Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/yNQTu1IKzyHdt_AsvkiGobmHqAA.roa
File: yNQTu1IKzyHdt_AsvkiGobmHqAA.roa (raw, json)
Hash identifier: m05UpWimhIDrod9rdEBbVNB5fME2q1/PM91bGfYf0zk=
Subject key identifier: C8:D4:13:BB:52:0A:CF:21:DD:B7:F0:2C:BE:48:86:A1:B9:87:A8:00
Certificate issuer: /CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Certificate serial: 0183132DA9FBE8E4156DF00FDA3D64D51F02
Authority key identifier: 18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/yNQTu1IKzyHdt_AsvkiGobmHqAA.roa
Signing time: Tue 06 Sep 2022 14:21:43 +0000
ROA not before: Tue 06 Sep 2022 14:21:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209811
IP address blocks: 2.57.232.0/23 maxlen: 23
95.215.202.0/23 maxlen: 23
95.215.200.0/23 maxlen: 23
2.57.234.0/23 maxlen: 23
185.151.230.0/23 maxlen: 23
185.151.228.0/23 maxlen: 23
185.208.8.0/24 maxlen: 24
194.31.160.0/23 maxlen: 23
194.31.162.0/23 maxlen: 23
2a09:1680::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:13:2d:a9:fb:e8:e4:15:6d:f0:0f:da:3d:64:d5:1f:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Validity
Not Before: Sep 6 14:21:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c8d413bb520acf21ddb7f02cbe4886a1b987a800
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:d5:90:5e:ea:f5:86:98:f1:54:29:79:83:00:
04:5d:76:05:45:91:34:c4:f6:48:3b:2c:9a:df:77:
90:7a:89:48:db:0d:d2:b8:ab:9f:4c:f5:ad:2a:4b:
44:83:59:f3:19:61:19:f9:50:7d:a4:25:8b:d5:b4:
b3:da:73:41:0a:a3:0c:58:21:98:6e:05:0d:cc:8c:
bb:69:c7:bf:6a:a1:55:24:44:d6:28:3d:aa:5d:48:
8a:8b:39:b4:37:13:ca:17:67:0b:6d:76:3d:5a:40:
59:c5:bb:fc:1a:b7:72:3d:11:cf:71:67:7e:55:84:
34:b3:d6:10:4e:db:ed:8d:50:a9:6b:a2:9b:ef:5b:
c7:a3:b5:f2:53:f0:9b:f8:d0:bc:54:e8:5a:09:4a:
8c:31:44:ca:2b:91:b6:9a:78:bc:81:ec:a3:a9:50:
58:6b:3a:5e:d0:65:b8:31:5b:1a:97:d5:77:ac:13:
c6:d8:b6:7f:4c:5d:c3:71:bb:5e:ff:71:20:e6:a5:
a9:11:62:4c:0c:5a:97:08:8e:64:2d:b1:18:61:8f:
37:d7:76:54:66:be:16:74:d5:db:57:f5:ca:ec:f9:
7d:b8:88:3e:07:38:8c:a3:f8:bb:a7:6e:ef:65:f3:
7e:64:7b:59:5c:cd:aa:92:70:f5:c3:56:26:49:2b:
2e:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:D4:13:BB:52:0A:CF:21:DD:B7:F0:2C:BE:48:86:A1:B9:87:A8:00
X509v3 Authority Key Identifier:
keyid:18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/yNQTu1IKzyHdt_AsvkiGobmHqAA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.232.0/22
95.215.200.0/22
185.151.228.0/22
185.208.8.0/24
194.31.160.0/22
IPv6:
2a09:1680::/48
Signature Algorithm: sha256WithRSAEncryption
43:e0:19:95:5f:0a:65:3f:ae:c3:d1:98:53:70:65:74:b6:4e:
7b:7c:56:5c:45:93:de:b7:5a:e1:f4:73:9d:be:71:89:29:0f:
6f:97:b8:ea:a4:da:04:4f:28:53:2d:ad:34:bd:80:4d:10:14:
09:72:37:c0:6d:81:6f:89:69:a2:48:3e:09:d0:33:53:ed:9f:
1d:ea:45:b1:ad:54:b3:e2:7d:2b:54:a8:d6:0f:df:fa:ad:23:
41:24:b7:5c:2f:1c:89:e0:dd:be:9a:ea:3b:5d:d2:94:61:2b:
88:a5:fb:93:24:f4:e4:77:80:76:a7:c3:98:98:61:dc:b2:a9:
c8:96:dd:1a:2b:ba:3c:bc:17:c6:0b:4e:83:19:19:0a:a2:91:
54:e9:7f:fd:74:ea:e3:7c:62:dd:de:09:d6:0e:ef:d1:a4:42:
59:98:79:d4:e9:bd:2e:62:e8:16:43:34:dc:c6:7c:07:e1:cb:
68:f3:39:00:6d:94:f7:5b:ba:f4:f5:03:c3:47:1b:84:74:11:
a3:c4:4e:d5:89:e6:5a:0f:72:c9:1b:fb:40:2a:de:44:e7:54:
2a:e3:a5:a7:51:de:9c:96:9a:7a:26:2b:42:01:e6:4d:8a:04:
5e:b3:9b:39:79:3d:2c:3b:50:ac:a9:23:2e:25:b5:b8:d9:b1:
b5:18:15:8d
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYMTLan76OQVbfAP2j1k1R8CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YTg0YThlNDc1ZjY2MDZlN2ExMmY5MmIzMzBkNjNkOGY4
ODBiZTAwHhcNMjIwOTA2MTQyMTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQ0MTNiYjUyMGFjZjIxZGRiN2YwMmNiZTQ4ODZhMWI5ODdhODAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntWQXur1hpjxVCl5gwAEXXYFRZE0
xPZIOyya33eQeolI2w3SuKufTPWtKktEg1nzGWEZ+VB9pCWL1bSz2nNBCqMMWCGY
bgUNzIy7ace/aqFVJETWKD2qXUiKizm0NxPKF2cLbXY9WkBZxbv8GrdyPRHPcWd+
VYQ0s9YQTtvtjVCpa6Kb71vHo7XyU/Cb+NC8VOhaCUqMMUTKK5G2mni8geyjqVBY
azpe0GW4MVsal9V3rBPG2LZ/TF3Dcbte/3Eg5qWpEWJMDFqXCI5kLbEYYY8313ZU
Zr4WdNXbV/XK7Pl9uIg+BziMo/i7p27vZfN+ZHtZXM2qknD1w1YmSSsuFQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFMjUE7tSCs8h3bfwLL5IhqG5h6gAMB8GA1UdIwQY
MBaAFBioSo5HX2YG56EvkrMw1j2PiAvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEt
ODdmNWI2NDc5ZDFlLzEveU5RVHUxSUt6eUhkdF9Bc3ZraUdvYm1IcUFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEtODdmNWI2NDc5ZDFl
LzEvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQCAjnoAwQC
X9fIAwQCuZfkAwQAudAIAwQCwh+gMA8EAgACMAkDBwAqCRaAAAAwDQYJKoZIhvcN
AQELBQADggEBAEPgGZVfCmU/rsPRmFNwZXS2Tnt8VlxFk963WuH0c52+cYkpD2+X
uOqk2gRPKFMtrTS9gE0QFAlyN8BtgW+JaaJIPgnQM1Ptnx3qRbGtVLPifStUqNYP
3/qtI0Ekt1wvHIng3b6a6jtd0pRhK4il+5Mk9OR3gHanw5iYYdyyqciW3Rorujy8
F8YLToMZGQqikVTpf/106uN8Yt3eCdYO79GkQlmYedTpvS5i6BZDNNzGfAfhy2jz
OQBtlPdbuvT1A8NHG4R0EaPETtWJ5loPcskb+0Aq3kTnVCrjpadR3pyWmnomK0IB
5k2KBF6zmzl5PSw7UKypIy4ltbjZsbUYFY0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:01 2024 by rpki-client on console-ams.rpki-client.org