Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/901839-0ef2-40ec-99b3-43cc5b46d5b2/1/duJhX2JfJxfyIZS2YhWvpCfVj_8.roa
File: duJhX2JfJxfyIZS2YhWvpCfVj_8.roa (raw, json)
Hash identifier: zJc+rwRvSUwSS8xAgeblbzLqtzZ4Zk39CyGeLz/ogGI=
Subject key identifier: 76:E2:61:5F:62:5F:27:17:F2:21:94:B6:62:15:AF:A4:27:D5:8F:FF
Certificate issuer: /CN=a5d08b3150ad34de2b88592174192408396f11fb
Certificate serial: 01857227D87282775DD10C30E112B9C13059
Authority key identifier: A5:D0:8B:31:50:AD:34:DE:2B:88:59:21:74:19:24:08:39:6F:11:FB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pdCLMVCtNN4riFkhdBkkCDlvEfs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/901839-0ef2-40ec-99b3-43cc5b46d5b2/1/duJhX2JfJxfyIZS2YhWvpCfVj_8.roa
Signing time: Mon 02 Jan 2023 11:04:51 +0000
ROA not before: Mon 02 Jan 2023 11:04:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12414
IP address blocks: 83.247.0.0/17 maxlen: 24
212.84.128.0/19 maxlen: 24
81.24.96.0/20 maxlen: 24
87.195.0.0/16 maxlen: 24
212.45.32.0/19 maxlen: 24
213.233.192.0/18 maxlen: 24
213.134.224.0/19 maxlen: 24
185.83.32.0/22 maxlen: 24
2001:9e0::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:27:d8:72:82:77:5d:d1:0c:30:e1:12:b9:c1:30:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5d08b3150ad34de2b88592174192408396f11fb
Validity
Not Before: Jan 2 11:04:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=76e2615f625f2717f22194b66215afa427d58fff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:7b:6b:84:64:32:90:89:c5:65:03:06:cc:00:
11:7f:5b:6e:14:b1:b7:91:e4:2f:76:75:b4:0f:98:
d4:55:13:04:83:4d:58:f9:18:a1:e1:a5:f4:3e:a5:
32:37:9f:b0:fc:2a:dd:f0:7a:d2:ee:df:a8:6c:8d:
06:42:92:32:26:39:6f:e7:93:44:de:ea:a4:e5:97:
62:f7:ed:c8:42:c3:76:c7:0c:df:c2:81:0e:47:29:
b2:83:91:af:d6:1c:8f:fc:0c:fa:7c:1d:fe:34:9f:
f7:47:b4:a7:cf:38:d5:21:d7:94:53:ef:43:c1:bc:
6f:07:27:7f:b6:32:18:06:c8:30:92:e4:c9:29:6c:
0b:fa:1f:f2:67:18:08:18:2e:94:33:26:6a:f4:4f:
de:10:f4:b5:a3:8a:6a:e5:0b:b8:d1:4a:bc:3e:c3:
b7:9d:62:83:9c:6a:cf:81:c6:40:cf:52:aa:34:94:
8b:62:11:d4:2e:31:ee:83:36:13:a2:a7:0a:6c:b1:
ea:fd:2b:25:a3:1d:63:26:83:4f:ab:c8:2d:e1:43:
cb:17:fb:b2:65:32:d9:c1:cc:1a:1b:0b:1c:74:59:
38:9b:e9:12:47:4f:69:dc:20:71:0d:8e:6b:61:94:
35:1a:c5:dd:e5:ff:ce:9d:93:8c:7b:5b:62:b1:57:
da:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:E2:61:5F:62:5F:27:17:F2:21:94:B6:62:15:AF:A4:27:D5:8F:FF
X509v3 Authority Key Identifier:
keyid:A5:D0:8B:31:50:AD:34:DE:2B:88:59:21:74:19:24:08:39:6F:11:FB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pdCLMVCtNN4riFkhdBkkCDlvEfs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/901839-0ef2-40ec-99b3-43cc5b46d5b2/1/duJhX2JfJxfyIZS2YhWvpCfVj_8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/901839-0ef2-40ec-99b3-43cc5b46d5b2/1/pdCLMVCtNN4riFkhdBkkCDlvEfs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.24.96.0/20
83.247.0.0/17
87.195.0.0/16
185.83.32.0/22
212.45.32.0/19
212.84.128.0/19
213.134.224.0/19
213.233.192.0/18
IPv6:
2001:9e0::/29
Signature Algorithm: sha256WithRSAEncryption
a1:5b:8e:2d:2d:90:f0:e8:e1:b2:dd:d9:dc:b3:41:3f:24:99:
7a:5c:ac:5c:9c:e1:f6:b2:61:04:bf:1d:55:38:c6:67:e2:a7:
2f:62:37:c9:ce:55:c0:e7:84:7c:9d:0d:9b:68:83:68:6c:e4:
b9:b6:fa:70:1a:92:7a:dd:f5:4b:13:23:4c:35:fd:bc:38:2e:
0b:38:fc:c4:a9:67:33:60:56:7b:31:48:39:c9:90:a4:0a:c5:
22:a3:bb:0c:42:7c:95:0b:be:6e:2e:76:a4:83:5e:d8:c3:75:
85:78:be:70:b9:3d:8c:2b:3e:2c:62:a8:15:74:6b:47:47:d9:
4f:c1:9e:7e:16:10:85:ce:e9:3e:a3:bd:13:cc:d0:1d:63:a9:
a5:f8:58:55:02:e2:1f:31:5a:f4:5e:c4:cc:7c:b1:cd:10:fe:
b3:26:f5:75:07:8e:bc:6a:ea:f3:47:64:7b:51:8c:c6:3e:5c:
7b:0b:71:47:1a:cb:cd:0b:a9:df:aa:70:72:5b:e9:2e:e8:6f:
b1:e4:33:80:11:23:b5:46:f5:84:04:cf:dd:50:f8:5b:95:0c:
4b:ca:7f:8b:30:fb:9e:08:b7:e5:b5:e5:49:7e:ab:cf:e1:be:
79:43:75:c6:22:47:33:6d:78:63:35:21:0d:37:41:02:f6:a2:
82:ac:a6:99
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYVyJ9hygndd0Qww4RK5wTBZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1ZDA4YjMxNTBhZDM0ZGUyYjg4NTkyMTc0MTkyNDA4Mzk2
ZjExZmIwHhcNMjMwMTAyMTEwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmUyNjE1ZjYyNWYyNzE3ZjIyMTk0YjY2MjE1YWZhNDI3ZDU4ZmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ntrhGQykInFZQMGzAARf1tuFLG3
keQvdnW0D5jUVRMEg01Y+Rih4aX0PqUyN5+w/Crd8HrS7t+obI0GQpIyJjlv55NE
3uqk5Zdi9+3IQsN2xwzfwoEORymyg5Gv1hyP/Az6fB3+NJ/3R7SnzzjVIdeUU+9D
wbxvByd/tjIYBsgwkuTJKWwL+h/yZxgIGC6UMyZq9E/eEPS1o4pq5Qu40Uq8PsO3
nWKDnGrPgcZAz1KqNJSLYhHULjHugzYToqcKbLHq/Sslox1jJoNPq8gt4UPLF/uy
ZTLZwcwaGwscdFk4m+kSR09p3CBxDY5rYZQ1GsXd5f/OnZOMe1tisVfa/QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFHbiYV9iXycX8iGUtmIVr6Qn1Y//MB8GA1UdIwQY
MBaAFKXQizFQrTTeK4hZIXQZJAg5bxH7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGRDTE1WQ3ROTjRyaUZraGRCa2tDRGx2RWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85MDE4MzktMGVmMi00MGVjLTk5YjMt
NDNjYzViNDZkNWIyLzEvZHVKaFgySmZKeGZ5SVpTMlloV3ZwQ2ZWal84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85MDE4MzktMGVmMi00MGVjLTk5YjMtNDNjYzViNDZkNWIy
LzEvcGRDTE1WQ3ROTjRyaUZraGRCa2tDRGx2RWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjA1BAIAATAvAwQEURhgAwQH
U/cAAwMAV8MDBAK5UyADBAXULSADBAXUVIADBAXVhuADBAbV6cAwDQQCAAIwBwMF
AyABCeAwDQYJKoZIhvcNAQELBQADggEBAKFbji0tkPDo4bLd2dyzQT8kmXpcrFyc
4fayYQS/HVU4xmfipy9iN8nOVcDnhHydDZtog2hs5Lm2+nAaknrd9UsTI0w1/bw4
Lgs4/MSpZzNgVnsxSDnJkKQKxSKjuwxCfJULvm4udqSDXtjDdYV4vnC5PYwrPixi
qBV0a0dH2U/Bnn4WEIXO6T6jvRPM0B1jqaX4WFUC4h8xWvRexMx8sc0Q/rMm9XUH
jrxq6vNHZHtRjMY+XHsLcUcay80Lqd+qcHJb6S7ob7HkM4ARI7VG9YQEz91Q+FuV
DEvKf4sw+54It+W15Ul+q8/hvnlDdcYiRzNteGM1IQ03QQL2ooKsppk=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:13:47 2025 by rpki-client