Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/i_i_Urx-1cGykc4As6K37JyxDac.roa
File: i_i_Urx-1cGykc4As6K37JyxDac.roa (raw, json)
Hash identifier: 5BVzsqKWMYvxgCl40laMNMKLGSFtGhRZsa4Y41ifFQU=
Subject key identifier: 8B:F8:BF:52:BC:7E:D5:C1:B2:91:CE:00:B3:A2:B7:EC:9C:B1:0D:A7
Certificate issuer: /CN=72b8d533e2519b68adcb3b7be359b93357e2b1cb
Certificate serial: 01838872CCE5D4D1846982C6A2D82987E806
Authority key identifier: 72:B8:D5:33:E2:51:9B:68:AD:CB:3B:7B:E3:59:B9:33:57:E2:B1:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/crjVM-JRm2ityzt741m5M1fiscs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/i_i_Urx-1cGykc4As6K37JyxDac.roa
Signing time: Thu 29 Sep 2022 08:52:48 +0000
ROA not before: Thu 29 Sep 2022 08:52:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 48635
IP address blocks: 128.140.216.0/21 maxlen: 24
185.231.200.0/22 maxlen: 24
62.84.240.0/21 maxlen: 24
91.203.76.0/22 maxlen: 24
109.70.0.0/21 maxlen: 24
46.17.0.0/21 maxlen: 24
185.89.4.0/22 maxlen: 24
185.27.140.0/22 maxlen: 24
2a02:2968::/29 maxlen: 48
2a05:cfc0::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:88:72:cc:e5:d4:d1:84:69:82:c6:a2:d8:29:87:e8:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=72b8d533e2519b68adcb3b7be359b93357e2b1cb
Validity
Not Before: Sep 29 08:52:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8bf8bf52bc7ed5c1b291ce00b3a2b7ec9cb10da7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:90:42:f7:a8:07:d6:82:d4:a9:82:20:d1:9b:
4d:1d:28:41:c8:69:57:13:f1:43:1f:3c:99:6e:b5:
7b:f0:5f:ef:5f:00:31:66:cf:67:94:32:d0:9e:d3:
3a:e4:1b:47:82:9a:0f:e1:99:e2:37:e6:0d:db:bf:
8c:db:7e:67:34:0f:12:40:61:51:dc:4e:33:6d:0d:
fe:a6:b8:10:fb:4d:7b:88:9d:06:e1:f2:31:b7:b6:
29:8b:ca:b6:6b:d1:03:b7:f4:d3:f7:79:34:47:18:
20:8b:8f:e4:88:c6:b8:ee:71:ad:d9:8a:2b:ce:32:
87:ec:58:f6:f3:43:6b:38:17:df:48:da:79:1b:3f:
e4:34:d6:47:e6:d9:d6:17:be:41:cc:78:5d:cc:d6:
a4:92:b4:f0:0d:76:15:19:88:05:28:2f:41:48:7b:
79:1c:40:42:f9:7e:8d:2c:71:26:97:9c:0f:14:0b:
ab:50:f9:75:61:dd:82:87:3f:5b:43:db:e1:4f:fa:
a7:f5:d7:20:2f:2e:7b:aa:dc:cb:42:bf:6b:0c:d0:
41:fe:47:72:6a:44:11:06:91:98:b4:3e:38:b1:c0:
da:6b:9e:a4:83:e2:6a:fb:1d:6f:a2:19:1a:fa:31:
69:fb:7f:e0:31:60:e2:d2:80:c6:79:2f:ce:f3:e0:
c2:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:F8:BF:52:BC:7E:D5:C1:B2:91:CE:00:B3:A2:B7:EC:9C:B1:0D:A7
X509v3 Authority Key Identifier:
keyid:72:B8:D5:33:E2:51:9B:68:AD:CB:3B:7B:E3:59:B9:33:57:E2:B1:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crjVM-JRm2ityzt741m5M1fiscs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/i_i_Urx-1cGykc4As6K37JyxDac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/720720-27b7-45ca-a9c8-e15bd79c39c3/1/crjVM-JRm2ityzt741m5M1fiscs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.17.0.0/21
62.84.240.0/21
91.203.76.0/22
109.70.0.0/21
128.140.216.0/21
185.27.140.0/22
185.89.4.0/22
185.231.200.0/22
IPv6:
2a02:2968::/29
2a05:cfc0::/29
Signature Algorithm: sha256WithRSAEncryption
67:d1:b7:ca:8d:23:12:0d:63:f4:7b:da:ef:10:3c:b4:8c:86:
c3:45:48:5f:5e:e3:3e:7a:5a:89:c1:8a:bc:66:6c:2b:67:85:
f8:f1:3d:7e:72:4c:77:58:63:69:7c:3e:be:fe:07:4b:de:7f:
f1:07:d0:c9:98:88:60:8c:41:e4:36:32:c5:5e:4f:fc:41:62:
dc:a4:32:0f:7b:3b:8b:44:bf:ee:6d:e8:e9:f6:5a:48:6c:69:
d5:33:10:46:17:9d:58:b2:fd:24:2c:28:4c:ac:a2:f7:95:1a:
78:e7:b4:52:1b:c3:ee:c4:29:2e:44:f3:46:68:5e:d0:26:03:
29:2c:ef:e6:ec:44:cc:c1:6c:39:8f:ce:5b:e6:89:68:bd:d7:
be:4f:3f:73:df:c4:d1:fa:9a:40:35:2f:e6:21:0c:a0:56:02:
b8:7e:21:da:1b:5a:76:df:69:df:c5:07:72:6e:5f:72:3d:6a:
ec:b0:8f:21:8a:20:0e:1f:98:bd:bf:db:0b:81:31:07:24:25:
97:f6:87:72:a8:f0:49:00:4b:c7:f7:69:cc:15:e2:09:b5:32:
e5:86:83:1d:99:da:dd:6d:a3:e3:c4:eb:43:37:0f:79:39:57:
58:c8:1c:47:b7:fb:3d:34:88:c6:fc:75:6c:f5:0d:8d:f1:1b:
bd:41:02:b0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYOIcszl1NGEaYLGotgph+gGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjhkNTMzZTI1MTliNjhhZGNiM2I3YmUzNTliOTMzNTdl
MmIxY2IwHhcNMjIwOTI5MDg1MjQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY4YmY1MmJjN2VkNWMxYjI5MWNlMDBiM2EyYjdlYzljYjEwZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZBC96gH1oLUqYIg0ZtNHShByGlX
E/FDHzyZbrV78F/vXwAxZs9nlDLQntM65BtHgpoP4ZniN+YN27+M235nNA8SQGFR
3E4zbQ3+prgQ+017iJ0G4fIxt7Ypi8q2a9EDt/TT93k0Rxggi4/kiMa47nGt2Yor
zjKH7Fj280NrOBffSNp5Gz/kNNZH5tnWF75BzHhdzNakkrTwDXYVGYgFKC9BSHt5
HEBC+X6NLHEml5wPFAurUPl1Yd2Chz9bQ9vhT/qn9dcgLy57qtzLQr9rDNBB/kdy
akQRBpGYtD44scDaa56kg+Jq+x1vohka+jFp+3/gMWDi0oDGeS/O8+DCNQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFIv4v1K8ftXBspHOALOit+ycsQ2nMB8GA1UdIwQY
MBaAFHK41TPiUZtorcs7e+NZuTNX4rHLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JqVk0tSlJtMml0eXp0NzQxbTVNMWZpc2NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83MjA3MjAtMjdiNy00NWNhLWE5Yzgt
ZTE1YmQ3OWMzOWMzLzEvaV9pX1VyeC0xY0d5a2M0QXM2SzM3Snl4RGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83MjA3MjAtMjdiNy00NWNhLWE5YzgtZTE1YmQ3OWMzOWMz
LzEvY3JqVk0tSlJtMml0eXp0NzQxbTVNMWZpc2NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQDLhEAAwQD
PlTwAwQCW8tMAwQDbUYAAwQDgIzYAwQCuRuMAwQCuVkEAwQCuefIMBQEAgACMA4D
BQMqAiloAwUDKgXPwDANBgkqhkiG9w0BAQsFAAOCAQEAZ9G3yo0jEg1j9Hva7xA8
tIyGw0VIX17jPnpaicGKvGZsK2eF+PE9fnJMd1hjaXw+vv4HS95/8QfQyZiIYIxB
5DYyxV5P/EFi3KQyD3s7i0S/7m3o6fZaSGxp1TMQRhedWLL9JCwoTKyi95UaeOe0
UhvD7sQpLkTzRmhe0CYDKSzv5uxEzMFsOY/OW+aJaL3Xvk8/c9/E0fqaQDUv5iEM
oFYCuH4h2htadt9p38UHcm5fcj1q7LCPIYogDh+Yvb/bC4ExByQll/aHcqjwSQBL
x/dpzBXiCbUy5YaDHZna3W2j48TrQzcPeTlXWMgcR7f7PTSIxvx1bPUNjfEbvUEC
sA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:48 2024 by rpki-client on console-ams.rpki-client.org