Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/ONhRCPr0m5lO5aNLuoljo3x0LNs.roa
File: ONhRCPr0m5lO5aNLuoljo3x0LNs.roa (raw, json)
Hash identifier: 33Sb0MOlOT5lQUpwalWdDn6LNmziQUWhdU3ATwvPqUw=
Subject key identifier: 38:D8:51:08:FA:F4:9B:99:4E:E5:A3:4B:BA:89:63:A3:7C:74:2C:DB
Certificate issuer: /CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Certificate serial: 018572031B310D4CFB8C9CC81C23033D1EEE
Authority key identifier: AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/ONhRCPr0m5lO5aNLuoljo3x0LNs.roa
Signing time: Mon 02 Jan 2023 10:24:44 +0000
ROA not before: Mon 02 Jan 2023 10:24:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202870
IP address blocks: 185.152.44.0/22 maxlen: 24
2a07:7e80::/29 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:03:1b:31:0d:4c:fb:8c:9c:c8:1c:23:03:3d:1e:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab27ed1cea4321c49c3ca10f3affafdbdad532c2
Validity
Not Before: Jan 2 10:24:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=38d85108faf49b994ee5a34bba8963a37c742cdb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:f1:2f:f8:e8:90:51:6e:c5:b1:1f:d2:b5:3c:
25:1c:ec:95:63:a3:f4:34:e9:ae:a2:c8:13:99:f1:
dd:62:a0:d5:5a:20:54:d6:23:59:e2:c7:e0:91:70:
9c:45:4b:2d:5c:ff:ec:a6:3c:ec:c6:5d:6e:6b:06:
be:e6:7a:0d:7c:f8:22:a3:4c:9f:9e:e3:13:f1:6e:
a7:d2:00:fb:f3:bf:aa:43:2f:47:8c:e9:ef:f8:50:
d4:23:7d:4c:76:a9:5c:e2:85:ce:72:a8:77:d7:92:
e1:6b:46:6f:ab:7a:05:ca:35:e2:1e:e0:5b:85:9b:
8a:c9:39:5d:0f:5d:40:c3:e0:ae:c8:b2:00:8b:8f:
e9:84:68:34:c0:fe:79:ac:89:3f:90:90:05:be:ff:
53:26:f5:b4:d5:74:f9:a6:f3:f4:95:a3:34:25:a7:
ac:9d:9d:c2:ee:4c:d8:f7:a8:e0:3e:da:6b:f4:3e:
51:5c:4f:62:3c:5c:4a:b8:e5:5e:0c:13:17:be:0c:
0e:7f:b0:5e:21:ed:38:d0:8f:56:88:b9:07:ff:f3:
e3:cd:b8:92:3a:1d:75:ac:54:03:89:6c:c3:b8:cc:
e1:04:1a:cc:bf:14:a6:4e:10:4b:b7:4d:ae:7e:b7:
c0:45:d2:3a:37:50:c2:46:dd:a2:46:35:96:20:3b:
11:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:D8:51:08:FA:F4:9B:99:4E:E5:A3:4B:BA:89:63:A3:7C:74:2C:DB
X509v3 Authority Key Identifier:
keyid:AB:27:ED:1C:EA:43:21:C4:9C:3C:A1:0F:3A:FF:AF:DB:DA:D5:32:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qyftHOpDIcScPKEPOv-v29rVMsI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/ONhRCPr0m5lO5aNLuoljo3x0LNs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/32/865490-78e7-43b4-b2fd-1d0bf5208f90/1/qyftHOpDIcScPKEPOv-v29rVMsI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.152.44.0/22
IPv6:
2a07:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
7b:eb:ab:77:e9:d1:c1:d6:c8:c0:00:94:e1:e0:c9:b9:8d:7d:
1e:c8:74:a5:8b:f4:de:c2:8b:d2:81:b3:65:89:e1:3c:08:42:
56:21:04:13:3a:ff:f9:4e:82:73:a6:a6:e8:39:8d:32:48:b7:
14:01:e4:c9:99:b4:d2:78:fb:1c:ea:3c:94:f7:5a:11:95:97:
10:73:02:68:5b:6f:14:1a:03:ed:67:f6:ab:75:30:e1:4d:1b:
e0:d8:37:d3:ba:a0:c1:8e:be:4c:02:70:5f:c9:3f:8b:36:4d:
ef:2b:fb:13:20:8a:8a:6a:76:a4:69:db:e8:bf:39:62:52:5d:
83:45:8d:28:2d:63:4b:65:7c:19:06:87:78:f4:31:e2:9f:a7:
6b:84:8d:b8:23:fb:5b:13:5c:5a:92:65:5d:df:7b:11:00:e1:
23:9e:e2:f9:b8:dc:83:59:d7:e4:47:7f:ed:25:4e:88:56:98:
8d:01:c2:7d:4b:c6:e4:af:dd:6d:26:18:f3:c0:73:a6:ee:36:
37:47:be:13:6d:e8:a6:42:ae:77:f6:06:69:ca:8e:f3:75:bc:
c3:a8:08:c9:6e:bb:0c:79:b8:b7:f0:6c:8f:cb:ba:d3:19:e0:
a5:78:b3:8d:11:82:e9:ab:40:78:1d:af:2b:cd:54:93:3f:94:
45:b4:ba:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyAxsxDUz7jJzIHCMDPR7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMjdlZDFjZWE0MzIxYzQ5YzNjYTEwZjNhZmZhZmRiZGFk
NTMyYzIwHhcNMjMwMTAyMTAyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGQ4NTEwOGZhZjQ5Yjk5NGVlNWEzNGJiYTg5NjNhMzdjNzQyY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvEv+OiQUW7FsR/StTwlHOyVY6P0
NOmuosgTmfHdYqDVWiBU1iNZ4sfgkXCcRUstXP/spjzsxl1uawa+5noNfPgio0yf
nuMT8W6n0gD787+qQy9HjOnv+FDUI31Mdqlc4oXOcqh315Lha0Zvq3oFyjXiHuBb
hZuKyTldD11Aw+CuyLIAi4/phGg0wP55rIk/kJAFvv9TJvW01XT5pvP0laM0Jaes
nZ3C7kzY96jgPtpr9D5RXE9iPFxKuOVeDBMXvgwOf7BeIe040I9WiLkH//PjzbiS
Oh11rFQDiWzDuMzhBBrMvxSmThBLt02ufrfARdI6N1DCRt2iRjWWIDsRTQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDjYUQj69JuZTuWjS7qJY6N8dCzbMB8GA1UdIwQY
MBaAFKsn7RzqQyHEnDyhDzr/r9va1TLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQt
MWQwYmY1MjA4ZjkwLzEvT05oUkNQcjBtNWxPNWFOTHVvbGpvM3gwTE5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi84NjU0OTAtNzhlNy00M2I0LWIyZmQtMWQwYmY1MjA4Zjkw
LzEvcXlmdEhPcERJY1NjUEtFUE92LXYyOXJWTXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZgsMA0E
AgACMAcDBQMqB36AMA0GCSqGSIb3DQEBCwUAA4IBAQB766t36dHB1sjAAJTh4Mm5
jX0eyHSli/TewovSgbNlieE8CEJWIQQTOv/5ToJzpqboOY0ySLcUAeTJmbTSePsc
6jyU91oRlZcQcwJoW28UGgPtZ/ardTDhTRvg2DfTuqDBjr5MAnBfyT+LNk3vK/sT
IIqKanakadvovzliUl2DRY0oLWNLZXwZBod49DHin6drhI24I/tbE1xakmVd33sR
AOEjnuL5uNyDWdfkR3/tJU6IVpiNAcJ9S8bkr91tJhjzwHOm7jY3R74TbeimQq53
9gZpyo7zdbzDqAjJbrsMebi38GyPy7rTGeCleLONEYLpq0B4Ha8rzVSTP5RFtLp3
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:21:50 2025 by rpki-client