Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/ycpWYLEdRFPFxEC274iPTEwPWcg.roa
File: ycpWYLEdRFPFxEC274iPTEwPWcg.roa (raw, json)
Hash identifier: 8+9QoZ3Hgw7c98tTzEPqBWFSPoJayZc5guCpHxamft4=
Subject key identifier: C9:CA:56:60:B1:1D:44:53:C5:C4:40:B6:EF:88:8F:4C:4C:0F:59:C8
Certificate issuer: /CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Certificate serial: 0186E54EBBD296D37C4D6FE8CAAD0CC76C96
Authority key identifier: D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/ycpWYLEdRFPFxEC274iPTEwPWcg.roa
Signing time: Wed 15 Mar 2023 12:46:27 +0000
ROA not before: Wed 15 Mar 2023 12:46:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44208
IP address blocks: 176.46.138.0/23 maxlen: 24
94.74.190.0/24 maxlen: 24
176.46.144.0/20 maxlen: 24
176.46.140.0/22 maxlen: 24
109.203.160.0/19 maxlen: 24
94.74.128.0/18 maxlen: 24
94.74.137.0/24 maxlen: 24
94.74.136.0/24 maxlen: 24
31.170.48.0/20 maxlen: 24
94.74.165.0/24 maxlen: 24
185.34.160.0/22 maxlen: 24
94.74.166.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e5:4e:bb:d2:96:d3:7c:4d:6f:e8:ca:ad:0c:c7:6c:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d60475ebe7f07d74153cb1cca338c16d801f45f7
Validity
Not Before: Mar 15 12:46:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c9ca5660b11d4453c5c440b6ef888f4c4c0f59c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:29:ba:f9:cf:fb:d2:2d:9f:40:44:41:75:a9:
10:bb:9f:c9:56:2a:0a:00:fa:1d:f9:69:ad:c6:75:
20:e7:69:e2:0d:4d:23:5c:14:09:30:93:5b:83:6d:
ce:84:04:26:af:b7:5e:d5:e4:9d:61:49:df:11:20:
ea:34:05:ae:5d:5f:d2:72:3b:5b:76:68:11:25:83:
92:1f:42:41:4b:6c:3d:c2:b4:f5:7d:a0:63:34:9d:
03:99:fc:ee:79:0d:20:fb:eb:7e:70:3e:c6:67:2d:
de:24:3d:8c:9c:a5:b2:a6:f9:6e:16:73:1b:de:e9:
2a:dd:7a:3e:84:41:84:2d:ee:0c:b7:11:e1:f8:03:
b7:b7:7d:6a:0a:a3:17:08:56:07:af:c1:4a:42:c7:
ca:3b:88:86:0e:7a:d8:38:76:b0:2c:40:ca:ba:b5:
3a:94:cd:39:58:a7:01:99:58:c6:09:8d:c6:2d:f9:
7f:43:94:54:21:a8:6d:0a:ad:da:e4:1b:09:36:55:
01:f2:92:17:91:37:ec:23:8d:b3:5d:1c:75:80:e6:
2c:c9:98:14:04:6d:44:1b:fd:35:9b:f7:2d:b3:f5:
7d:70:36:6a:e4:ff:f2:71:53:11:f3:6d:23:73:02:
59:ed:3d:63:fd:24:09:42:14:a6:fe:01:51:c8:17:
16:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C9:CA:56:60:B1:1D:44:53:C5:C4:40:B6:EF:88:8F:4C:4C:0F:59:C8
X509v3 Authority Key Identifier:
keyid:D6:04:75:EB:E7:F0:7D:74:15:3C:B1:CC:A3:38:C1:6D:80:1F:45:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1gR16-fwfXQVPLHMozjBbYAfRfc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/ycpWYLEdRFPFxEC274iPTEwPWcg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/52ebae-e006-4778-ac3c-496f8ebb2d61/1/1gR16-fwfXQVPLHMozjBbYAfRfc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.170.48.0/20
94.74.128.0/18
109.203.160.0/19
176.46.138.0-176.46.159.255
185.34.160.0/22
Signature Algorithm: sha256WithRSAEncryption
18:55:97:75:f9:28:8c:39:cc:79:78:41:05:47:e3:87:75:a0:
17:91:4f:88:f6:17:95:3f:5a:b1:bc:23:f0:76:67:5a:ec:9d:
73:b5:06:97:40:3f:5f:20:3b:0e:88:42:71:3f:e1:ea:59:31:
8b:03:37:63:3c:ca:8f:9f:dc:3d:d6:ed:f2:42:33:c0:18:a6:
cd:58:d4:5b:e8:e7:39:28:0e:63:c6:18:e7:93:9b:00:b0:fd:
9c:87:4f:c0:b1:a4:94:8e:43:ad:c2:fe:a0:aa:8d:91:07:4c:
3a:14:55:5d:d7:aa:04:b3:ac:cf:97:6c:42:b9:51:91:1d:6c:
5e:40:0d:5c:2b:bc:ca:c9:d5:85:12:82:81:e3:52:6b:cd:4e:
49:4a:3a:14:7c:7d:01:d2:f6:37:ec:e5:13:76:16:f6:0e:8e:
04:df:ab:f4:f2:45:e9:8f:1c:7f:d6:48:18:a7:72:6a:20:bb:
7f:59:0d:a6:90:77:1c:29:62:03:47:80:ff:59:92:3e:e7:48:
86:6a:6a:cb:a2:ac:4a:40:69:0c:1c:ff:45:89:eb:4c:af:ee:
49:12:d3:1b:1d:ef:a1:1d:b7:50:3a:a5:1e:97:e4:e2:fc:49:
9d:1c:c1:3e:14:f0:18:28:58:06:5d:45:5e:ad:a5:ce:e7:15:
52:1e:7c:3f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYblTrvSltN8TW/oyq0Mx2yWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MDQ3NWViZTdmMDdkNzQxNTNjYjFjY2EzMzhjMTZkODAx
ZjQ1ZjcwHhcNMjMwMzE1MTI0NjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWNhNTY2MGIxMWQ0NDUzYzVjNDQwYjZlZjg4OGY0YzRjMGY1OWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnim6+c/70i2fQERBdakQu5/JVioK
APod+WmtxnUg52niDU0jXBQJMJNbg23OhAQmr7de1eSdYUnfESDqNAWuXV/Scjtb
dmgRJYOSH0JBS2w9wrT1faBjNJ0DmfzueQ0g++t+cD7GZy3eJD2MnKWypvluFnMb
3ukq3Xo+hEGELe4MtxHh+AO3t31qCqMXCFYHr8FKQsfKO4iGDnrYOHawLEDKurU6
lM05WKcBmVjGCY3GLfl/Q5RUIahtCq3a5BsJNlUB8pIXkTfsI42zXRx1gOYsyZgU
BG1EG/01m/cts/V9cDZq5P/ycVMR820jcwJZ7T1j/SQJQhSm/gFRyBcWswIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFMnKVmCxHURTxcRAtu+Ij0xMD1nIMB8GA1UdIwQY
MBaAFNYEdevn8H10FTyxzKM4wW2AH0X3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2Mt
NDk2ZjhlYmIyZDYxLzEveWNwV1lMRWRSRlBGeEVDMjc0aVBURXdQV2NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC81MmViYWUtZTAwNi00Nzc4LWFjM2MtNDk2ZjhlYmIyZDYx
LzEvMWdSMTYtZndmWFFWUExITW96akJiWUFmUmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQEH6owAwQG
XkqAAwQFbcugMAwDBAGwLooDBAWwLoADBAK5IqAwDQYJKoZIhvcNAQELBQADggEB
ABhVl3X5KIw5zHl4QQVH44d1oBeRT4j2F5U/WrG8I/B2Z1rsnXO1BpdAP18gOw6I
QnE/4epZMYsDN2M8yo+f3D3W7fJCM8AYps1Y1Fvo5zkoDmPGGOeTmwCw/ZyHT8Cx
pJSOQ63C/qCqjZEHTDoUVV3XqgSzrM+XbEK5UZEdbF5ADVwrvMrJ1YUSgoHjUmvN
TklKOhR8fQHS9jfs5RN2FvYOjgTfq/TyRemPHH/WSBincmogu39ZDaaQdxwpYgNH
gP9Zkj7nSIZqasuirEpAaQwc/0WJ60yv7kkS0xsd76Edt1A6pR6X5OL8SZ0cwT4U
8BgoWAZdRV6tpc7nFVIefD8=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:00:36 2025 by rpki-client