Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/O9AIJ1BxBC8VYkJolN7DYY2Q7xE.roa
File: O9AIJ1BxBC8VYkJolN7DYY2Q7xE.roa (raw, json)
Hash identifier: ngf0GqFQJFOAsl90YhCLo4CylgNcI21nk892p4m3qbo=
Subject key identifier: 3B:D0:08:27:50:71:04:2F:15:62:42:68:94:DE:C3:61:8D:90:EF:11
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 01824EE2665436C40EF213D74104BB9FF3DA
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/O9AIJ1BxBC8VYkJolN7DYY2Q7xE.roa
Signing time: Sat 30 Jul 2022 11:33:56 +0000
ROA not before: Sat 30 Jul 2022 11:33:56 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 88.209.231.0/24 maxlen: 24
88.209.232.0/22 maxlen: 22
88.209.248.0/24 maxlen: 24
83.137.152.0/24 maxlen: 24
83.137.154.0/23 maxlen: 24
88.151.61.0/24 maxlen: 24
88.151.63.0/24 maxlen: 24
88.209.204.0/24 maxlen: 32
88.209.204.0/22 maxlen: 24
88.209.200.0/22 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:4e:e2:66:54:36:c4:0e:f2:13:d7:41:04:bb:9f:f3:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Jul 30 11:33:56 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3bd008275071042f1562426894dec3618d90ef11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:7c:8a:aa:86:4e:8c:b4:bc:6a:d6:0a:57:8a:
7a:cb:d7:14:a1:7c:5a:c6:fb:c4:b8:a1:49:86:50:
b1:e6:63:41:82:33:09:1f:74:ae:b6:c3:c2:d8:cf:
3a:ea:97:fc:74:7e:6f:ea:2f:83:cf:83:c2:71:29:
cc:5e:9e:29:7f:ab:4f:ab:25:52:77:40:dd:a7:5c:
88:24:7a:7f:ba:5b:80:b1:ff:4e:4a:bf:7c:4f:57:
c3:a2:e4:df:4b:f2:d0:e1:fa:d2:62:63:21:11:02:
2d:4c:05:45:3d:e2:a3:86:c6:24:9b:72:36:16:d7:
f7:e6:bb:ee:eb:b5:69:d8:03:3a:36:37:0b:bd:ee:
5e:20:1b:3a:79:2c:da:b9:e3:0d:7a:61:2a:fc:81:
d9:d6:e0:de:c2:d5:b2:d4:04:4a:66:3b:13:ac:a0:
aa:3c:44:f3:be:56:bf:91:ae:bb:45:d8:67:39:bc:
96:97:b3:31:4a:30:4b:41:96:c5:cb:11:43:61:f4:
51:40:a2:4c:a5:e4:0b:9c:2e:e8:5e:33:3d:b5:c0:
c5:a9:b3:17:ed:0c:7c:a7:48:0b:0a:39:87:47:2b:
39:a4:be:4f:ed:9a:b6:62:2f:ce:03:e8:bf:66:33:
06:6f:ca:5c:42:ce:d3:74:cf:dc:ec:b4:a8:45:9e:
09:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:D0:08:27:50:71:04:2F:15:62:42:68:94:DE:C3:61:8D:90:EF:11
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/O9AIJ1BxBC8VYkJolN7DYY2Q7xE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.137.152.0/24
83.137.154.0/23
88.151.61.0/24
88.151.63.0/24
88.209.200.0/21
88.209.231.0-88.209.235.255
88.209.248.0/24
Signature Algorithm: sha256WithRSAEncryption
8b:a8:33:d6:f5:3d:07:32:f3:04:79:19:8f:31:a2:2b:52:0b:
a3:a2:52:22:0b:a9:bf:38:6f:a5:e6:b9:32:9a:b1:68:55:cc:
a3:6a:96:3c:21:7d:cf:f0:03:ef:dd:6c:2d:48:e3:32:a9:f4:
7f:e1:43:fb:0f:4f:7b:0e:e2:c5:80:9a:b2:94:0b:b5:f5:1f:
76:f9:1e:9c:8f:53:12:db:af:f4:9b:a5:f7:1d:07:ff:a5:22:
22:c8:7a:e5:6a:10:e1:df:f7:d2:a2:d1:11:e1:89:3d:83:a2:
3c:0c:bf:63:c1:fc:83:f9:6c:46:5c:fb:58:3c:5f:5c:fa:b6:
06:e1:0c:48:a2:18:5b:61:15:20:62:ca:6d:a1:81:c9:d6:c4:
58:21:61:c9:c5:7e:9a:50:f0:14:75:c6:fe:f8:11:dc:de:52:
85:80:7f:11:97:a3:6c:35:8a:bc:b6:a4:ea:e0:22:a0:a2:30:
60:40:ab:ed:60:a2:69:28:40:84:ef:4f:42:3e:db:3d:3c:d7:
64:a3:15:0b:cb:37:a8:5d:c8:8c:66:48:9d:72:7d:13:82:62:
b9:15:04:a9:a1:51:8f:97:72:b1:28:f5:38:62:d9:19:cf:8c:
08:11:9f:92:9b:de:fc:56:fb:7d:20:7d:e2:5d:52:37:57:83:
2e:3d:3a:a4
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYJO4mZUNsQO8hPXQQS7n/PaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjIwNzMwMTEzMzU2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQwMDgyNzUwNzEwNDJmMTU2MjQyNjg5NGRlYzM2MThkOTBlZjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnyKqoZOjLS8atYKV4p6y9cUoXxa
xvvEuKFJhlCx5mNBgjMJH3SutsPC2M866pf8dH5v6i+Dz4PCcSnMXp4pf6tPqyVS
d0Ddp1yIJHp/uluAsf9OSr98T1fDouTfS/LQ4frSYmMhEQItTAVFPeKjhsYkm3I2
Ftf35rvu67Vp2AM6NjcLve5eIBs6eSzaueMNemEq/IHZ1uDewtWy1ARKZjsTrKCq
PETzvla/ka67RdhnObyWl7MxSjBLQZbFyxFDYfRRQKJMpeQLnC7oXjM9tcDFqbMX
7Qx8p0gLCjmHRys5pL5P7Zq2Yi/OA+i/ZjMGb8pcQs7TdM/c7LSoRZ4JEwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFDvQCCdQcQQvFWJCaJTew2GNkO8RMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvTzlBSUoxQnhCQzhWWWtKb2xON0RZWTJRN3hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAU4mYAwQB
U4maAwQAWJc9AwQAWJc/AwQDWNHIMAwDBABY0ecDBAJY0egDBABY0fgwDQYJKoZI
hvcNAQELBQADggEBAIuoM9b1PQcy8wR5GY8xoitSC6OiUiILqb84b6XmuTKasWhV
zKNqljwhfc/wA+/dbC1I4zKp9H/hQ/sPT3sO4sWAmrKUC7X1H3b5HpyPUxLbr/Sb
pfcdB/+lIiLIeuVqEOHf99Ki0RHhiT2DojwMv2PB/IP5bEZc+1g8X1z6tgbhDEii
GFthFSBiym2hgcnWxFghYcnFfppQ8BR1xv74EdzeUoWAfxGXo2w1iry2pOrgIqCi
MGBAq+1gomkoQITvT0I+2z0812SjFQvLN6hdyIxmSJ1yfROCYrkVBKmhUY+XcrEo
9Thi2RnPjAgRn5Kb3vxW+30gfeJdUjdXgy49OqQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org