Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/kxsxyLziY9zgxsNaOotWP4o02jI.roa
File: kxsxyLziY9zgxsNaOotWP4o02jI.roa (raw, json)
Hash identifier: gaUwTHGo8wB5tMn3DJqpG3PEOjMEw5rt7VC04UK5yFo=
Subject key identifier: 93:1B:31:C8:BC:E2:63:DC:E0:C6:C3:5A:3A:8B:56:3F:8A:34:DA:32
Certificate issuer: /CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
Certificate serial: 01852AA30DBEEAB73058C9CD096C5E246FDF
Authority key identifier: 47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/kxsxyLziY9zgxsNaOotWP4o02jI.roa
Signing time: Mon 19 Dec 2022 13:46:47 +0000
ROA not before: Mon 19 Dec 2022 13:46:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34444
IP address blocks: 213.180.225.0/24 maxlen: 24
213.180.226.0/24 maxlen: 24
213.180.240.0/21 maxlen: 24
84.22.64.0/19 maxlen: 19
84.22.68.0/24 maxlen: 24
84.22.69.0/24 maxlen: 24
84.22.77.0/24 maxlen: 24
84.22.78.0/24 maxlen: 24
84.22.80.0/24 maxlen: 24
84.22.84.0/24 maxlen: 24
84.22.85.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2a:a3:0d:be:ea:b7:30:58:c9:cd:09:6c:5e:24:6f:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=47e94ccb7b601da0ca09469f60f653640fed8c1c
Validity
Not Before: Dec 19 13:46:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=931b31c8bce263dce0c6c35a3a8b563f8a34da32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:e2:04:88:aa:93:ff:f2:ba:5f:b5:e6:ad:92:
88:3a:41:cc:bc:b7:19:35:28:ac:7f:f9:dd:76:52:
9d:ee:47:8b:18:f3:32:de:07:1d:c5:40:fe:71:33:
40:37:b3:00:0d:3b:4c:17:ac:9e:79:43:7e:8f:aa:
3f:6b:35:01:35:7a:77:96:0a:6a:16:9e:07:71:59:
52:ab:ea:1d:9d:d8:19:cc:17:4a:b1:b5:9f:38:1c:
d5:40:26:d9:08:30:52:1b:5c:02:54:f7:54:d4:8a:
cb:e4:43:23:64:4c:ef:df:6e:da:9b:f6:7a:4d:44:
55:64:cf:d3:9d:d5:bd:e1:05:15:12:da:68:ad:6a:
4f:73:0c:f3:aa:c7:2b:b7:d6:f8:49:da:25:42:15:
5c:2b:94:d6:3e:84:ca:b1:a6:83:92:c3:8b:ae:c1:
8b:08:e1:16:0c:ff:04:cc:49:0a:4f:08:51:ca:d6:
80:c3:1f:49:3d:cc:1e:c4:75:f5:55:4c:f1:38:48:
76:5e:ee:9e:4f:c4:ab:8e:8e:88:f7:ad:25:99:19:
12:e9:65:7d:ff:e2:88:5a:43:58:6a:4a:a9:39:da:
cd:c8:a7:9f:18:19:58:f3:4b:f8:b4:a4:e0:d1:95:
0d:00:61:b1:f0:50:2e:ab:85:8e:90:26:79:db:ba:
24:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:1B:31:C8:BC:E2:63:DC:E0:C6:C3:5A:3A:8B:56:3F:8A:34:DA:32
X509v3 Authority Key Identifier:
keyid:47:E9:4C:CB:7B:60:1D:A0:CA:09:46:9F:60:F6:53:64:0F:ED:8C:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R-lMy3tgHaDKCUafYPZTZA_tjBw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/kxsxyLziY9zgxsNaOotWP4o02jI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/9e29dc-cec9-49e2-bce4-bd90a3f06e16/1/R-lMy3tgHaDKCUafYPZTZA_tjBw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.22.64.0/19
213.180.225.0-213.180.226.255
213.180.240.0/21
Signature Algorithm: sha256WithRSAEncryption
15:98:9d:27:32:d6:38:94:ad:61:41:08:d0:15:67:93:e9:b4:
be:0f:02:b1:0b:6a:db:c9:3c:f6:90:e3:83:75:2e:29:0a:e8:
ab:fc:53:5e:fb:b7:3e:39:e1:1d:49:87:99:1e:f5:6a:3f:0e:
54:1c:16:a0:93:7d:02:48:5d:0a:88:be:99:c1:ca:12:c0:b1:
6e:33:99:f7:aa:19:5b:95:4d:e2:14:9f:71:b4:9a:ab:d1:a4:
58:50:b6:ce:13:5d:a7:da:70:6a:10:fe:6e:ca:4b:43:c0:10:
ca:6d:92:d9:12:2f:c5:00:d0:2f:7c:61:56:45:6e:32:b5:37:
32:33:89:e4:96:d4:ef:bb:d7:e5:7c:37:9c:a7:64:ae:91:c3:
2b:a5:f0:53:43:87:fa:ad:70:99:73:27:32:79:c6:50:a2:0f:
4a:00:43:05:9a:ad:b3:f5:f5:c7:f6:b4:d6:26:2d:5b:2c:91:
fd:f2:9a:61:4a:1a:af:ef:fe:2b:1e:b9:54:e1:a4:1d:48:a0:
78:05:cc:a0:da:3e:05:de:61:de:1d:ab:6d:b9:ed:b8:da:c4:
01:54:85:96:7b:ad:78:2a:f0:2b:ab:dc:51:cb:7e:cf:7f:11:
d8:45:aa:e6:1c:d6:2b:99:cf:84:b7:c7:d1:9c:ab:60:0c:b4:
6f:4a:27:d4
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYUqow2+6rcwWMnNCWxeJG/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3ZTk0Y2NiN2I2MDFkYTBjYTA5NDY5ZjYwZjY1MzY0MGZl
ZDhjMWMwHhcNMjIxMjE5MTM0NjQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzFiMzFjOGJjZTI2M2RjZTBjNmMzNWEzYThiNTYzZjhhMzRkYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+IEiKqT//K6X7XmrZKIOkHMvLcZ
NSisf/nddlKd7keLGPMy3gcdxUD+cTNAN7MADTtMF6yeeUN+j6o/azUBNXp3lgpq
Fp4HcVlSq+odndgZzBdKsbWfOBzVQCbZCDBSG1wCVPdU1IrL5EMjZEzv327am/Z6
TURVZM/TndW94QUVEtporWpPcwzzqscrt9b4SdolQhVcK5TWPoTKsaaDksOLrsGL
COEWDP8EzEkKTwhRytaAwx9JPcwexHX1VUzxOEh2Xu6eT8Srjo6I960lmRkS6WV9
/+KIWkNYakqpOdrNyKefGBlY80v4tKTg0ZUNAGGx8FAuq4WOkCZ527okBwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJMbMci84mPc4MbDWjqLVj+KNNoyMB8GA1UdIwQY
MBaAFEfpTMt7YB2gyglGn2D2U2QP7YwcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQt
YmQ5MGEzZjA2ZTE2LzEva3hzeHlMemlZOXpneHNOYU9vdFdQNG8wMmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC85ZTI5ZGMtY2VjOS00OWUyLWJjZTQtYmQ5MGEzZjA2ZTE2
LzEvUi1sTXkzdGdIYURLQ1VhZllQWlRaQV90akJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQFVBZAMAwD
BADVtOEDBADVtOIDBAPVtPAwDQYJKoZIhvcNAQELBQADggEBABWYnScy1jiUrWFB
CNAVZ5PptL4PArELatvJPPaQ44N1LikK6Kv8U177tz454R1Jh5ke9Wo/DlQcFqCT
fQJIXQqIvpnByhLAsW4zmfeqGVuVTeIUn3G0mqvRpFhQts4TXafacGoQ/m7KS0PA
EMptktkSL8UA0C98YVZFbjK1NzIzieSW1O+71+V8N5ynZK6Rwyul8FNDh/qtcJlz
JzJ5xlCiD0oAQwWarbP19cf2tNYmLVsskf3ymmFKGq/v/iseuVThpB1IoHgFzKDa
PgXeYd4dq2257bjaxAFUhZZ7rXgq8Cur3FHLfs9/EdhFquYc1iuZz4S3x9Gcq2AM
tG9KJ9Q=
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:11:38 2025 by rpki-client