Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/FMG2me4zu2ablRbLPaHo1qpITMQ.roa
File: FMG2me4zu2ablRbLPaHo1qpITMQ.roa (raw, json)
Hash identifier: k18L+CdpVquo/DK4Jlf1KuBmtwR31hk2R4cD3FWkczM=
Subject key identifier: 14:C1:B6:99:EE:33:BB:66:9B:95:16:CB:3D:A1:E8:D6:AA:48:4C:C4
Certificate issuer: /CN=68cfe1aacb278c13231b310e45ee576932fe9b4e
Certificate serial: 0184ED060F6DE68B9E2E91D9972E304D4C01
Authority key identifier: 68:CF:E1:AA:CB:27:8C:13:23:1B:31:0E:45:EE:57:69:32:FE:9B:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aM_hqssnjBMjGzEORe5XaTL-m04.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/FMG2me4zu2ablRbLPaHo1qpITMQ.roa
Signing time: Wed 07 Dec 2022 14:38:28 +0000
ROA not before: Wed 07 Dec 2022 14:38:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12840
IP address blocks: 212.109.96.0/20 maxlen: 20
212.109.112.0/22 maxlen: 22
212.109.112.0/24 maxlen: 24
212.109.114.0/24 maxlen: 24
212.109.113.0/24 maxlen: 24
212.109.115.0/24 maxlen: 24
212.109.120.0/23 maxlen: 23
212.109.123.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:ed:06:0f:6d:e6:8b:9e:2e:91:d9:97:2e:30:4d:4c:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68cfe1aacb278c13231b310e45ee576932fe9b4e
Validity
Not Before: Dec 7 14:38:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=14c1b699ee33bb669b9516cb3da1e8d6aa484cc4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:39:49:86:5b:ec:68:d8:df:89:84:d9:5f:f2:
78:9c:8b:5c:33:3d:f8:9f:7e:28:0d:3d:4c:7e:c5:
4d:48:cb:b8:b5:47:58:cd:43:b1:f4:4d:72:04:db:
13:c4:a2:9c:61:d3:09:e2:2a:6d:84:05:32:7b:88:
27:f2:b1:6f:82:4c:17:de:76:62:d4:3e:ad:44:71:
b9:69:5e:84:1d:65:2a:93:b7:e4:8b:e3:76:bf:4f:
04:19:67:24:bb:45:61:70:b7:79:06:81:68:c7:a3:
e0:90:ee:6a:7c:24:30:26:65:a8:28:55:20:b3:b7:
6f:d1:09:a9:26:f0:0d:49:8c:94:ad:f2:3b:88:4b:
53:83:ab:95:44:a5:5b:bf:2d:69:55:30:06:7f:9c:
4f:89:25:7e:0e:7a:da:b3:38:f2:92:25:c2:27:49:
7d:b6:3d:14:d3:b3:31:08:6c:a6:3d:fc:5a:be:d9:
61:5a:5f:17:8c:b7:d9:08:91:ff:47:b5:6a:fc:56:
40:4a:45:d2:bb:c8:06:58:d7:2c:b9:30:62:0f:b8:
10:1d:7b:46:83:33:9e:13:91:24:a1:4f:99:09:9d:
e6:09:f1:ac:1e:c0:06:af:47:d6:3e:87:3a:68:ff:
1b:8c:0c:ae:50:ca:84:63:c5:52:d5:14:40:f7:66:
fa:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:C1:B6:99:EE:33:BB:66:9B:95:16:CB:3D:A1:E8:D6:AA:48:4C:C4
X509v3 Authority Key Identifier:
keyid:68:CF:E1:AA:CB:27:8C:13:23:1B:31:0E:45:EE:57:69:32:FE:9B:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aM_hqssnjBMjGzEORe5XaTL-m04.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/FMG2me4zu2ablRbLPaHo1qpITMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/aM_hqssnjBMjGzEORe5XaTL-m04.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.109.96.0-212.109.115.255
212.109.120.0/23
212.109.123.0/24
Signature Algorithm: sha256WithRSAEncryption
a5:00:70:cd:6f:e5:c1:7b:c6:d7:54:64:0a:1a:2a:c7:36:b3:
6e:64:20:7b:d3:5c:6a:62:29:88:98:23:66:67:62:6c:c0:63:
2a:d0:8f:7e:32:6a:de:7d:56:19:e5:78:9b:bc:a0:ed:e3:4b:
da:f0:20:dc:76:0e:89:76:94:37:81:48:1d:6f:e2:c2:2b:95:
d9:70:cb:3d:35:ed:d2:de:96:0b:42:b7:a7:7a:4d:f0:db:8d:
cf:70:9a:0a:e9:27:d5:b4:84:7c:2d:2d:bf:28:d5:11:da:2c:
71:3e:ea:a8:e4:4f:8d:89:d4:82:6f:59:27:cb:b5:7c:3a:8c:
41:7e:e1:35:c0:da:0c:19:42:42:45:06:85:f9:c7:92:8b:8f:
13:16:63:33:84:42:a2:ec:43:8b:40:a2:1b:33:8f:ee:e2:5f:
77:7a:34:10:ae:b2:45:f2:fd:fb:f0:22:37:dd:92:68:9f:d6:
0a:8c:8a:96:09:eb:18:4d:14:9b:bf:2a:11:0f:fc:34:96:96:
72:cb:78:aa:ac:be:54:ba:fb:67:54:6a:9d:62:90:68:42:da:
5c:dc:0f:ca:f3:74:54:de:bd:62:4b:d5:7f:47:8f:3a:c1:64:
4a:c1:96:ba:be:1b:ab:d2:2f:56:bc:0c:e2:e9:70:d2:ef:15:
cf:75:83:63
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYTtBg9t5oueLpHZly4wTUwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2ZlMWFhY2IyNzhjMTMyMzFiMzEwZTQ1ZWU1NzY5MzJm
ZTliNGUwHhcNMjIxMjA3MTQzODI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGMxYjY5OWVlMzNiYjY2OWI5NTE2Y2IzZGExZThkNmFhNDg0Y2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDlJhlvsaNjfiYTZX/J4nItcMz34
n34oDT1MfsVNSMu4tUdYzUOx9E1yBNsTxKKcYdMJ4ipthAUye4gn8rFvgkwX3nZi
1D6tRHG5aV6EHWUqk7fki+N2v08EGWcku0VhcLd5BoFox6PgkO5qfCQwJmWoKFUg
s7dv0QmpJvANSYyUrfI7iEtTg6uVRKVbvy1pVTAGf5xPiSV+DnraszjykiXCJ0l9
tj0U07MxCGymPfxavtlhWl8XjLfZCJH/R7Vq/FZASkXSu8gGWNcsuTBiD7gQHXtG
gzOeE5EkoU+ZCZ3mCfGsHsAGr0fWPoc6aP8bjAyuUMqEY8VS1RRA92b6jQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFBTBtpnuM7tmm5UWyz2h6NaqSEzEMB8GA1UdIwQY
MBaAFGjP4arLJ4wTIxsxDkXuV2ky/ptOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1faHFzc25qQk1qR3pFT1JlNVhhVEwtbTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iZTllODgtNTEyZi00YjA2LWIxOTYt
ODljMmY2NjZlOTA1LzEvRk1HMm1lNHp1MmFibFJiTFBhSG8xcXBJVE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iZTllODgtNTEyZi00YjA2LWIxOTYtODljMmY2NjZlOTA1
LzEvYU1faHFzc25qQk1qR3pFT1JlNVhhVEwtbTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAXUbWAD
BALUbXADBAHUbXgDBADUbXswDQYJKoZIhvcNAQELBQADggEBAKUAcM1v5cF7xtdU
ZAoaKsc2s25kIHvTXGpiKYiYI2ZnYmzAYyrQj34yat59VhnleJu8oO3jS9rwINx2
Dol2lDeBSB1v4sIrldlwyz017dLelgtCt6d6TfDbjc9wmgrpJ9W0hHwtLb8o1RHa
LHE+6qjkT42J1IJvWSfLtXw6jEF+4TXA2gwZQkJFBoX5x5KLjxMWYzOEQqLsQ4tA
ohszj+7iX3d6NBCuskXy/fvwIjfdkmif1gqMipYJ6xhNFJu/KhEP/DSWlnLLeKqs
vlS6+2dUap1ikGhC2lzcD8rzdFTevWJL1X9HjzrBZErBlrq+G6vSL1a8DOLpcNLv
Fc91g2M=
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:34 2023 by rpki-client on console.sobornost.net