Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KkXZCIYYTF9TQHRb8uOXwE81Wec.roa
File: KkXZCIYYTF9TQHRb8uOXwE81Wec.roa (raw, json)
Hash identifier: 8rgBwEw6JFkcQ1eD8GK6jjOeoS8jvJp6jKhlbeOQigI=
Subject key identifier: 2A:45:D9:08:86:18:4C:5F:53:40:74:5B:F2:E3:97:C0:4F:35:59:E7
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0182201464E0E1FD5475F17C66AA1E7B70D4
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KkXZCIYYTF9TQHRb8uOXwE81Wec.roa
Signing time: Thu 21 Jul 2022 09:26:23 +0000
ROA not before: Thu 21 Jul 2022 09:26:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 213035
IP address blocks: 185.121.122.0/23 maxlen: 24
185.121.121.0/24 maxlen: 24
185.239.243.0/24 maxlen: 24
220.158.196.0/22 maxlen: 24
45.144.226.0/24 maxlen: 24
62.197.138.0/23 maxlen: 24
193.239.164.0/23 maxlen: 24
62.197.137.0/24 maxlen: 24
62.197.140.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:20:14:64:e0:e1:fd:54:75:f1:7c:66:aa:1e:7b:70:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jul 21 09:26:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2a45d90886184c5f5340745bf2e397c04f3559e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:33:2a:6e:21:89:73:b6:2d:75:08:f7:c3:45:
03:f3:76:db:14:ce:4c:99:45:6a:e3:d0:6b:b9:f4:
66:7f:81:d8:19:73:a6:dd:1f:c8:c8:e4:eb:70:a7:
af:73:cf:c6:9b:eb:88:57:34:2e:db:80:f2:c4:7d:
10:11:04:e1:5c:36:d6:23:fb:50:b3:6f:8c:4a:f7:
7d:f8:90:31:57:aa:e2:07:98:61:78:8f:bc:a6:c3:
5c:fb:a3:0d:ce:9a:38:08:9b:9c:e9:92:f9:5d:a6:
3e:20:88:e0:fd:b3:7d:fc:fe:2e:63:59:bf:c3:77:
c0:a2:e9:c2:78:83:19:01:eb:ce:cc:fe:31:dc:35:
4f:26:ef:25:de:ba:54:cf:9e:17:87:cd:b2:cb:14:
3b:bf:4a:c1:52:1f:43:52:a6:c2:81:c5:a9:b1:2e:
ef:be:d8:99:d7:67:da:db:75:81:00:8d:b1:e9:14:
bd:49:ce:56:66:54:82:03:77:5d:fa:d8:e2:87:36:
f0:be:ab:39:36:3f:9f:5c:6d:28:98:f4:1e:1f:14:
d1:ad:40:a6:6b:bf:6a:f6:cd:c4:42:18:e5:b1:ea:
b9:c4:f6:c8:19:7c:13:c0:75:b1:bf:bd:45:74:d0:
92:12:18:f6:82:3f:2b:b2:5d:bb:30:00:2a:4e:aa:
ea:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:45:D9:08:86:18:4C:5F:53:40:74:5B:F2:E3:97:C0:4F:35:59:E7
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/KkXZCIYYTF9TQHRb8uOXwE81Wec.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.144.226.0/24
62.197.137.0-62.197.143.255
185.121.121.0-185.121.123.255
185.239.243.0/24
193.239.164.0/23
220.158.196.0/22
Signature Algorithm: sha256WithRSAEncryption
56:20:46:b7:07:10:9b:f1:3e:d5:e0:73:16:8f:aa:01:a0:59:
f3:17:28:7c:68:3d:49:bb:dd:39:3b:f1:e5:6c:16:f7:67:e5:
ad:ed:bd:3d:24:9c:73:1e:24:45:7a:91:de:97:b0:0e:fa:d3:
7c:94:0f:4d:12:78:ea:9b:40:b4:68:d1:c2:1f:49:ea:f0:50:
14:f9:70:d0:3b:0a:b0:11:d0:f8:dc:d7:21:b0:6c:80:75:b1:
4d:98:0f:7a:7e:8c:ed:d6:22:8e:7c:68:47:fd:52:bc:6e:52:
69:17:ad:e2:b4:e4:d4:52:9e:59:57:43:5a:a9:86:0b:64:f7:
5d:71:ee:f9:e1:54:1d:91:d3:a0:a9:4d:2d:c9:e7:bb:0b:ff:
9d:e1:bf:da:c1:dc:19:24:04:c4:f7:6b:99:06:a4:85:5c:57:
57:63:d9:38:21:98:c7:09:4a:36:bf:b4:df:2c:8a:9d:41:8e:
83:c3:78:49:d3:3e:f6:3d:00:b5:18:00:44:88:fa:75:64:59:
c4:df:b1:be:cf:39:18:24:bd:8b:d4:68:c5:4c:c5:e0:59:fc:
4d:13:55:32:b3:e6:d3:ad:50:51:9f:2e:dc:a0:25:96:6f:93:
5f:9c:b9:8d:ca:48:40:4b:c4:2a:52:12:27:d1:ce:0b:b7:25:
3c:78:a4:01
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYIgFGTg4f1UdfF8Zqoee3DUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjIwNzIxMDkyNjIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQ1ZDkwODg2MTg0YzVmNTM0MDc0NWJmMmUzOTdjMDRmMzU1OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTMqbiGJc7YtdQj3w0UD83bbFM5M
mUVq49BrufRmf4HYGXOm3R/IyOTrcKevc8/Gm+uIVzQu24DyxH0QEQThXDbWI/tQ
s2+MSvd9+JAxV6riB5hheI+8psNc+6MNzpo4CJuc6ZL5XaY+IIjg/bN9/P4uY1m/
w3fAounCeIMZAevOzP4x3DVPJu8l3rpUz54Xh82yyxQ7v0rBUh9DUqbCgcWpsS7v
vtiZ12fa23WBAI2x6RS9Sc5WZlSCA3dd+tjihzbwvqs5Nj+fXG0omPQeHxTRrUCm
a79q9s3EQhjlseq5xPbIGXwTwHWxv71FdNCSEhj2gj8rsl27MAAqTqrquwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFCpF2QiGGExfU0B0W/Ljl8BPNVnnMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvS2tYWkNJWVlURjlUUUhSYjh1T1h3RTgxV2VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAATA0AwQALZDiMAwD
BAA+xYkDBAQ+xYAwDAMEALl5eQMEArl5eAMEALnv8wMEAcHvpAMEAtyexDANBgkq
hkiG9w0BAQsFAAOCAQEAViBGtwcQm/E+1eBzFo+qAaBZ8xcofGg9SbvdOTvx5WwW
92flre29PSSccx4kRXqR3pewDvrTfJQPTRJ46ptAtGjRwh9J6vBQFPlw0DsKsBHQ
+NzXIbBsgHWxTZgPen6M7dYijnxoR/1SvG5SaRet4rTk1FKeWVdDWqmGC2T3XXHu
+eFUHZHToKlNLcnnuwv/neG/2sHcGSQExPdrmQakhVxXV2PZOCGYxwlKNr+03yyK
nUGOg8N4SdM+9j0AtRgARIj6dWRZxN+xvs85GCS9i9RoxUzF4Fn8TRNVMrPm061Q
UZ8u3KAllm+TX5y5jcpIQEvEKlISJ9HOC7clPHikAQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:54 2023 by rpki-client on console-ams.rpki-client.org