Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/qhvNpPCQaUfEUT6ak-7dGXJA_C0.roa
File: qhvNpPCQaUfEUT6ak-7dGXJA_C0.roa (raw, json)
Hash identifier: K5crZw9OJmFAPcJcU/8n0+Y4QGJiJdEuAAv2pP/MmOQ=
Subject key identifier: AA:1B:CD:A4:F0:90:69:47:C4:51:3E:9A:93:EE:DD:19:72:40:FC:2D
Certificate issuer: /CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Certificate serial: 06AEA493
Authority key identifier: 8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/qhvNpPCQaUfEUT6ak-7dGXJA_C0.roa
Signing time: Mon 25 Apr 2022 15:01:46 +0000
ROA not before: Mon 25 Apr 2022 15:01:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209372
IP address blocks: 158.46.251.0/24 maxlen: 24
158.46.250.0/24 maxlen: 24
178.171.69.0/24 maxlen: 24
178.171.88.0/23 maxlen: 23
158.46.188.0/22 maxlen: 24
178.171.104.0/24 maxlen: 24
178.171.100.0/24 maxlen: 24
158.46.200.0/21 maxlen: 21
178.171.20.0/22 maxlen: 24
178.171.36.0/24 maxlen: 24
178.171.37.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 112108691 (0x6aea493)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d11cb015df9baab61228dbbce17dd4e00e63c13
Validity
Not Before: Apr 25 15:01:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=aa1bcda4f0906947c4513e9a93eedd197240fc2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:fb:58:62:bc:3a:f9:84:0c:8a:5b:f7:e9:85:
e6:7c:bf:52:fa:3f:83:59:37:09:22:33:72:ce:22:
9b:3f:31:59:9e:60:b3:9b:b7:ca:0a:1c:94:d4:44:
f4:66:09:a8:3c:ab:f2:d3:91:d7:51:ec:66:dd:1e:
dc:ea:6a:86:d8:5c:c4:d2:b8:3a:9c:73:0c:fa:d5:
9d:d8:ec:d9:11:c6:b2:00:68:4d:f2:6b:d4:78:3e:
e3:1d:25:b0:e8:11:d6:0f:b8:39:ed:d1:f2:f0:a4:
9d:8a:16:db:ab:0d:13:65:17:77:7d:df:f3:95:33:
15:93:d4:88:79:e9:b1:10:6c:5e:4e:1c:4c:e8:98:
2b:52:8f:2e:e7:6f:fd:8f:19:29:a1:7b:32:18:72:
59:39:d6:8f:a9:53:59:62:12:96:59:4d:32:86:2f:
ea:30:b6:02:50:17:17:a4:2d:a2:19:e2:bb:c9:93:
b7:43:27:20:9f:94:6f:9b:8c:b2:e6:69:2d:2f:49:
3e:c0:43:2e:af:46:07:40:4b:73:d7:6e:f2:5f:18:
55:c3:44:86:0f:b3:cf:0b:b3:e2:93:83:8d:7d:9e:
e8:64:62:36:d0:2b:ed:cf:9d:7d:37:c3:71:2c:32:
94:b0:ba:35:fe:95:1b:c7:5c:63:fe:6f:c4:36:7a:
f0:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:1B:CD:A4:F0:90:69:47:C4:51:3E:9A:93:EE:DD:19:72:40:FC:2D
X509v3 Authority Key Identifier:
keyid:8D:11:CB:01:5D:F9:BA:AB:61:22:8D:BB:CE:17:DD:4E:00:E6:3C:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRHLAV35uqthIo27zhfdTgDmPBM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/qhvNpPCQaUfEUT6ak-7dGXJA_C0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/46/5d8915-c448-40e7-8caa-ba771ffd269c/1/jRHLAV35uqthIo27zhfdTgDmPBM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.46.188.0/22
158.46.200.0/21
158.46.250.0/23
178.171.20.0/22
178.171.36.0/23
178.171.69.0/24
178.171.88.0/23
178.171.100.0/24
178.171.104.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:b8:39:06:19:3e:0e:aa:24:ac:82:ed:47:13:00:5c:6d:ba:
b3:d9:02:9f:83:96:c0:bd:49:1d:bf:94:71:83:81:8c:64:2c:
2c:43:0e:9c:98:d5:76:5e:28:b8:fe:77:26:93:ca:cd:af:d0:
94:06:0e:50:6c:37:dc:e0:7b:54:a6:ed:3e:e0:72:fd:b6:df:
b5:90:a3:2d:41:28:3c:5e:b6:74:2f:24:a9:73:6f:08:99:b5:
34:f5:11:16:52:59:c2:ae:08:df:b4:8a:2c:2a:8c:b8:44:1e:
f1:6c:de:14:c5:c3:eb:be:ad:20:ac:cf:8d:1d:98:c1:c9:23:
7e:35:d9:2d:f4:b2:82:5a:c4:03:56:f8:0f:39:e3:09:a0:a3:
21:77:63:32:c7:ae:a0:86:a4:fc:6d:ff:a3:cf:55:bc:f0:3c:
aa:7d:c1:7d:63:9f:e6:48:3c:d4:5e:87:d6:b3:03:25:28:76:
8e:8a:5a:56:a8:17:93:0e:1c:eb:6c:d0:cc:b5:3c:b1:5d:23:
6d:57:c3:97:65:44:56:e1:1f:be:7a:df:92:fa:7d:d2:f3:d7:
ff:5e:fc:56:25:07:22:c1:0c:94:aa:91:aa:97:8c:12:60:96:
d2:2c:64:3a:18:d6:42:f3:e8:30:76:04:3b:fe:1b:18:bd:ea:
dc:c2:f7:da
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEBq6kkzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZDExY2IwMTVkZjliYWFiNjEyMjhkYmJjZTE3ZGQ0ZTAwZTYzYzEzMB4XDTIyMDQy
NTE1MDE0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWExYmNkYTRmMDkw
Njk0N2M0NTEzZTlhOTNlZWRkMTk3MjQwZmMyZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOX7WGK8OvmEDIpb9+mF5ny/Uvo/g1k3CSIzcs4imz8xWZ5g
s5u3ygoclNRE9GYJqDyr8tOR11HsZt0e3OpqhthcxNK4OpxzDPrVndjs2RHGsgBo
TfJr1Hg+4x0lsOgR1g+4Oe3R8vCknYoW26sNE2UXd33f85UzFZPUiHnpsRBsXk4c
TOiYK1KPLudv/Y8ZKaF7MhhyWTnWj6lTWWISlllNMoYv6jC2AlAXF6Qtohniu8mT
t0MnIJ+Ub5uMsuZpLS9JPsBDLq9GB0BLc9du8l8YVcNEhg+zzwuz4pODjX2e6GRi
NtAr7c+dfTfDcSwylLC6Nf6VG8dcY/5vxDZ68KECAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBSqG82k8JBpR8RRPpqT7t0ZckD8LTAfBgNVHSMEGDAWgBSNEcsBXfm6q2Ei
jbvOF91OAOY8EzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pSSExBVjM1dXF0aElvMjd6aGZkVGdEbVBCTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDYvNWQ4OTE1LWM0NDgtNDBlNy04Y2FhLWJhNzcxZmZkMjY5Yy8x
L3Fodk5wUENRYVVmRVVUNmFrLTdkR1hKQV9DMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDYv
NWQ4OTE1LWM0NDgtNDBlNy04Y2FhLWJhNzcxZmZkMjY5Yy8xL2pSSExBVjM1dXF0
aElvMjd6aGZkVGdEbVBCTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAp4uvAMEA54uyAMEAZ4u+gMEArKr
FAMEAbKrJAMEALKrRQMEAbKrWAMEALKrZAMEALKraDANBgkqhkiG9w0BAQsFAAOC
AQEAn7g5Bhk+DqokrILtRxMAXG26s9kCn4OWwL1JHb+UcYOBjGQsLEMOnJjVdl4o
uP53JpPKza/QlAYOUGw33OB7VKbtPuBy/bbftZCjLUEoPF62dC8kqXNvCJm1NPUR
FlJZwq4I37SKLCqMuEQe8WzeFMXD676tIKzPjR2YwckjfjXZLfSyglrEA1b4Dznj
CaCjIXdjMseuoIak/G3/o89VvPA8qn3BfWOf5kg81F6H1rMDJSh2jopaVqgXkw4c
62zQzLU8sV0jbVfDl2VEVuEfvnrfkvp90vPX/178ViUHIsEMlKqRqpeMEmCW0ixk
OhjWQvPoMHYEO/4bGL3q3ML32g==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:47:22 2023 by rpki-client on console-fra.rpki-client.org