Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/zaH76Jo39zOaUOaTQDmKEpmvfmU.roa
File: zaH76Jo39zOaUOaTQDmKEpmvfmU.roa (raw, json)
Hash identifier: MADmCw1upFfI25XvC55MQBsJUr0L0+LbJOwztDvgXEU=
Subject key identifier: CD:A1:FB:E8:9A:37:F7:33:9A:50:E6:93:40:39:8A:12:99:AF:7E:65
Certificate issuer: /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial: 39EDA82D
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/zaH76Jo39zOaUOaTQDmKEpmvfmU.roa
Signing time: Sat 01 Jan 2022 14:00:28 +0000
ROA not before: Sat 01 Jan 2022 14:00:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 2590
IP address blocks: 89.174.32.0/23 maxlen: 24
89.174.73.128/25 maxlen: 25
89.174.74.128/25 maxlen: 25
78.133.144.0/22 maxlen: 24
89.174.229.0/24 maxlen: 24
85.219.244.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 971876397 (0x39eda82d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Validity
Not Before: Jan 1 14:00:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cda1fbe89a37f7339a50e69340398a1299af7e65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:69:24:95:24:cd:74:fc:34:fe:76:6c:7e:1a:
02:9d:f3:18:ab:0f:a3:83:21:9b:de:56:6c:8e:6e:
a8:b3:55:3b:a5:eb:18:f4:5f:8a:85:37:f5:f7:eb:
60:9c:e9:35:d6:86:c0:a2:3f:dd:50:9f:20:c4:41:
e2:08:32:07:3d:71:49:f3:fe:07:ea:16:cc:c6:50:
f7:3b:a0:04:69:15:2e:2c:a9:4b:c5:e0:02:7b:5f:
8e:a5:89:a0:a1:15:50:44:3a:7a:00:06:b8:07:27:
6e:49:ab:2d:a0:50:f4:32:c4:f6:67:36:fc:c7:94:
56:09:ef:62:a2:83:fb:11:94:14:e8:29:b0:56:d7:
15:8f:20:c1:28:65:ae:08:f4:3a:5f:39:e2:64:e0:
cd:16:25:8d:11:72:da:52:2b:54:be:f4:96:d8:96:
50:6d:63:9c:f0:d5:87:b1:9b:6c:ab:f9:9b:62:43:
e1:b5:f6:a8:ec:6e:6b:e7:aa:ee:51:f1:55:e8:ef:
8c:b6:5b:7f:d8:81:85:0b:f9:75:80:12:5c:8f:10:
f5:4d:43:44:85:1a:f1:60:e9:8e:4a:6c:9b:52:18:
ce:8d:38:09:4a:39:da:17:4b:62:27:d5:4a:31:82:
ea:d7:02:81:b7:f5:b3:68:72:41:9d:55:8c:a1:ea:
23:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:A1:FB:E8:9A:37:F7:33:9A:50:E6:93:40:39:8A:12:99:AF:7E:65
X509v3 Authority Key Identifier:
keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/zaH76Jo39zOaUOaTQDmKEpmvfmU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.133.144.0/22
85.219.244.0/22
89.174.32.0/23
89.174.73.128/25
89.174.74.128/25
89.174.229.0/24
Signature Algorithm: sha256WithRSAEncryption
81:63:5a:ad:f8:de:af:ef:ad:a3:2a:a8:77:a1:f9:c0:b8:25:
24:75:70:8b:d5:49:38:dc:c3:2b:8a:5e:66:b9:82:1a:8b:f8:
b1:7a:7e:dc:46:3b:59:5a:59:36:88:d2:bb:b7:b6:d6:5e:09:
0c:1b:01:db:1d:be:a0:6c:3f:79:e8:91:e3:ce:ae:67:95:ed:
d1:a5:d9:51:92:5b:be:cb:5e:ea:33:bc:21:6c:f6:17:18:86:
d3:a9:34:89:84:a0:18:65:76:d2:fe:6a:88:5b:f0:e7:d3:e5:
c1:93:a2:d3:15:7d:f2:6d:17:d9:8e:82:d2:fe:c5:10:e3:e2:
5e:bf:47:f7:c8:65:c0:59:e5:e6:9c:20:c0:e3:4a:ca:95:0b:
8a:fb:fe:3a:ac:d0:25:5d:73:69:9e:28:d8:e0:20:d9:85:d2:
55:b5:ba:be:a0:d2:92:42:85:2d:af:64:40:b1:11:6a:e6:cd:
60:dc:2f:71:68:1e:35:2e:ee:28:3c:ca:8d:8d:48:e3:3e:4f:
04:5a:d4:91:6f:03:7f:20:e5:62:4f:6b:31:81:91:84:5b:23:
bd:50:f2:fd:9f:f7:18:65:ce:c4:72:e9:49:a4:51:a2:68:d0:
4b:9c:0c:b5:bc:7b:2d:0d:f1:2a:b9:7e:9d:8d:60:b0:d5:57:
25:a3:6a:c0
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgIEOe2oLTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YWNhNjNkZjI0OGI3YWRmM2RkZDA3ZThjMmQzZWVkZDAyY2VmOTMzMB4XDTIyMDEw
MTE0MDAyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2RhMWZiZTg5YTM3
ZjczMzlhNTBlNjkzNDAzOThhMTI5OWFmN2U2NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJVpJJUkzXT8NP52bH4aAp3zGKsPo4Mhm95WbI5uqLNVO6Xr
GPRfioU39ffrYJzpNdaGwKI/3VCfIMRB4ggyBz1xSfP+B+oWzMZQ9zugBGkVLiyp
S8XgAntfjqWJoKEVUEQ6egAGuAcnbkmrLaBQ9DLE9mc2/MeUVgnvYqKD+xGUFOgp
sFbXFY8gwShlrgj0Ol854mTgzRYljRFy2lIrVL70ltiWUG1jnPDVh7GbbKv5m2JD
4bX2qOxua+eq7lHxVejvjLZbf9iBhQv5dYASXI8Q9U1DRIUa8WDpjkpsm1IYzo04
CUo52hdLYifVSjGC6tcCgbf1s2hyQZ1VjKHqI5cCAwEAAaOCAikwggIlMB0GA1Ud
DgQWBBTNofvomjf3M5pQ5pNAOYoSma9+ZTAfBgNVHSMEGDAWgBQaymPfJIt63z3d
B+jC0+7dAs75MzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0dzcGozeVNMZXQ4OTNRZm93dFB1M1FMTy1UTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvMWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8x
L3phSDc2Sm8zOXpPYVVPYVRRRG1LRXBtdmZtVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
MWY2NDU4LWRjNzUtNGFkZC1hZTcyLTkxZTMxODRiYjBhYi8xL0dzcGozeVNMZXQ4
OTNRZm93dFB1M1FMTy1UTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA/
BggrBgEFBQcBBwEB/wQwMC4wLAQCAAEwJgMEAk6FkAMEAlXb9AMEAVmuIAMFB1mu
SYADBQdZrkqAAwQAWa7lMA0GCSqGSIb3DQEBCwUAA4IBAQCBY1qt+N6v762jKqh3
ofnAuCUkdXCL1Uk43MMril5muYIai/ixen7cRjtZWlk2iNK7t7bWXgkMGwHbHb6g
bD956JHjzq5nle3RpdlRklu+y17qM7whbPYXGIbTqTSJhKAYZXbS/mqIW/Dn0+XB
k6LTFX3ybRfZjoLS/sUQ4+Jev0f3yGXAWeXmnCDA40rKlQuK+/46rNAlXXNpnijY
4CDZhdJVtbq+oNKSQoUtr2RAsRFq5s1g3C9xaB41Lu4oPMqNjUjjPk8EWtSRbwN/
IOViT2sxgZGEWyO9UPL9n/cYZc7EculJpFGiaNBLnAy1vHstDfEquX6djWCw1Vcl
o2rA
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:08:23 2025 by rpki-client