Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9QMnbHkg-jPJQM0oObf0Ux_66DA.roa
File: 9QMnbHkg-jPJQM0oObf0Ux_66DA.roa (raw, json)
Hash identifier: ksh9wbE4GDlilIEGtpkVUCETSnMv6zCGu8SyqXgf1/k=
Subject key identifier: F5:03:27:6C:79:20:FA:33:C9:40:CD:28:39:B7:F4:53:1F:FA:E8:30
Certificate issuer: /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial: 19F8501D
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9QMnbHkg-jPJQM0oObf0Ux_66DA.roa
Signing time: Mon 02 May 2022 10:13:12 +0000
ROA not before: Mon 02 May 2022 10:13:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 21859
IP address blocks: 91.189.186.0/24 maxlen: 32
37.10.112.0/24 maxlen: 32
185.240.218.0/24 maxlen: 32
5.253.137.0/24 maxlen: 32
185.171.3.0/24 maxlen: 32
79.143.55.0/24 maxlen: 32
193.222.103.0/24 maxlen: 32
193.149.160.0/24 maxlen: 32
185.224.146.0/24 maxlen: 32
185.226.73.0/24 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 435703837 (0x19f8501d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Validity
Not Before: May 2 10:13:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f503276c7920fa33c940cd2839b7f4531ffae830
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:4c:b2:01:54:22:c9:c2:e8:68:1e:a2:29:02:
47:93:08:aa:84:b6:f2:78:02:65:a4:8f:1b:aa:12:
3c:09:86:9c:11:4b:a8:e6:ef:a4:ce:34:85:d0:1b:
ee:cf:af:5d:23:7c:bf:91:50:4b:ac:e3:91:71:61:
69:92:85:97:c4:85:77:2c:bb:1a:14:bb:6b:ea:2f:
e1:eb:16:2c:ce:97:b2:f5:38:91:9e:ef:0a:38:20:
d5:ac:07:2a:33:e9:a6:ec:68:eb:5c:49:97:dd:63:
78:89:6d:81:bb:df:82:01:f8:cc:f8:38:23:6b:3e:
11:d7:49:ad:2d:95:0e:ba:75:ff:57:0f:61:e8:80:
a9:cc:5e:ab:af:32:26:79:02:35:28:02:2e:c6:c4:
47:9f:05:22:87:5f:cc:f2:0c:33:c6:f2:7b:09:70:
53:a3:ba:2d:08:c0:21:e7:4b:28:41:b9:ce:08:1c:
1f:3b:28:4b:ae:4c:60:59:a6:61:2a:a4:43:23:35:
87:9f:b0:23:a9:0a:88:83:59:82:88:5a:9b:9a:65:
89:82:de:fe:b6:0d:a1:74:41:1d:cd:8d:db:71:08:
f1:ae:53:02:d1:b7:cd:67:43:da:d6:48:d5:14:6a:
cf:fb:fc:a9:a8:9e:e7:6c:e4:ba:19:a6:ca:7f:8e:
28:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F5:03:27:6C:79:20:FA:33:C9:40:CD:28:39:B7:F4:53:1F:FA:E8:30
X509v3 Authority Key Identifier:
keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/9QMnbHkg-jPJQM0oObf0Ux_66DA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.253.137.0/24
37.10.112.0/24
79.143.55.0/24
91.189.186.0/24
185.171.3.0/24
185.224.146.0/24
185.226.73.0/24
185.240.218.0/24
193.149.160.0/24
193.222.103.0/24
Signature Algorithm: sha256WithRSAEncryption
38:1d:5a:9a:c5:f7:4a:4b:7c:1f:46:eb:a8:95:96:50:bb:ba:
4a:0c:16:d4:75:07:54:67:09:1d:b6:dc:73:8c:58:b6:11:81:
89:93:8a:3d:55:f5:84:06:b0:6e:27:ae:18:ad:6f:d9:b4:d6:
d2:8a:56:e8:7f:ff:aa:5a:68:f1:ac:1f:86:c2:ad:02:dd:1c:
3b:19:89:ed:27:80:ce:17:27:9b:07:3e:85:4d:96:11:1d:f1:
3a:77:d3:81:69:2a:3a:87:b0:63:49:1b:fb:29:c3:87:d4:dd:
a7:c5:3f:fe:f1:23:6c:cb:bf:fb:22:a8:06:f0:34:60:21:45:
8f:fd:2c:ea:47:6e:7b:6d:8f:9f:ef:65:dc:56:c2:9d:fe:ec:
54:00:a3:50:5c:b5:b0:5c:ac:f6:c4:ca:d8:63:6e:d0:f7:c0:
0e:05:00:f1:fa:e8:4f:a6:d1:6c:27:c9:9b:0f:8c:78:81:46:
77:72:59:90:81:6c:cf:29:8c:5c:7a:b3:da:fd:1a:01:fa:fc:
e7:b3:73:73:a5:4a:9c:35:58:1f:a2:5e:31:5a:9f:de:2b:fa:
32:7b:8c:15:87:6c:aa:2c:3d:3e:ef:4e:cb:c1:0e:34:c5:2a:
18:9b:2a:10:28:11:63:06:21:45:54:0d:05:84:46:29:03:ef:
50:f7:80:98
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEGfhQHTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
YzhmZDFhOGFlNTk5NmMxZTU2OTJjMWE4YzQyYmZlOWMzYmE1NzQ1MB4XDTIyMDUw
MjEwMTMxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjUwMzI3NmM3OTIw
ZmEzM2M5NDBjZDI4MzliN2Y0NTMxZmZhZTgzMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIRMsgFUIsnC6GgeoikCR5MIqoS28ngCZaSPG6oSPAmGnBFL
qObvpM40hdAb7s+vXSN8v5FQS6zjkXFhaZKFl8SFdyy7GhS7a+ov4esWLM6XsvU4
kZ7vCjgg1awHKjPppuxo61xJl91jeIltgbvfggH4zPg4I2s+EddJrS2VDrp1/1cP
YeiAqcxeq68yJnkCNSgCLsbER58FIodfzPIMM8byewlwU6O6LQjAIedLKEG5zggc
HzsoS65MYFmmYSqkQyM1h5+wI6kKiINZgoham5pliYLe/rYNoXRBHc2N23EI8a5T
AtG3zWdD2tZI1RRqz/v8qaie52zkuhmmyn+OKDMCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBT1AydseSD6M8lAzSg5t/RTH/roMDAfBgNVHSMEGDAWgBRsj9GorlmWweVp
LBqMQr/pw7pXRTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JJX1JxSzVabHNIbGFTd2FqRUtfNmNPNlYwVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDAvNDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8x
LzlRTW5iSGtnLWpQSlFNMG9PYmYwVXhfNjZEQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDAv
NDkyNTkwLWEwMmYtNDQzZS1hYWEzLWZlYWMyNmVhZWNjMi8xL2JJX1JxSzVabHNI
bGFTd2FqRUtfNmNPNlYwVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAAX9iQMEACUKcAMEAE+PNwMEAFu9
ugMEALmrAwMEALngkgMEALniSQMEALnw2gMEAMGVoAMEAMHeZzANBgkqhkiG9w0B
AQsFAAOCAQEAOB1amsX3Skt8H0brqJWWULu6SgwW1HUHVGcJHbbcc4xYthGBiZOK
PVX1hAawbieuGK1v2bTW0opW6H//qlpo8awfhsKtAt0cOxmJ7SeAzhcnmwc+hU2W
ER3xOnfTgWkqOoewY0kb+ynDh9Tdp8U//vEjbMu/+yKoBvA0YCFFj/0s6kdue22P
n+9l3FbCnf7sVACjUFy1sFys9sTK2GNu0PfADgUA8froT6bRbCfJmw+MeIFGd3JZ
kIFszymMXHqz2v0aAfr857Nzc6VKnDVYH6JeMVqf3iv6MnuMFYdsqiw9Pu9Oy8EO
NMUqGJsqECgRYwYhRVQNBYRGKQPvUPeAmA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:04:17 2023 by rpki-client on console-fra.rpki-client.org