Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6n-ugMOeUzpEvMYplRjlI-t7HI0.roa
File: 6n-ugMOeUzpEvMYplRjlI-t7HI0.roa (raw, json)
Hash identifier: NFrifzg9OIFkSbPUbv8phVCdN8lj39wHKFInHWtVfFw=
Subject key identifier: EA:7F:AE:80:C3:9E:53:3A:44:BC:C6:29:95:18:E5:23:EB:7B:1C:8D
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0181F70E2BCC0DEDEABE8C9B38FC56F92E57
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6n-ugMOeUzpEvMYplRjlI-t7HI0.roa
Signing time: Wed 13 Jul 2022 10:15:09 +0000
ROA not before: Wed 13 Jul 2022 10:15:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 88.209.230.0/24 maxlen: 24
92.52.214.0/24 maxlen: 24
88.209.232.0/22 maxlen: 22
88.209.229.0/24 maxlen: 24
88.209.244.0/23 maxlen: 23
88.209.252.0/24 maxlen: 24
88.209.255.0/24 maxlen: 24
88.209.204.0/24 maxlen: 32
88.209.204.0/22 maxlen: 32
88.209.200.0/22 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:f7:0e:2b:cc:0d:ed:ea:be:8c:9b:38:fc:56:f9:2e:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 13 10:15:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ea7fae80c39e533a44bcc6299518e523eb7b1c8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:a4:89:a0:0c:6f:22:07:97:a1:53:6b:fd:53:
29:da:a9:34:15:36:18:da:86:08:b7:1f:4a:6e:9b:
42:55:ad:20:9a:db:00:eb:db:55:c4:62:5f:7e:27:
f7:cd:7c:7c:3d:2e:2c:07:d1:59:64:bc:56:84:06:
78:f4:4f:1d:e0:9f:00:94:fe:94:61:f8:a6:24:35:
8b:29:0f:05:1e:45:6b:e8:b8:5c:c6:9c:95:98:bf:
f0:aa:40:f0:24:75:5f:8d:c9:3c:9a:c0:0d:25:6b:
26:d4:c3:76:46:c1:a1:f5:b7:2a:15:10:45:d3:b0:
0d:1f:6e:a7:5b:4f:10:9f:2f:b8:78:ab:81:7d:f2:
2a:97:ca:66:a5:7e:7e:c7:75:c3:04:77:6e:0b:2e:
ef:dc:86:b1:e5:d0:29:6d:fe:cb:4b:f9:18:16:fc:
e5:4a:70:25:94:28:97:eb:18:51:fb:98:49:8b:14:
9e:0f:6e:d7:48:7c:14:98:93:26:34:47:7f:8d:70:
3b:a5:1c:8e:f6:12:66:07:0b:cc:f0:b4:66:47:f4:
67:bb:3b:34:3d:1d:90:65:46:9c:20:26:19:ce:4b:
59:f1:f9:ef:94:58:08:df:9a:de:c6:08:de:3b:b1:
ea:43:d3:74:60:a5:8b:e2:a2:1c:9c:04:d0:d5:e4:
55:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:7F:AE:80:C3:9E:53:3A:44:BC:C6:29:95:18:E5:23:EB:7B:1C:8D
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/6n-ugMOeUzpEvMYplRjlI-t7HI0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.209.200.0/21
88.209.229.0-88.209.230.255
88.209.232.0/22
88.209.244.0/23
88.209.252.0/24
88.209.255.0/24
92.52.214.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:2d:28:cc:4e:4b:05:e5:b8:ee:75:31:57:c7:bf:31:36:ba:
55:b4:a5:12:fb:8a:19:99:7d:03:8d:d5:8c:36:84:19:09:53:
56:09:36:d9:2b:3c:6e:20:39:a4:1c:04:10:b9:7c:51:16:5a:
ca:a3:d8:ae:a0:00:67:ca:7e:2d:71:03:07:95:db:d2:47:66:
7d:ee:b1:1a:19:2b:30:7e:96:c7:cb:fc:26:6b:ef:c6:73:65:
63:dd:0d:de:12:d9:a8:be:57:6d:56:ad:80:1f:7d:7e:16:83:
6f:d9:1a:c0:ab:f3:98:62:94:05:04:61:c7:3b:f5:e8:aa:50:
72:0b:a6:80:c0:57:d8:3d:d9:43:1d:1c:a6:26:f2:66:e5:b8:
d6:5f:65:31:0b:04:a8:43:77:40:70:bc:96:31:e5:22:b6:70:
67:e5:c5:43:1f:7a:12:c4:11:a0:4f:8d:af:57:5c:bc:34:e7:
51:97:19:d8:33:79:96:89:a0:c6:43:e1:7f:88:ad:e0:6c:90:
64:82:f1:7e:7a:d9:61:5d:95:af:ff:84:91:44:63:28:88:32:
c7:7e:c5:57:af:ab:be:45:d5:cd:6c:0d:e8:4c:83:2c:35:67:
c7:3a:de:35:b9:6d:e0:55:e7:5a:47:0c:b6:6c:71:96:85:62:
30:04:76:74
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYH3DivMDe3qvoybOPxW+S5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzEzMTAxNTA5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTdmYWU4MGMzOWU1MzNhNDRiY2M2Mjk5NTE4ZTUyM2ViN2IxYzhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6SJoAxvIgeXoVNr/VMp2qk0FTYY
2oYItx9KbptCVa0gmtsA69tVxGJffif3zXx8PS4sB9FZZLxWhAZ49E8d4J8AlP6U
YfimJDWLKQ8FHkVr6LhcxpyVmL/wqkDwJHVfjck8msANJWsm1MN2RsGh9bcqFRBF
07ANH26nW08Qny+4eKuBffIql8pmpX5+x3XDBHduCy7v3Iax5dApbf7LS/kYFvzl
SnAllCiX6xhR+5hJixSeD27XSHwUmJMmNEd/jXA7pRyO9hJmBwvM8LRmR/Rnuzs0
PR2QZUacICYZzktZ8fnvlFgI35rexgjeO7HqQ9N0YKWL4qIcnATQ1eRVjQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFOp/roDDnlM6RLzGKZUY5SPrexyNMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvNm4tdWdNT2VVenBFdk1ZcGxSamxJLXQ3SEkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQDWNHIMAwD
BABY0eUDBABY0eYDBAJY0egDBAFY0fQDBABY0fwDBABY0f8DBABcNNYwDQYJKoZI
hvcNAQELBQADggEBAAotKMxOSwXluO51MVfHvzE2ulW0pRL7ihmZfQON1Yw2hBkJ
U1YJNtkrPG4gOaQcBBC5fFEWWsqj2K6gAGfKfi1xAweV29JHZn3usRoZKzB+lsfL
/CZr78ZzZWPdDd4S2ai+V21WrYAffX4Wg2/ZGsCr85hilAUEYcc79eiqUHILpoDA
V9g92UMdHKYm8mbluNZfZTELBKhDd0BwvJYx5SK2cGflxUMfehLEEaBPja9XXLw0
51GXGdgzeZaJoMZD4X+IreBskGSC8X562WFdla//hJFEYyiIMsd+xVevq75F1c1s
DehMgyw1Z8c63jW5beBV51pHDLZscZaFYjAEdnQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:54 2024 by rpki-client on console-ams.rpki-client.org