Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/oAu5zpy7l2YTKuASvFoBm3_fmqY.roa
File: oAu5zpy7l2YTKuASvFoBm3_fmqY.roa (raw, json)
Hash identifier: vJ+RFZl2xBT5s16vcb6raU+rKEAYierxElE1uI01k0A=
Subject key identifier: A0:0B:B9:CE:9C:BB:97:66:13:2A:E0:12:BC:5A:01:9B:7F:DF:9A:A6
Certificate issuer: /CN=435416b2282b4533c3509c18e957ce0c836bc837
Certificate serial: 018282CB0EF9F1D336AB220EAA0A5DC7AFB2
Authority key identifier: 43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/oAu5zpy7l2YTKuASvFoBm3_fmqY.roa
Signing time: Tue 09 Aug 2022 13:28:41 +0000
ROA not before: Tue 09 Aug 2022 13:28:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 207990
IP address blocks: 185.23.200.0/23 maxlen: 32
185.251.44.0/23 maxlen: 32
185.247.230.0/23 maxlen: 32
185.247.228.0/24 maxlen: 32
193.8.80.0/22 maxlen: 32
178.239.22.0/23 maxlen: 32
88.218.144.0/22 maxlen: 32
91.193.100.0/22 maxlen: 32
185.251.248.0/23 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:82:cb:0e:f9:f1:d3:36:ab:22:0e:aa:0a:5d:c7:af:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=435416b2282b4533c3509c18e957ce0c836bc837
Validity
Not Before: Aug 9 13:28:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a00bb9ce9cbb9766132ae012bc5a019b7fdf9aa6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:50:47:db:74:50:a8:fc:44:53:07:36:44:0b:
35:d9:13:a1:df:c0:79:6b:c2:42:2e:7d:58:23:f3:
fb:24:ff:f6:3e:b0:2b:a4:ba:63:57:e3:58:fa:a5:
93:2c:3e:81:1e:fd:b7:ef:13:48:ca:b1:19:1b:74:
47:c7:12:c1:c1:72:dc:23:94:8b:12:51:8c:2b:6d:
45:62:e3:b1:83:3d:d4:1d:1f:52:57:2a:f6:d6:ee:
7f:f5:ca:86:09:4b:a2:5b:ee:bd:1f:0d:e2:73:aa:
be:0a:db:9d:b4:32:1f:57:00:65:c9:b0:65:7e:15:
11:c2:85:5d:bb:98:c9:a1:3d:94:9d:87:2f:d7:a5:
44:0b:2c:c8:f5:ce:94:8d:76:f2:47:0b:71:13:84:
80:8d:5d:bf:84:4b:c6:9a:e4:bb:fa:71:cb:eb:c0:
d1:79:df:03:f9:0d:ec:2a:f0:70:2b:8a:0e:1f:58:
c7:8f:de:ca:5c:de:d3:7d:82:eb:9d:c9:7a:6a:e6:
f2:20:80:b7:cb:a6:4e:41:09:ad:ff:b5:c1:f7:26:
08:f5:77:f0:e2:bc:5a:3d:ba:23:72:cb:99:54:33:
46:97:e7:d6:81:89:83:f0:a9:2f:c8:68:d2:73:fa:
89:17:13:3f:56:7a:a1:62:88:7b:49:da:0e:81:46:
00:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:0B:B9:CE:9C:BB:97:66:13:2A:E0:12:BC:5A:01:9B:7F:DF:9A:A6
X509v3 Authority Key Identifier:
keyid:43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/oAu5zpy7l2YTKuASvFoBm3_fmqY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Q1QWsigrRTPDUJwY6VfODINryDc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.218.144.0/22
91.193.100.0/22
178.239.22.0/23
185.23.200.0/23
185.247.228.0/24
185.247.230.0/23
185.251.44.0/23
185.251.248.0/23
193.8.80.0/22
Signature Algorithm: sha256WithRSAEncryption
94:a7:bb:15:52:d0:f3:7f:ca:5a:a1:8c:66:2a:a1:1b:27:c9:
2b:1e:b1:69:ae:4c:ab:0b:ce:27:9b:c1:50:78:85:16:74:e3:
84:a6:55:43:12:5a:34:16:b0:1d:02:79:f5:bc:89:db:ce:1a:
03:ff:2e:dd:12:5a:ab:90:f9:14:50:78:6e:d9:3f:5f:f9:17:
7b:c5:1c:5d:e8:69:82:6d:cb:57:9c:a6:49:c1:0e:df:b2:6e:
b2:6a:36:11:e6:0c:0d:78:cc:e5:31:0c:4b:88:65:a9:e1:f5:
02:da:62:b6:38:67:ba:1e:b7:59:e2:2c:21:7c:69:53:9e:00:
9a:82:c6:3e:be:77:e2:a1:6a:b1:fb:2f:f8:50:0c:dc:af:ae:
58:f0:95:a6:48:34:86:ab:5c:6c:1c:d3:14:d6:a0:cc:24:f5:
7a:c3:61:7c:2d:2f:fe:73:e7:6c:d0:9b:d9:28:79:49:5a:63:
fe:bd:29:1c:c9:05:60:73:90:e4:92:62:5f:b4:29:96:f8:53:
1b:ef:b8:20:8c:0e:2d:66:a6:94:72:d3:25:b9:87:38:df:88:
91:3e:ba:fe:df:3c:e1:e2:5a:c5:f5:7c:72:d5:da:2b:2a:84:
ae:38:71:b3:ee:a2:80:64:3e:ee:0d:74:34:fb:0e:58:8e:7c:
2f:17:a7:0f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYKCyw758dM2qyIOqgpdx6+yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTQxNmIyMjgyYjQ1MzNjMzUwOWMxOGU5NTdjZTBjODM2
YmM4MzcwHhcNMjIwODA5MTMyODQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDBiYjljZTljYmI5NzY2MTMyYWUwMTJiYzVhMDE5YjdmZGY5YWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVBH23RQqPxEUwc2RAs12ROh38B5
a8JCLn1YI/P7JP/2PrArpLpjV+NY+qWTLD6BHv237xNIyrEZG3RHxxLBwXLcI5SL
ElGMK21FYuOxgz3UHR9SVyr21u5/9cqGCUuiW+69Hw3ic6q+CtudtDIfVwBlybBl
fhURwoVdu5jJoT2UnYcv16VECyzI9c6UjXbyRwtxE4SAjV2/hEvGmuS7+nHL68DR
ed8D+Q3sKvBwK4oOH1jHj97KXN7TfYLrncl6aubyIIC3y6ZOQQmt/7XB9yYI9Xfw
4rxaPbojcsuZVDNGl+fWgYmD8KkvyGjSc/qJFxM/VnqhYoh7SdoOgUYALwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKALuc6cu5dmEyrgErxaAZt/35qmMB8GA1UdIwQY
MBaAFENUFrIoK0Uzw1CcGOlXzgyDa8g3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQt
MjYyZWIzOWJiZTc2LzEvb0F1NXpweTdsMllUS3VBU3ZGb0JtM19mbXFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQtMjYyZWIzOWJiZTc2
LzEvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCWNqQAwQC
W8FkAwQBsu8WAwQBuRfIAwQAuffkAwQBuffmAwQBufssAwQBufv4AwQCwQhQMA0G
CSqGSIb3DQEBCwUAA4IBAQCUp7sVUtDzf8paoYxmKqEbJ8krHrFprkyrC84nm8FQ
eIUWdOOEplVDElo0FrAdAnn1vInbzhoD/y7dElqrkPkUUHhu2T9f+Rd7xRxd6GmC
bctXnKZJwQ7fsm6yajYR5gwNeMzlMQxLiGWp4fUC2mK2OGe6HrdZ4iwhfGlTngCa
gsY+vnfioWqx+y/4UAzcr65Y8JWmSDSGq1xsHNMU1qDMJPV6w2F8LS/+c+ds0JvZ
KHlJWmP+vSkcyQVgc5DkkmJftCmW+FMb77ggjA4tZqaUctMluYc434iRPrr+3zzh
4lrF9Xxy1dorKoSuOHGz7qKAZD7uDXQ0+w5YjnwvF6cP
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:32 2024 by rpki-client on console-fra.rpki-client.org