Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YxhHsiNIKDntkYTBe5LcDpeRsiI.roa
File: YxhHsiNIKDntkYTBe5LcDpeRsiI.roa (raw, json)
Hash identifier: ZWKyLbWl2dH39UUY6f/uRxSFUCt7o+heHAZEi/Yuf/4=
Subject key identifier: 63:18:47:B2:23:48:28:39:ED:91:84:C1:7B:92:DC:0E:97:91:B2:22
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 01851596F74D2062F3EF45FBDF53B95E11D4
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YxhHsiNIKDntkYTBe5LcDpeRsiI.roa
Signing time: Thu 15 Dec 2022 11:41:33 +0000
ROA not before: Thu 15 Dec 2022 11:41:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 163.5.192.0/24 maxlen: 24
163.5.112.0/24 maxlen: 24
163.5.220.0/24 maxlen: 24
163.5.228.0/24 maxlen: 24
163.5.237.0/24 maxlen: 24
163.5.130.0/24 maxlen: 24
163.5.134.0/24 maxlen: 24
163.5.153.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:15:96:f7:4d:20:62:f3:ef:45:fb:df:53:b9:5e:11:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Dec 15 11:41:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=631847b223482839ed9184c17b92dc0e9791b222
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:71:a8:bb:69:02:b0:29:74:4f:31:fb:43:45:
54:27:42:72:75:69:0e:a4:f8:75:18:b5:a5:b1:d5:
87:3d:7a:c3:b2:31:bf:64:5a:c8:e1:d5:ac:37:50:
a8:4e:bd:d2:c3:f7:f6:19:cc:1b:b2:a3:db:42:94:
c5:dd:5e:de:26:d7:64:ea:2f:78:66:85:8b:95:c0:
8b:53:69:73:ab:54:79:6c:9a:7e:bc:e6:d4:ed:dd:
48:dd:85:ca:82:29:2b:7f:e9:2c:41:b1:22:93:40:
12:91:1a:35:95:73:a8:09:5a:e9:f3:7c:2b:08:b6:
02:e5:31:cf:f2:eb:ea:89:45:30:7c:42:0d:d0:23:
42:24:e6:43:31:d4:c3:dc:a9:a3:65:85:c2:93:fb:
0d:f6:2f:0c:b2:19:85:16:15:e4:12:08:d3:d4:e2:
27:dd:6e:d2:15:76:a0:9a:0d:4b:6a:42:13:a6:33:
83:9f:e4:50:71:5e:32:1e:f9:c4:03:b6:01:4f:c8:
9a:05:4c:e8:01:c8:33:13:56:b3:dc:da:e2:df:20:
26:c0:83:56:d4:94:ca:58:9a:f9:43:ef:3a:1e:3d:
5d:55:17:fb:96:50:0a:82:fd:0d:3d:16:fa:89:46:
72:2b:7d:19:9c:31:78:95:1f:29:8f:5a:06:9e:b6:
62:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:18:47:B2:23:48:28:39:ED:91:84:C1:7B:92:DC:0E:97:91:B2:22
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/YxhHsiNIKDntkYTBe5LcDpeRsiI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.112.0/24
163.5.130.0/24
163.5.134.0/24
163.5.153.0/24
163.5.192.0/24
163.5.220.0/24
163.5.228.0/24
163.5.237.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:cc:57:da:6b:36:bb:24:ed:19:6d:97:e4:96:48:d8:8d:6b:
93:72:95:7b:31:d9:0b:af:14:3b:50:d5:8a:e4:1e:f1:21:b0:
be:46:86:95:ce:d6:3e:73:e0:02:e4:2d:b2:6b:8b:9a:e3:12:
fb:9e:70:f4:f3:24:16:15:62:4e:44:65:39:66:7a:7c:2b:cc:
dc:15:e2:df:53:97:ed:a0:35:be:3c:86:61:47:3e:8d:44:ef:
98:36:97:63:f7:b8:e7:09:38:23:ed:35:8c:37:c2:cc:5f:8f:
7f:5f:7d:06:ae:45:87:44:52:d8:7b:19:a8:a0:e5:55:c8:24:
1f:59:a0:1f:c1:ed:3f:9a:6d:ee:6d:a0:97:df:e1:18:ea:a0:
ed:2d:5a:ba:7b:79:7f:d9:a0:f2:b5:ee:e6:e6:cc:a3:a9:a1:
31:69:f8:67:af:17:02:f0:0f:39:60:b5:7b:c4:99:39:a4:bd:
43:c3:42:83:f2:64:8e:48:23:b6:98:98:b0:a8:3e:7b:a9:ba:
73:ee:d9:4a:d4:63:c9:3f:8b:c9:37:07:db:e8:6b:d2:aa:d7:
02:e9:cb:ce:4e:fc:7f:06:fe:1c:d1:1f:64:00:f9:0c:1c:a4:
00:b6:e1:03:97:45:29:cb:f1:4d:73:d8:33:db:09:d6:eb:d4:
3b:09:69:d2
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYUVlvdNIGLz70X731O5XhHUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIxMjE1MTE0MTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzE4NDdiMjIzNDgyODM5ZWQ5MTg0YzE3YjkyZGMwZTk3OTFiMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHGou2kCsCl0TzH7Q0VUJ0JydWkO
pPh1GLWlsdWHPXrDsjG/ZFrI4dWsN1CoTr3Sw/f2GcwbsqPbQpTF3V7eJtdk6i94
ZoWLlcCLU2lzq1R5bJp+vObU7d1I3YXKgikrf+ksQbEik0ASkRo1lXOoCVrp83wr
CLYC5THP8uvqiUUwfEIN0CNCJOZDMdTD3KmjZYXCk/sN9i8MshmFFhXkEgjT1OIn
3W7SFXagmg1LakITpjODn+RQcV4yHvnEA7YBT8iaBUzoAcgzE1az3Nri3yAmwINW
1JTKWJr5Q+86Hj1dVRf7llAKgv0NPRb6iUZyK30ZnDF4lR8pj1oGnrZibQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGMYR7IjSCg57ZGEwXuS3A6XkbIiMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvWXhoSHNpTklLRG50a1lUQmU1TGNEcGVSc2lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAowVwAwQA
owWCAwQAowWGAwQAowWZAwQAowXAAwQAowXcAwQAowXkAwQAowXtMA0GCSqGSIb3
DQEBCwUAA4IBAQCqzFfaaza7JO0ZbZfklkjYjWuTcpV7MdkLrxQ7UNWK5B7xIbC+
RoaVztY+c+AC5C2ya4ua4xL7nnD08yQWFWJORGU5Znp8K8zcFeLfU5ftoDW+PIZh
Rz6NRO+YNpdj97jnCTgj7TWMN8LMX49/X30GrkWHRFLYexmooOVVyCQfWaAfwe0/
mm3ubaCX3+EY6qDtLVq6e3l/2aDyte7m5syjqaExafhnrxcC8A85YLV7xJk5pL1D
w0KD8mSOSCO2mJiwqD57qbpz7tlK1GPJP4vJNwfb6GvSqtcC6cvOTvx/Bv4c0R9k
APkMHKQAtuEDl0Upy/FNc9gz2wnW69Q7CWnS
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:44:21 2023 by rpki-client on console-fra.rpki-client.org