Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/254ea2-974f-44b1-b239-5a377c8791f5/1/orCiuIxYrwohh9NWA57GOYTfGGM.roa
File: orCiuIxYrwohh9NWA57GOYTfGGM.roa (raw, json)
Hash identifier: EhF/2WPVpBND8j/vBchu2e7/EptkVPx9TEA5+fV9uO0=
Subject key identifier: A2:B0:A2:B8:8C:58:AF:0A:21:87:D3:56:03:9E:C6:39:84:DF:18:63
Certificate issuer: /CN=03536e1a68e944b2347908b8bdfe7740d8e8aa43
Certificate serial: 01856C65C0A52FA91C7C61A78D051AE28FDA
Authority key identifier: 03:53:6E:1A:68:E9:44:B2:34:79:08:B8:BD:FE:77:40:D8:E8:AA:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/A1NuGmjpRLI0eQi4vf53QNjoqkM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1a/254ea2-974f-44b1-b239-5a377c8791f5/1/orCiuIxYrwohh9NWA57GOYTfGGM.roa
Signing time: Sun 01 Jan 2023 08:14:45 +0000
ROA not before: Sun 01 Jan 2023 08:14:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43118
IP address blocks: 95.108.0.0/17 maxlen: 17
78.152.0.0/19 maxlen: 19
195.42.140.0/23 maxlen: 23
46.187.128.0/17 maxlen: 17
91.203.244.0/22 maxlen: 22
2a02:2a0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:65:c0:a5:2f:a9:1c:7c:61:a7:8d:05:1a:e2:8f:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=03536e1a68e944b2347908b8bdfe7740d8e8aa43
Validity
Not Before: Jan 1 08:14:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a2b0a2b88c58af0a2187d356039ec63984df1863
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:1f:70:41:9d:45:66:65:91:89:47:c7:fe:12:
20:0b:00:78:32:a0:93:a4:08:61:a6:97:24:80:95:
a8:b9:e8:60:17:30:2f:5f:09:fe:76:8d:71:2d:0d:
d3:ad:a7:03:07:13:1b:52:d9:51:d9:a1:53:57:6a:
15:3d:6f:0b:58:a3:79:9f:a0:2d:ce:71:74:2f:ab:
5c:03:4f:18:0c:be:1a:5d:15:de:82:2a:71:00:85:
25:c8:17:5a:63:cf:8d:b0:7a:7a:6e:3b:a3:eb:66:
49:9b:57:e0:ba:db:46:98:b1:1b:03:6a:db:35:7a:
8b:b3:09:1d:0b:0a:61:97:06:e7:9e:11:80:93:50:
6a:c6:24:ec:8c:88:a9:a3:d4:18:08:5e:18:ed:02:
b5:99:91:81:45:e3:c9:5b:e9:5c:49:b8:f6:31:bd:
3a:2f:9b:a2:a8:67:a3:bb:98:65:89:0d:44:ae:fc:
80:f7:0d:73:c2:14:6c:09:6f:ad:28:d4:e1:21:c2:
56:2b:ac:eb:96:1c:2c:2f:57:8a:8d:df:3d:f0:15:
a7:4d:08:60:b1:5c:cd:cb:1c:8a:be:ef:31:e3:6b:
83:d6:2b:1b:5f:e1:fc:d7:17:b0:fd:85:84:2d:f3:
e5:6d:71:08:2a:c6:a4:38:65:44:2d:5c:4e:93:90:
85:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:B0:A2:B8:8C:58:AF:0A:21:87:D3:56:03:9E:C6:39:84:DF:18:63
X509v3 Authority Key Identifier:
keyid:03:53:6E:1A:68:E9:44:B2:34:79:08:B8:BD:FE:77:40:D8:E8:AA:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A1NuGmjpRLI0eQi4vf53QNjoqkM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/254ea2-974f-44b1-b239-5a377c8791f5/1/orCiuIxYrwohh9NWA57GOYTfGGM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/254ea2-974f-44b1-b239-5a377c8791f5/1/A1NuGmjpRLI0eQi4vf53QNjoqkM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.187.128.0/17
78.152.0.0/19
91.203.244.0/22
95.108.0.0/17
195.42.140.0/23
IPv6:
2a02:2a0::/32
Signature Algorithm: sha256WithRSAEncryption
33:c3:c9:59:17:7a:c7:ab:cd:18:6e:a6:bf:6f:45:36:29:24:
bf:7b:ae:78:67:51:8f:70:e7:d4:00:0d:01:c8:8d:27:b0:38:
8a:b4:30:c9:d3:d8:49:59:05:f4:b2:48:ef:4c:63:52:ca:50:
0d:ce:26:b3:04:bb:50:6c:a7:ff:94:44:7d:78:02:06:5c:90:
c2:4e:a3:99:e5:7b:34:0a:ae:43:cd:a8:fe:62:89:80:e9:33:
f1:df:88:93:e5:03:09:16:f2:5b:70:39:7c:99:d9:5b:b9:cd:
9b:03:cc:0d:18:3d:23:f5:5e:03:ca:c0:4f:7d:b5:a5:89:fb:
0b:04:1f:55:e0:01:fb:20:48:66:2b:56:15:bf:82:ff:b5:6f:
ab:be:0e:2c:db:d3:29:b0:b9:f5:73:78:45:b3:4c:2c:f9:79:
16:a3:19:fc:85:53:31:cd:1f:20:1b:09:bd:7a:c8:8e:59:09:
85:21:c1:5e:d8:2a:9b:56:61:f8:f5:bf:7f:de:e7:a3:fc:05:
b9:af:6f:aa:d3:0a:a7:1c:6b:3e:eb:51:89:ef:74:5a:a3:8c:
94:54:2a:82:24:e6:92:71:98:d8:e8:8f:85:2c:98:b0:3e:2c:
0c:80:ee:db:2f:ef:f2:d1:e4:81:e2:69:33:ef:1c:0a:8b:36:
5b:e3:58:95
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVsZcClL6kcfGGnjQUa4o/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNTM2ZTFhNjhlOTQ0YjIzNDc5MDhiOGJkZmU3NzQwZDhl
OGFhNDMwHhcNMjMwMTAxMDgxNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmIwYTJiODhjNThhZjBhMjE4N2QzNTYwMzllYzYzOTg0ZGYxODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwB9wQZ1FZmWRiUfH/hIgCwB4MqCT
pAhhppckgJWouehgFzAvXwn+do1xLQ3TracDBxMbUtlR2aFTV2oVPW8LWKN5n6At
znF0L6tcA08YDL4aXRXegipxAIUlyBdaY8+NsHp6bjuj62ZJm1fguttGmLEbA2rb
NXqLswkdCwphlwbnnhGAk1BqxiTsjIipo9QYCF4Y7QK1mZGBRePJW+lcSbj2Mb06
L5uiqGeju5hliQ1ErvyA9w1zwhRsCW+tKNThIcJWK6zrlhwsL1eKjd898BWnTQhg
sVzNyxyKvu8x42uD1isbX+H81xew/YWELfPlbXEIKsakOGVELVxOk5CFBwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKKworiMWK8KIYfTVgOexjmE3xhjMB8GA1UdIwQY
MBaAFANTbhpo6USyNHkIuL3+d0DY6KpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTFOdUdtanBSTEkwZVFpNHZmNTNRTmpvcWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yNTRlYTItOTc0Zi00NGIxLWIyMzkt
NWEzNzdjODc5MWY1LzEvb3JDaXVJeFlyd29oaDlOV0E1N0dPWVRmR0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yNTRlYTItOTc0Zi00NGIxLWIyMzktNWEzNzdjODc5MWY1
LzEvQTFOdUdtanBSTEkwZVFpNHZmNTNRTmpvcWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQHLruAAwQF
TpgAAwQCW8v0AwQHX2wAAwQBwyqMMA0EAgACMAcDBQAqAgKgMA0GCSqGSIb3DQEB
CwUAA4IBAQAzw8lZF3rHq80Ybqa/b0U2KSS/e654Z1GPcOfUAA0ByI0nsDiKtDDJ
09hJWQX0skjvTGNSylANziazBLtQbKf/lER9eAIGXJDCTqOZ5Xs0Cq5Dzaj+YomA
6TPx34iT5QMJFvJbcDl8mdlbuc2bA8wNGD0j9V4DysBPfbWlifsLBB9V4AH7IEhm
K1YVv4L/tW+rvg4s29MpsLn1c3hFs0ws+XkWoxn8hVMxzR8gGwm9esiOWQmFIcFe
2CqbVmH49b9/3uej/AW5r2+q0wqnHGs+61GJ73Rao4yUVCqCJOaScZjY6I+FLJiw
PiwMgO7bL+/y0eSB4mkz7xwKizZb41iV
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:01:10 2025 by rpki-client