Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/kp1mI3OlWT0EjVLD5DkBSOzA8fQ.roa
File: kp1mI3OlWT0EjVLD5DkBSOzA8fQ.roa (raw, json)
Hash identifier: 9YwSH3WJj9Jh8JGFl8TnpxB87A5kWtsgWbDRhB2WPOs=
Subject key identifier: 92:9D:66:23:73:A5:59:3D:04:8D:52:C3:E4:39:01:48:EC:C0:F1:F4
Certificate issuer: /CN=845c58752f3336422ff0ee1726474591e7a41e5f
Certificate serial: 01857228086C9CA5BDD690B92F62D2100FC0
Authority key identifier: 84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/kp1mI3OlWT0EjVLD5DkBSOzA8fQ.roa
Signing time: Mon 02 Jan 2023 11:05:04 +0000
ROA not before: Mon 02 Jan 2023 11:05:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34624
IP address blocks: 89.33.16.0/24 maxlen: 24
89.35.174.0/23 maxlen: 24
89.191.64.0/19 maxlen: 24
89.40.134.0/23 maxlen: 24
185.91.24.0/22 maxlen: 24
31.170.192.0/19 maxlen: 24
86.105.240.0/24 maxlen: 24
193.238.60.0/22 maxlen: 24
86.107.191.0/24 maxlen: 24
46.253.16.0/20 maxlen: 24
89.35.2.0/24 maxlen: 24
89.35.2.0/23 maxlen: 24
93.115.33.0/24 maxlen: 24
2a00:1930::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:28:08:6c:9c:a5:bd:d6:90:b9:2f:62:d2:10:0f:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=845c58752f3336422ff0ee1726474591e7a41e5f
Validity
Not Before: Jan 2 11:05:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=929d662373a5593d048d52c3e4390148ecc0f1f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:da:ca:db:af:9b:c3:95:31:c1:d9:1b:4f:21:
94:cb:2a:11:cb:4f:71:9d:26:83:4f:98:ca:d3:54:
41:d0:9f:0f:0d:05:17:ba:63:d1:a7:67:ca:f2:95:
a4:fd:65:59:04:fc:dd:2d:51:23:f0:6a:9a:93:02:
bd:68:d7:b2:28:5c:dd:2e:bf:bd:c7:ad:6c:1a:3f:
27:f7:b6:e2:4a:89:c1:50:92:e4:77:4b:5f:a8:4f:
be:dd:c5:7f:95:57:73:b5:2a:92:ba:45:e4:4e:f0:
fe:e6:a2:0b:68:86:fe:38:7e:6a:35:f4:af:3d:78:
4b:f5:00:6f:c9:4d:0b:66:9b:43:24:1a:1b:e3:7f:
c6:46:d6:37:26:5f:97:ac:20:09:b0:f4:fb:7d:92:
d8:9b:bd:b6:33:cf:58:fa:72:11:99:9f:0e:dd:6f:
77:a5:b2:70:51:29:28:bc:b8:c7:25:71:93:10:c4:
ac:84:79:a1:41:c3:3d:cd:6f:09:78:0e:f5:06:e9:
82:9a:22:0c:ed:87:f7:93:16:da:94:b0:fe:fe:c5:
cc:e3:89:c5:6a:41:ce:5f:a1:91:8d:6a:67:c8:c0:
73:59:f2:ba:5c:64:28:61:52:b7:f7:21:19:46:83:
db:81:1f:51:da:4d:0a:f3:89:79:d9:96:c2:4a:eb:
c5:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:9D:66:23:73:A5:59:3D:04:8D:52:C3:E4:39:01:48:EC:C0:F1:F4
X509v3 Authority Key Identifier:
keyid:84:5C:58:75:2F:33:36:42:2F:F0:EE:17:26:47:45:91:E7:A4:1E:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFxYdS8zNkIv8O4XJkdFkeekHl8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/kp1mI3OlWT0EjVLD5DkBSOzA8fQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/64e3ab-228c-4a23-9216-f134e51cc05b/1/hFxYdS8zNkIv8O4XJkdFkeekHl8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.192.0/19
46.253.16.0/20
86.105.240.0/24
86.107.191.0/24
89.33.16.0/24
89.35.2.0/23
89.35.174.0/23
89.40.134.0/23
89.191.64.0/19
93.115.33.0/24
185.91.24.0/22
193.238.60.0/22
IPv6:
2a00:1930::/32
Signature Algorithm: sha256WithRSAEncryption
9d:9c:00:33:52:cc:fe:3a:b5:fc:8d:54:b5:57:fc:4a:1d:c6:
6e:45:b9:e4:ee:e2:2b:0f:46:ec:15:3e:aa:15:c3:6b:f4:cf:
28:92:f6:12:43:39:a4:a4:5c:55:2d:18:9a:e5:e4:71:fc:95:
a0:2e:8f:f1:98:c9:40:8e:9f:b9:32:ae:8c:6d:4b:5a:4c:7e:
64:cf:b3:7c:60:8c:b5:86:5e:27:79:c3:5e:09:bc:f4:f6:47:
f4:28:9d:93:e6:01:ab:fb:fe:ce:2e:98:ea:fb:ff:d9:6a:9c:
9e:9e:3c:0c:2f:a4:5f:40:23:d0:16:04:fc:5e:be:6b:d4:24:
9c:f3:11:db:9e:09:ed:2a:27:ee:10:7a:14:31:10:a5:d6:da:
3f:f0:04:6e:10:fb:21:18:20:cc:ae:25:16:f9:b3:b6:89:84:
9e:f3:d4:74:c3:e1:66:6c:15:f0:bb:55:51:63:96:6a:2d:86:
ce:d2:6b:75:e6:9b:bf:ea:cf:38:49:3a:e6:cf:8e:7f:d2:cf:
8e:ab:1a:fb:b0:25:a2:25:be:e4:c7:a6:90:3c:5d:f3:d4:37:
a8:1c:48:d5:6a:ee:47:22:18:63:95:44:e5:7e:9d:b1:7b:b1:
0f:f4:89:fa:5a:5e:92:33:1c:12:1a:b7:49:ec:3b:47:06:3f:
31:83:e8:60
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYVyKAhsnKW91pC5L2LSEA/AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NWM1ODc1MmYzMzM2NDIyZmYwZWUxNzI2NDc0NTkxZTdh
NDFlNWYwHhcNMjMwMTAyMTEwNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjlkNjYyMzczYTU1OTNkMDQ4ZDUyYzNlNDM5MDE0OGVjYzBmMWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9rK26+bw5UxwdkbTyGUyyoRy09x
nSaDT5jK01RB0J8PDQUXumPRp2fK8pWk/WVZBPzdLVEj8GqakwK9aNeyKFzdLr+9
x61sGj8n97biSonBUJLkd0tfqE++3cV/lVdztSqSukXkTvD+5qILaIb+OH5qNfSv
PXhL9QBvyU0LZptDJBob43/GRtY3Jl+XrCAJsPT7fZLYm722M89Y+nIRmZ8O3W93
pbJwUSkovLjHJXGTEMSshHmhQcM9zW8JeA71BumCmiIM7Yf3kxbalLD+/sXM44nF
akHOX6GRjWpnyMBzWfK6XGQoYVK39yEZRoPbgR9R2k0K84l52ZbCSuvF6QIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFJKdZiNzpVk9BI1Sw+Q5AUjswPH0MB8GA1UdIwQY
MBaAFIRcWHUvMzZCL/DuFyZHRZHnpB5fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYt
ZjEzNGU1MWNjMDViLzEva3AxbUkzT2xXVDBFalZMRDVEa0JTT3pBOGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS82NGUzYWItMjI4Yy00YTIzLTkyMTYtZjEzNGU1MWNjMDVi
LzEvaEZ4WWRTOHpOa0l2OE80WEprZEZrZWVrSGw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQFH6rAAwQE
Lv0QAwQAVmnwAwQAVmu/AwQAWSEQAwQBWSMCAwQBWSOuAwQBWSiGAwQFWb9AAwQA
XXMhAwQCuVsYAwQCwe48MA0EAgACMAcDBQAqABkwMA0GCSqGSIb3DQEBCwUAA4IB
AQCdnAAzUsz+OrX8jVS1V/xKHcZuRbnk7uIrD0bsFT6qFcNr9M8okvYSQzmkpFxV
LRia5eRx/JWgLo/xmMlAjp+5Mq6MbUtaTH5kz7N8YIy1hl4necNeCbz09kf0KJ2T
5gGr+/7OLpjq+//ZapyenjwML6RfQCPQFgT8Xr5r1CSc8xHbngntKifuEHoUMRCl
1to/8ARuEPshGCDMriUW+bO2iYSe89R0w+FmbBXwu1VRY5ZqLYbO0mt15pu/6s84
STrmz45/0s+Oqxr7sCWiJb7kx6aQPF3z1DeoHEjVau5HIhhjlUTlfp2xe7EP9In6
Wl6SMxwSGrdJ7DtHBj8xg+hg
-----END CERTIFICATE-----
Generated at Wed Apr 9 03:02:53 2025 by rpki-client