Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/Rg37khK88y6novgy_oLuRQ-XD0Q.roa
File: Rg37khK88y6novgy_oLuRQ-XD0Q.roa (raw, json)
Hash identifier: 9Ih6ST8HQX4D4THtcHgtK23PzjZ6mUjwAuu4ct20dGc=
Subject key identifier: 46:0D:FB:92:12:BC:F3:2E:A7:A2:F8:32:FE:82:EE:45:0F:97:0F:44
Certificate issuer: /CN=dc05970e650c2aaf1ab6a3a33a83732466a1512e
Certificate serial: 098C8227
Authority key identifier: DC:05:97:0E:65:0C:2A:AF:1A:B6:A3:A3:3A:83:73:24:66:A1:51:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/Rg37khK88y6novgy_oLuRQ-XD0Q.roa
Signing time: Sat 01 Jan 2022 11:53:47 +0000
ROA not before: Sat 01 Jan 2022 11:53:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31317
IP address blocks: 31.220.112.0/21 maxlen: 32
185.95.112.0/22 maxlen: 32
195.192.192.0/21 maxlen: 32
45.119.124.0/22 maxlen: 32
185.156.28.0/22 maxlen: 32
195.192.200.0/21 maxlen: 32
185.114.140.0/22 maxlen: 32
37.251.224.0/21 maxlen: 32
185.178.56.0/22 maxlen: 32
37.251.232.0/21 maxlen: 32
2a05:fb80::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 160203303 (0x98c8227)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc05970e650c2aaf1ab6a3a33a83732466a1512e
Validity
Not Before: Jan 1 11:53:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=460dfb9212bcf32ea7a2f832fe82ee450f970f44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:8b:04:64:ab:b5:14:89:82:bc:4b:1b:01:0f:
60:37:f7:56:6b:b3:90:b2:6f:0c:33:9a:b3:3c:33:
84:16:d5:c1:b9:88:6f:6c:d9:a0:00:06:4f:95:3b:
94:1a:01:ae:a8:6e:24:e2:ce:d5:4b:a0:e4:7a:eb:
51:b0:89:96:b6:de:c4:56:82:6e:6b:19:2d:1f:c8:
08:96:ac:ac:61:a5:01:46:dd:37:20:82:73:6e:b2:
5e:09:5a:cb:f0:7e:1b:6e:e3:7f:9d:fd:0b:5d:5a:
b8:30:e9:9e:9d:f3:53:7b:72:bf:99:36:bd:50:0f:
39:05:61:bf:13:11:08:31:4a:9a:b3:54:ae:c3:fb:
03:f8:b8:c6:f5:4e:7a:e9:fd:79:a8:15:92:e2:82:
42:cd:55:f3:f5:e8:bd:e9:10:fd:d4:c6:51:3d:f8:
f3:a0:bb:de:68:3c:11:9b:ae:a0:8b:86:68:23:6d:
a4:f2:09:e3:8d:44:2a:7b:85:19:59:19:64:ac:05:
59:35:4e:42:64:3c:8c:75:f9:43:2e:c0:55:44:a6:
35:7b:d6:83:7a:69:57:3a:62:69:0f:35:83:d0:c7:
b8:e1:d7:74:06:82:af:37:1e:0d:b0:d5:5b:cf:a6:
88:52:73:30:0c:f0:c2:f5:93:9f:be:53:e2:0a:38:
b8:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:0D:FB:92:12:BC:F3:2E:A7:A2:F8:32:FE:82:EE:45:0F:97:0F:44
X509v3 Authority Key Identifier:
keyid:DC:05:97:0E:65:0C:2A:AF:1A:B6:A3:A3:3A:83:73:24:66:A1:51:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3AWXDmUMKq8atqOjOoNzJGahUS4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/Rg37khK88y6novgy_oLuRQ-XD0Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3b9a48-8b63-4d3b-a3a9-67a540e297f0/1/3AWXDmUMKq8atqOjOoNzJGahUS4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.220.112.0/21
37.251.224.0/20
45.119.124.0/22
185.95.112.0/22
185.114.140.0/22
185.156.28.0/22
185.178.56.0/22
195.192.192.0/20
IPv6:
2a05:fb80::/29
Signature Algorithm: sha256WithRSAEncryption
39:2c:d3:c0:fe:83:59:c8:57:25:bc:14:50:6a:d1:3f:4d:a3:
ba:1f:3c:96:c4:09:26:4c:de:34:f6:c3:5f:c8:a4:9a:a2:76:
3a:6e:9e:4c:0c:20:88:87:b8:3d:3d:f8:73:47:bc:c5:a4:b9:
60:1e:92:49:7b:92:18:57:5c:67:62:06:2a:92:a2:4f:9b:03:
8e:33:01:8e:2d:b9:11:e1:6e:76:ff:94:77:a3:c6:6a:35:0d:
09:1b:30:0f:92:e6:f7:2d:09:3a:86:17:6e:b1:e2:cf:8c:20:
ae:fa:66:86:b1:78:e5:b2:4f:9f:c8:f4:fb:d7:1a:4b:b5:43:
5f:40:aa:41:4c:cd:f9:36:76:04:ae:7b:ee:d6:87:be:84:28:
52:b4:98:40:af:a4:c7:e7:f0:15:33:03:cc:fc:18:44:34:7a:
66:06:35:cb:d1:8c:26:21:ee:9d:da:fe:62:8f:8c:5a:ca:bd:
a5:de:11:12:a8:d8:ab:45:68:47:40:a3:6b:f3:83:55:30:b3:
29:68:1b:cf:96:6a:06:dc:1b:7f:fa:f5:01:55:20:13:18:d6:
d1:8a:65:8b:ed:6b:4e:b2:17:8c:ca:90:23:36:7c:48:8a:cd:
0d:7c:95:9d:f4:9c:10:85:27:cf:b0:69:a6:e3:20:51:ec:92:
3c:66:9e:b3
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIECYyCJzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YzA1OTcwZTY1MGMyYWFmMWFiNmEzYTMzYTgzNzMyNDY2YTE1MTJlMB4XDTIyMDEw
MTExNTM0N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDYwZGZiOTIxMmJj
ZjMyZWE3YTJmODMyZmU4MmVlNDUwZjk3MGY0NDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKeLBGSrtRSJgrxLGwEPYDf3VmuzkLJvDDOaszwzhBbVwbmI
b2zZoAAGT5U7lBoBrqhuJOLO1Uug5HrrUbCJlrbexFaCbmsZLR/ICJasrGGlAUbd
NyCCc26yXglay/B+G27jf539C11auDDpnp3zU3tyv5k2vVAPOQVhvxMRCDFKmrNU
rsP7A/i4xvVOeun9eagVkuKCQs1V8/XovekQ/dTGUT3486C73mg8EZuuoIuGaCNt
pPIJ441EKnuFGVkZZKwFWTVOQmQ8jHX5Qy7AVUSmNXvWg3ppVzpiaQ81g9DHuOHX
dAaCrzceDbDVW8+miFJzMAzwwvWTn75T4go4uAMCAwEAAaOCAkIwggI+MB0GA1Ud
DgQWBBRGDfuSErzzLqei+DL+gu5FD5cPRDAfBgNVHSMEGDAWgBTcBZcOZQwqrxq2
o6M6g3MkZqFRLjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzNBV1hEbVVNS3E4YXRxT2pPb056SkdhaFVTNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmUvM2I5YTQ4LThiNjMtNGQzYi1hM2E5LTY3YTU0MGUyOTdmMC8x
L1JnMzdraEs4OHk2bm92Z3lfb0x1UlEtWEQwUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUv
M2I5YTQ4LThiNjMtNGQzYi1hM2E5LTY3YTU0MGUyOTdmMC8xLzNBV1hEbVVNS3E4
YXRxT2pPb056SkdhaFVTNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBY
BggrBgEFBQcBBwEB/wRJMEcwNgQCAAEwMAMEAx/ccAMEBCX74AMEAi13fAMEArlf
cAMEArlyjAMEArmcHAMEArmyOAMEBMPAwDANBAIAAjAHAwUDKgX7gDANBgkqhkiG
9w0BAQsFAAOCAQEAOSzTwP6DWchXJbwUUGrRP02juh88lsQJJkzeNPbDX8ikmqJ2
Om6eTAwgiIe4PT34c0e8xaS5YB6SSXuSGFdcZ2IGKpKiT5sDjjMBji25EeFudv+U
d6PGajUNCRswD5Lm9y0JOoYXbrHiz4wgrvpmhrF45bJPn8j0+9caS7VDX0CqQUzN
+TZ2BK577taHvoQoUrSYQK+kx+fwFTMDzPwYRDR6ZgY1y9GMJiHundr+Yo+MWsq9
pd4REqjYq0VoR0Cja/ODVTCzKWgbz5ZqBtwbf/r1AVUgExjW0Ypli+1rTrIXjMqQ
IzZ8SIrNDXyVnfScEIUnz7BppuMgUeySPGaesw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:03 2023 by rpki-client on console-ams.rpki-client.org