Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/3o6wVsE58LCCDEIhemfEWjgDPPg.roa
File: 3o6wVsE58LCCDEIhemfEWjgDPPg.roa (raw, json)
Hash identifier: vGdoi3CBLMEmwPMrZnvCNihQFV08mWp98dCSf+3zKjg=
Subject key identifier: DE:8E:B0:56:C1:39:F0:B0:82:0C:42:21:7A:67:C4:5A:38:03:3C:F8
Certificate issuer: /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial: 0183599EEBF9C73A707313A8CCC55E0F430C
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/3o6wVsE58LCCDEIhemfEWjgDPPg.roa
Signing time: Tue 20 Sep 2022 06:38:50 +0000
ROA not before: Tue 20 Sep 2022 06:38:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 200088
IP address blocks: 94.228.122.0/24 maxlen: 24
87.249.50.0/24 maxlen: 24
188.225.60.0/24 maxlen: 24
78.40.216.0/24 maxlen: 24
185.104.112.0/24 maxlen: 24
185.104.115.0/24 maxlen: 24
217.25.91.0/24 maxlen: 24
217.25.95.0/24 maxlen: 24
176.57.221.0/24 maxlen: 24
2a03:6f00:8::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:59:9e:eb:f9:c7:3a:70:73:13:a8:cc:c5:5e:0f:43:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Validity
Not Before: Sep 20 06:38:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=de8eb056c139f0b0820c42217a67c45a38033cf8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:d0:60:d7:f8:1a:34:c3:13:61:4e:80:de:06:
af:87:b5:1a:25:66:de:f5:d6:cd:3b:92:d8:61:1b:
d6:f4:11:fe:fe:48:a8:bc:89:4f:79:d8:da:11:31:
1d:f4:1e:c2:bd:71:6e:a8:51:c8:f7:18:07:54:b9:
ea:0f:3e:67:77:c3:06:a0:8d:49:d7:bc:bf:99:5d:
32:52:09:ab:0a:9d:c7:2d:b4:33:f6:5a:57:cb:e4:
70:42:39:48:4f:41:16:0a:75:25:41:6f:ff:b5:5a:
20:69:d6:e1:07:06:3c:59:c5:d6:3c:11:9a:71:d4:
14:d5:58:45:25:82:15:34:e9:32:b9:66:c0:09:c0:
a6:91:63:6f:42:4f:94:45:d3:0e:72:4a:50:4f:7c:
4f:c6:c0:ef:09:28:fd:aa:92:85:20:a5:42:a9:72:
de:45:31:ee:f8:d4:b9:53:83:88:8e:b2:ee:80:cc:
ef:f8:9f:f9:fb:4b:4e:a3:3f:13:6a:92:f9:0e:b0:
3f:4f:a0:95:7e:ff:d5:31:7c:48:16:d6:cb:73:57:
eb:59:f0:1b:fe:4a:36:85:04:81:b5:22:55:4d:5d:
e3:60:f2:64:1b:aa:a4:94:73:e6:e3:3f:2e:d3:73:
41:a5:28:d9:5e:c0:87:4e:bf:af:5f:84:64:4b:3c:
e7:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:8E:B0:56:C1:39:F0:B0:82:0C:42:21:7A:67:C4:5A:38:03:3C:F8
X509v3 Authority Key Identifier:
keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/3o6wVsE58LCCDEIhemfEWjgDPPg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.40.216.0/24
87.249.50.0/24
94.228.122.0/24
176.57.221.0/24
185.104.112.0/24
185.104.115.0/24
188.225.60.0/24
217.25.91.0/24
217.25.95.0/24
IPv6:
2a03:6f00:8::/48
Signature Algorithm: sha256WithRSAEncryption
5c:14:7c:ab:6c:fd:04:20:db:79:80:4c:1a:bd:17:df:2f:47:
20:f6:0a:1d:ae:76:3e:7f:89:80:b3:04:a3:02:0a:c8:13:da:
ca:07:4c:d3:d0:60:01:29:46:a7:23:0c:d7:b2:91:51:be:ad:
97:5f:98:49:b9:fe:5e:bc:95:7c:7a:47:c4:90:19:b9:bf:7e:
37:2b:50:2a:92:0e:da:9e:50:c3:dd:b5:71:54:d9:6f:6e:b1:
f0:ac:d9:e9:d0:bb:82:05:9d:c1:38:67:c3:2f:6b:32:c3:56:
07:05:6e:33:7c:39:c4:f0:1a:1c:93:51:7e:13:47:90:d1:2a:
91:89:24:10:84:48:30:83:62:51:9d:c2:63:b4:3b:bc:13:76:
57:05:4c:10:f7:1c:cf:37:0b:01:fa:88:88:14:46:0c:0e:a6:
b7:12:21:98:a1:09:2e:52:d9:b7:53:6e:28:f9:46:e2:24:52:
ba:e0:8b:3a:d7:ee:b3:9b:c4:20:bc:1a:d7:9a:c2:e2:f5:e7:
06:45:aa:09:42:4b:e0:d3:bb:f2:c0:67:3f:87:7e:9f:e1:3a:
5d:36:09:04:ca:ff:af:f8:fb:41:d2:32:bb:7c:da:57:bb:77:
b7:9d:91:b5:d2:a0:d4:3f:1f:d1:28:42:61:b2:83:be:5e:28:
ef:fe:08:f9
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYNZnuv5xzpwcxOozMVeD0MMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjIwOTIwMDYzODUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZThlYjA1NmMxMzlmMGIwODIwYzQyMjE3YTY3YzQ1YTM4MDMzY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdBg1/gaNMMTYU6A3gavh7UaJWbe
9dbNO5LYYRvW9BH+/kiovIlPedjaETEd9B7CvXFuqFHI9xgHVLnqDz5nd8MGoI1J
17y/mV0yUgmrCp3HLbQz9lpXy+RwQjlIT0EWCnUlQW//tVogadbhBwY8WcXWPBGa
cdQU1VhFJYIVNOkyuWbACcCmkWNvQk+URdMOckpQT3xPxsDvCSj9qpKFIKVCqXLe
RTHu+NS5U4OIjrLugMzv+J/5+0tOoz8TapL5DrA/T6CVfv/VMXxIFtbLc1frWfAb
/ko2hQSBtSJVTV3jYPJkG6qklHPm4z8u03NBpSjZXsCHTr+vX4RkSzzn2QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFN6OsFbBOfCwggxCIXpnxFo4Azz4MB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvM282d1ZzRTU4TENDREVJaGVtZkVXamdEUFBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzA8BAIAATA2AwQATijYAwQA
V/kyAwQAXuR6AwQAsDndAwQAuWhwAwQAuWhzAwQAvOE8AwQA2RlbAwQA2RlfMA8E
AgACMAkDBwAqA28AAAgwDQYJKoZIhvcNAQELBQADggEBAFwUfKts/QQg23mATBq9
F98vRyD2Ch2udj5/iYCzBKMCCsgT2soHTNPQYAEpRqcjDNeykVG+rZdfmEm5/l68
lXx6R8SQGbm/fjcrUCqSDtqeUMPdtXFU2W9usfCs2enQu4IFncE4Z8MvazLDVgcF
bjN8OcTwGhyTUX4TR5DRKpGJJBCESDCDYlGdwmO0O7wTdlcFTBD3HM83CwH6iIgU
RgwOprcSIZihCS5S2bdTbij5RuIkUrrgizrX7rObxCC8GteawuL15wZFqglCS+DT
u/LAZz+Hfp/hOl02CQTK/6/4+0HSMrt82le7d7edkbXSoNQ/H9EoQmGyg75eKO/+
CPk=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:40 2023 by rpki-client on console-ams.rpki-client.org