Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/3F-grn_do5t0qaM6RtQRwE6jMOk.roa
File: 3F-grn_do5t0qaM6RtQRwE6jMOk.roa (raw, json)
Hash identifier: vk/7YJR/I+SkQhYZhyxgQQW5qsr3AR9gVT9n4BS3Nx0=
Subject key identifier: DC:5F:A0:AE:7F:DD:A3:9B:74:A9:A3:3A:46:D4:11:C0:4E:A3:30:E9
Certificate issuer: /CN=5ceb0ebd878b77d42f2ca9dd08f70c323c5d03db
Certificate serial: 018CBF382B26A43A228B4C2DEF2757454183
Authority key identifier: 5C:EB:0E:BD:87:8B:77:D4:2F:2C:A9:DD:08:F7:0C:32:3C:5D:03:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XOsOvYeLd9QvLKndCPcMMjxdA9s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/3F-grn_do5t0qaM6RtQRwE6jMOk.roa
Signing time: Sun 31 Dec 2023 09:32:58 +0000
ROA not before: Sun 31 Dec 2023 09:32:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44700
IP address blocks: 185.6.68.0/22 maxlen: 24
88.151.64.0/21 maxlen: 24
81.27.224.0/22 maxlen: 24
185.59.12.0/22 maxlen: 24
95.129.208.0/21 maxlen: 24
93.89.0.0/22 maxlen: 24
2a02:21e0::/32 maxlen: 48
2a02:17f8::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:bf:38:2b:26:a4:3a:22:8b:4c:2d:ef:27:57:45:41:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5ceb0ebd878b77d42f2ca9dd08f70c323c5d03db
Validity
Not Before: Dec 31 09:32:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dc5fa0ae7fdda39b74a9a33a46d411c04ea330e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:2d:ed:a6:fa:49:f3:bd:28:7f:56:aa:ac:47:
80:74:51:0b:5d:2d:6f:bf:62:68:67:52:5c:c5:ee:
ff:4a:d9:2a:42:e4:ec:cb:1b:a5:0d:2b:d9:71:35:
b1:6a:7e:fe:72:d0:00:e6:56:17:fa:a1:87:f6:92:
5c:47:1d:0c:b9:15:2e:ac:c5:88:ba:88:97:13:f7:
f1:13:5e:b2:32:a8:f4:13:5d:a6:8a:35:ea:5d:fe:
54:06:52:5d:08:2d:10:08:c7:03:58:b8:c3:d6:5f:
9e:ab:8b:10:99:cb:09:ff:51:0c:15:de:cb:11:d2:
e0:bd:f3:bb:ed:76:47:e6:04:24:d6:b8:a8:64:61:
31:93:c7:a7:69:3c:f1:43:15:1d:1a:a0:21:83:40:
48:63:00:dd:06:08:ad:80:fc:65:77:05:09:59:a8:
7e:bd:42:76:f9:07:62:c0:fa:1b:de:7d:aa:39:52:
3f:0a:16:0a:e8:88:6d:3c:c2:ea:40:8e:b8:db:03:
04:69:2a:14:e6:c3:27:b6:37:13:d8:6d:bd:0d:d7:
c2:9c:55:96:5e:69:66:05:04:33:d1:2a:43:c6:45:
60:e3:dd:04:a6:6d:88:36:71:9c:10:da:95:21:0b:
10:9c:57:79:e2:17:55:5a:cc:8d:eb:fd:83:51:6e:
91:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:5F:A0:AE:7F:DD:A3:9B:74:A9:A3:3A:46:D4:11:C0:4E:A3:30:E9
X509v3 Authority Key Identifier:
keyid:5C:EB:0E:BD:87:8B:77:D4:2F:2C:A9:DD:08:F7:0C:32:3C:5D:03:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XOsOvYeLd9QvLKndCPcMMjxdA9s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/3F-grn_do5t0qaM6RtQRwE6jMOk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/3e72ed-1d65-4982-ad9a-9c37478a593f/1/XOsOvYeLd9QvLKndCPcMMjxdA9s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.27.224.0/22
88.151.64.0/21
93.89.0.0/22
95.129.208.0/21
185.6.68.0/22
185.59.12.0/22
IPv6:
2a02:17f8::/32
2a02:21e0::/32
Signature Algorithm: sha256WithRSAEncryption
6b:1e:d2:dd:93:6d:9b:16:02:93:9d:95:10:bc:c4:18:48:99:
a3:52:fa:85:16:cb:63:8b:08:ce:ec:6b:35:be:e6:51:84:82:
51:88:0c:8d:80:2d:da:fd:49:df:65:78:98:50:35:6c:66:ce:
d4:de:91:60:ef:c3:24:02:b2:0d:4d:9c:ce:d9:bf:63:bd:51:
43:2c:bf:49:eb:0d:ba:36:1c:a5:55:23:9e:8f:0a:72:75:43:
e7:fe:ae:29:93:32:3f:5b:9b:03:ee:70:bf:30:ea:00:e0:73:
2b:b5:e4:0b:2c:20:c4:3a:3d:23:68:ad:79:da:20:ea:37:51:
37:13:25:cc:be:35:bc:8d:db:2d:f8:e5:e1:23:b9:b5:7d:b1:
8b:10:c4:ae:e7:8f:67:34:d9:0a:5a:6c:69:74:76:c5:1b:7d:
b3:7b:08:49:b8:7b:62:44:d0:1a:8b:1e:f2:8d:c1:e0:f2:d9:
6a:9d:5f:60:03:72:bc:a7:7b:94:a9:ea:b7:df:ad:64:c3:43:
7a:a0:ff:ba:63:21:a9:80:99:48:cb:02:35:4b:5a:49:23:e4:
8e:48:43:77:e9:39:fc:94:1c:e7:8b:87:33:96:c1:9a:2a:42:
02:06:a2:17:d2:d3:c5:74:b7:f1:72:5e:ca:85:f3:30:ac:d9:
fa:1a:a6:5c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYy/OCsmpDoii0wt7ydXRUGDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZWIwZWJkODc4Yjc3ZDQyZjJjYTlkZDA4ZjcwYzMyM2M1
ZDAzZGIwHhcNMjMxMjMxMDkzMjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzVmYTBhZTdmZGRhMzliNzRhOWEzM2E0NmQ0MTFjMDRlYTMzMGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvS3tpvpJ870of1aqrEeAdFELXS1v
v2JoZ1Jcxe7/StkqQuTsyxulDSvZcTWxan7+ctAA5lYX+qGH9pJcRx0MuRUurMWI
uoiXE/fxE16yMqj0E12mijXqXf5UBlJdCC0QCMcDWLjD1l+eq4sQmcsJ/1EMFd7L
EdLgvfO77XZH5gQk1rioZGExk8enaTzxQxUdGqAhg0BIYwDdBgitgPxldwUJWah+
vUJ2+QdiwPob3n2qOVI/ChYK6IhtPMLqQI642wMEaSoU5sMntjcT2G29DdfCnFWW
XmlmBQQz0SpDxkVg490Epm2INnGcENqVIQsQnFd54hdVWsyN6/2DUW6RewIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNxfoK5/3aObdKmjOkbUEcBOozDpMB8GA1UdIwQY
MBaAFFzrDr2Hi3fULyyp3Qj3DDI8XQPbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWE9zT3ZZZUxkOVF2TEtuZENQY01NanhkQTlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8zZTcyZWQtMWQ2NS00OTgyLWFkOWEt
OWMzNzQ3OGE1OTNmLzEvM0YtZ3JuX2RvNXQwcWFNNlJ0UVJ3RTZqTU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8zZTcyZWQtMWQ2NS00OTgyLWFkOWEtOWMzNzQ3OGE1OTNm
LzEvWE9zT3ZZZUxkOVF2TEtuZENQY01NanhkQTlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCURvgAwQD
WJdAAwQCXVkAAwQDX4HQAwQCuQZEAwQCuTsMMBQEAgACMA4DBQAqAhf4AwUAKgIh
4DANBgkqhkiG9w0BAQsFAAOCAQEAax7S3ZNtmxYCk52VELzEGEiZo1L6hRbLY4sI
zuxrNb7mUYSCUYgMjYAt2v1J32V4mFA1bGbO1N6RYO/DJAKyDU2cztm/Y71RQyy/
SesNujYcpVUjno8KcnVD5/6uKZMyP1ubA+5wvzDqAOBzK7XkCywgxDo9I2itedog
6jdRNxMlzL41vI3bLfjl4SO5tX2xixDEruePZzTZClpsaXR2xRt9s3sISbh7YkTQ
Gose8o3B4PLZap1fYANyvKd7lKnqt9+tZMNDeqD/umMhqYCZSMsCNUtaSSPkjkhD
d+k5/JQc54uHM5bBmipCAgaiF9LTxXS38XJeyoXzMKzZ+hqmXA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:06:10 2025 by rpki-client