Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/cae319-5571-46f9-b57d-be065e1ac067/1/YxCC2JY49K96QSxRm8DSwxE85jQ.roa
File: YxCC2JY49K96QSxRm8DSwxE85jQ.roa (raw, json)
Hash identifier: ME3sf+zZCqybRZQBqwftPLlkqa87wmsDxnaUM4twhxg=
Subject key identifier: 63:10:82:D8:96:38:F4:AF:7A:41:2C:51:9B:C0:D2:C3:11:3C:E6:34
Certificate issuer: /CN=ad2cf03e44da28b7319ea7b7b5b110b9b8cb7a70
Certificate serial: 0184416811ECCA57647BD44F302A6FA21A08
Authority key identifier: AD:2C:F0:3E:44:DA:28:B7:31:9E:A7:B7:B5:B1:10:B9:B8:CB:7A:70
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rSzwPkTaKLcxnqe3tbEQubjLenA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f9/cae319-5571-46f9-b57d-be065e1ac067/1/YxCC2JY49K96QSxRm8DSwxE85jQ.roa
Signing time: Fri 04 Nov 2022 06:50:50 +0000
ROA not before: Fri 04 Nov 2022 06:50:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 2586
IP address blocks: 194.204.0.0/18 maxlen: 20
178.23.112.0/21 maxlen: 23
81.90.112.0/20 maxlen: 23
194.150.64.0/22 maxlen: 24
185.13.16.0/22 maxlen: 24
95.129.192.0/21 maxlen: 23
87.119.160.0/19 maxlen: 21
91.213.43.0/24 maxlen: 24
94.246.216.0/21 maxlen: 22
146.255.176.0/21 maxlen: 23
2001:1530::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:41:68:11:ec:ca:57:64:7b:d4:4f:30:2a:6f:a2:1a:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ad2cf03e44da28b7319ea7b7b5b110b9b8cb7a70
Validity
Not Before: Nov 4 06:50:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=631082d89638f4af7a412c519bc0d2c3113ce634
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:00:f2:1b:12:84:87:4b:23:03:f5:9a:2d:e3:
88:4e:46:a0:ad:62:7f:c7:72:db:8a:33:d1:6c:92:
98:83:c9:ec:ae:5b:97:e7:64:ad:2e:9e:aa:45:ec:
b4:de:61:99:f2:4b:56:8b:97:70:62:ea:95:02:07:
b0:cd:c0:f5:01:55:cc:5f:69:58:e9:00:36:dd:fc:
8d:e5:90:2c:3e:ed:92:ed:64:24:be:d0:81:90:14:
aa:10:7c:25:5f:2a:51:fb:dd:6f:a9:90:24:69:67:
bb:6f:4a:4c:6b:35:11:24:8b:3a:26:71:e3:4a:02:
de:df:da:22:52:d2:3d:20:64:9c:13:46:9f:29:61:
da:5d:9e:24:af:da:e6:0b:f8:dd:b8:0b:f6:98:57:
36:61:58:76:ab:8d:4d:3d:d2:a6:ee:5b:73:f6:ef:
cf:92:2b:28:06:5d:49:b7:60:cd:9d:73:b0:10:40:
3e:6d:b3:8b:7a:8f:4b:da:3f:26:a8:cd:91:ad:db:
bc:37:c2:3a:5c:89:3a:bd:a2:df:38:83:9d:cc:16:
e5:6e:45:1f:ce:58:03:a9:e6:f1:24:cd:ee:79:c0:
dd:f3:c1:02:a4:6d:97:d3:76:5a:80:00:45:1c:ff:
3a:d3:b5:1d:bb:35:65:d6:fc:16:35:eb:b7:83:71:
df:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:10:82:D8:96:38:F4:AF:7A:41:2C:51:9B:C0:D2:C3:11:3C:E6:34
X509v3 Authority Key Identifier:
keyid:AD:2C:F0:3E:44:DA:28:B7:31:9E:A7:B7:B5:B1:10:B9:B8:CB:7A:70
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rSzwPkTaKLcxnqe3tbEQubjLenA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/cae319-5571-46f9-b57d-be065e1ac067/1/YxCC2JY49K96QSxRm8DSwxE85jQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/cae319-5571-46f9-b57d-be065e1ac067/1/rSzwPkTaKLcxnqe3tbEQubjLenA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.90.112.0/20
87.119.160.0/19
91.213.43.0/24
94.246.216.0/21
95.129.192.0/21
146.255.176.0/21
178.23.112.0/21
185.13.16.0/22
194.150.64.0/22
194.204.0.0/18
IPv6:
2001:1530::/32
Signature Algorithm: sha256WithRSAEncryption
43:8e:ea:38:fc:a3:d6:1a:b3:10:c3:93:5d:a7:9c:1a:b6:67:
a0:99:38:2a:52:ef:5a:b8:47:e8:62:c9:da:f2:79:99:bc:4e:
56:27:fc:aa:d0:77:13:6a:fe:f3:b1:f3:11:c0:05:ca:95:cb:
b6:7a:50:71:9f:73:10:11:d7:5f:52:e2:7a:bc:ec:6c:6a:e5:
c2:e1:92:24:51:ff:c4:6b:61:5e:70:18:54:21:57:e7:41:fa:
21:53:5f:c0:e8:2c:6d:99:27:b7:89:ca:c7:02:82:dd:23:de:
c6:88:25:a9:a9:0d:c8:ae:7a:16:0d:c0:c8:b4:1b:3f:ef:69:
71:ff:0e:9c:b7:33:38:d5:bc:27:73:3a:97:fb:1b:c9:5b:e2:
7d:8b:c3:bc:7c:3f:a0:cf:fe:d0:c1:6e:8a:13:d3:ae:fc:99:
6d:aa:bc:02:a7:9a:03:f6:42:48:08:08:32:44:59:9a:0b:bd:
df:e6:06:a1:f1:08:45:9d:f3:bd:7c:97:cd:28:ee:82:de:c0:
df:72:ad:f6:ee:dc:6b:ec:76:12:50:79:49:a0:71:62:d4:80:
f8:50:3e:9a:b3:16:0c:70:da:9f:c5:d7:36:f3:c2:6f:ca:22:
b5:2d:4c:9e:84:5d:ab:20:25:10:fa:13:a4:36:9b:88:fb:cf:
97:0c:b6:5a
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYRBaBHsyldke9RPMCpvohoIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMmNmMDNlNDRkYTI4YjczMTllYTdiN2I1YjExMGI5Yjhj
YjdhNzAwHhcNMjIxMTA0MDY1MDUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzEwODJkODk2MzhmNGFmN2E0MTJjNTE5YmMwZDJjMzExM2NlNjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwDyGxKEh0sjA/WaLeOITkagrWJ/
x3LbijPRbJKYg8nsrluX52StLp6qRey03mGZ8ktWi5dwYuqVAgewzcD1AVXMX2lY
6QA23fyN5ZAsPu2S7WQkvtCBkBSqEHwlXypR+91vqZAkaWe7b0pMazURJIs6JnHj
SgLe39oiUtI9IGScE0afKWHaXZ4kr9rmC/jduAv2mFc2YVh2q41NPdKm7ltz9u/P
kisoBl1Jt2DNnXOwEEA+bbOLeo9L2j8mqM2Rrdu8N8I6XIk6vaLfOIOdzBblbkUf
zlgDqebxJM3uecDd88ECpG2X03ZagABFHP8607UduzVl1vwWNeu3g3HfKQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFGMQgtiWOPSvekEsUZvA0sMRPOY0MB8GA1UdIwQY
MBaAFK0s8D5E2ii3MZ6nt7WxELm4y3pwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclN6d1BrVGFLTGN4bnFlM3RiRVF1YmpMZW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9jYWUzMTktNTU3MS00NmY5LWI1N2Qt
YmUwNjVlMWFjMDY3LzEvWXhDQzJKWTQ5Szk2UVN4Um04RFN3eEU4NWpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9jYWUzMTktNTU3MS00NmY5LWI1N2QtYmUwNjVlMWFjMDY3
LzEvclN6d1BrVGFLTGN4bnFlM3RiRVF1YmpMZW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQEUVpwAwQF
V3egAwQAW9UrAwQDXvbYAwQDX4HAAwQDkv+wAwQDshdwAwQCuQ0QAwQCwpZAAwQG
wswAMA0EAgACMAcDBQAgARUwMA0GCSqGSIb3DQEBCwUAA4IBAQBDjuo4/KPWGrMQ
w5Ndp5watmegmTgqUu9auEfoYsna8nmZvE5WJ/yq0HcTav7zsfMRwAXKlcu2elBx
n3MQEddfUuJ6vOxsauXC4ZIkUf/Ea2FecBhUIVfnQfohU1/A6CxtmSe3icrHAoLd
I97GiCWpqQ3IrnoWDcDItBs/72lx/w6ctzM41bwnczqX+xvJW+J9i8O8fD+gz/7Q
wW6KE9Ou/JltqrwCp5oD9kJICAgyRFmaC73f5gah8QhFnfO9fJfNKO6C3sDfcq32
7txr7HYSUHlJoHFi1ID4UD6asxYMcNqfxdc288JvyiK1LUyehF2rICUQ+hOkNpuI
+8+XDLZa
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:05:24 2025 by rpki-client