Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/cd1db3-2877-4f32-83c5-370b82e9f90b/1/lgPTWE3VvxnC3fdS9gtu6-HghIQ.roa
File: lgPTWE3VvxnC3fdS9gtu6-HghIQ.roa (raw, json)
Hash identifier: 9pQ8Pf4ASZRx+vI8zPuoNNhqy22Rixtjr76QmxicsD0=
Subject key identifier: 96:03:D3:58:4D:D5:BF:19:C2:DD:F7:52:F6:0B:6E:EB:E1:E0:84:84
Certificate issuer: /CN=be9b5458c237db65848cb2acbec6db9423fcb3a6
Certificate serial: 018943FD2766B8D7BF9800099E1C02B4C409
Authority key identifier: BE:9B:54:58:C2:37:DB:65:84:8C:B2:AC:BE:C6:DB:94:23:FC:B3:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vptUWMI322WEjLKsvsbblCP8s6Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/cd1db3-2877-4f32-83c5-370b82e9f90b/1/lgPTWE3VvxnC3fdS9gtu6-HghIQ.roa
Signing time: Tue 11 Jul 2023 08:06:51 +0000
ROA not before: Tue 11 Jul 2023 08:06:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200865
IP address blocks: 185.91.16.0/24 maxlen: 24
185.91.17.0/24 maxlen: 24
185.91.16.0/22 maxlen: 22
185.91.18.0/24 maxlen: 24
185.91.19.0/24 maxlen: 24
37.17.128.0/20 maxlen: 20
37.17.128.0/19 maxlen: 19
37.17.144.0/24 maxlen: 24
37.17.145.0/24 maxlen: 24
37.17.144.0/20 maxlen: 20
37.17.148.0/24 maxlen: 24
37.17.149.0/24 maxlen: 24
37.17.150.0/24 maxlen: 24
37.17.151.0/24 maxlen: 24
37.17.146.0/24 maxlen: 24
37.17.147.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:43:fd:27:66:b8:d7:bf:98:00:09:9e:1c:02:b4:c4:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=be9b5458c237db65848cb2acbec6db9423fcb3a6
Validity
Not Before: Jul 11 08:06:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9603d3584dd5bf19c2ddf752f60b6eebe1e08484
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:b4:d8:ff:ab:2d:cd:03:16:c4:ce:49:d0:aa:
b1:1e:16:0d:75:1b:05:b0:b3:f3:b7:c7:39:df:38:
01:14:91:db:4d:c8:bd:63:a5:61:05:41:67:fd:f5:
61:e4:c4:2e:0e:92:08:0c:44:92:86:00:f3:85:24:
4c:84:17:be:67:93:bf:5d:50:5b:11:9d:1b:b2:70:
86:55:e8:8b:a1:86:c1:93:d2:02:ac:69:1a:9f:08:
56:41:03:b6:d4:4c:b2:8b:12:15:e2:bc:25:c2:21:
36:7e:c7:98:ef:8c:d2:f0:82:06:97:e7:65:b4:63:
56:3c:86:32:22:17:11:67:0c:b5:22:d6:de:6a:9f:
e1:51:12:35:8a:af:33:da:78:e1:e8:ff:1c:6b:42:
9d:fb:a5:a2:8f:d4:db:d5:e2:ab:b2:f3:0f:4e:eb:
55:e4:d3:68:76:4d:ea:f2:8e:0f:49:56:77:d7:e2:
d1:4a:ce:4f:11:ce:0a:6b:4a:77:ef:32:03:fc:d6:
78:44:3d:20:ae:fa:6c:7b:1c:e7:f2:94:17:65:02:
ed:a4:07:3f:fd:67:94:99:e1:f6:3b:3c:84:13:9f:
aa:6a:44:75:97:f5:25:5a:3e:7b:83:5b:29:16:0b:
f5:3d:29:5b:8e:79:8e:b0:0f:1f:84:ff:3f:d2:f9:
4c:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:03:D3:58:4D:D5:BF:19:C2:DD:F7:52:F6:0B:6E:EB:E1:E0:84:84
X509v3 Authority Key Identifier:
keyid:BE:9B:54:58:C2:37:DB:65:84:8C:B2:AC:BE:C6:DB:94:23:FC:B3:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vptUWMI322WEjLKsvsbblCP8s6Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/cd1db3-2877-4f32-83c5-370b82e9f90b/1/lgPTWE3VvxnC3fdS9gtu6-HghIQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/cd1db3-2877-4f32-83c5-370b82e9f90b/1/vptUWMI322WEjLKsvsbblCP8s6Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.17.128.0/19
185.91.16.0/22
Signature Algorithm: sha256WithRSAEncryption
93:68:46:a6:42:84:08:8e:1e:fe:a9:90:25:d5:8c:cd:b1:a2:
8c:2b:6b:16:5c:9c:cb:d0:ca:b4:f3:a8:79:cd:3a:c5:73:d8:
79:ec:42:5b:5b:34:45:7d:40:ec:b4:3d:15:bb:96:cf:ae:41:
22:b9:cd:f3:03:d5:78:0e:0a:b1:44:e3:8d:80:3f:54:43:98:
8b:45:54:0c:9a:8d:cd:0c:21:56:3d:f4:f2:d6:5d:7c:72:91:
58:87:4b:ee:3e:55:a9:58:0a:ec:a7:b7:c0:0d:d5:71:40:34:
3f:d6:b6:c1:78:51:8c:ca:5a:62:82:11:16:f9:c6:80:d2:ef:
c5:a2:be:3e:f4:1b:11:6b:7a:5a:30:c4:50:e6:3a:fd:cb:ad:
95:fb:72:01:83:60:13:f4:f9:0e:59:66:ce:5a:f4:ec:fe:03:
31:50:72:a8:6b:f2:af:63:bd:ab:4b:bf:8e:9c:c6:91:e3:fc:
04:aa:b6:3d:49:0b:f2:95:50:fa:d3:0c:cc:6c:ce:f1:d6:6f:
9b:da:61:d5:69:e7:68:4f:13:65:04:e4:37:43:fe:0f:90:37:
b5:9d:f3:a7:ed:0d:b5:e0:fd:04:83:3b:f9:14:28:e7:ca:2a:
aa:8f:3c:db:72:4a:6d:16:09:a9:ef:27:33:73:84:46:02:9d:
a7:4b:a5:80
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYlD/SdmuNe/mAAJnhwCtMQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlOWI1NDU4YzIzN2RiNjU4NDhjYjJhY2JlYzZkYjk0MjNm
Y2IzYTYwHhcNMjMwNzExMDgwNjUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjAzZDM1ODRkZDViZjE5YzJkZGY3NTJmNjBiNmVlYmUxZTA4NDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrTY/6stzQMWxM5J0KqxHhYNdRsF
sLPzt8c53zgBFJHbTci9Y6VhBUFn/fVh5MQuDpIIDESShgDzhSRMhBe+Z5O/XVBb
EZ0bsnCGVeiLoYbBk9ICrGkanwhWQQO21EyyixIV4rwlwiE2fseY74zS8IIGl+dl
tGNWPIYyIhcRZwy1Itbeap/hURI1iq8z2njh6P8ca0Kd+6Wij9Tb1eKrsvMPTutV
5NNodk3q8o4PSVZ31+LRSs5PEc4Ka0p37zID/NZ4RD0grvpsexzn8pQXZQLtpAc/
/WeUmeH2OzyEE5+qakR1l/UlWj57g1spFgv1PSlbjnmOsA8fhP8/0vlMYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJYD01hN1b8Zwt33UvYLbuvh4ISEMB8GA1UdIwQY
MBaAFL6bVFjCN9tlhIyyrL7G25Qj/LOmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnB0VVdNSTMyMldFakxLc3ZzYmJsQ1A4czZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9jZDFkYjMtMjg3Ny00ZjMyLTgzYzUt
MzcwYjgyZTlmOTBiLzEvbGdQVFdFM1Z2eG5DM2ZkUzlndHU2LUhnaElRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9jZDFkYjMtMjg3Ny00ZjMyLTgzYzUtMzcwYjgyZTlmOTBi
LzEvdnB0VVdNSTMyMldFakxLc3ZzYmJsQ1A4czZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFJRGAAwQC
uVsQMA0GCSqGSIb3DQEBCwUAA4IBAQCTaEamQoQIjh7+qZAl1YzNsaKMK2sWXJzL
0Mq086h5zTrFc9h57EJbWzRFfUDstD0Vu5bPrkEiuc3zA9V4DgqxROONgD9UQ5iL
RVQMmo3NDCFWPfTy1l18cpFYh0vuPlWpWArsp7fADdVxQDQ/1rbBeFGMylpighEW
+caA0u/For4+9BsRa3paMMRQ5jr9y62V+3IBg2AT9PkOWWbOWvTs/gMxUHKoa/Kv
Y72rS7+OnMaR4/wEqrY9SQvylVD60wzMbM7x1m+b2mHVaedoTxNlBOQ3Q/4PkDe1
nfOn7Q214P0Egzv5FCjnyiqqjzzbckptFgmp7yczc4RGAp2nS6WA
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:26:24 2025 by rpki-client