Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/3aee7a-15b5-43d6-8275-ef063e786e54/1/mkIqsmJ_TDI-xxsve_m7VBNS30c.roa
File: mkIqsmJ_TDI-xxsve_m7VBNS30c.roa (raw, json)
Hash identifier: OKWWEedwPO1vFFiTPiRb8GI+HQiglnUzV+R/aU9/KLc=
Subject key identifier: 9A:42:2A:B2:62:7F:4C:32:3E:C7:1B:2F:7B:F9:BB:54:13:52:DF:47
Certificate issuer: /CN=5421ba4b539162d7ef191a5662049e51fdc3622b
Certificate serial: 09356571
Authority key identifier: 54:21:BA:4B:53:91:62:D7:EF:19:1A:56:62:04:9E:51:FD:C3:62:2B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VCG6S1ORYtfvGRpWYgSeUf3DYis.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e3/3aee7a-15b5-43d6-8275-ef063e786e54/1/mkIqsmJ_TDI-xxsve_m7VBNS30c.roa
Signing time: Sat 01 Jan 2022 15:58:05 +0000
ROA not before: Sat 01 Jan 2022 15:58:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 13243
IP address blocks: 217.18.192.0/20 maxlen: 20
185.226.100.0/22 maxlen: 22
195.245.202.0/24 maxlen: 24
62.148.32.0/19 maxlen: 19
195.254.192.0/19 maxlen: 19
146.192.128.0/17 maxlen: 17
193.36.191.0/24 maxlen: 24
77.94.232.0/21 maxlen: 21
2a00:97c0::/32 maxlen: 32
2a00:ef8::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 154494321 (0x9356571)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5421ba4b539162d7ef191a5662049e51fdc3622b
Validity
Not Before: Jan 1 15:58:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9a422ab2627f4c323ec71b2f7bf9bb541352df47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e2:c4:c1:52:11:dc:5e:01:8f:9b:37:fc:d5:
74:28:91:9d:cf:e5:30:48:b7:05:7f:7e:e1:bd:af:
79:91:33:da:b1:e0:a2:18:c0:c0:6d:f9:6f:7d:f1:
79:4a:f9:73:92:e3:e9:3f:a7:81:85:9c:c0:dc:aa:
ee:76:1a:5b:e3:a8:e8:5a:d2:de:01:1c:02:1c:9d:
5d:61:e9:7e:9c:d2:2e:98:30:39:2c:a6:75:57:49:
0d:62:bd:1c:c8:85:b0:7c:d1:cb:8b:c0:44:31:39:
60:a7:41:a7:5a:1c:e7:20:5f:d2:af:6c:03:7b:9f:
34:be:0e:25:ad:73:c5:1f:21:ad:f7:df:f6:47:c4:
07:ca:57:c7:9a:dc:e0:34:e0:35:a7:71:22:da:25:
f5:7d:5a:a9:88:30:be:21:90:4f:8d:f3:e3:da:6b:
54:35:9c:c8:09:11:b2:93:5a:66:0b:64:94:63:5f:
b3:73:c6:5f:8d:a6:22:c6:05:02:e4:fa:db:d9:b2:
f5:94:86:16:29:e1:b6:ab:63:30:6f:68:66:2e:23:
78:d3:24:c6:eb:c2:98:93:eb:b9:fc:c4:55:c6:03:
0b:00:68:f4:ac:65:22:11:ca:6d:eb:11:6a:c7:80:
7a:f0:ad:6a:91:46:d0:99:37:8e:6a:e6:ad:4a:0f:
d8:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:42:2A:B2:62:7F:4C:32:3E:C7:1B:2F:7B:F9:BB:54:13:52:DF:47
X509v3 Authority Key Identifier:
keyid:54:21:BA:4B:53:91:62:D7:EF:19:1A:56:62:04:9E:51:FD:C3:62:2B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VCG6S1ORYtfvGRpWYgSeUf3DYis.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/3aee7a-15b5-43d6-8275-ef063e786e54/1/mkIqsmJ_TDI-xxsve_m7VBNS30c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/3aee7a-15b5-43d6-8275-ef063e786e54/1/VCG6S1ORYtfvGRpWYgSeUf3DYis.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.148.32.0/19
77.94.232.0/21
146.192.128.0/17
185.226.100.0/22
193.36.191.0/24
195.245.202.0/24
195.254.192.0/19
217.18.192.0/20
IPv6:
2a00:ef8::/32
2a00:97c0::/32
Signature Algorithm: sha256WithRSAEncryption
49:89:ac:19:3b:cd:7f:5f:a9:3e:fd:b7:49:c5:35:8f:31:14:
ee:e6:3f:e3:55:14:40:f8:a1:f6:1c:19:a6:dd:e3:1e:7f:42:
df:7b:09:fa:1b:7f:98:56:69:9b:76:d9:d5:04:8e:c5:51:0b:
03:99:ac:77:14:48:71:9c:ce:ef:1f:7a:ad:a7:5b:2a:9d:1e:
0d:ca:d9:0b:80:db:67:da:e9:76:04:41:ab:59:65:7e:90:26:
1e:64:f4:e5:12:09:64:c3:13:a5:b5:79:39:6d:06:3d:62:57:
8b:2b:24:5a:cd:22:94:e9:d4:75:f8:49:eb:43:66:0c:83:70:
e0:0e:4b:1e:b9:41:a2:2e:b2:fc:21:5f:28:0d:a4:14:01:50:
45:87:32:bc:f0:6c:48:2b:3c:1c:3d:43:ea:03:53:1c:20:5c:
7d:43:2d:eb:2f:cf:78:80:37:32:3d:8c:18:90:e6:e6:49:8b:
60:06:99:f1:fa:94:c3:96:da:c7:41:71:5e:0a:f4:92:a0:8f:
6c:d1:ea:f6:bf:aa:0b:6e:f0:a6:fe:fb:3a:1b:cb:4c:89:db:
09:83:3a:42:2b:ac:56:90:36:30:dc:2a:ee:c2:e0:50:92:89:
08:57:61:ab:41:20:46:65:60:f3:9a:4a:2a:10:93:79:42:1b:
b2:4c:84:5c
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgIECTVlcTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg1
NDIxYmE0YjUzOTE2MmQ3ZWYxOTFhNTY2MjA0OWU1MWZkYzM2MjJiMB4XDTIyMDEw
MTE1NTgwNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWE0MjJhYjI2Mjdm
NGMzMjNlYzcxYjJmN2JmOWJiNTQxMzUyZGY0NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL3ixMFSEdxeAY+bN/zVdCiRnc/lMEi3BX9+4b2veZEz2rHg
ohjAwG35b33xeUr5c5Lj6T+ngYWcwNyq7nYaW+Oo6FrS3gEcAhydXWHpfpzSLpgw
OSymdVdJDWK9HMiFsHzRy4vARDE5YKdBp1oc5yBf0q9sA3ufNL4OJa1zxR8hrfff
9kfEB8pXx5rc4DTgNadxItol9X1aqYgwviGQT43z49prVDWcyAkRspNaZgtklGNf
s3PGX42mIsYFAuT629my9ZSGFinhtqtjMG9oZi4jeNMkxuvCmJPrufzEVcYDCwBo
9KxlIhHKbesRaseAevCtapFG0Jk3jmrmrUoP2B8CAwEAAaOCAkkwggJFMB0GA1Ud
DgQWBBSaQiqyYn9MMj7HGy97+btUE1LfRzAfBgNVHSMEGDAWgBRUIbpLU5Fi1+8Z
GlZiBJ5R/cNiKzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1ZDRzZTMU9SWXRmdkdScFdZZ1NlVWYzRFlpcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTMvM2FlZTdhLTE1YjUtNDNkNi04Mjc1LWVmMDYzZTc4NmU1NC8x
L21rSXFzbUpfVERJLXh4c3ZlX203VkJOUzMwYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMv
M2FlZTdhLTE1YjUtNDNkNi04Mjc1LWVmMDYzZTc4NmU1NC8xL1ZDRzZTMU9SWXRm
dkdScFdZZ1NlVWYzRFlpcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBf
BggrBgEFBQcBBwEB/wRQME4wNgQCAAEwMAMEBT6UIAMEA01e6AMEB5LAgAMEArni
ZAMEAMEkvwMEAMP1ygMEBcP+wAMEBNkSwDAUBAIAAjAOAwUAKgAO+AMFACoAl8Aw
DQYJKoZIhvcNAQELBQADggEBAEmJrBk7zX9fqT79t0nFNY8xFO7mP+NVFED4ofYc
Gabd4x5/Qt97Cfobf5hWaZt22dUEjsVRCwOZrHcUSHGczu8feq2nWyqdHg3K2QuA
22fa6XYEQatZZX6QJh5k9OUSCWTDE6W1eTltBj1iV4srJFrNIpTp1HX4SetDZgyD
cOAOSx65QaIusvwhXygNpBQBUEWHMrzwbEgrPBw9Q+oDUxwgXH1DLesvz3iANzI9
jBiQ5uZJi2AGmfH6lMOW2sdBcV4K9JKgj2zR6va/qgtu8Kb++zoby0yJ2wmDOkIr
rFaQNjDcKu7C4FCSiQhXYatBIEZlYPOaSioQk3lCG7JMhFw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:16 2024 by rpki-client on console-fra.rpki-client.org