Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/R-IAbh2zcGJ0D3OylyEzwW7aET8.roa
File: R-IAbh2zcGJ0D3OylyEzwW7aET8.roa (raw, json)
Hash identifier: GmOPG2a88kHRfYfH7YFPw0b+yW6FO1gl0tDs6nlHKzY=
Subject key identifier: 47:E2:00:6E:1D:B3:70:62:74:0F:73:B2:97:21:33:C1:6E:DA:11:3F
Certificate issuer: /CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
Certificate serial: 01856DD4173EAA044DE1D81F519B78D5DCD7
Authority key identifier: 38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/R-IAbh2zcGJ0D3OylyEzwW7aET8.roa
Signing time: Sun 01 Jan 2023 14:54:54 +0000
ROA not before: Sun 01 Jan 2023 14:54:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34978
IP address blocks: 185.52.10.0/24 maxlen: 24
185.52.8.0/22 maxlen: 22
185.52.11.0/24 maxlen: 24
185.52.8.0/24 maxlen: 24
185.52.9.0/24 maxlen: 24
81.29.224.0/20 maxlen: 20
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:d4:17:3e:aa:04:4d:e1:d8:1f:51:9b:78:d5:dc:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
Validity
Not Before: Jan 1 14:54:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=47e2006e1db37062740f73b2972133c16eda113f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:d0:7d:63:fd:8a:ca:72:3d:65:57:cb:c5:b6:
bd:97:08:5e:27:7f:0c:0a:c7:e7:90:b0:06:c4:62:
f5:9c:1b:5b:12:4e:15:87:59:8f:08:57:d2:27:07:
ed:5c:b0:07:6d:24:b4:ba:49:20:35:84:ee:05:cf:
3c:d0:ca:ed:89:56:92:7f:4b:14:84:53:34:83:43:
9e:f3:21:7b:6c:60:4d:c5:0e:51:75:76:7b:50:cc:
5a:2d:26:d3:a3:5e:63:e9:3f:f7:ea:ca:87:34:44:
7b:26:d5:57:ab:b1:b9:e7:4e:06:4d:4f:6c:3f:fa:
0c:5d:36:74:0f:9f:ad:9e:9e:35:af:4f:de:0e:d2:
ce:82:fa:07:9d:55:91:d2:93:43:26:6f:79:64:9b:
1b:1d:a6:79:41:1f:97:79:2d:f0:63:eb:7d:31:77:
62:78:ab:c3:2d:1b:21:ac:5f:65:29:1e:fb:3f:d8:
0e:9d:11:bb:8f:cb:36:d6:85:aa:82:eb:54:99:45:
b2:7d:c3:9b:64:e6:fc:7f:2d:77:d7:41:af:56:ab:
b6:94:e1:d5:b2:c4:1f:01:b5:f9:65:22:93:9f:1c:
d3:8a:31:89:43:53:61:ee:75:fb:24:4f:b0:76:87:
91:a5:e9:b2:54:f6:26:f2:c8:97:c5:a0:a7:d8:83:
d9:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:E2:00:6E:1D:B3:70:62:74:0F:73:B2:97:21:33:C1:6E:DA:11:3F
X509v3 Authority Key Identifier:
keyid:38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/R-IAbh2zcGJ0D3OylyEzwW7aET8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.29.224.0/20
185.52.8.0/22
Signature Algorithm: sha256WithRSAEncryption
a5:66:ae:be:7f:d5:59:8f:00:39:e8:e4:e6:14:b1:06:27:66:
76:82:d9:9e:04:a5:a6:4f:f3:42:4c:4e:11:8d:a9:16:39:8d:
97:6c:8f:e0:b3:ae:34:4e:d0:a4:65:06:b7:a0:81:af:0c:bc:
6e:d6:8d:83:29:7b:91:e3:b4:6e:bc:7a:89:2f:ca:3e:34:b6:
65:5e:a1:c7:0e:ed:15:4f:57:21:85:7d:d9:39:79:8b:72:a3:
1f:87:91:dd:fc:b7:a5:d4:8e:9f:6e:be:af:2b:43:dc:56:59:
9b:17:c0:d8:8d:ce:32:1b:db:86:f4:88:fe:24:49:2c:60:b4:
64:98:9e:47:49:76:dc:a9:89:14:d6:45:ef:d7:0b:fc:3a:e1:
a3:b3:8a:27:01:4d:55:a2:36:bb:7b:a1:75:d7:b3:36:fe:12:
2e:e9:5b:92:65:a1:80:12:14:f0:b3:3c:41:e8:8e:1b:0e:97:
7b:be:fc:34:c8:93:cc:f0:df:50:6f:4e:ec:61:b2:ef:8f:de:
6c:57:af:ee:a4:fd:ae:57:67:66:fd:3d:89:d1:de:f3:d5:54:
4f:8a:2b:7d:0f:e5:fa:03:57:b2:6c:d9:ac:17:48:8e:66:b7:
59:54:23:64:c0:6b:76:2f:a7:ec:15:ec:af:7b:ed:c5:d1:ca:
b4:93:8d:16
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVt1Bc+qgRN4dgfUZt41dzXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YTM3YzI0ZGRjYTM0N2Q3MTNlZDc5NGQzM2NkNGE4MWE4
YjQ5OGEwHhcNMjMwMTAxMTQ1NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2UyMDA2ZTFkYjM3MDYyNzQwZjczYjI5NzIxMzNjMTZlZGExMTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNB9Y/2KynI9ZVfLxba9lwheJ38M
CsfnkLAGxGL1nBtbEk4Vh1mPCFfSJwftXLAHbSS0ukkgNYTuBc880MrtiVaSf0sU
hFM0g0Oe8yF7bGBNxQ5RdXZ7UMxaLSbTo15j6T/36sqHNER7JtVXq7G5504GTU9s
P/oMXTZ0D5+tnp41r0/eDtLOgvoHnVWR0pNDJm95ZJsbHaZ5QR+XeS3wY+t9MXdi
eKvDLRshrF9lKR77P9gOnRG7j8s21oWqgutUmUWyfcObZOb8fy1310GvVqu2lOHV
ssQfAbX5ZSKTnxzTijGJQ1Nh7nX7JE+wdoeRpemyVPYm8siXxaCn2IPZVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEfiAG4ds3BidA9zspchM8Fu2hE/MB8GA1UdIwQY
MBaAFDijfCTdyjR9cT7XlNM81Kgai0mKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0tOOEpOM0tOSDF4UHRlVTB6elVxQnFMU1lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZTMzYzMtZDE5Ny00NWYyLTgyOGUt
NDRhNDlkMjYzNzAwLzEvUi1JQWJoMnpjR0owRDNPeWx5RXp3VzdhRVQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZTMzYzMtZDE5Ny00NWYyLTgyOGUtNDRhNDlkMjYzNzAw
LzEvT0tOOEpOM0tOSDF4UHRlVTB6elVxQnFMU1lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUR3gAwQC
uTQIMA0GCSqGSIb3DQEBCwUAA4IBAQClZq6+f9VZjwA56OTmFLEGJ2Z2gtmeBKWm
T/NCTE4RjakWOY2XbI/gs640TtCkZQa3oIGvDLxu1o2DKXuR47RuvHqJL8o+NLZl
XqHHDu0VT1chhX3ZOXmLcqMfh5Hd/Lel1I6fbr6vK0PcVlmbF8DYjc4yG9uG9Ij+
JEksYLRkmJ5HSXbcqYkU1kXv1wv8OuGjs4onAU1Voja7e6F117M2/hIu6VuSZaGA
EhTwszxB6I4bDpd7vvw0yJPM8N9Qb07sYbLvj95sV6/upP2uV2dm/T2J0d7z1VRP
iit9D+X6A1eybNmsF0iOZrdZVCNkwGt2L6fsFeyve+3F0cq0k40W
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:19:03 2025 by rpki-client