Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/KAgDVSh91uD8C5t0HqNxeDSvWv8.roa
File: KAgDVSh91uD8C5t0HqNxeDSvWv8.roa (raw, json)
Hash identifier: TPqTrRfxEsClebb3UKVaMUepDTzqOjPPgFnwUSyGty8=
Subject key identifier: 28:08:03:55:28:7D:D6:E0:FC:0B:9B:74:1E:A3:71:78:34:AF:5A:FF
Certificate issuer: /CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Certificate serial: 3924D407
Authority key identifier: B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/KAgDVSh91uD8C5t0HqNxeDSvWv8.roa
Signing time: Wed 01 Jun 2022 15:07:20 +0000
ROA not before: Wed 01 Jun 2022 15:07:20 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15435
IP address blocks: 81.172.128.0/17 maxlen: 24
141.224.192.0/18 maxlen: 24
149.143.32.0/19 maxlen: 24
204.168.128.0/17 maxlen: 24
149.143.64.0/18 maxlen: 24
2a07:31c0::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 958714887 (0x3924d407)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a4a601ca35c6c8376b89aaf443b63ea439cdb8
Validity
Not Before: Jun 1 15:07:20 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=28080355287dd6e0fc0b9b741ea3717834af5aff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:ba:30:85:e4:31:08:c2:f9:48:85:ee:bb:fe:
28:ac:a1:b5:48:64:e1:74:f3:a0:7c:25:26:92:94:
ec:57:79:25:21:96:a3:fd:e9:4b:48:e3:70:d2:34:
2f:31:60:35:25:89:43:b3:c0:b5:90:c1:15:fb:74:
20:f4:89:9d:2a:60:6f:ee:62:1c:50:a6:79:d6:f8:
63:23:fc:31:f6:75:f3:7b:94:65:08:43:fe:85:16:
4c:e4:21:af:be:59:e2:82:b7:28:a6:a6:2c:6e:99:
23:c2:34:11:07:c3:da:86:ac:b2:cc:0f:62:64:46:
07:75:53:43:b4:43:39:05:3e:b2:3b:e1:af:fb:5d:
c9:aa:92:69:0f:40:1e:fb:90:24:5e:95:22:90:97:
e5:11:15:c1:43:b6:01:a2:d5:17:e6:b2:16:97:c1:
ec:eb:52:27:65:81:fd:5f:fd:2b:4d:4a:c9:0f:53:
ae:cc:f6:ca:4d:8b:66:6c:0d:7d:d2:e7:f3:ac:9b:
c8:4c:8a:64:8c:9f:d8:9a:17:fa:63:20:a8:dd:34:
48:3c:b1:39:fd:41:81:92:99:ca:74:19:b3:3c:01:
a5:fb:4e:d1:09:83:1a:70:c3:c4:cc:63:a3:4f:ca:
4f:25:91:39:ac:f3:47:46:33:e6:94:8b:cc:44:c1:
0f:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:08:03:55:28:7D:D6:E0:FC:0B:9B:74:1E:A3:71:78:34:AF:5A:FF
X509v3 Authority Key Identifier:
keyid:B1:A4:A6:01:CA:35:C6:C8:37:6B:89:AA:F4:43:B6:3E:A4:39:CD:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saSmAco1xsg3a4mq9EO2PqQ5zbg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/KAgDVSh91uD8C5t0HqNxeDSvWv8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/dfec40-b86e-494c-ba10-3a5628cc81d9/1/saSmAco1xsg3a4mq9EO2PqQ5zbg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.172.128.0/17
141.224.192.0/18
149.143.32.0-149.143.127.255
204.168.128.0/17
IPv6:
2a07:31c0::/29
Signature Algorithm: sha256WithRSAEncryption
64:fc:c7:34:fb:55:7b:84:e7:ac:e5:39:d0:d8:0e:7e:2e:d2:
15:16:aa:20:cd:e5:28:29:ac:5d:ab:c7:cb:48:2e:a2:59:03:
c2:8b:6a:12:50:50:f9:5e:c2:96:7b:4a:c7:ab:4b:b6:9e:59:
32:78:e5:dd:ca:29:68:aa:36:d0:30:d8:f1:8e:09:38:94:9f:
d2:19:e6:6f:de:18:c6:71:d0:2b:e8:88:c4:a9:d1:55:f0:73:
94:ba:5a:de:a1:20:b4:82:51:8d:ea:17:f9:d3:ed:2c:8f:d2:
11:5e:50:4d:99:84:25:52:77:8e:15:38:74:96:8d:23:5c:c5:
fa:59:4f:43:8e:98:11:18:e7:a2:03:a8:f9:0b:71:cd:fb:19:
ce:74:eb:16:97:73:7b:d5:00:57:af:86:f7:4b:85:5c:22:86:
de:08:93:fe:af:b9:e2:f7:94:39:7b:8b:6d:d3:6a:ac:d6:c5:
3a:10:8a:8c:d4:00:ff:bd:18:cb:92:ed:42:97:6f:11:67:f4:
09:37:9e:f4:85:6d:45:59:e3:ee:0b:4c:ca:41:4c:10:9c:1e:
08:ec:99:42:24:10:0e:59:a4:a0:35:a6:07:7c:85:f7:f8:cc:
ad:3d:31:9c:9b:73:d7:79:19:9d:34:8c:0a:11:47:48:c1:03:
c6:2c:06:ed
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgIEOSTUBzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MWE0YTYwMWNhMzVjNmM4Mzc2Yjg5YWFmNDQzYjYzZWE0MzljZGI4MB4XDTIyMDYw
MTE1MDcyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjgwODAzNTUyODdk
ZDZlMGZjMGI5Yjc0MWVhMzcxNzgzNGFmNWFmZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPK6MIXkMQjC+UiF7rv+KKyhtUhk4XTzoHwlJpKU7Fd5JSGW
o/3pS0jjcNI0LzFgNSWJQ7PAtZDBFft0IPSJnSpgb+5iHFCmedb4YyP8MfZ183uU
ZQhD/oUWTOQhr75Z4oK3KKamLG6ZI8I0EQfD2oassswPYmRGB3VTQ7RDOQU+sjvh
r/tdyaqSaQ9AHvuQJF6VIpCX5REVwUO2AaLVF+ayFpfB7OtSJ2WB/V/9K01KyQ9T
rsz2yk2LZmwNfdLn86ybyEyKZIyf2JoX+mMgqN00SDyxOf1BgZKZynQZszwBpftO
0QmDGnDDxMxjo0/KTyWROazzR0Yz5pSLzETBD2kCAwEAAaOCAjIwggIuMB0GA1Ud
DgQWBBQoCANVKH3W4PwLm3Qeo3F4NK9a/zAfBgNVHSMEGDAWgBSxpKYByjXGyDdr
iar0Q7Y+pDnNuDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NhU21BY28xeHNnM2E0bXE5RU8yUHFRNXpiZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvY2QvZGZlYzQwLWI4NmUtNDk0Yy1iYTEwLTNhNTYyOGNjODFkOS8x
L0tBZ0RWU2g5MXVEOEM1dDBIcU54ZURTdld2OC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2Qv
ZGZlYzQwLWI4NmUtNDk0Yy1iYTEwLTNhNTYyOGNjODFkOS8xL3NhU21BY28xeHNn
M2E0bXE5RU8yUHFRNXpiZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBI
BggrBgEFBQcBBwEB/wQ5MDcwJgQCAAEwIAMEB1GsgAMEBo3gwDAMAwQFlY8gAwQH
lY8AAwQHzKiAMA0EAgACMAcDBQMqBzHAMA0GCSqGSIb3DQEBCwUAA4IBAQBk/Mc0
+1V7hOes5TnQ2A5+LtIVFqogzeUoKaxdq8fLSC6iWQPCi2oSUFD5XsKWe0rHq0u2
nlkyeOXdyiloqjbQMNjxjgk4lJ/SGeZv3hjGcdAr6IjEqdFV8HOUulreoSC0glGN
6hf50+0sj9IRXlBNmYQlUneOFTh0lo0jXMX6WU9DjpgRGOeiA6j5C3HN+xnOdOsW
l3N71QBXr4b3S4VcIobeCJP+r7ni95Q5e4tt02qs1sU6EIqM1AD/vRjLku1Cl28R
Z/QJN570hW1FWePuC0zKQUwQnB4I7JlCJBAOWaSgNaYHfIX3+MytPTGcm3PXeRmd
NIwKEUdIwQPGLAbt
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:00 2023 by rpki-client on console-ams.rpki-client.org