Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/cfcnIt09r6E7zeiaro0DZlugdW4.roa
File: cfcnIt09r6E7zeiaro0DZlugdW4.roa (raw, json)
Hash identifier: l8aF54PV9cVU+f0q0XVOuOwdcPv6qW7fOoVc3tXbEBw=
Subject key identifier: 71:F7:27:22:DD:3D:AF:A1:3B:CD:E8:9A:AE:8D:03:66:5B:A0:75:6E
Certificate issuer: /CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
Certificate serial: 09449070
Authority key identifier: 9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/cfcnIt09r6E7zeiaro0DZlugdW4.roa
Signing time: Wed 25 May 2022 17:20:13 +0000
ROA not before: Wed 25 May 2022 17:20:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35237
IP address blocks: 185.157.96.0/23 maxlen: 24
84.252.144.0/23 maxlen: 24
185.157.99.0/24 maxlen: 24
84.252.149.0/24 maxlen: 24
84.252.147.0/24 maxlen: 24
84.252.146.0/24 maxlen: 24
91.217.194.0/24 maxlen: 24
194.54.15.0/24 maxlen: 24
194.54.14.0/24 maxlen: 24
195.43.144.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 155488368 (0x9449070)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
Validity
Not Before: May 25 17:20:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=71f72722dd3dafa13bcde89aae8d03665ba0756e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:b4:3c:3e:f7:22:0c:2b:08:b8:31:23:15:5d:
9a:c0:80:de:29:3e:7a:98:7e:4c:bc:e1:4e:ed:9e:
58:31:13:a1:da:8c:98:60:8b:0c:27:73:ee:5f:c2:
1f:2d:c1:37:f9:7d:6c:55:55:ca:8b:28:ec:ff:dd:
a5:0d:ea:5e:b3:4b:d4:44:8b:72:c8:cb:ea:47:af:
9d:f4:79:09:d5:15:22:17:a8:15:ca:6d:5c:06:fa:
7a:b4:e6:35:85:cc:75:75:5e:af:72:d6:d8:1d:1b:
4b:28:e5:c6:84:5d:4f:97:ec:7a:e1:58:79:a0:6e:
46:7b:13:73:ce:f7:c8:8f:40:51:78:cb:1c:2c:86:
9a:ab:0a:92:ba:a4:ce:ec:7f:2d:65:11:61:a7:a9:
c0:51:75:9b:0c:a9:ad:4b:71:f8:0c:30:4b:00:67:
d8:11:d9:07:58:7b:e0:fe:6e:85:13:7b:4d:e2:dd:
bd:40:25:a0:ff:a8:af:f8:8c:09:40:28:75:a8:23:
57:42:e3:6c:2f:06:22:b1:04:be:55:75:9d:7b:df:
00:a0:83:81:64:1c:9b:5e:ee:3f:4c:4c:94:07:20:
e2:55:e7:ed:33:fd:9d:62:9c:dd:a2:d8:6d:f2:0a:
e8:ca:5e:73:41:32:b1:ba:84:06:a0:a4:5a:c6:16:
03:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:F7:27:22:DD:3D:AF:A1:3B:CD:E8:9A:AE:8D:03:66:5B:A0:75:6E
X509v3 Authority Key Identifier:
keyid:9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/cfcnIt09r6E7zeiaro0DZlugdW4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.252.144.0/22
84.252.149.0/24
91.217.194.0/24
185.157.96.0/23
185.157.99.0/24
194.54.14.0/23
195.43.144.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:65:4a:94:49:ea:7c:ea:17:88:bf:2d:e6:10:83:66:bf:f2:
36:42:e0:20:8c:cb:5e:65:a3:5d:6b:77:57:50:7d:0c:a5:8c:
38:13:1d:02:61:47:a6:f0:a9:93:b6:d8:e0:c8:af:4f:51:59:
f8:91:ca:2d:fc:53:8f:4f:50:0c:78:87:1c:43:17:7b:d6:53:
74:0c:f1:8c:ca:09:ec:c4:17:4d:89:3c:9a:ae:db:ee:5f:9f:
e8:85:a9:71:e8:7d:b2:2a:39:72:45:f4:b2:6e:60:ee:c8:df:
88:37:4a:bb:f5:a4:84:d0:c0:1c:b9:b7:06:f2:87:0d:0d:af:
d5:25:54:a2:75:a8:3e:73:9f:cb:2e:17:30:c3:96:2d:61:b6:
43:23:65:2d:45:b8:9e:50:07:ac:2a:6f:43:cc:b0:de:9f:83:
25:de:af:e1:21:73:68:5b:8e:0a:a2:de:d3:ea:ca:13:41:d0:
36:b5:2b:50:c9:e7:45:07:4a:ef:4f:ed:cc:a2:43:c9:e0:9d:
3b:17:68:07:ea:56:cc:e5:f4:80:32:7c:dc:86:aa:76:57:45:
bf:fd:ab:70:24:e2:83:24:90:64:4b:d8:33:66:ce:5e:0d:71:
9f:20:78:1f:8c:e4:0b:12:58:df:a7:58:7d:83:d7:17:4a:13:
70:e9:e6:4d
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIECUSQcDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
YTUyNmE3M2NlOGY5ZjYyYzE0YTExYTJlYTkxM2VjMjczZDU4YzQ2MB4XDTIyMDUy
NTE3MjAxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzFmNzI3MjJkZDNk
YWZhMTNiY2RlODlhYWU4ZDAzNjY1YmEwNzU2ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJK0PD73IgwrCLgxIxVdmsCA3ik+eph+TLzhTu2eWDETodqM
mGCLDCdz7l/CHy3BN/l9bFVVyoso7P/dpQ3qXrNL1ESLcsjL6kevnfR5CdUVIheo
FcptXAb6erTmNYXMdXVer3LW2B0bSyjlxoRdT5fseuFYeaBuRnsTc873yI9AUXjL
HCyGmqsKkrqkzux/LWURYaepwFF1mwyprUtx+AwwSwBn2BHZB1h74P5uhRN7TeLd
vUAloP+or/iMCUAodagjV0LjbC8GIrEEvlV1nXvfAKCDgWQcm17uP0xMlAcg4lXn
7TP9nWKc3aLYbfIK6Mpec0EysbqEBqCkWsYWA28CAwEAAaOCAi0wggIpMB0GA1Ud
DgQWBBRx9yci3T2voTvN6JqujQNmW6B1bjAfBgNVHSMEGDAWgBSaUmpzzo+fYsFK
EaLqkT7Cc9WMRjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L21sSnFjODZQbjJMQlNoR2k2cEUtd25QVmpFWS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2IvNmZjZGNhLWQxMjEtNDM5MS05Y2ZjLTdkMTZiOTBkYmU3Mi8x
L2NmY25JdDA5cjZFN3plaWFybzBEWmx1Z2RXNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Iv
NmZjZGNhLWQxMjEtNDM5MS05Y2ZjLTdkMTZiOTBkYmU3Mi8xL21sSnFjODZQbjJM
QlNoR2k2cEUtd25QVmpFWS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBD
BggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAlT8kAMEAFT8lQMEAFvZwgMEAbmd
YAMEALmdYwMEAcI2DgMEAMMrkDANBgkqhkiG9w0BAQsFAAOCAQEAD2VKlEnqfOoX
iL8t5hCDZr/yNkLgIIzLXmWjXWt3V1B9DKWMOBMdAmFHpvCpk7bY4MivT1FZ+JHK
LfxTj09QDHiHHEMXe9ZTdAzxjMoJ7MQXTYk8mq7b7l+f6IWpceh9sio5ckX0sm5g
7sjfiDdKu/WkhNDAHLm3BvKHDQ2v1SVUonWoPnOfyy4XMMOWLWG2QyNlLUW4nlAH
rCpvQ8yw3p+DJd6v4SFzaFuOCqLe0+rKE0HQNrUrUMnnRQdK70/tzKJDyeCdOxdo
B+pWzOX0gDJ83IaqdldFv/2rcCTigySQZEvYM2bOXg1xnyB4H4zkCxJY36dYfYPX
F0oTcOnmTQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:04:01 2023 by rpki-client on console-fra.rpki-client.org