Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/xozINdh53_-tEy-MiIGPjdmv2NY.roa
File: xozINdh53_-tEy-MiIGPjdmv2NY.roa (raw, json)
Hash identifier: XjOx2mzpqgSjjqakC0/Q/pjogKcZOPCmDa422JJem/A=
Subject key identifier: C6:8C:C8:35:D8:79:DF:FF:AD:13:2F:8C:88:81:8F:8D:D9:AF:D8:D6
Certificate issuer: /CN=9295b1f1dcd8fa6ac1ef788278c489e15eacae70
Certificate serial: 37FB1900
Authority key identifier: 92:95:B1:F1:DC:D8:FA:6A:C1:EF:78:82:78:C4:89:E1:5E:AC:AE:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kpWx8dzY-mrB73iCeMSJ4V6srnA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/xozINdh53_-tEy-MiIGPjdmv2NY.roa
Signing time: Sat 01 Jan 2022 02:53:45 +0000
ROA not before: Sat 01 Jan 2022 02:53:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8560
IP address blocks: 195.20.224.0/19 maxlen: 24
217.72.192.0/20 maxlen: 24
87.106.0.0/16 maxlen: 24
82.165.0.0/16 maxlen: 24
217.160.0.0/16 maxlen: 24
212.227.0.0/16 maxlen: 24
157.97.105.0/24 maxlen: 32
157.97.104.0/24 maxlen: 32
217.160.150.0/23 maxlen: 32
213.165.64.0/19 maxlen: 24
2001:8d8::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 939202816 (0x37fb1900)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9295b1f1dcd8fa6ac1ef788278c489e15eacae70
Validity
Not Before: Jan 1 02:53:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c68cc835d879dfffad132f8c88818f8dd9afd8d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:26:ab:94:ab:05:fd:80:4a:21:67:71:6a:5e:
e1:9a:d2:ea:f8:48:11:57:28:2f:e4:02:4a:24:09:
63:73:cf:f8:c6:61:f5:a7:02:cf:47:6c:0f:eb:2e:
95:56:0a:5f:a7:40:96:28:b3:fc:8a:61:44:00:77:
05:02:b5:65:99:16:98:44:d5:79:8b:63:f9:b0:d3:
de:b0:75:56:b1:d3:88:08:db:9e:6a:1f:ec:c9:a5:
dc:12:5c:9e:b0:ac:d0:e8:d4:b5:6b:52:46:e6:cd:
d7:af:36:a5:90:9f:62:35:07:83:05:4e:ec:06:3e:
c8:7a:8b:39:60:5e:49:f1:25:83:c5:99:c0:1a:fd:
5e:29:68:52:97:f4:04:71:ee:92:6d:e0:38:ee:2f:
ff:45:d9:cb:50:67:4b:02:42:51:eb:79:97:53:6b:
59:81:bd:e4:36:1d:61:bf:21:ac:f9:7d:87:6f:a8:
a4:14:32:16:9f:a0:7d:53:46:1c:70:cd:b5:c6:4e:
5b:b9:89:66:cd:37:b1:a3:a9:0e:d8:44:e0:b7:4b:
87:0c:55:fb:fe:3a:f2:47:34:bc:fa:6f:d6:35:3d:
ee:bb:fb:97:30:60:6e:73:6d:b6:b7:59:55:65:ae:
e2:75:0d:5f:88:14:11:ca:7b:8f:58:41:96:fb:f4:
f3:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:8C:C8:35:D8:79:DF:FF:AD:13:2F:8C:88:81:8F:8D:D9:AF:D8:D6
X509v3 Authority Key Identifier:
keyid:92:95:B1:F1:DC:D8:FA:6A:C1:EF:78:82:78:C4:89:E1:5E:AC:AE:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpWx8dzY-mrB73iCeMSJ4V6srnA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/xozINdh53_-tEy-MiIGPjdmv2NY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0fbc2e-fd88-4df2-aae3-9eb40cc5f68b/1/kpWx8dzY-mrB73iCeMSJ4V6srnA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.165.0.0/16
87.106.0.0/16
157.97.104.0/23
195.20.224.0/19
212.227.0.0/16
213.165.64.0/19
217.72.192.0/20
217.160.0.0/16
IPv6:
2001:8d8::/32
Signature Algorithm: sha256WithRSAEncryption
b8:3b:ad:3f:b9:6c:6d:10:b6:ec:e5:4a:02:68:be:d6:da:57:
fa:03:da:52:d7:59:51:39:a9:52:df:82:7c:46:dc:22:a6:b8:
92:ea:37:37:ed:93:ff:3a:8b:f7:3d:60:40:96:81:82:9c:0d:
d2:fa:ca:1a:56:9d:c1:60:a8:f7:96:bd:b7:dc:85:5f:32:ac:
29:dd:54:5d:5c:1d:e4:1b:11:8b:ba:92:d2:92:ef:64:9e:c3:
59:6f:a6:21:1f:46:23:d8:a7:1e:39:65:f8:a9:21:77:9b:96:
b1:c4:00:81:c7:9e:23:6c:57:df:a7:db:66:59:c9:4e:a0:0b:
5c:3a:da:15:b2:81:4e:92:94:6c:f6:a3:9f:1f:67:5c:0e:93:
fe:cd:08:e8:64:db:ba:6b:dc:6d:58:f1:d1:c6:96:ed:f9:59:
82:10:bf:45:55:46:40:e9:ca:f5:f0:fa:cb:c5:31:35:55:06:
c1:d8:4b:5e:ae:78:e9:87:d1:df:af:e9:e0:ea:cc:d8:4b:29:
31:0a:ae:bf:bc:a9:0a:81:68:95:9b:81:80:eb:9c:8f:f1:a6:
2b:3b:25:a5:ed:27:4e:32:fd:f8:69:c5:0d:27:67:c3:d0:8f:
34:ae:8d:f6:c4:a0:de:67:f5:c3:5f:a0:36:03:83:af:54:9f:
be:51:56:bf
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIEN/sZADANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
Mjk1YjFmMWRjZDhmYTZhYzFlZjc4ODI3OGM0ODllMTVlYWNhZTcwMB4XDTIyMDEw
MTAyNTM0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzY4Y2M4MzVkODc5
ZGZmZmFkMTMyZjhjODg4MThmOGRkOWFmZDhkNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMgmq5SrBf2ASiFncWpe4ZrS6vhIEVcoL+QCSiQJY3PP+MZh
9acCz0dsD+sulVYKX6dAliiz/IphRAB3BQK1ZZkWmETVeYtj+bDT3rB1VrHTiAjb
nmof7Mml3BJcnrCs0OjUtWtSRubN1682pZCfYjUHgwVO7AY+yHqLOWBeSfElg8WZ
wBr9XiloUpf0BHHukm3gOO4v/0XZy1BnSwJCUet5l1NrWYG95DYdYb8hrPl9h2+o
pBQyFp+gfVNGHHDNtcZOW7mJZs03saOpDthE4LdLhwxV+/468kc0vPpv1jU97rv7
lzBgbnNttrdZVWWu4nUNX4gUEcp7j1hBlvv0830CAwEAAaOCAj4wggI6MB0GA1Ud
DgQWBBTGjMg12Hnf/60TL4yIgY+N2a/Y1jAfBgNVHSMEGDAWgBSSlbHx3Nj6asHv
eIJ4xInhXqyucDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2twV3g4ZHpZLW1yQjczaUNlTVNKNFY2c3JuQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjIvMGZiYzJlLWZkODgtNGRmMi1hYWUzLTllYjQwY2M1ZjY4Yi8x
L3hveklOZGg1M18tdEV5LU1pSUdQamRtdjJOWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIv
MGZiYzJlLWZkODgtNGRmMi1hYWUzLTllYjQwY2M1ZjY4Yi8xL2twV3g4ZHpZLW1y
QjczaUNlTVNKNFY2c3JuQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBU
BggrBgEFBQcBBwEB/wRFMEMwMgQCAAEwLAMDAFKlAwMAV2oDBAGdYWgDBAXDFOAD
AwDU4wMEBdWlQAMEBNlIwAMDANmgMA0EAgACMAcDBQAgAQjYMA0GCSqGSIb3DQEB
CwUAA4IBAQC4O60/uWxtELbs5UoCaL7W2lf6A9pS11lROalS34J8RtwipriS6jc3
7ZP/Oov3PWBAloGCnA3S+soaVp3BYKj3lr233IVfMqwp3VRdXB3kGxGLupLSku9k
nsNZb6YhH0Yj2KceOWX4qSF3m5axxACBx54jbFffp9tmWclOoAtcOtoVsoFOkpRs
9qOfH2dcDpP+zQjoZNu6a9xtWPHRxpbt+VmCEL9FVUZA6cr18PrLxTE1VQbB2Ete
rnjph9Hfr+ng6szYSykxCq6/vKkKgWiVm4GA65yP8aYrOyWl7SdOMv34acUNJ2fD
0I80ro32xKDeZ/XDX6A2A4OvVJ++UVa/
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:21 2024 by rpki-client on console-fra.rpki-client.org