Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/89962e-b11c-4e69-b413-ab63d45f4b6a/1/pCJhMcdTIYHOr5TR0FWlFt7Q6AM.roa
File: pCJhMcdTIYHOr5TR0FWlFt7Q6AM.roa (raw, json)
Hash identifier: UlSfpaXD9HzoNXD2QtLJ1NuhkDpePqjBDBVYS0EtY5k=
Subject key identifier: A4:22:61:31:C7:53:21:81:CE:AF:94:D1:D0:55:A5:16:DE:D0:E8:03
Certificate issuer: /CN=4f9131775b3260b11a16240d1d8e76891d7f3732
Certificate serial: 018A71B4935EF210D32C89D3C2944BF8EAC0
Authority key identifier: 4F:91:31:77:5B:32:60:B1:1A:16:24:0D:1D:8E:76:89:1D:7F:37:32
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T5Exd1syYLEaFiQNHY52iR1_NzI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/89962e-b11c-4e69-b413-ab63d45f4b6a/1/pCJhMcdTIYHOr5TR0FWlFt7Q6AM.roa
Signing time: Thu 07 Sep 2023 22:12:54 +0000
ROA not before: Thu 07 Sep 2023 22:12:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16276
IP address blocks: 123.100.227.0/24 maxlen: 24
64.225.244.0/23 maxlen: 23
148.222.40.0/22 maxlen: 22
104.225.253.0/24 maxlen: 24
216.183.120.0/24 maxlen: 24
167.234.38.0/24 maxlen: 24
216.203.15.0/24 maxlen: 24
198.49.103.0/24 maxlen: 24
46.17.217.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:71:b4:93:5e:f2:10:d3:2c:89:d3:c2:94:4b:f8:ea:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f9131775b3260b11a16240d1d8e76891d7f3732
Validity
Not Before: Sep 7 22:12:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a4226131c7532181ceaf94d1d055a516ded0e803
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:a6:4e:f0:13:7f:e4:7a:b6:8a:c7:6a:0c:b2:
72:f2:91:84:54:eb:1f:c5:05:11:c8:bc:2b:b4:2d:
7c:99:6d:1c:2c:51:59:ce:7e:f6:35:4b:50:33:d0:
02:7b:b8:d9:de:c1:09:ea:9c:ee:54:e3:fc:1e:36:
f6:57:61:86:3f:2c:70:26:57:54:2d:ef:3e:20:dd:
13:c7:d0:9c:7e:f7:c6:31:c7:79:5c:ae:2e:0f:41:
47:23:6d:f3:d5:9f:5b:34:1d:1a:24:6b:5b:e8:35:
0a:66:fc:96:62:c0:14:44:72:93:8a:cc:77:9f:cf:
76:3c:a4:07:f3:c3:4d:84:30:7e:0b:2f:6a:9a:89:
f3:77:0d:40:21:83:79:6d:a4:2d:13:87:b5:91:92:
fe:5a:50:77:99:8d:2a:38:c1:5c:75:f8:1c:74:a2:
80:2a:bc:be:7f:ea:b3:7b:68:3d:4b:29:73:60:e0:
5f:6f:84:7e:de:9f:32:f2:3a:9f:44:34:71:a5:c2:
c3:4f:d3:35:3a:d3:3c:46:01:d3:18:09:d2:c3:cb:
eb:63:e3:e2:d3:6e:87:91:f3:78:5a:10:44:d2:03:
6a:2c:15:f5:37:7c:40:de:e7:c2:3c:a8:d4:f1:85:
bc:d1:63:79:80:06:cd:26:f6:94:80:48:0c:42:32:
d6:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:22:61:31:C7:53:21:81:CE:AF:94:D1:D0:55:A5:16:DE:D0:E8:03
X509v3 Authority Key Identifier:
keyid:4F:91:31:77:5B:32:60:B1:1A:16:24:0D:1D:8E:76:89:1D:7F:37:32
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5Exd1syYLEaFiQNHY52iR1_NzI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/89962e-b11c-4e69-b413-ab63d45f4b6a/1/pCJhMcdTIYHOr5TR0FWlFt7Q6AM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/89962e-b11c-4e69-b413-ab63d45f4b6a/1/T5Exd1syYLEaFiQNHY52iR1_NzI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.17.217.0/24
64.225.244.0/23
104.225.253.0/24
123.100.227.0/24
148.222.40.0/22
167.234.38.0/24
198.49.103.0/24
216.183.120.0/24
216.203.15.0/24
Signature Algorithm: sha256WithRSAEncryption
b6:fa:71:a6:06:67:1a:96:bd:c7:49:60:84:e9:13:d5:e3:6b:
3e:a8:7f:c2:9e:fc:3d:4c:41:46:c6:1e:4a:d9:33:e9:06:4b:
bc:92:ed:71:6d:67:7b:a8:57:c9:ab:a6:2a:fa:44:62:25:89:
84:7b:bb:03:ad:79:9d:29:34:6a:66:54:98:00:89:ae:9b:9e:
aa:be:a6:59:ee:9d:ab:68:a6:22:81:dc:e2:60:f4:93:4c:13:
f2:5d:63:e7:74:a2:77:88:02:30:a5:80:c9:a0:0e:3b:31:28:
6c:70:d4:8b:4b:6e:cc:08:97:c3:7a:81:93:cb:15:7c:8c:8e:
f6:48:27:b9:67:36:ca:02:a8:20:df:a2:ce:4c:18:6b:3d:dc:
c6:f8:70:9f:73:b4:1f:55:06:f6:6b:03:75:de:df:d0:07:47:
ac:8b:e3:e7:0c:ab:cd:3d:0b:5c:2d:bf:66:77:39:75:98:70:
dd:29:f9:c0:80:5b:5e:46:e1:bd:51:96:99:06:a7:da:82:72:
e9:9d:69:0e:cc:7d:ee:a6:9d:f1:7e:0f:79:b1:2b:ae:c2:d0:
08:1a:a3:3d:11:86:cc:1d:c9:46:37:8b:1d:58:58:1b:62:db:
a9:6c:24:75:b5:46:fb:cf:d4:fc:39:92:93:82:19:0a:37:e6:
69:c4:fe:47
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYpxtJNe8hDTLInTwpRL+OrAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTEzMTc3NWIzMjYwYjExYTE2MjQwZDFkOGU3Njg5MWQ3
ZjM3MzIwHhcNMjMwOTA3MjIxMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDIyNjEzMWM3NTMyMTgxY2VhZjk0ZDFkMDU1YTUxNmRlZDBlODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5KZO8BN/5Hq2isdqDLJy8pGEVOsf
xQURyLwrtC18mW0cLFFZzn72NUtQM9ACe7jZ3sEJ6pzuVOP8Hjb2V2GGPyxwJldU
Le8+IN0Tx9CcfvfGMcd5XK4uD0FHI23z1Z9bNB0aJGtb6DUKZvyWYsAURHKTisx3
n892PKQH88NNhDB+Cy9qmonzdw1AIYN5baQtE4e1kZL+WlB3mY0qOMFcdfgcdKKA
Kry+f+qze2g9SylzYOBfb4R+3p8y8jqfRDRxpcLDT9M1OtM8RgHTGAnSw8vrY+Pi
026HkfN4WhBE0gNqLBX1N3xA3ufCPKjU8YW80WN5gAbNJvaUgEgMQjLW1QIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKQiYTHHUyGBzq+U0dBVpRbe0OgDMB8GA1UdIwQY
MBaAFE+RMXdbMmCxGhYkDR2OdokdfzcyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVFeGQxc3lZTEVhRmlRTkhZNTJpUjFfTnpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi84OTk2MmUtYjExYy00ZTY5LWI0MTMt
YWI2M2Q0NWY0YjZhLzEvcENKaE1jZFRJWUhPcjVUUjBGV2xGdDdRNkFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi84OTk2MmUtYjExYy00ZTY5LWI0MTMtYWI2M2Q0NWY0YjZh
LzEvVDVFeGQxc3lZTEVhRmlRTkhZNTJpUjFfTnpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALhHZAwQB
QOH0AwQAaOH9AwQAe2TjAwQClN4oAwQAp+omAwQAxjFnAwQA2Ld4AwQA2MsPMA0G
CSqGSIb3DQEBCwUAA4IBAQC2+nGmBmcalr3HSWCE6RPV42s+qH/Cnvw9TEFGxh5K
2TPpBku8ku1xbWd7qFfJq6Yq+kRiJYmEe7sDrXmdKTRqZlSYAImum56qvqZZ7p2r
aKYigdziYPSTTBPyXWPndKJ3iAIwpYDJoA47MShscNSLS27MCJfDeoGTyxV8jI72
SCe5ZzbKAqgg36LOTBhrPdzG+HCfc7QfVQb2awN13t/QB0esi+PnDKvNPQtcLb9m
dzl1mHDdKfnAgFteRuG9UZaZBqfagnLpnWkOzH3upp3xfg95sSuuwtAIGqM9EYbM
HclGN4sdWFgbYtupbCR1tUb7z9T8OZKTghkKN+ZpxP5H
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:30:58 2025 by rpki-client