Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/577b11-7009-486c-9010-a70412fbc832/1/xq3IoA2HZjSdLNTDAymLVZwSe3I.roa
File: xq3IoA2HZjSdLNTDAymLVZwSe3I.roa (raw, json)
Hash identifier: 58Wlsa/+QGZ/fPNYL295b+XwKgXMvMQlOGGjLUkdcUs=
Subject key identifier: C6:AD:C8:A0:0D:87:66:34:9D:2C:D4:C3:03:29:8B:55:9C:12:7B:72
Certificate issuer: /CN=d1010da3576242324cefb2c81c1339a6c0e3b403
Certificate serial: 0F36146E
Authority key identifier: D1:01:0D:A3:57:62:42:32:4C:EF:B2:C8:1C:13:39:A6:C0:E3:B4:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0QENo1diQjJM77LIHBM5psDjtAM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/577b11-7009-486c-9010-a70412fbc832/1/xq3IoA2HZjSdLNTDAymLVZwSe3I.roa
Signing time: Sat 01 Jan 2022 04:53:00 +0000
ROA not before: Sat 01 Jan 2022 04:53:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 24611
IP address blocks: 89.41.248.0/21 maxlen: 24
89.37.200.0/21 maxlen: 24
80.92.64.0/19 maxlen: 24
94.177.88.0/21 maxlen: 24
31.216.144.0/21 maxlen: 24
2001:b20::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 255202414 (0xf36146e)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d1010da3576242324cefb2c81c1339a6c0e3b403
Validity
Not Before: Jan 1 04:53:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c6adc8a00d8766349d2cd4c303298b559c127b72
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:0f:d2:a5:61:72:a2:08:93:31:4c:39:10:6d:
ee:bb:0b:58:a5:7e:90:26:9d:03:61:73:ff:0b:87:
84:c8:1b:b9:8d:93:37:e9:2f:65:95:95:8a:80:87:
29:b3:88:ae:b3:84:ca:c8:a5:4b:04:40:ca:ea:68:
b3:85:6d:dd:71:71:db:75:7b:8a:82:de:ae:84:e4:
db:bd:c1:6a:ba:01:8d:81:9b:87:4b:a5:08:b0:dc:
29:af:1a:97:2b:9a:f7:fd:23:5d:cd:5c:cd:70:e9:
fe:a3:ad:01:47:bc:00:49:0e:28:d4:d3:91:bf:ca:
5d:a0:7e:7a:57:47:a1:af:ed:f7:62:1c:42:51:40:
83:22:df:1b:5b:fa:01:fb:91:e7:4d:dc:c6:1a:fb:
da:fe:41:01:d3:d1:7d:dd:f0:b7:87:87:5a:71:46:
a0:53:a3:97:21:6d:24:9b:24:78:8c:4e:34:d3:ae:
ff:01:55:57:09:4a:ca:5c:be:43:6a:c2:a9:5f:aa:
87:d2:b0:9e:f2:63:c9:1c:e7:78:bf:a3:22:c1:28:
a2:b4:7f:86:8a:a5:3b:9f:01:9c:83:ca:a1:24:79:
77:f4:04:98:b9:55:a8:ab:fb:bc:85:17:59:44:3a:
fe:90:d7:55:b0:8f:65:f4:1a:9d:95:1e:d9:38:66:
21:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:AD:C8:A0:0D:87:66:34:9D:2C:D4:C3:03:29:8B:55:9C:12:7B:72
X509v3 Authority Key Identifier:
keyid:D1:01:0D:A3:57:62:42:32:4C:EF:B2:C8:1C:13:39:A6:C0:E3:B4:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0QENo1diQjJM77LIHBM5psDjtAM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/577b11-7009-486c-9010-a70412fbc832/1/xq3IoA2HZjSdLNTDAymLVZwSe3I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/577b11-7009-486c-9010-a70412fbc832/1/0QENo1diQjJM77LIHBM5psDjtAM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.216.144.0/21
80.92.64.0/19
89.37.200.0/21
89.41.248.0/21
94.177.88.0/21
IPv6:
2001:b20::/29
Signature Algorithm: sha256WithRSAEncryption
00:05:4d:88:06:ef:80:b7:8b:1d:c1:dc:d5:3c:a6:5c:8b:00:
98:41:4b:10:23:db:5f:fe:79:90:0b:31:89:02:aa:d4:98:ef:
c4:71:87:c4:16:ea:60:fd:ec:70:64:0a:c0:20:3d:80:72:34:
f5:97:9c:c3:78:46:76:63:7a:ea:93:78:ac:88:aa:ba:fc:25:
70:d7:81:5a:38:cb:f3:64:0d:ea:8b:a1:cf:78:86:d1:15:3a:
3e:8f:01:27:a4:f2:62:4c:50:07:44:c9:01:cf:04:7b:f3:44:
26:df:2f:03:0b:8e:09:3c:06:f6:ed:0b:dd:13:69:64:08:12:
4c:f5:2d:22:43:2d:3a:42:c0:6a:26:d2:27:e1:88:58:9d:90:
20:a5:1a:12:1c:80:88:68:44:67:34:8d:e3:5e:72:77:99:62:
60:27:19:07:1a:2f:e3:45:5a:bb:96:a5:45:fe:ee:8f:1a:d9:
04:47:37:4a:d3:28:24:26:ac:0d:a0:98:69:23:6e:42:66:28:
93:92:4a:43:31:d2:b2:a6:77:f2:ba:71:70:a8:6d:09:38:05:
a5:8a:7d:10:08:11:35:1b:df:27:3d:4f:aa:5b:bf:36:49:ce:
d0:b1:c4:d1:14:65:d6:33:cb:d4:e9:b6:be:a1:06:8a:4d:00:
13:c9:4e:c9
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEDzYUbjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MTAxMGRhMzU3NjI0MjMyNGNlZmIyYzgxYzEzMzlhNmMwZTNiNDAzMB4XDTIyMDEw
MTA0NTMwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzZhZGM4YTAwZDg3
NjYzNDlkMmNkNGMzMDMyOThiNTU5YzEyN2I3MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANQP0qVhcqIIkzFMORBt7rsLWKV+kCadA2Fz/wuHhMgbuY2T
N+kvZZWVioCHKbOIrrOEysilSwRAyupos4Vt3XFx23V7ioLeroTk273BaroBjYGb
h0ulCLDcKa8alyua9/0jXc1czXDp/qOtAUe8AEkOKNTTkb/KXaB+eldHoa/t92Ic
QlFAgyLfG1v6AfuR503cxhr72v5BAdPRfd3wt4eHWnFGoFOjlyFtJJskeIxONNOu
/wFVVwlKyly+Q2rCqV+qh9KwnvJjyRzneL+jIsEoorR/hoqlO58BnIPKoSR5d/QE
mLlVqKv7vIUXWUQ6/pDXVbCPZfQanZUe2ThmIV0CAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBTGrcigDYdmNJ0s1MMDKYtVnBJ7cjAfBgNVHSMEGDAWgBTRAQ2jV2JCMkzv
ssgcEzmmwOO0AzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBRRU5vMWRpUWpKTTc3TElIQk01cHNEanRBTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmIvNTc3YjExLTcwMDktNDg2Yy05MDEwLWE3MDQxMmZiYzgzMi8x
L3hxM0lvQTJIWmpTZExOVERBeW1MVlp3U2UzSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmIv
NTc3YjExLTcwMDktNDg2Yy05MDEwLWE3MDQxMmZiYzgzMi8xLzBRRU5vMWRpUWpK
TTc3TElIQk01cHNEanRBTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAx/YkAMEBVBcQAMEA1klyAMEA1kp
+AMEA16xWDANBAIAAjAHAwUDIAELIDANBgkqhkiG9w0BAQsFAAOCAQEAAAVNiAbv
gLeLHcHc1TymXIsAmEFLECPbX/55kAsxiQKq1JjvxHGHxBbqYP3scGQKwCA9gHI0
9Zecw3hGdmN66pN4rIiquvwlcNeBWjjL82QN6ouhz3iG0RU6Po8BJ6TyYkxQB0TJ
Ac8Ee/NEJt8vAwuOCTwG9u0L3RNpZAgSTPUtIkMtOkLAaibSJ+GIWJ2QIKUaEhyA
iGhEZzSN415yd5liYCcZBxov40Vau5alRf7ujxrZBEc3StMoJCasDaCYaSNuQmYo
k5JKQzHSsqZ38rpxcKhtCTgFpYp9EAgRNRvfJz1Pqlu/NknO0LHE0RRl1jPL1Om2
vqEGik0AE8lOyQ==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:51:14 2025 by rpki-client