Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/MtN6k_N8C3crAGvjWmzg66sJZAQ.roa
File: MtN6k_N8C3crAGvjWmzg66sJZAQ.roa (raw, json)
Hash identifier: KYlMY2u59WdAW28aN+Rlm113ejResDJu6ZwADKwJ8jU=
Subject key identifier: 32:D3:7A:93:F3:7C:0B:77:2B:00:6B:E3:5A:6C:E0:EB:AB:09:64:04
Certificate issuer: /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial: 018B627C9E12C41C4807E5624C1ABC3C9710
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/MtN6k_N8C3crAGvjWmzg66sJZAQ.roa
Signing time: Tue 24 Oct 2023 16:20:15 +0000
ROA not before: Tue 24 Oct 2023 16:20:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 196705
IP address blocks: 194.187.148.0/22 maxlen: 22
188.191.20.0/24 maxlen: 24
188.191.21.0/24 maxlen: 24
188.191.22.0/24 maxlen: 24
188.191.23.0/24 maxlen: 24
188.191.20.0/22 maxlen: 22
188.191.28.0/24 maxlen: 24
188.191.28.0/22 maxlen: 24
91.215.60.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:62:7c:9e:12:c4:1c:48:07:e5:62:4c:1a:bc:3c:97:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Validity
Not Before: Oct 24 16:20:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=32d37a93f37c0b772b006be35a6ce0ebab096404
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:bb:06:a2:ff:99:8a:da:71:04:86:de:d8:63:
51:ed:a3:b8:94:6e:e0:08:aa:9e:a9:96:d1:a6:4c:
e6:b8:65:06:ca:b6:3f:65:9d:9f:b9:ef:50:f7:30:
a8:c6:05:1a:da:ad:7a:c0:6e:b6:bc:74:69:38:1c:
5b:d9:b9:7c:ea:f5:64:a1:a3:f8:cd:ae:b6:1f:ba:
f5:d6:0e:b0:e8:14:27:10:82:d6:d8:42:53:e1:91:
28:66:9d:5a:8e:85:23:ac:78:dd:ed:20:ac:0e:4f:
2e:55:71:9f:e4:04:8f:a4:8b:39:3b:5a:22:07:8e:
1c:8c:21:6d:14:a3:ae:aa:c9:72:ac:d8:5c:f1:ed:
52:66:46:96:a2:2d:81:1a:d3:bb:fb:18:cb:10:26:
83:7e:5c:cd:09:07:19:07:86:61:60:d4:36:b6:07:
93:7c:d3:92:f2:46:0c:b7:26:45:53:4c:91:0c:af:
d5:90:f6:d7:d8:c0:ce:c1:5d:fa:55:f3:0c:25:8d:
2d:3d:48:67:81:df:5c:b2:df:fc:6a:9e:2f:b5:9f:
07:d4:34:e7:8a:14:75:95:b3:b1:a6:04:43:63:77:
ff:0d:aa:5c:a8:7a:2b:06:fc:eb:61:0c:42:56:ee:
0a:bd:f3:60:c0:a5:f2:d0:dd:14:28:4b:b8:35:14:
06:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:D3:7A:93:F3:7C:0B:77:2B:00:6B:E3:5A:6C:E0:EB:AB:09:64:04
X509v3 Authority Key Identifier:
keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/MtN6k_N8C3crAGvjWmzg66sJZAQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.215.60.0/22
188.191.20.0/22
188.191.28.0/22
194.187.148.0/22
Signature Algorithm: sha256WithRSAEncryption
b7:1f:f3:f6:30:b7:ab:38:b1:e2:b5:3a:00:9b:a9:af:f4:49:
a1:ee:bf:75:d3:06:08:0f:dd:25:dd:5f:04:df:cb:48:dc:a7:
d4:90:2f:25:7a:6c:5d:53:f0:e2:74:58:f1:ac:72:b6:c3:32:
26:2a:a2:08:e8:42:e7:82:1c:93:a0:ce:a3:42:4f:d5:ad:cb:
fd:59:31:63:84:7e:79:0b:fd:1f:3c:dd:19:6a:20:c3:e6:0a:
c0:9a:b6:34:bc:61:05:e6:28:23:bb:c1:15:7d:e4:b2:bf:04:
13:e2:a8:cd:71:00:66:0f:04:d6:de:80:ec:2f:60:7c:e9:58:
f4:00:11:48:3e:b4:b6:36:91:06:a7:aa:1f:00:37:30:ef:57:
35:f7:c5:1e:cc:0b:84:63:58:81:ea:b4:9d:a4:14:5a:b0:9e:
46:bd:de:da:8d:78:61:18:9c:a2:63:0c:90:46:1d:1a:aa:15:
4f:5e:7a:1f:07:10:cb:bd:79:19:bb:55:80:83:42:26:6a:22:
0d:13:8e:fd:f5:ac:2d:35:bd:1e:07:7e:56:f0:f7:f4:23:87:
61:b5:33:12:f6:e3:10:72:84:93:4f:22:51:86:4d:13:a1:6c:
0b:7f:a7:81:c1:3c:75:2a:4f:a9:da:89:66:be:3d:56:cf:17:
b0:48:97:36
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYtifJ4SxBxIB+ViTBq8PJcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjMxMDI0MTYyMDE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmQzN2E5M2YzN2MwYjc3MmIwMDZiZTM1YTZjZTBlYmFiMDk2NDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrsGov+ZitpxBIbe2GNR7aO4lG7g
CKqeqZbRpkzmuGUGyrY/ZZ2fue9Q9zCoxgUa2q16wG62vHRpOBxb2bl86vVkoaP4
za62H7r11g6w6BQnEILW2EJT4ZEoZp1ajoUjrHjd7SCsDk8uVXGf5ASPpIs5O1oi
B44cjCFtFKOuqslyrNhc8e1SZkaWoi2BGtO7+xjLECaDflzNCQcZB4ZhYNQ2tgeT
fNOS8kYMtyZFU0yRDK/VkPbX2MDOwV36VfMMJY0tPUhngd9cst/8ap4vtZ8H1DTn
ihR1lbOxpgRDY3f/DapcqHorBvzrYQxCVu4KvfNgwKXy0N0UKEu4NRQGYQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFDLTepPzfAt3KwBr41ps4OurCWQEMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvTXRONmtfTjhDM2NyQUd2aldtemc2NnNKWkFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW9c8AwQC
vL8UAwQCvL8cAwQCwruUMA0GCSqGSIb3DQEBCwUAA4IBAQC3H/P2MLerOLHitToA
m6mv9Emh7r910wYID90l3V8E38tI3KfUkC8lemxdU/DidFjxrHK2wzImKqII6ELn
ghyToM6jQk/Vrcv9WTFjhH55C/0fPN0ZaiDD5grAmrY0vGEF5igju8EVfeSyvwQT
4qjNcQBmDwTW3oDsL2B86Vj0ABFIPrS2NpEGp6ofADcw71c198UezAuEY1iB6rSd
pBRasJ5Gvd7ajXhhGJyiYwyQRh0aqhVPXnofBxDLvXkZu1WAg0ImaiINE4799awt
Nb0eB35W8Pf0I4dhtTMS9uMQcoSTTyJRhk0ToWwLf6eBwTx1Kk+p2olmvj1Wzxew
SJc2
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:12 2025 by rpki-client