Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/O466vd1I2QhqUG7WAnUJwcQBljU.roa
File: O466vd1I2QhqUG7WAnUJwcQBljU.roa (raw, json)
Hash identifier: c3A2jArOGGQ/adsyjKKLb+UA5fDgjOH0UxPnu540tuc=
Subject key identifier: 3B:8E:BA:BD:DD:48:D9:08:6A:50:6E:D6:02:75:09:C1:C4:01:96:35
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 01856F02457C6C246CE4BC36CB280484A6F0
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/O466vd1I2QhqUG7WAnUJwcQBljU.roa
Signing time: Sun 01 Jan 2023 20:24:57 +0000
ROA not before: Sun 01 Jan 2023 20:24:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51894
IP address blocks: 159.148.147.0/24 maxlen: 24
159.148.172.0/24 maxlen: 24
2a02:610:7501::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:02:45:7c:6c:24:6c:e4:bc:36:cb:28:04:84:a6:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Jan 1 20:24:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3b8ebabddd48d9086a506ed6027509c1c4019635
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:c1:52:cc:0c:a4:e6:d6:72:e4:30:ec:47:7d:
23:e3:32:cf:fc:88:6d:72:6e:ea:fe:a1:5c:d0:fa:
0d:4b:8f:ea:32:d4:57:49:66:c1:e3:f9:f4:29:3d:
04:8a:96:11:de:e4:14:cf:5b:a6:3d:35:c0:65:93:
96:68:e1:19:fc:48:5e:4d:1f:b3:76:a4:ed:06:26:
51:99:be:e3:2f:f9:4f:47:c2:6e:97:de:37:8f:af:
25:69:4f:2f:0a:8a:98:c9:b6:83:7f:02:44:4e:f3:
34:18:1d:ab:1f:23:16:89:3e:ce:f7:c6:f4:db:0f:
ec:9b:12:8f:be:65:06:d5:c6:be:63:0b:ca:0e:69:
42:7c:39:af:a9:cf:82:06:51:36:2b:da:8b:c2:e7:
e7:15:a4:0c:55:9c:af:d8:d7:0b:73:d7:3e:a4:d9:
cb:6d:fb:58:27:d5:78:3c:75:32:0c:e3:a7:9f:ad:
43:09:e0:57:fc:03:e1:63:5c:b8:8d:5e:42:e0:e9:
89:2a:71:71:43:be:d8:ba:6d:1b:fd:ba:d3:10:e8:
fa:22:c5:6c:c2:ec:75:b5:d9:14:c1:f9:0d:cf:80:
58:ac:6b:be:14:1e:d9:84:b7:44:d7:b7:6a:f3:7f:
c9:d2:03:c9:05:39:96:16:84:a7:e1:f6:95:0d:5a:
5d:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:8E:BA:BD:DD:48:D9:08:6A:50:6E:D6:02:75:09:C1:C4:01:96:35
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/O466vd1I2QhqUG7WAnUJwcQBljU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.148.147.0/24
159.148.172.0/24
IPv6:
2a02:610:7501::/48
Signature Algorithm: sha256WithRSAEncryption
7b:f5:c8:db:d2:32:6b:22:5b:45:98:f0:96:1a:de:d2:22:18:
23:a2:93:76:d7:0a:40:d8:cd:e2:1f:23:5f:54:ee:36:29:ad:
40:56:92:49:c3:ff:be:c0:46:df:eb:2a:8c:42:42:f3:59:5f:
fe:91:99:69:76:b1:4c:07:d5:c8:f1:1d:cb:6c:68:da:35:4c:
3d:7f:4d:9f:40:f9:9f:94:23:c3:07:d3:72:b3:89:c2:ae:ed:
38:b4:de:5b:2d:c3:58:3e:2d:9e:79:22:b8:8e:f5:dd:00:87:
59:e2:70:5d:62:7d:5b:96:3c:ed:a3:8d:3b:9b:19:60:8d:69:
53:82:99:ae:be:5c:6c:d5:4b:3e:e3:21:ad:ab:d1:a5:fd:f0:
4f:73:87:da:cb:d8:b2:05:f2:4d:16:29:70:92:93:5c:d6:32:
53:67:26:68:e3:b2:79:91:2b:a3:08:71:fd:eb:df:fd:36:9b:
09:c9:ea:8a:a8:1e:85:39:73:a0:88:2c:dc:85:6a:da:bf:36:
af:20:5c:55:50:cc:0e:ef:cb:38:c0:97:50:4e:ba:9b:ad:4c:
df:50:39:0e:6c:51:32:48:a4:ce:71:84:d3:d3:68:fd:10:2c:
9d:1b:10:08:42:66:4f:f3:f7:6b:ac:3e:26:0b:47:a7:c4:8a:
aa:bc:26:3c
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVvAkV8bCRs5Lw2yygEhKbwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjMwMTAxMjAyNDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhlYmFiZGRkNDhkOTA4NmE1MDZlZDYwMjc1MDljMWM0MDE5NjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisFSzAyk5tZy5DDsR30j4zLP/Iht
cm7q/qFc0PoNS4/qMtRXSWbB4/n0KT0EipYR3uQUz1umPTXAZZOWaOEZ/EheTR+z
dqTtBiZRmb7jL/lPR8Jul943j68laU8vCoqYybaDfwJETvM0GB2rHyMWiT7O98b0
2w/smxKPvmUG1ca+YwvKDmlCfDmvqc+CBlE2K9qLwufnFaQMVZyv2NcLc9c+pNnL
bftYJ9V4PHUyDOOnn61DCeBX/APhY1y4jV5C4OmJKnFxQ77Yum0b/brTEOj6IsVs
wux1tdkUwfkNz4BYrGu+FB7ZhLdE17dq83/J0gPJBTmWFoSn4faVDVpdMQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDuOur3dSNkIalBu1gJ1CcHEAZY1MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvTzQ2NnZkMUkyUWhxVUc3V0FuVUp3Y1FCbGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAn5STAwQA
n5SsMA8EAgACMAkDBwAqAgYQdQEwDQYJKoZIhvcNAQELBQADggEBAHv1yNvSMmsi
W0WY8JYa3tIiGCOik3bXCkDYzeIfI19U7jYprUBWkknD/77ARt/rKoxCQvNZX/6R
mWl2sUwH1cjxHctsaNo1TD1/TZ9A+Z+UI8MH03KzicKu7Ti03lstw1g+LZ55IriO
9d0Ah1nicF1ifVuWPO2jjTubGWCNaVOCma6+XGzVSz7jIa2r0aX98E9zh9rL2LIF
8k0WKXCSk1zWMlNnJmjjsnmRK6MIcf3r3/02mwnJ6oqoHoU5c6CILNyFatq/Nq8g
XFVQzA7vyzjAl1BOuputTN9QOQ5sUTJIpM5xhNPTaP0QLJ0bEAhCZk/z92usPiYL
R6fEiqq8Jjw=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:13:03 2025 by rpki-client