Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/2a45ZKD4elqJ6kviKfarYqafr5I.roa
File: 2a45ZKD4elqJ6kviKfarYqafr5I.roa (raw, json)
Hash identifier: O6shlpmGA26CdTnnOof3bGO2K/4Egll7cW/BOhXtk8E=
Subject key identifier: D9:AE:39:64:A0:F8:7A:5A:89:EA:4B:E2:29:F6:AB:62:A6:9F:AF:92
Certificate issuer: /CN=5c1dd6ec4a2e1f376c855c58312195a005cdb850
Certificate serial: 0181E9EF5764E1829AB3137FA154B5EB1419
Authority key identifier: 5C:1D:D6:EC:4A:2E:1F:37:6C:85:5C:58:31:21:95:A0:05:CD:B8:50
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/2a45ZKD4elqJ6kviKfarYqafr5I.roa
Signing time: Sun 10 Jul 2022 21:06:25 +0000
ROA not before: Sun 10 Jul 2022 21:06:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 43709
IP address blocks: 78.157.176.0/21 maxlen: 21
78.157.176.0/20 maxlen: 20
78.157.184.0/21 maxlen: 21
78.157.160.0/19 maxlen: 19
78.157.160.0/20 maxlen: 20
78.157.160.0/21 maxlen: 21
78.157.168.0/21 maxlen: 21
2a02:d8a0:c000::/34 maxlen: 34
2a02:d8a0:8000::/34 maxlen: 34
2a02:d8a0:4000::/34 maxlen: 34
2a02:d8a0::/34 maxlen: 34
2a02:d8a0::/32 maxlen: 32
2a02:d8a0:8000::/33 maxlen: 33
2a02:d8a0::/33 maxlen: 33
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:e9:ef:57:64:e1:82:9a:b3:13:7f:a1:54:b5:eb:14:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5c1dd6ec4a2e1f376c855c58312195a005cdb850
Validity
Not Before: Jul 10 21:06:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d9ae3964a0f87a5a89ea4be229f6ab62a69faf92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:53:8e:cb:0f:82:63:d4:13:2e:40:4c:51:1f:
3a:c9:f6:12:31:9f:06:de:72:c9:10:3c:fa:b7:c3:
f8:05:46:bd:03:6b:6f:0b:e8:4f:1b:4d:69:63:51:
3b:5d:87:9f:b7:db:61:b0:12:10:01:03:de:9c:41:
db:54:33:2f:12:ee:d3:25:92:0e:70:35:4d:23:3b:
99:56:40:b3:46:a9:95:f9:2f:02:d4:31:25:73:68:
ad:79:92:96:cf:0b:c4:48:48:9b:d1:37:96:21:3b:
50:16:78:f9:f2:d9:fb:e5:2b:1a:1e:23:05:5a:6d:
1b:cb:13:41:04:af:d9:cc:43:29:e4:9a:92:16:c6:
5c:7f:19:6b:ce:6c:6f:e9:9e:2d:03:c2:0e:5b:83:
eb:10:9c:78:e7:6d:02:02:35:b9:e1:0c:d2:99:5d:
75:39:7d:90:e5:31:5a:52:9d:f0:81:e0:17:58:fd:
48:52:e4:b1:e4:11:2a:dc:56:1c:4e:dd:3f:32:76:
d4:25:60:d0:67:f3:63:db:a2:70:a4:aa:2c:5f:53:
06:5d:08:bc:c8:fd:41:5a:ba:01:0c:40:ea:b8:b4:
9d:94:04:90:48:24:59:36:c0:49:9f:a7:e1:f6:86:
a1:c6:30:5a:1f:63:23:b7:4f:ff:80:58:b3:e2:be:
60:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:AE:39:64:A0:F8:7A:5A:89:EA:4B:E2:29:F6:AB:62:A6:9F:AF:92
X509v3 Authority Key Identifier:
keyid:5C:1D:D6:EC:4A:2E:1F:37:6C:85:5C:58:31:21:95:A0:05:CD:B8:50
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XB3W7EouHzdshVxYMSGVoAXNuFA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/2a45ZKD4elqJ6kviKfarYqafr5I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/5e4c22-cfde-4ded-a526-39671e0b6266/1/XB3W7EouHzdshVxYMSGVoAXNuFA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.157.160.0/19
IPv6:
2a02:d8a0::/32
Signature Algorithm: sha256WithRSAEncryption
c8:8f:3d:64:c1:72:90:9b:35:28:e3:13:19:47:50:9e:a5:c1:
18:eb:37:e8:71:10:4f:b7:72:1e:4b:c0:f8:af:eb:69:1f:46:
a1:a0:21:4c:34:1b:65:95:21:f3:7b:cb:36:0a:66:02:83:25:
31:ea:5e:8b:32:ff:16:98:35:14:2a:17:71:3d:b6:e7:62:61:
b4:c7:03:d0:22:5f:0a:12:09:e6:ff:b7:ce:cc:19:9c:e0:9b:
57:d5:5d:bb:43:a0:7c:53:e6:93:46:89:01:9d:63:b0:84:3e:
cc:47:51:0c:bc:a4:ed:cd:1d:96:d7:e1:ed:bf:cc:36:ba:52:
e0:89:21:51:d6:3d:bf:11:c2:75:a1:92:a4:82:91:dd:a1:12:
94:af:03:6e:2f:a0:39:5a:44:fc:6c:e1:d4:d6:d3:e2:8d:b8:
c1:93:e5:6c:d2:a8:d6:cf:cf:8b:97:72:77:23:02:5b:28:98:
f1:c9:f0:f4:32:68:2e:a5:81:e6:45:dd:a2:0d:0b:2d:27:09:
4a:d1:94:14:74:49:62:86:04:a2:b8:79:c9:a1:d5:06:0d:c1:
c2:e4:af:d5:a6:79:07:6e:b6:55:f5:67:61:45:c1:09:f0:a0:
da:ee:b3:09:7c:8d:25:0f:f3:52:47:05:25:5e:79:7e:73:c7:
d4:0e:be:78
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYHp71dk4YKasxN/oVS16xQZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMWRkNmVjNGEyZTFmMzc2Yzg1NWM1ODMxMjE5NWEwMDVj
ZGI4NTAwHhcNMjIwNzEwMjEwNjI1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWFlMzk2NGEwZjg3YTVhODllYTRiZTIyOWY2YWI2MmE2OWZhZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVOOyw+CY9QTLkBMUR86yfYSMZ8G
3nLJEDz6t8P4BUa9A2tvC+hPG01pY1E7XYeft9thsBIQAQPenEHbVDMvEu7TJZIO
cDVNIzuZVkCzRqmV+S8C1DElc2iteZKWzwvESEib0TeWITtQFnj58tn75SsaHiMF
Wm0byxNBBK/ZzEMp5JqSFsZcfxlrzmxv6Z4tA8IOW4PrEJx4520CAjW54QzSmV11
OX2Q5TFaUp3wgeAXWP1IUuSx5BEq3FYcTt0/MnbUJWDQZ/Nj26JwpKosX1MGXQi8
yP1BWroBDEDquLSdlASQSCRZNsBJn6fh9oahxjBaH2Mjt0//gFiz4r5gSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNmuOWSg+HpaiepL4in2q2Kmn6+SMB8GA1UdIwQY
MBaAFFwd1uxKLh83bIVcWDEhlaAFzbhQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEIzVzdFb3VIemRzaFZ4WU1TR1ZvQVhOdUZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC81ZTRjMjItY2ZkZS00ZGVkLWE1MjYt
Mzk2NzFlMGI2MjY2LzEvMmE0NVpLRDRlbHFKNmt2aUtmYXJZcWFmcjVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC81ZTRjMjItY2ZkZS00ZGVkLWE1MjYtMzk2NzFlMGI2MjY2
LzEvWEIzVzdFb3VIemRzaFZ4WU1TR1ZvQVhOdUZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFTp2gMA0E
AgACMAcDBQAqAtigMA0GCSqGSIb3DQEBCwUAA4IBAQDIjz1kwXKQmzUo4xMZR1Ce
pcEY6zfocRBPt3IeS8D4r+tpH0ahoCFMNBtllSHze8s2CmYCgyUx6l6LMv8WmDUU
KhdxPbbnYmG0xwPQIl8KEgnm/7fOzBmc4JtX1V27Q6B8U+aTRokBnWOwhD7MR1EM
vKTtzR2W1+Htv8w2ulLgiSFR1j2/EcJ1oZKkgpHdoRKUrwNuL6A5WkT8bOHU1tPi
jbjBk+Vs0qjWz8+Ll3J3IwJbKJjxyfD0MmgupYHmRd2iDQstJwlK0ZQUdElihgSi
uHnJodUGDcHC5K/VpnkHbrZV9WdhRcEJ8KDa7rMJfI0lD/NSRwUlXnl+c8fUDr54
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:06 2023 by rpki-client on console.sobornost.net