Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pWgqjjOix5p8Yo5dHqwRudzks9I.roa
File: pWgqjjOix5p8Yo5dHqwRudzks9I.roa (raw, json)
Hash identifier: k+U/VClZDUQ0NIZwgs9ssW+10eHJcr2pb8EFvhfgmT0=
Subject key identifier: A5:68:2A:8E:33:A2:C7:9A:7C:62:8E:5D:1E:AC:11:B9:DC:E4:B3:D2
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 0183561CC844A52D4825930710415E6FDC02
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pWgqjjOix5p8Yo5dHqwRudzks9I.roa
Signing time: Mon 19 Sep 2022 14:17:50 +0000
ROA not before: Mon 19 Sep 2022 14:17:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 7018
IP address blocks: 163.5.110.0/24 maxlen: 24
163.5.111.0/24 maxlen: 24
163.5.231.0/24 maxlen: 24
163.5.232.0/24 maxlen: 24
163.5.126.0/24 maxlen: 24
163.5.235.0/24 maxlen: 24
163.5.234.0/24 maxlen: 24
163.5.253.0/24 maxlen: 24
163.5.250.0/24 maxlen: 24
163.5.165.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:56:1c:c8:44:a5:2d:48:25:93:07:10:41:5e:6f:dc:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Sep 19 14:17:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a5682a8e33a2c79a7c628e5d1eac11b9dce4b3d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:b8:df:da:91:48:73:f3:6e:6a:52:51:a8:bc:
8e:64:6b:8c:cb:a5:cb:74:4f:5b:45:95:88:a2:96:
89:88:2f:d7:0c:5a:20:3d:95:95:47:00:2e:e4:11:
4f:59:52:93:c2:28:73:11:3e:ec:dd:0b:23:5a:85:
ac:5f:71:fc:90:5a:2f:2e:b8:a3:ec:c7:c0:f3:c8:
d2:98:c1:de:a9:5e:98:01:e2:61:b7:35:9e:8c:92:
03:9a:52:3a:bb:3e:58:e4:99:4a:9d:13:a6:55:51:
11:d3:08:a9:a2:58:b9:b6:5d:a9:8e:05:b1:81:7f:
ab:18:48:60:28:38:12:2d:fa:fe:7e:fe:f0:a3:95:
60:b2:90:e8:b6:a4:19:d3:08:f3:39:da:e5:13:5e:
1f:d7:81:5d:af:19:d4:e1:1d:fa:ca:20:91:17:4f:
12:19:e4:fa:91:7e:a1:bc:ff:0e:9d:f6:0a:29:06:
f9:eb:30:01:c8:df:44:43:9b:0b:51:7d:e5:cd:54:
70:9e:f7:e2:2f:52:16:8c:b1:87:69:ec:a3:55:1e:
4c:75:e2:40:26:e1:c2:38:80:ca:18:df:0a:aa:ff:
b3:bd:e2:24:9b:0d:d4:7f:83:de:e3:6c:7a:85:07:
5b:6d:db:ab:02:2a:eb:0f:93:57:b4:22:39:a0:fa:
c0:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:68:2A:8E:33:A2:C7:9A:7C:62:8E:5D:1E:AC:11:B9:DC:E4:B3:D2
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/pWgqjjOix5p8Yo5dHqwRudzks9I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.110.0/23
163.5.126.0/24
163.5.165.0/24
163.5.231.0-163.5.232.255
163.5.234.0/23
163.5.250.0/24
163.5.253.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:12:bb:19:30:8c:9a:ec:81:77:10:1f:2a:7b:50:dc:8a:80:
a0:2f:6e:33:39:77:65:99:6b:76:d5:d5:19:7f:cb:71:9f:d1:
51:8c:23:7f:71:5a:5e:17:e9:04:b5:32:a7:da:76:a2:ad:0d:
54:84:fa:bb:5a:72:6a:ce:3e:bc:cd:52:a7:e5:df:d6:a7:7c:
3b:d7:29:49:09:50:fa:75:9b:cc:c2:0e:55:40:40:9d:05:26:
19:e0:c5:fe:38:b2:dc:75:49:13:cc:96:39:08:80:3a:54:f2:
0e:53:62:1f:6d:e0:da:46:1b:48:bf:a0:01:69:cb:ea:ec:99:
c7:9b:ed:b4:a2:d9:f2:0a:fb:c5:4c:36:2f:bf:74:4c:09:60:
32:77:6b:25:91:aa:ec:61:7f:f0:10:85:36:79:83:fa:e6:09:
bc:fd:36:7f:8d:86:5e:0c:83:79:77:7e:5d:83:e8:c6:38:f6:
4f:e6:f1:16:58:63:30:da:db:b2:6a:94:eb:36:8e:d7:22:6d:
e7:a6:b8:45:2d:c8:4e:36:f2:4a:3c:f2:9e:d2:eb:c5:fb:70:
5e:83:2d:c0:cd:8b:d9:13:35:c9:44:a3:af:91:a0:03:8f:7c:
e7:32:44:0b:60:a0:9c:5e:ff:90:04:32:61:67:b8:e3:6c:8a:
28:27:22:c4
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYNWHMhEpS1IJZMHEEFeb9wCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjIwOTE5MTQxNzUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTY4MmE4ZTMzYTJjNzlhN2M2MjhlNWQxZWFjMTFiOWRjZTRiM2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbjf2pFIc/NualJRqLyOZGuMy6XL
dE9bRZWIopaJiC/XDFogPZWVRwAu5BFPWVKTwihzET7s3QsjWoWsX3H8kFovLrij
7MfA88jSmMHeqV6YAeJhtzWejJIDmlI6uz5Y5JlKnROmVVER0wipoli5tl2pjgWx
gX+rGEhgKDgSLfr+fv7wo5VgspDotqQZ0wjzOdrlE14f14FdrxnU4R36yiCRF08S
GeT6kX6hvP8OnfYKKQb56zAByN9EQ5sLUX3lzVRwnvfiL1IWjLGHaeyjVR5MdeJA
JuHCOIDKGN8Kqv+zveIkmw3Uf4Pe42x6hQdbbdurAirrD5NXtCI5oPrA2wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKVoKo4zoseafGKOXR6sEbnc5LPSMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvcFdncWpqT2l4NXA4WW81ZEhxd1J1ZHprczlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBowVuAwQA
owV+AwQAowWlMAwDBACjBecDBACjBegDBAGjBeoDBACjBfoDBACjBf0wDQYJKoZI
hvcNAQELBQADggEBAI8SuxkwjJrsgXcQHyp7UNyKgKAvbjM5d2WZa3bV1Rl/y3Gf
0VGMI39xWl4X6QS1MqfadqKtDVSE+rtacmrOPrzNUqfl39anfDvXKUkJUPp1m8zC
DlVAQJ0FJhngxf44stx1SRPMljkIgDpU8g5TYh9t4NpGG0i/oAFpy+rsmceb7bSi
2fIK+8VMNi+/dEwJYDJ3ayWRquxhf/AQhTZ5g/rmCbz9Nn+Nhl4Mg3l3fl2D6MY4
9k/m8RZYYzDa27JqlOs2jtcibeemuEUtyE428ko88p7S68X7cF6DLcDNi9kTNclE
o6+RoAOPfOcyRAtgoJxe/5AEMmFnuONsiignIsQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:35 2024 by rpki-client on console-ams.rpki-client.org