Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/PnksN7WTOTb2qJTHJR6lpvNtshQ.roa
File: PnksN7WTOTb2qJTHJR6lpvNtshQ.roa (raw, json)
Hash identifier: moZEiuml8qYQQONUpwM162bes2U5L+QzechHSolglT4=
Subject key identifier: 3E:79:2C:37:B5:93:39:36:F6:A8:94:C7:25:1E:A5:A6:F3:6D:B2:14
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 018BF5F90C67C20713F69F7F5D2E4641CFC3
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/PnksN7WTOTb2qJTHJR6lpvNtshQ.roa
Signing time: Wed 22 Nov 2023 07:40:21 +0000
ROA not before: Wed 22 Nov 2023 07:40:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203639
IP address blocks: 185.155.186.0/24 maxlen: 24
185.155.187.0/24 maxlen: 24
46.21.23.0/24 maxlen: 24
45.143.159.0/24 maxlen: 24
45.143.158.0/24 maxlen: 24
46.21.20.0/24 maxlen: 24
46.21.30.0/24 maxlen: 24
46.21.28.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:f5:f9:0c:67:c2:07:13:f6:9f:7f:5d:2e:46:41:cf:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Nov 22 07:40:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3e792c37b5933936f6a894c7251ea5a6f36db214
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:0e:56:69:41:40:e5:48:51:7e:d4:f1:5f:8f:
e6:98:78:ad:b5:d7:9e:cc:ce:80:05:7e:1b:01:d8:
fd:aa:c1:42:a6:e9:2d:cf:74:16:e8:74:d4:e0:e4:
f0:1b:2a:90:42:0a:f4:0c:5d:4e:b3:16:9b:d5:d9:
72:fd:e2:3f:a1:4b:08:1f:f5:22:4b:45:c5:4f:5b:
9a:48:73:6a:c6:d9:58:8b:3e:96:4b:96:b8:ce:01:
e8:e4:72:a1:a2:37:c5:b8:93:96:20:4d:a1:f5:bb:
5e:13:2c:97:56:de:e7:c9:da:51:d8:33:1c:fe:4b:
46:2b:59:72:07:6e:48:76:5a:79:04:11:0a:ec:ae:
66:64:cd:77:66:74:9d:7e:0c:6d:37:b6:5b:fb:d3:
4e:b4:3c:b7:2d:2a:e4:e1:55:d9:51:f2:8c:cb:78:
33:32:28:94:a8:83:cb:1c:ab:b9:98:ff:cb:08:a3:
62:15:c2:ad:4f:c2:98:69:78:dc:9f:24:61:38:c1:
1b:7b:21:20:03:c9:81:68:43:72:1c:31:01:c0:d4:
31:22:82:6b:51:c3:87:af:c8:02:c9:af:73:de:11:
54:df:da:9c:ba:38:b3:f3:0c:1b:a0:55:d0:0c:dc:
40:0f:62:28:4e:3d:ac:d9:30:b4:69:bc:28:e1:03:
ff:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:79:2C:37:B5:93:39:36:F6:A8:94:C7:25:1E:A5:A6:F3:6D:B2:14
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/PnksN7WTOTb2qJTHJR6lpvNtshQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.158.0/23
46.21.20.0/24
46.21.23.0/24
46.21.28.0/24
46.21.30.0/24
185.155.186.0/23
Signature Algorithm: sha256WithRSAEncryption
15:93:b2:04:86:89:58:7c:aa:7e:7e:d8:91:d5:9f:ce:0d:f7:
87:e5:51:db:fa:32:4f:d5:14:f8:40:37:f1:62:d8:c5:fe:63:
99:8a:58:51:b4:e6:e8:33:9d:ad:a1:fe:0a:d0:03:c6:c9:27:
3f:d7:f2:56:dd:72:3e:71:0b:08:cc:f8:e6:a0:d0:fc:55:d0:
77:1a:5d:22:c4:be:00:a3:c9:84:1e:3c:9a:99:e9:80:07:92:
5d:89:27:30:b2:f4:7f:38:9e:28:cf:8b:9d:fb:cc:39:9b:ec:
17:9b:d9:c1:aa:6c:af:bf:d5:e7:01:17:92:95:02:0b:9f:56:
0c:35:b2:79:68:e5:dd:2e:e3:b2:52:39:19:a1:88:9c:e6:c1:
ee:6a:b0:87:56:d9:2d:1d:3b:65:6b:87:80:1f:6a:48:7e:6a:
5c:22:f3:5c:d7:ea:90:6e:5b:05:6e:49:35:95:04:97:ae:39:
34:f9:44:8a:fd:12:33:a1:15:a0:cd:9a:ea:55:f8:34:3f:a0:
cb:e0:1e:7f:1d:1f:e7:46:ab:4b:58:14:0b:ad:52:bd:23:eb:
b1:fc:e8:27:20:90:3b:58:64:df:cf:22:36:86:8e:83:b9:a9:
33:19:c4:f4:93:c0:65:bc:4c:3c:4b:e8:39:6b:7a:2e:44:27:
38:a0:bc:95
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYv1+QxnwgcT9p9/XS5GQc/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMxMTIyMDc0MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTc5MmMzN2I1OTMzOTM2ZjZhODk0YzcyNTFlYTVhNmYzNmRiMjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkg5WaUFA5UhRftTxX4/mmHittdee
zM6ABX4bAdj9qsFCpuktz3QW6HTU4OTwGyqQQgr0DF1Osxab1dly/eI/oUsIH/Ui
S0XFT1uaSHNqxtlYiz6WS5a4zgHo5HKhojfFuJOWIE2h9bteEyyXVt7nydpR2DMc
/ktGK1lyB25Idlp5BBEK7K5mZM13ZnSdfgxtN7Zb+9NOtDy3LSrk4VXZUfKMy3gz
MiiUqIPLHKu5mP/LCKNiFcKtT8KYaXjcnyRhOMEbeyEgA8mBaENyHDEBwNQxIoJr
UcOHr8gCya9z3hFU39qcujiz8wwboFXQDNxAD2IoTj2s2TC0abwo4QP//QIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFD55LDe1kzk29qiUxyUepabzbbIUMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvUG5rc043V1RPVGIycUpUSEpSNmxwdk50c2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBLY+eAwQA
LhUUAwQALhUXAwQALhUcAwQALhUeAwQBuZu6MA0GCSqGSIb3DQEBCwUAA4IBAQAV
k7IEholYfKp+ftiR1Z/ODfeH5VHb+jJP1RT4QDfxYtjF/mOZilhRtOboM52tof4K
0APGySc/1/JW3XI+cQsIzPjmoND8VdB3Gl0ixL4Ao8mEHjyamemAB5JdiScwsvR/
OJ4oz4ud+8w5m+wXm9nBqmyvv9XnAReSlQILn1YMNbJ5aOXdLuOyUjkZoYic5sHu
arCHVtktHTtla4eAH2pIfmpcIvNc1+qQblsFbkk1lQSXrjk0+USK/RIzoRWgzZrq
Vfg0P6DL4B5/HR/nRqtLWBQLrVK9I+ux/OgnIJA7WGTfzyI2ho6DuakzGcT0k8Bl
vEw8S+g5a3ouRCc4oLyV
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:26:03 2025 by rpki-client