Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/9CMdNr3hXz78x4bZVO7ypPV92Po.roa
File: 9CMdNr3hXz78x4bZVO7ypPV92Po.roa (raw, json)
Hash identifier: o7gp6lxXDZUw1E/9N0gWWD67Mv08KkYkOxhZ0sEAwYU=
Subject key identifier: F4:23:1D:36:BD:E1:5F:3E:FC:C7:86:D9:54:EE:F2:A4:F5:7D:D8:FA
Certificate issuer: /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial: 018B59103407D7DE38FB65F0426DA24AC5C9
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/9CMdNr3hXz78x4bZVO7ypPV92Po.roa
Signing time: Sun 22 Oct 2023 20:25:15 +0000
ROA not before: Sun 22 Oct 2023 20:25:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42337
IP address blocks: 2.188.40.0/21 maxlen: 24
78.39.155.0/24 maxlen: 24
78.39.156.0/24 maxlen: 24
78.39.153.0/24 maxlen: 24
2.181.191.0/24 maxlen: 24
2.181.222.0/24 maxlen: 24
2.181.223.0/24 maxlen: 24
2.188.72.0/22 maxlen: 24
78.38.246.0/24 maxlen: 24
78.38.243.0/24 maxlen: 24
78.38.250.0/24 maxlen: 24
78.38.251.0/24 maxlen: 24
78.38.248.0/24 maxlen: 24
78.38.254.0/24 maxlen: 24
78.39.40.0/24 maxlen: 24
78.39.43.0/24 maxlen: 24
78.39.50.0/24 maxlen: 24
78.39.46.0/24 maxlen: 24
78.39.49.0/24 maxlen: 24
78.39.48.0/24 maxlen: 24
78.39.51.0/24 maxlen: 24
78.39.47.0/24 maxlen: 24
78.39.58.0/24 maxlen: 24
78.39.54.0/24 maxlen: 24
78.39.57.0/24 maxlen: 24
78.39.53.0/24 maxlen: 24
78.39.56.0/24 maxlen: 24
78.39.55.0/24 maxlen: 24
78.39.62.0/23 maxlen: 24
78.39.59.0/24 maxlen: 24
78.38.25.0/24 maxlen: 24
2.189.160.0/21 maxlen: 24
2.189.168.0/21 maxlen: 24
2.188.225.0/24 maxlen: 24
2.188.224.0/20 maxlen: 24
2.188.232.0/23 maxlen: 23
2.188.234.0/24 maxlen: 24
2.188.236.0/23 maxlen: 23
2.188.240.0/20 maxlen: 24
2.188.164.0/22 maxlen: 22
2.188.160.0/22 maxlen: 22
2.188.165.0/24 maxlen: 24
2.188.161.0/24 maxlen: 24
2.188.160.0/21 maxlen: 24
2.188.176.0/23 maxlen: 23
2.188.192.0/19 maxlen: 24
2.182.0.0/16 maxlen: 24
2.189.80.0/21 maxlen: 24
2.189.88.0/21 maxlen: 24
2.182.172.0/24 maxlen: 24
2.189.48.0/21 maxlen: 24
2.189.64.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:59:10:34:07:d7:de:38:fb:65:f0:42:6d:a2:4a:c5:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Validity
Not Before: Oct 22 20:25:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f4231d36bde15f3efcc786d954eef2a4f57dd8fa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:7f:a4:9e:4e:74:69:61:e5:33:5a:93:6e:1b:
35:06:7e:34:ac:dc:22:93:67:ba:ea:2e:39:07:86:
85:27:96:b5:f5:47:79:16:bd:59:fd:77:ef:d6:d8:
2f:e0:d1:f2:9a:61:3c:04:dc:d4:42:8e:53:f6:db:
f3:dc:5f:7d:dd:89:5b:49:90:eb:f8:04:61:47:96:
b5:97:69:03:74:a5:68:a0:62:1e:ce:d3:2c:c5:0c:
1e:ef:3e:de:54:2c:e9:79:a3:71:3e:e6:09:b3:1b:
e3:8a:b6:13:ad:84:97:85:96:2b:fe:16:e2:17:7c:
6b:a5:9a:1d:2e:f9:f1:18:33:5f:da:61:6e:57:1f:
59:11:e9:c1:6a:44:ae:d8:25:1f:fd:8d:63:a0:f4:
ad:85:a9:de:44:53:4a:23:40:e5:d5:ac:8c:da:19:
eb:8f:dc:af:13:eb:30:1a:76:fe:75:6b:ab:b0:43:
66:c2:92:47:dc:77:bf:a6:d7:c3:b9:5d:59:7c:41:
f6:69:58:b5:f1:09:82:1e:d2:d1:ba:3f:f4:d2:99:
8c:a8:a6:af:16:8b:e7:62:d0:c7:07:1a:73:b7:23:
35:6b:0b:bb:50:e0:ca:4c:fe:35:5a:7a:cd:b1:71:
5b:84:f4:b3:8e:28:66:96:1f:36:e1:f4:40:a1:67:
3f:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:23:1D:36:BD:E1:5F:3E:FC:C7:86:D9:54:EE:F2:A4:F5:7D:D8:FA
X509v3 Authority Key Identifier:
keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/9CMdNr3hXz78x4bZVO7ypPV92Po.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.181.191.0/24
2.181.222.0/23
2.182.0.0/16
2.188.40.0/21
2.188.72.0/22
2.188.160.0/21
2.188.176.0/23
2.188.192.0/18
2.189.48.0/21
2.189.64.0/22
2.189.80.0/20
2.189.160.0/20
78.38.25.0/24
78.38.243.0/24
78.38.246.0/24
78.38.248.0/24
78.38.250.0/23
78.38.254.0/24
78.39.40.0/24
78.39.43.0/24
78.39.46.0-78.39.51.255
78.39.53.0-78.39.59.255
78.39.62.0/23
78.39.153.0/24
78.39.155.0-78.39.156.255
Signature Algorithm: sha256WithRSAEncryption
9b:12:0b:8f:44:1a:4d:f7:ca:79:ad:d3:1b:53:25:b5:ef:64:
b6:37:a7:0e:f3:13:2c:ed:b2:5e:7c:46:e0:29:70:54:1f:02:
c5:bf:a6:81:8f:9e:33:d9:e8:2a:3e:c6:37:45:0d:91:ee:48:
73:90:a0:8b:81:70:36:26:28:ef:d9:5d:89:62:b3:5a:f8:88:
d7:0c:3f:d1:69:be:4c:1d:57:1e:64:5b:54:db:42:a5:cf:11:
b5:17:43:f9:14:cd:af:e3:ec:a4:6d:11:2e:81:15:67:26:44:
89:b4:77:15:51:9f:aa:24:88:83:7f:5a:58:39:be:48:d1:57:
ce:b7:8a:fc:9e:8b:e4:07:48:b5:ef:0b:fe:c9:ef:d5:45:3c:
64:d7:ba:f1:1c:d5:a9:56:9a:3a:9d:62:51:82:7e:3e:43:61:
22:35:77:3c:51:25:86:38:df:22:98:56:8a:6e:93:1d:75:92:
c1:9c:c7:23:ee:8d:93:1f:2c:80:e8:f6:f2:c9:54:79:60:3e:
0d:a8:68:03:85:7a:fe:77:87:6a:10:9c:fc:9e:50:25:f3:e8:
83:29:c1:70:d1:a5:cb:66:4f:e9:66:75:3f:93:fc:4b:30:f7:
85:74:f4:61:d7:28:60:92:15:13:e4:d8:c9:d6:7b:29:9d:c7:
14:a6:29:53
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYtZEDQH1944+2XwQm2iSsXJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjMxMDIyMjAyNTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDIzMWQzNmJkZTE1ZjNlZmNjNzg2ZDk1NGVlZjJhNGY1N2RkOGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3+knk50aWHlM1qTbhs1Bn40rNwi
k2e66i45B4aFJ5a19Ud5Fr1Z/Xfv1tgv4NHymmE8BNzUQo5T9tvz3F993YlbSZDr
+ARhR5a1l2kDdKVooGIeztMsxQwe7z7eVCzpeaNxPuYJsxvjirYTrYSXhZYr/hbi
F3xrpZodLvnxGDNf2mFuVx9ZEenBakSu2CUf/Y1joPSthaneRFNKI0Dl1ayM2hnr
j9yvE+swGnb+dWursENmwpJH3He/ptfDuV1ZfEH2aVi18QmCHtLRuj/00pmMqKav
FovnYtDHBxpztyM1awu7UODKTP41WnrNsXFbhPSzjihmlh824fRAoWc/+QIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFPQjHTa94V8+/MeG2VTu8qT1fdj6MB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvOUNNZE5yM2hYejc4eDRiWlZPN3lwUFY5MlBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHKBggrBgEFBQcBBwEB/wSBujCBtzCBtAQCAAEwga0DBAAC
tb8DBAECtd4DAwACtgMEAwK8KAMEAgK8SAMEAwK8oAMEAQK8sAMEBgK8wAMEAwK9
MAMEAgK9QAMEBAK9UAMEBAK9oAMEAE4mGQMEAE4m8wMEAE4m9gMEAE4m+AMEAU4m
+gMEAE4m/gMEAE4nKAMEAE4nKzAMAwQBTicuAwQCTicwMAwDBABOJzUDBAJOJzgD
BAFOJz4DBABOJ5kwDAMEAE4nmwMEAE4nnDANBgkqhkiG9w0BAQsFAAOCAQEAmxIL
j0QaTffKea3TG1Mlte9ktjenDvMTLO2yXnxG4ClwVB8Cxb+mgY+eM9noKj7GN0UN
ke5Ic5Cgi4FwNiYo79ldiWKzWviI1ww/0Wm+TB1XHmRbVNtCpc8RtRdD+RTNr+Ps
pG0RLoEVZyZEibR3FVGfqiSIg39aWDm+SNFXzreK/J6L5AdIte8L/snv1UU8ZNe6
8RzVqVaaOp1iUYJ+PkNhIjV3PFElhjjfIphWim6THXWSwZzHI+6Nkx8sgOj28slU
eWA+DahoA4V6/neHahCc/J5QJfPogynBcNGly2ZP6WZ1P5P8SzD3hXT0YdcoYJIV
E+TYydZ7KZ3HFKYpUw==
-----END CERTIFICATE-----
Generated at Tue Apr 29 14:37:21 2025 by rpki-client