDKgM8wDAN
BgkqhkiG9w0BAQsFAAOCAQEAaGRe9im9zWj9PmhiSxjaG2suXab7hmhynQzfo/4I
j872WCrL5rBFLZQYJlyGY2sfeMu01TcKsNPay1QDCfKRDi5KJ1BIJ814OM4w6ygI
0oqcnUVeaVCXpX6dgJM+ytMG5MlpeqJKv3nxj8lpbNQcxUJe8a9T4kZSq80EGgBr
W5vgkBUOa9ojafmh+QCMZJUAoSSD40AHrM23OLNxmj3IsHBFJbvagy5gK/+T9N7T
Hbau9nMagpkCuaifaOrO3+tUlIiQSppqZ28YubnyMyDsyoevtRFn5y6rxN4vD921
QBiKo0pH61LQFiuYkaslsfFpw8Jseuzzj3r4odOhOPTHpg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:39 2024 by rpki-client on console-ams.rpki-client.org