Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xWIPxgkad52S-zOaZMAQpDblTIY.roa
File: xWIPxgkad52S-zOaZMAQpDblTIY.roa (raw, json)
Hash identifier: y+dFcU6aF44ije7Yd8Y83/qivqm7sZ1UrOFqfzlmA5w=
Subject key identifier: C5:62:0F:C6:09:1A:77:9D:92:FB:33:9A:64:C0:10:A4:36:E5:4C:86
Certificate issuer: /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial: 018A1D433F538D98CE5324D7DE7CBD3D4016
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xWIPxgkad52S-zOaZMAQpDblTIY.roa
Signing time: Tue 22 Aug 2023 12:41:00 +0000
ROA not before: Tue 22 Aug 2023 12:41:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 212.116.244.0/24 maxlen: 24
212.116.246.0/24 maxlen: 24
91.147.117.0/24 maxlen: 24
91.147.116.0/24 maxlen: 24
91.147.118.0/24 maxlen: 24
91.147.123.0/24 maxlen: 24
91.147.119.0/24 maxlen: 24
91.147.122.0/24 maxlen: 24
91.147.121.0/24 maxlen: 24
91.147.126.0/23 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:1d:43:3f:53:8d:98:ce:53:24:d7:de:7c:bd:3d:40:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Validity
Not Before: Aug 22 12:41:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5620fc6091a779d92fb339a64c010a436e54c86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:7e:ea:93:df:b7:5b:ad:83:6f:5e:80:72:f2:
7d:9b:8c:72:55:db:b6:95:b3:6e:68:cc:59:26:75:
dd:0c:63:3f:43:a3:15:12:04:cf:c4:0f:49:70:37:
2a:ce:ea:e5:84:48:d1:c8:41:7b:dd:68:33:50:7a:
16:fd:a7:e6:a6:a8:b3:2f:92:85:22:e6:b4:35:36:
69:91:57:a1:36:b6:6b:26:ad:ca:87:c0:90:d3:6a:
22:bd:36:8b:74:70:f8:fe:a2:aa:6b:b6:10:2b:94:
77:5b:02:f4:03:db:67:21:79:00:6e:6d:2b:76:79:
43:de:4f:23:16:82:67:b4:96:9d:15:03:eb:65:3e:
c2:6d:ce:e5:47:39:f6:35:aa:35:4b:03:7a:7e:fc:
a7:9e:92:4e:ae:d7:88:fc:0d:19:9c:c6:cd:84:84:
8c:47:7d:bc:cb:35:18:59:03:b9:8e:45:db:76:63:
a6:d2:3f:a0:75:26:5b:4b:ea:c8:20:0d:53:91:78:
4f:a1:55:f2:de:ef:41:61:03:01:2d:6b:4b:9a:2f:
bd:79:a8:72:d0:fe:8f:bb:63:cc:64:43:35:fe:94:
cf:36:9e:0a:c2:5f:da:2e:18:78:b6:ce:88:67:95:
a8:aa:aa:8d:e6:05:9f:54:19:ca:46:a0:1a:be:69:
62:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:62:0F:C6:09:1A:77:9D:92:FB:33:9A:64:C0:10:A4:36:E5:4C:86
X509v3 Authority Key Identifier:
keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/xWIPxgkad52S-zOaZMAQpDblTIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.147.116.0/22
91.147.121.0-91.147.123.255
91.147.126.0/23
212.116.244.0/24
212.116.246.0/24
Signature Algorithm: sha256WithRSAEncryption
2f:a2:58:d4:2b:09:a3:af:f6:dd:50:54:67:a6:40:d9:17:84:
09:f5:1d:c6:89:87:fb:6f:82:b9:7a:fb:b2:f5:98:d6:84:86:
71:62:6b:75:d9:2b:76:f5:70:ea:f1:4f:08:68:8b:3c:63:d4:
a2:0a:fc:bd:4f:f8:35:c8:68:e3:e6:42:9f:c5:51:04:95:e7:
1d:d2:40:38:c2:8b:2c:55:35:9f:09:3c:14:48:40:3f:9c:50:
02:ee:8e:22:a7:93:fb:0f:43:72:2e:8d:80:18:f8:0a:bd:8b:
19:99:36:f9:01:7f:88:69:64:ed:6b:af:d3:bb:7a:8a:e4:eb:
90:58:bf:77:5c:74:f1:9e:10:e8:03:6c:5a:ee:28:6b:44:d6:
22:3d:3a:c1:f2:dd:64:e7:fd:15:98:97:46:35:c3:4f:67:7b:
54:2b:8c:38:ba:d3:67:03:b9:21:bd:0f:0c:28:80:2f:ca:50:
53:c7:1b:86:6f:a9:99:2e:8c:31:53:b6:41:1b:ab:fe:5f:48:
67:71:fb:ea:dc:c8:cc:34:22:d0:c7:61:40:cf:9b:db:51:51:
cd:c0:80:67:42:e1:90:81:d4:17:d5:8c:2b:04:ff:2b:47:3f:
60:a0:af:cb:e4:56:a1:aa:34:11:c0:ff:be:fe:90:84:bb:9f:
de:c1:e8:79
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYodQz9TjZjOUyTX3ny9PUAWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjMwODIyMTI0MTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTYyMGZjNjA5MWE3NzlkOTJmYjMzOWE2NGMwMTBhNDM2ZTU0Yzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn7qk9+3W62Db16AcvJ9m4xyVdu2
lbNuaMxZJnXdDGM/Q6MVEgTPxA9JcDcqzurlhEjRyEF73WgzUHoW/afmpqizL5KF
Iua0NTZpkVehNrZrJq3Kh8CQ02oivTaLdHD4/qKqa7YQK5R3WwL0A9tnIXkAbm0r
dnlD3k8jFoJntJadFQPrZT7Cbc7lRzn2Nao1SwN6fvynnpJOrteI/A0ZnMbNhISM
R328yzUYWQO5jkXbdmOm0j+gdSZbS+rIIA1TkXhPoVXy3u9BYQMBLWtLmi+9eahy
0P6Pu2PMZEM1/pTPNp4Kwl/aLhh4ts6IZ5WoqqqN5gWfVBnKRqAavmliuwIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFMViD8YJGnedkvszmmTAEKQ25UyGMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEveFdJUHhna2FkNTJTLXpPYVpNQVFwRGJsVElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCW5N0MAwD
BABbk3kDBAJbk3gDBAFbk34DBADUdPQDBADUdPYwDQYJKoZIhvcNAQELBQADggEB
AC+iWNQrCaOv9t1QVGemQNkXhAn1HcaJh/tvgrl6+7L1mNaEhnFia3XZK3b1cOrx
Twhoizxj1KIK/L1P+DXIaOPmQp/FUQSV5x3SQDjCiyxVNZ8JPBRIQD+cUALujiKn
k/sPQ3IujYAY+Aq9ixmZNvkBf4hpZO1rr9O7eork65BYv3dcdPGeEOgDbFruKGtE
1iI9OsHy3WTn/RWYl0Y1w09ne1QrjDi602cDuSG9DwwogC/KUFPHG4ZvqZkujDFT
tkEbq/5fSGdx++rcyMw0ItDHYUDPm9tRUc3AgGdC4ZCB1BfVjCsE/ytHP2Cgr8vk
VqGqNBHA/77+kIS7n97B6Hk=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:11:26 2025 by rpki-client