Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Nijkji2iVSfeVm2zKBekVLCYztw.roa
File: Nijkji2iVSfeVm2zKBekVLCYztw.roa (raw, json)
Hash identifier: JxFUnJMaXYzifhNBePjBBRR3DoeXv9SLFpc4m+Wre9I=
Subject key identifier: 36:28:E4:8E:2D:A2:55:27:DE:56:6D:B3:28:17:A4:54:B0:98:CE:DC
Certificate issuer: /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial: 01853E8D8C074CD7778DB40778DC962D828A
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Nijkji2iVSfeVm2zKBekVLCYztw.roa
Signing time: Fri 23 Dec 2022 10:35:41 +0000
ROA not before: Fri 23 Dec 2022 10:35:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29119
IP address blocks: 45.146.224.0/22 maxlen: 24
185.131.188.0/22 maxlen: 24
5.182.72.0/22 maxlen: 24
185.151.176.0/22 maxlen: 24
185.230.0.0/22 maxlen: 24
141.98.52.0/22 maxlen: 24
185.114.64.0/22 maxlen: 24
185.123.136.0/22 maxlen: 24
185.126.232.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:3e:8d:8c:07:4c:d7:77:8d:b4:07:78:dc:96:2d:82:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Validity
Not Before: Dec 23 10:35:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3628e48e2da25527de566db32817a454b098cedc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:7f:ba:c7:d2:8f:8a:7e:6a:13:9a:e1:3c:6d:
47:a9:2a:5d:02:4b:6b:86:20:73:af:76:83:05:3b:
0b:df:28:ba:bc:6d:5e:25:33:de:69:c4:b0:13:31:
1d:d6:49:5f:ee:81:e7:8a:77:ba:c6:f8:bd:a3:f6:
65:16:f3:96:b2:5b:7c:88:82:af:fa:14:c5:ba:af:
89:2a:28:43:4a:b7:ae:63:79:2d:f2:61:ab:a9:0c:
8b:59:37:3a:79:79:36:ab:ce:64:29:3a:86:54:0f:
d7:88:7a:02:a7:85:e6:3a:5e:6b:35:fa:88:33:14:
6c:af:8e:46:8f:e5:f3:a9:ad:15:cf:4e:8e:04:11:
cf:28:89:4c:d1:ca:2f:e6:3b:e0:1a:80:0f:57:fb:
29:3d:9e:16:b0:24:5c:ac:9f:6b:1d:c9:8a:97:a3:
c4:d5:a1:53:fb:13:91:da:ec:34:c7:c9:5e:03:0d:
11:c4:3b:01:13:71:c4:5c:a0:e7:72:42:af:b9:d2:
de:bb:72:4a:fe:6e:15:2f:64:a2:d6:0c:d5:5e:f8:
0a:28:d0:ae:9d:49:2a:42:49:b7:dd:f4:c6:30:29:
63:bd:f0:0b:dd:1a:56:14:c9:ed:f7:ca:fd:53:9b:
ad:da:fe:7b:12:2e:7a:4e:89:83:7f:fa:af:28:b1:
52:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:28:E4:8E:2D:A2:55:27:DE:56:6D:B3:28:17:A4:54:B0:98:CE:DC
X509v3 Authority Key Identifier:
keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/Nijkji2iVSfeVm2zKBekVLCYztw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.72.0/22
45.146.224.0/22
141.98.52.0/22
185.114.64.0/22
185.123.136.0/22
185.126.232.0/22
185.131.188.0/22
185.151.176.0/22
185.230.0.0/22
Signature Algorithm: sha256WithRSAEncryption
73:ef:98:7a:fc:d3:fa:6b:d2:45:98:cd:fb:ab:cb:d5:8f:e8:
2f:88:8c:08:f7:59:09:b4:c5:e5:59:e4:a3:d4:3a:f3:78:f4:
c0:a6:d8:fa:9e:a8:1d:a1:1e:97:f1:ea:47:ad:75:d9:93:68:
0e:f8:c7:66:3e:fa:a5:56:dd:80:b2:29:77:ed:46:7c:f8:7d:
c1:e5:58:cb:af:fe:b7:78:87:ee:81:e9:3e:44:72:f5:23:2f:
2e:29:5a:16:7d:56:3a:e2:de:c4:13:08:0c:6b:89:fe:10:b4:
64:56:4e:7e:a7:c6:33:8d:eb:d6:8b:d3:bb:61:71:ad:3a:7d:
9d:d9:5b:72:6f:ad:a4:ba:0c:c8:37:0b:9e:e5:cd:54:81:a4:
ed:02:11:b4:84:a2:73:bc:65:0b:da:dc:29:f6:92:1f:42:bc:
63:0c:a0:d6:c5:6c:1d:3c:a8:bb:1c:26:43:b0:fc:ae:5b:ba:
e0:8c:04:82:80:4d:9a:d9:08:f6:bf:42:0f:43:74:ba:60:7b:
1d:2f:e3:74:b5:2d:24:da:9e:9a:4e:ea:74:92:2b:9a:44:7f:
5d:48:7a:95:71:99:32:f5:b3:b6:79:55:1d:5f:67:8c:ce:f4:
5d:71:03:44:86:8d:33:a9:7f:eb:6b:30:dd:89:f0:c2:56:82:
4d:05:cf:3f
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYU+jYwHTNd3jbQHeNyWLYKKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjIxMjIzMTAzNTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI4ZTQ4ZTJkYTI1NTI3ZGU1NjZkYjMyODE3YTQ1NGIwOThjZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlH+6x9KPin5qE5rhPG1HqSpdAktr
hiBzr3aDBTsL3yi6vG1eJTPeacSwEzEd1klf7oHnine6xvi9o/ZlFvOWslt8iIKv
+hTFuq+JKihDSreuY3kt8mGrqQyLWTc6eXk2q85kKTqGVA/XiHoCp4XmOl5rNfqI
MxRsr45Gj+Xzqa0Vz06OBBHPKIlM0cov5jvgGoAPV/spPZ4WsCRcrJ9rHcmKl6PE
1aFT+xOR2uw0x8leAw0RxDsBE3HEXKDnckKvudLeu3JK/m4VL2Si1gzVXvgKKNCu
nUkqQkm33fTGMCljvfAL3RpWFMnt98r9U5ut2v57Ei56TomDf/qvKLFSIQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDYo5I4tolUn3lZtsygXpFSwmM7cMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvTmlqa2ppMmlWU2ZlVm0yektCZWtWTENZenR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCBbZIAwQC
LZLgAwQCjWI0AwQCuXJAAwQCuXuIAwQCuX7oAwQCuYO8AwQCuZewAwQCueYAMA0G
CSqGSIb3DQEBCwUAA4IBAQBz75h6/NP6a9JFmM37q8vVj+gviIwI91kJtMXlWeSj
1DrzePTAptj6nqgdoR6X8epHrXXZk2gO+MdmPvqlVt2Asil37UZ8+H3B5VjLr/63
eIfugek+RHL1Iy8uKVoWfVY64t7EEwgMa4n+ELRkVk5+p8YzjevWi9O7YXGtOn2d
2Vtyb62kugzINwue5c1UgaTtAhG0hKJzvGUL2twp9pIfQrxjDKDWxWwdPKi7HCZD
sPyuW7rgjASCgE2a2Qj2v0IPQ3S6YHsdL+N0tS0k2p6aTup0kiuaRH9dSHqVcZky
9bO2eVUdX2eMzvRdcQNEho0zqX/razDdifDCVoJNBc8/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:36 2024 by rpki-client on console-fra.rpki-client.org