Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/5uzmY2wp8KlgXYG_pGThTMRBRXM.roa
File: 5uzmY2wp8KlgXYG_pGThTMRBRXM.roa (raw, json)
Hash identifier: drvpIH7wl8ZzRquJFSb5hfch5os9QVfdfuYEBo/QPvM=
Subject key identifier: E6:EC:E6:63:6C:29:F0:A9:60:5D:81:BF:A4:64:E1:4C:C4:41:45:73
Certificate issuer: /CN=bfd070b0c9add92972fefc566c112d93717c4d6c
Certificate serial: 01891FF75648BA12DAF62FA86DD192B6EEA7
Authority key identifier: BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/5uzmY2wp8KlgXYG_pGThTMRBRXM.roa
Signing time: Tue 04 Jul 2023 08:14:10 +0000
ROA not before: Tue 04 Jul 2023 08:14:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49586
IP address blocks: 188.95.242.254/31 maxlen: 31
185.7.132.0/22 maxlen: 22
188.95.240.0/21 maxlen: 21
188.95.240.64/26 maxlen: 26
137.221.24.0/21 maxlen: 21
137.221.25.64/27 maxlen: 27
188.95.240.216/29 maxlen: 29
188.95.240.208/29 maxlen: 29
188.95.240.248/29 maxlen: 29
2a00:10b0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:1f:f7:56:48:ba:12:da:f6:2f:a8:6d:d1:92:b6:ee:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bfd070b0c9add92972fefc566c112d93717c4d6c
Validity
Not Before: Jul 4 08:14:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e6ece6636c29f0a9605d81bfa464e14cc4414573
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:39:2d:27:f2:dd:a3:3b:95:51:02:d4:f6:99:
5f:f6:23:19:12:b9:55:b3:ab:05:2d:b2:38:77:f2:
a3:dc:cb:3f:32:74:cf:53:90:7e:13:b6:7a:78:9c:
8e:fa:5b:db:a7:74:9a:a9:51:bf:70:7a:bf:26:b8:
00:18:35:2e:9f:e3:26:b2:4c:2f:09:9b:1f:c5:a0:
b4:74:ad:e9:43:cd:dd:eb:3c:57:36:58:fb:e5:07:
2c:b3:32:89:84:a9:86:b4:36:6d:e4:2f:45:f9:a5:
d0:36:b4:f2:82:0b:43:65:89:c4:7f:5c:3b:8b:62:
06:ca:39:66:85:e5:05:37:8c:1b:1c:15:fa:a8:0d:
53:40:fd:6a:83:77:fd:24:2a:75:6a:f3:39:81:4d:
55:1e:7d:25:fa:af:61:5e:58:d6:d5:09:80:b3:46:
4e:ef:8d:c4:d6:7d:23:7f:64:6a:4c:52:6b:8b:26:
ce:9f:27:1a:78:af:30:83:77:84:8a:4a:0e:79:05:
b3:eb:40:dd:72:a3:e1:6d:50:29:89:d2:24:b2:ff:
b3:41:b2:d9:1a:ac:40:d2:a7:08:c0:61:e5:d6:cc:
48:b7:22:0b:53:39:34:42:60:b1:5b:1d:a7:86:78:
92:04:b7:74:64:17:91:05:d4:39:78:f7:fc:67:2e:
c7:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:EC:E6:63:6C:29:F0:A9:60:5D:81:BF:A4:64:E1:4C:C4:41:45:73
X509v3 Authority Key Identifier:
keyid:BF:D0:70:B0:C9:AD:D9:29:72:FE:FC:56:6C:11:2D:93:71:7C:4D:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9BwsMmt2Sly_vxWbBEtk3F8TWw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/5uzmY2wp8KlgXYG_pGThTMRBRXM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/195427-4425-4556-9ea6-53cca81e9224/1/v9BwsMmt2Sly_vxWbBEtk3F8TWw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.221.24.0/21
185.7.132.0/22
188.95.240.0/21
IPv6:
2a00:10b0::/29
Signature Algorithm: sha256WithRSAEncryption
64:af:4c:40:96:2c:b4:46:17:f0:b9:30:04:76:94:5d:ae:1a:
9f:88:b2:41:d1:b2:ee:71:67:20:5a:6d:ac:67:90:2c:f4:70:
73:28:87:15:8f:fe:41:04:31:60:68:a2:43:c5:49:90:ea:11:
79:38:48:c3:9b:26:4b:57:ec:ed:f9:4a:45:e5:db:33:ad:c2:
b8:b7:b6:e1:ba:f7:32:8a:89:ce:ce:d8:dd:ae:81:a0:4f:90:
76:8a:db:09:6c:d7:20:4b:c0:a0:31:3e:ca:92:a1:c9:52:42:
d2:78:08:c0:6b:3e:0f:b3:59:1d:9b:bf:54:b1:2c:7f:77:32:
9d:81:e4:e6:95:f5:cc:1a:c8:38:6c:a3:f7:69:e1:8b:93:d4:
f2:3e:27:f2:30:f1:7f:fc:e8:2f:a4:7a:ee:b8:4d:4b:71:6e:
a3:bf:c2:e5:48:d4:8d:18:4c:8d:97:4e:69:5e:1d:27:11:3c:
c4:1d:66:0a:bb:f4:e3:de:77:d6:03:ef:49:9d:1d:1e:c6:60:
17:3a:91:9a:3d:94:b3:d7:e0:da:1c:6d:ef:c4:5f:f0:bd:b3:
b5:de:f9:66:34:ec:b3:ce:6e:b2:03:5f:d6:34:fe:c0:5e:35:
d4:ee:44:64:11:61:85:52:d6:5c:6e:c7:73:01:1f:a8:ae:4e:
0a:b0:87:f2
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYkf91ZIuhLa9i+obdGStu6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDA3MGIwYzlhZGQ5Mjk3MmZlZmM1NjZjMTEyZDkzNzE3
YzRkNmMwHhcNMjMwNzA0MDgxNDEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmVjZTY2MzZjMjlmMGE5NjA1ZDgxYmZhNDY0ZTE0Y2M0NDE0NTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzktJ/LdozuVUQLU9plf9iMZErlV
s6sFLbI4d/Kj3Ms/MnTPU5B+E7Z6eJyO+lvbp3SaqVG/cHq/JrgAGDUun+Mmskwv
CZsfxaC0dK3pQ83d6zxXNlj75QcsszKJhKmGtDZt5C9F+aXQNrTyggtDZYnEf1w7
i2IGyjlmheUFN4wbHBX6qA1TQP1qg3f9JCp1avM5gU1VHn0l+q9hXljW1QmAs0ZO
743E1n0jf2RqTFJriybOnycaeK8wg3eEikoOeQWz60DdcqPhbVApidIksv+zQbLZ
GqxA0qcIwGHl1sxItyILUzk0QmCxWx2nhniSBLd0ZBeRBdQ5ePf8Zy7HlQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFObs5mNsKfCpYF2Bv6Rk4UzEQUVzMB8GA1UdIwQY
MBaAFL/QcLDJrdkpcv78VmwRLZNxfE1sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYt
NTNjY2E4MWU5MjI0LzEvNXV6bVkyd3A4S2xnWFlHX3BHVGhUTVJCUlhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xOTU0MjctNDQyNS00NTU2LTllYTYtNTNjY2E4MWU5MjI0
LzEvdjlCd3NNbXQyU2x5X3Z4V2JCRXRrM0Y4VFd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDid0YAwQC
uQeEAwQDvF/wMA0EAgACMAcDBQMqABCwMA0GCSqGSIb3DQEBCwUAA4IBAQBkr0xA
liy0RhfwuTAEdpRdrhqfiLJB0bLucWcgWm2sZ5As9HBzKIcVj/5BBDFgaKJDxUmQ
6hF5OEjDmyZLV+zt+UpF5dszrcK4t7bhuvcyionOztjdroGgT5B2itsJbNcgS8Cg
MT7KkqHJUkLSeAjAaz4Ps1kdm79UsSx/dzKdgeTmlfXMGsg4bKP3aeGLk9TyPify
MPF//OgvpHruuE1LcW6jv8LlSNSNGEyNl05pXh0nETzEHWYKu/Tj3nfWA+9JnR0e
xmAXOpGaPZSz1+DaHG3vxF/wvbO13vlmNOyzzm6yA1/WNP7AXjXU7kRkEWGFUtZc
bsdzAR+ork4KsIfy
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:17:01 2025 by rpki-client