Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/9g2PyyfmvMRZwdLuLjAjzB5IwMQ.roa
File: 9g2PyyfmvMRZwdLuLjAjzB5IwMQ.roa (raw, json)
Hash identifier: I+52gCcI/Z2DgnSBzV1IUFBoMOSrXt712liFZisveGA=
Subject key identifier: F6:0D:8F:CB:27:E6:BC:C4:59:C1:D2:EE:2E:30:23:CC:1E:48:C0:C4
Certificate issuer: /CN=7d2ae80cde5cd769c8f144e6c266113bfaedec3e
Certificate serial: 0E6FB811
Authority key identifier: 7D:2A:E8:0C:DE:5C:D7:69:C8:F1:44:E6:C2:66:11:3B:FA:ED:EC:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fSroDN5c12nI8UTmwmYRO_rt7D4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/9g2PyyfmvMRZwdLuLjAjzB5IwMQ.roa
Signing time: Sat 01 Jan 2022 10:59:40 +0000
ROA not before: Sat 01 Jan 2022 10:59:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 205668
IP address blocks: 185.44.128.0/22 maxlen: 24
185.200.101.0/24 maxlen: 24
185.200.102.0/24 maxlen: 24
185.200.103.0/24 maxlen: 24
185.200.100.0/24 maxlen: 24
185.129.71.0/24 maxlen: 24
185.129.68.0/24 maxlen: 24
185.129.68.0/22 maxlen: 24
185.129.69.0/24 maxlen: 24
185.129.70.0/24 maxlen: 24
2a0a:aa40::/32 maxlen: 32
2a01:74e0::/32 maxlen: 32
2a0a:aa42::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 242202641 (0xe6fb811)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d2ae80cde5cd769c8f144e6c266113bfaedec3e
Validity
Not Before: Jan 1 10:59:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f60d8fcb27e6bcc459c1d2ee2e3023cc1e48c0c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:4f:9d:78:87:bb:78:85:5a:da:49:b4:62:d0:
6f:3b:cc:3b:81:52:79:e0:82:b4:73:0f:aa:51:fb:
84:9e:54:77:35:15:62:2b:ee:a1:e7:6f:4e:72:79:
ad:62:41:aa:3e:d4:a4:cf:5a:6e:2f:da:d3:99:3d:
7c:3b:a5:fa:9c:8d:2c:a6:1c:2a:30:95:d5:69:49:
95:0d:15:6d:79:08:17:d2:c0:4f:38:7b:b0:22:fd:
7b:18:c6:53:6a:da:62:fe:99:80:c8:d5:59:a7:b6:
98:ca:d5:e8:a3:4a:43:de:e1:be:8c:29:6f:11:39:
10:17:99:89:4d:11:36:57:8f:e8:97:56:24:f6:a6:
4f:2b:2f:c1:ad:0d:05:c9:17:69:5c:72:db:4b:4f:
17:9c:65:30:85:68:7e:c6:d2:63:09:23:f3:45:3f:
e4:1d:b4:e0:eb:37:4a:ca:d4:72:28:9d:0e:da:d7:
85:36:45:f9:8d:2c:3a:0b:59:48:c6:ec:d7:01:0e:
17:3a:39:8c:74:21:9a:b9:32:5e:b6:67:8a:af:3b:
16:a2:5b:80:37:b8:22:eb:69:2c:05:4a:36:ed:b4:
ba:28:6e:32:6a:fb:95:6b:61:e0:1c:2d:fb:35:58:
3f:cc:a2:0f:09:3a:0f:4f:45:45:bc:26:8b:72:29:
56:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:0D:8F:CB:27:E6:BC:C4:59:C1:D2:EE:2E:30:23:CC:1E:48:C0:C4
X509v3 Authority Key Identifier:
keyid:7D:2A:E8:0C:DE:5C:D7:69:C8:F1:44:E6:C2:66:11:3B:FA:ED:EC:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fSroDN5c12nI8UTmwmYRO_rt7D4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/9g2PyyfmvMRZwdLuLjAjzB5IwMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/a2ea51-87a6-4814-9b82-278cbb0b4e73/1/fSroDN5c12nI8UTmwmYRO_rt7D4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.44.128.0/22
185.129.68.0/22
185.200.100.0/22
IPv6:
2a01:74e0::/32
2a0a:aa40::/32
2a0a:aa42::/32
Signature Algorithm: sha256WithRSAEncryption
14:0b:b8:d1:cb:e3:2f:c0:08:30:3f:05:ca:61:60:ac:e6:58:
ef:c9:60:c0:ec:23:3c:fd:ff:2e:69:54:ae:bd:7c:e8:f2:1a:
e0:a7:e7:eb:43:3c:d7:c2:14:9f:47:e0:3b:57:fa:e0:87:6f:
76:df:53:a6:3a:bb:72:35:ea:bb:fa:e9:0f:07:11:56:f1:cc:
ae:bb:04:e2:f3:a1:4e:ed:0d:c9:c1:31:16:8d:0f:2a:77:31:
2d:61:26:0a:10:df:b0:1c:4c:2e:5f:cb:a2:84:cd:c3:8f:ef:
23:40:60:2c:90:f5:28:2e:02:ba:da:e6:aa:88:ef:a4:0e:c5:
d5:d7:3e:e4:4a:b6:71:e4:a7:bd:d5:01:76:6a:33:13:8d:91:
27:b9:15:31:6c:72:1d:84:57:c8:c1:5d:c7:1b:31:ca:70:d6:
7b:35:74:ea:1c:59:ee:cb:53:6f:14:cc:2e:7f:30:2b:fc:2f:
63:16:e7:48:76:b7:1b:c2:8a:4e:aa:70:e0:fe:12:a8:1b:7b:
ff:d9:85:7a:63:fd:ce:21:33:43:5e:2a:eb:cf:bb:ad:5b:69:
6e:e7:9d:ec:20:c7:b3:c4:05:94:95:72:9c:e3:9c:14:b9:c3:
a3:f3:bf:6f:19:8e:bf:a9:62:d3:0a:c5:bb:81:83:9f:41:4b:
11:12:10:fe
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEDm+4ETANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg3
ZDJhZTgwY2RlNWNkNzY5YzhmMTQ0ZTZjMjY2MTEzYmZhZWRlYzNlMB4XDTIyMDEw
MTEwNTk0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjYwZDhmY2IyN2U2
YmNjNDU5YzFkMmVlMmUzMDIzY2MxZTQ4YzBjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKtPnXiHu3iFWtpJtGLQbzvMO4FSeeCCtHMPqlH7hJ5UdzUV
YivuoedvTnJ5rWJBqj7UpM9abi/a05k9fDul+pyNLKYcKjCV1WlJlQ0VbXkIF9LA
Tzh7sCL9exjGU2raYv6ZgMjVWae2mMrV6KNKQ97hvowpbxE5EBeZiU0RNleP6JdW
JPamTysvwa0NBckXaVxy20tPF5xlMIVofsbSYwkj80U/5B204Os3SsrUciidDtrX
hTZF+Y0sOgtZSMbs1wEOFzo5jHQhmrkyXrZniq87FqJbgDe4IutpLAVKNu20uihu
Mmr7lWth4Bwt+zVYP8yiDwk6D09FRbwmi3IpVqkCAwEAAaOCAjIwggIuMB0GA1Ud
DgQWBBT2DY/LJ+a8xFnB0u4uMCPMHkjAxDAfBgNVHSMEGDAWgBR9KugM3lzXacjx
RObCZhE7+u3sPjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2ZTcm9ETjVjMTJuSThVVG13bVlST19ydDdENC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjUvYTJlYTUxLTg3YTYtNDgxNC05YjgyLTI3OGNiYjBiNGU3My8x
LzlnMlB5eWZtdk1SWndkTHVMakFqekI1SXdNUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjUv
YTJlYTUxLTg3YTYtNDgxNC05YjgyLTI3OGNiYjBiNGU3My8xL2ZTcm9ETjVjMTJu
SThVVG13bVlST19ydDdENC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBI
BggrBgEFBQcBBwEB/wQ5MDcwGAQCAAEwEgMEArksgAMEArmBRAMEArnIZDAbBAIA
AjAVAwUAKgF04AMFACoKqkADBQAqCqpCMA0GCSqGSIb3DQEBCwUAA4IBAQAUC7jR
y+MvwAgwPwXKYWCs5ljvyWDA7CM8/f8uaVSuvXzo8hrgp+frQzzXwhSfR+A7V/rg
h29231OmOrtyNeq7+ukPBxFW8cyuuwTi86FO7Q3JwTEWjQ8qdzEtYSYKEN+wHEwu
X8uihM3Dj+8jQGAskPUoLgK62uaqiO+kDsXV1z7kSrZx5Ke91QF2ajMTjZEnuRUx
bHIdhFfIwV3HGzHKcNZ7NXTqHFnuy1NvFMwufzAr/C9jFudIdrcbwopOqnDg/hKo
G3v/2YV6Y/3OITNDXirrz7utW2lu553sIMezxAWUlXKc45wUucOj879vGY6/qWLT
CsW7gYOfQUsREhD+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:50 2024 by rpki-client on console-ams.rpki-client.org