Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/nOvYMaHl0GHYhCOWL11mdPuHXWc.roa
File: nOvYMaHl0GHYhCOWL11mdPuHXWc.roa (raw, json)
Hash identifier: Ebkl0GX/NmbSSWqWFEB7ChUr6T2JE5bfgwDoM2rs9Sw=
Subject key identifier: 9C:EB:D8:31:A1:E5:D0:61:D8:84:23:96:2F:5D:66:74:FB:87:5D:67
Certificate issuer: /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial: 018316BF5CDD33F46DA5AA3B59A913B4514D
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/nOvYMaHl0GHYhCOWL11mdPuHXWc.roa
Signing time: Wed 07 Sep 2022 06:59:43 +0000
ROA not before: Wed 07 Sep 2022 06:59:43 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 200088
IP address blocks: 94.228.122.0/24 maxlen: 24
87.249.50.0/24 maxlen: 24
78.40.216.0/24 maxlen: 24
185.104.112.0/24 maxlen: 24
185.104.115.0/24 maxlen: 24
217.25.91.0/24 maxlen: 24
217.25.95.0/24 maxlen: 24
2a03:6f00:8::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:16:bf:5c:dd:33:f4:6d:a5:aa:3b:59:a9:13:b4:51:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Validity
Not Before: Sep 7 06:59:43 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9cebd831a1e5d061d88423962f5d6674fb875d67
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:6d:89:54:03:78:58:4c:cf:d1:06:a7:ba:04:
02:09:6c:9f:f4:55:d4:89:74:3f:be:b0:70:c2:39:
fa:cb:fe:7f:6a:83:49:b3:53:d8:b9:43:c1:32:07:
a2:8e:3b:2b:69:49:78:31:8e:da:03:c2:f1:af:2a:
8a:68:5d:bf:a7:3f:0a:5e:eb:5e:35:bb:e0:8f:73:
f7:d3:d5:d4:46:e0:5c:58:8e:d7:d3:09:13:41:03:
e1:12:cb:13:e4:98:ea:8b:29:39:90:6b:72:2c:35:
e1:33:cb:5a:15:ec:5c:30:d3:b7:d9:87:35:98:e4:
00:60:37:a4:d9:21:d5:29:3f:37:b4:d3:81:09:b7:
6b:9c:a1:54:35:c3:3a:31:73:b0:4d:6f:0f:0d:15:
22:8e:e6:80:8f:ca:7c:08:a1:f2:8c:0d:17:3b:0a:
e9:a8:d4:24:69:00:6b:9d:49:af:f4:7a:94:55:33:
79:ff:3f:03:92:fd:b4:1c:1c:59:9b:00:5e:0e:bd:
fe:57:5b:e0:0c:37:72:2b:d8:1d:b6:44:d3:c3:87:
a7:a0:10:6f:ea:40:6e:6b:3b:54:ef:7c:ee:18:f8:
77:c2:99:a5:58:91:3a:c9:9e:88:db:81:c8:06:d5:
b9:2b:f5:b9:d7:35:96:13:59:02:3e:b3:0c:de:77:
f5:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:EB:D8:31:A1:E5:D0:61:D8:84:23:96:2F:5D:66:74:FB:87:5D:67
X509v3 Authority Key Identifier:
keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/nOvYMaHl0GHYhCOWL11mdPuHXWc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.40.216.0/24
87.249.50.0/24
94.228.122.0/24
185.104.112.0/24
185.104.115.0/24
217.25.91.0/24
217.25.95.0/24
IPv6:
2a03:6f00:8::/48
Signature Algorithm: sha256WithRSAEncryption
34:6a:76:6e:ef:2d:77:8f:a6:f3:14:67:81:fb:c5:e3:f2:8f:
3a:41:fc:68:30:58:85:e1:2e:bd:e2:7c:55:c2:f4:a9:f4:56:
00:77:8d:fb:6b:8d:d2:80:f5:4b:bb:44:dc:8d:13:10:68:bd:
36:26:9c:c1:13:7d:cd:51:3f:f0:10:4c:1a:70:bd:f0:05:81:
12:e0:68:5d:b0:71:b1:55:8d:1f:14:1c:53:d1:aa:59:ef:59:
84:3c:62:4a:02:f5:93:6a:b5:1f:2a:b8:ee:5b:96:50:bb:76:
f2:a1:61:5c:a5:e5:dc:21:a2:cc:39:57:87:8e:63:ec:2d:33:
95:b6:1d:8a:7a:90:a2:71:b9:e2:f4:e8:a7:a8:59:97:a4:da:
5b:2d:a3:5d:57:ec:16:69:4c:e3:6f:8f:11:48:d5:d7:32:01:
ff:3b:06:89:66:9a:3a:5b:8f:b4:58:38:87:3d:a6:0b:a4:e7:
a8:17:1d:38:d5:02:dd:3e:f1:f6:d6:6d:7b:90:91:be:28:60:
77:5c:88:d6:ae:45:8a:59:9a:43:de:69:5f:ab:a2:e2:a7:39:
96:b3:7f:8b:e0:7d:9e:28:80:ad:80:3f:91:c0:42:1a:bd:1c:
85:d4:ae:03:b3:9f:99:94:49:94:ef:f5:d8:ba:14:dc:4d:af:
a7:ac:2d:92
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYMWv1zdM/Rtpao7WakTtFFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjIwOTA3MDY1OTQzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2ViZDgzMWExZTVkMDYxZDg4NDIzOTYyZjVkNjY3NGZiODc1ZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApG2JVAN4WEzP0QanugQCCWyf9FXU
iXQ/vrBwwjn6y/5/aoNJs1PYuUPBMgeijjsraUl4MY7aA8LxryqKaF2/pz8KXute
Nbvgj3P309XURuBcWI7X0wkTQQPhEssT5Jjqiyk5kGtyLDXhM8taFexcMNO32Yc1
mOQAYDek2SHVKT83tNOBCbdrnKFUNcM6MXOwTW8PDRUijuaAj8p8CKHyjA0XOwrp
qNQkaQBrnUmv9HqUVTN5/z8Dkv20HBxZmwBeDr3+V1vgDDdyK9gdtkTTw4enoBBv
6kBuaztU73zuGPh3wpmlWJE6yZ6I24HIBtW5K/W51zWWE1kCPrMM3nf1QQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFJzr2DGh5dBh2IQjli9dZnT7h11nMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvbk92WU1hSGwwR0hZaENPV0wxMW1kUHVIWFdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQATijYAwQA
V/kyAwQAXuR6AwQAuWhwAwQAuWhzAwQA2RlbAwQA2RlfMA8EAgACMAkDBwAqA28A
AAgwDQYJKoZIhvcNAQELBQADggEBADRqdm7vLXePpvMUZ4H7xePyjzpB/GgwWIXh
Lr3ifFXC9Kn0VgB3jftrjdKA9Uu7RNyNExBovTYmnMETfc1RP/AQTBpwvfAFgRLg
aF2wcbFVjR8UHFPRqlnvWYQ8YkoC9ZNqtR8quO5bllC7dvKhYVyl5dwhosw5V4eO
Y+wtM5W2HYp6kKJxueL06KeoWZek2lsto11X7BZpTONvjxFI1dcyAf87Bolmmjpb
j7RYOIc9pguk56gXHTjVAt0+8fbWbXuQkb4oYHdciNauRYpZmkPeaV+rouKnOZaz
f4vgfZ4ogK2AP5HAQhq9HIXUrgOzn5mUSZTv9di6FNxNr6esLZI=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:41 2023 by rpki-client on console-ams.rpki-client.org