Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/ap1jSFGALxq8SGB7QdXm9TlHgEw.roa
File: ap1jSFGALxq8SGB7QdXm9TlHgEw.roa (raw, json)
Hash identifier: BpLcZO2xu0KNCZ/9vJMPrcoJEa/loNRup4b+kHMazR0=
Subject key identifier: 6A:9D:63:48:51:80:2F:1A:BC:48:60:7B:41:D5:E6:F5:39:47:80:4C
Certificate issuer: /CN=4d302a2dd517a61a3b952746f2ee9fbe436d6349
Certificate serial: 018243C29E98795E3438A06B9DA324F49350
Authority key identifier: 4D:30:2A:2D:D5:17:A6:1A:3B:95:27:46:F2:EE:9F:BE:43:6D:63:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TTAqLdUXpho7lSdG8u6fvkNtY0k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/ap1jSFGALxq8SGB7QdXm9TlHgEw.roa
Signing time: Thu 28 Jul 2022 07:43:24 +0000
ROA not before: Thu 28 Jul 2022 07:43:24 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43950
IP address blocks: 193.239.8.0/22 maxlen: 22
5.252.156.0/22 maxlen: 22
79.98.32.0/21 maxlen: 21
79.98.33.0/24 maxlen: 24
79.98.32.0/24 maxlen: 24
79.98.35.0/24 maxlen: 24
79.98.39.0/24 maxlen: 24
2a01:568::/32 maxlen: 32
2a01:568::/36 maxlen: 36
2a01:568:3000::/36 maxlen: 36
2a01:568:4000::/36 maxlen: 36
2a01:568:5000::/36 maxlen: 36
2a01:568:6000::/36 maxlen: 36
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:43:c2:9e:98:79:5e:34:38:a0:6b:9d:a3:24:f4:93:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d302a2dd517a61a3b952746f2ee9fbe436d6349
Validity
Not Before: Jul 28 07:43:24 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6a9d634851802f1abc48607b41d5e6f53947804c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:47:78:ef:26:8e:9b:d4:a1:5a:71:be:5c:9e:
16:34:f3:ff:81:1d:8d:5f:86:71:4a:ce:c5:3f:63:
43:f2:fe:2d:94:d9:e0:5d:52:c1:47:36:2a:0e:cd:
e7:0f:75:41:02:f0:57:fb:4b:25:ba:bc:6f:c5:a0:
10:18:70:d0:b0:13:4a:0b:c0:d9:19:07:65:f8:a4:
41:2d:78:99:b9:d5:71:6d:86:11:e1:a7:7d:b7:75:
5f:ee:bf:71:f0:ef:cc:78:63:73:11:2a:d3:ec:3c:
d4:80:df:8d:9f:a0:ff:1a:6f:50:71:86:2a:88:3a:
21:12:35:c7:14:cb:8b:5d:ec:33:70:8a:ec:84:9b:
3e:e4:5b:1c:1d:3e:6c:09:22:12:74:03:03:eb:d1:
15:94:a7:a8:58:98:38:b4:b6:68:79:50:02:53:9e:
d7:bb:85:36:ad:f0:ca:21:3c:c4:81:a8:be:57:fa:
96:d3:42:ab:fc:73:f9:d0:78:25:65:57:db:55:83:
fa:ae:13:c6:e7:86:4e:00:d5:b1:fc:37:23:24:a0:
a1:e6:60:93:13:67:da:64:f5:19:4f:37:ee:39:bc:
b9:dc:5a:ef:45:73:b0:b4:49:3f:43:3c:d6:82:97:
f5:d2:e9:de:16:2e:68:1d:48:5f:2d:ff:cd:5a:e8:
c2:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:9D:63:48:51:80:2F:1A:BC:48:60:7B:41:D5:E6:F5:39:47:80:4C
X509v3 Authority Key Identifier:
keyid:4D:30:2A:2D:D5:17:A6:1A:3B:95:27:46:F2:EE:9F:BE:43:6D:63:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TTAqLdUXpho7lSdG8u6fvkNtY0k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/ap1jSFGALxq8SGB7QdXm9TlHgEw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/f0dd5f-b972-410b-9907-166fb9db6db3/1/TTAqLdUXpho7lSdG8u6fvkNtY0k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.156.0/22
79.98.32.0/21
193.239.8.0/22
IPv6:
2a01:568::/32
Signature Algorithm: sha256WithRSAEncryption
2b:81:33:94:a3:b4:86:4f:39:a5:ff:a7:cf:b3:d5:b2:6e:c4:
b3:67:fb:99:59:34:79:41:77:23:1a:3b:1b:95:19:2b:ec:53:
38:dd:79:bb:9b:09:1e:60:8d:9d:ab:d2:c6:9f:70:80:46:8a:
73:8c:1b:7f:f4:38:64:34:fc:6e:6a:6d:82:9c:1d:3a:9e:ce:
13:39:9b:49:cd:8e:29:7e:92:c9:92:6d:2a:f5:7c:27:38:5e:
18:3c:ef:49:d6:a9:6f:55:21:6b:02:e3:3c:bf:d6:00:95:9f:
ab:7e:4c:cf:1c:37:ee:31:03:9d:55:b5:f2:a2:59:83:a2:a0:
bd:b6:50:ab:30:8b:6c:d4:00:ed:f8:d7:36:51:8b:31:ed:6d:
93:27:79:c5:37:fa:d7:b9:de:a3:c9:95:90:03:c4:41:ad:53:
b5:ac:59:b7:7b:97:8f:a6:d1:56:f1:ad:70:36:60:e1:42:bb:
64:63:80:74:c2:ba:01:cb:05:2c:ec:a0:34:bc:ef:13:17:ce:
bc:c0:9f:b6:a4:39:83:89:af:ab:9c:ea:82:ff:31:e0:e8:34:
50:a5:1f:57:9b:17:e0:68:7d:90:cc:60:e0:ea:c0:f0:33:e6:
fd:ac:64:f3:b2:53:79:18:b6:12:bb:24:42:c8:5a:64:25:a6:
5f:57:c5:32
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYJDwp6YeV40OKBrnaMk9JNQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkMzAyYTJkZDUxN2E2MWEzYjk1Mjc0NmYyZWU5ZmJlNDM2
ZDYzNDkwHhcNMjIwNzI4MDc0MzI0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTlkNjM0ODUxODAyZjFhYmM0ODYwN2I0MWQ1ZTZmNTM5NDc4MDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkd47yaOm9ShWnG+XJ4WNPP/gR2N
X4ZxSs7FP2ND8v4tlNngXVLBRzYqDs3nD3VBAvBX+0slurxvxaAQGHDQsBNKC8DZ
GQdl+KRBLXiZudVxbYYR4ad9t3Vf7r9x8O/MeGNzESrT7DzUgN+Nn6D/Gm9QcYYq
iDohEjXHFMuLXewzcIrshJs+5FscHT5sCSISdAMD69EVlKeoWJg4tLZoeVACU57X
u4U2rfDKITzEgai+V/qW00Kr/HP50HglZVfbVYP6rhPG54ZOANWx/DcjJKCh5mCT
E2faZPUZTzfuOby53FrvRXOwtEk/QzzWgpf10uneFi5oHUhfLf/NWujCxwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGqdY0hRgC8avEhge0HV5vU5R4BMMB8GA1UdIwQY
MBaAFE0wKi3VF6YaO5UnRvLun75DbWNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFRBcUxkVVhwaG83bFNkRzh1NmZ2a050WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9mMGRkNWYtYjk3Mi00MTBiLTk5MDct
MTY2ZmI5ZGI2ZGIzLzEvYXAxalNGR0FMeHE4U0dCN1FkWG05VGxIZ0V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9mMGRkNWYtYjk3Mi00MTBiLTk5MDctMTY2ZmI5ZGI2ZGIz
LzEvVFRBcUxkVVhwaG83bFNkRzh1NmZ2a050WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCBfycAwQD
T2IgAwQCwe8IMA0EAgACMAcDBQAqAQVoMA0GCSqGSIb3DQEBCwUAA4IBAQArgTOU
o7SGTzml/6fPs9WybsSzZ/uZWTR5QXcjGjsblRkr7FM43Xm7mwkeYI2dq9LGn3CA
RopzjBt/9DhkNPxuam2CnB06ns4TOZtJzY4pfpLJkm0q9XwnOF4YPO9J1qlvVSFr
AuM8v9YAlZ+rfkzPHDfuMQOdVbXyolmDoqC9tlCrMIts1ADt+Nc2UYsx7W2TJ3nF
N/rXud6jyZWQA8RBrVO1rFm3e5ePptFW8a1wNmDhQrtkY4B0wroBywUs7KA0vO8T
F868wJ+2pDmDia+rnOqC/zHg6DRQpR9XmxfgaH2QzGDg6sDwM+b9rGTzslN5GLYS
uyRCyFpkJaZfV8Uy
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:41 2024 by rpki-client on console-fra.rpki-client.org