Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tPODszs-X2GdsZ-ooK_DCigtX5Q.roa
File: tPODszs-X2GdsZ-ooK_DCigtX5Q.roa (raw, json)
Hash identifier: tMGNdMHdw8BT3mZqSmVVdsXFzds3fWi2mIlrNnAxQDI=
Subject key identifier: B4:F3:83:B3:3B:3E:5F:61:9D:B1:9F:A8:A0:AF:C3:0A:28:2D:5F:94
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 018BF62FFC0E19584C1FAC7846FCADFB4918
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tPODszs-X2GdsZ-ooK_DCigtX5Q.roa
Signing time: Wed 22 Nov 2023 08:40:21 +0000
ROA not before: Wed 22 Nov 2023 08:40:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203639
IP address blocks: 185.155.186.0/24 maxlen: 24
185.155.187.0/24 maxlen: 24
46.21.16.0/24 maxlen: 24
46.21.23.0/24 maxlen: 24
45.143.159.0/24 maxlen: 24
45.143.158.0/24 maxlen: 24
46.21.20.0/24 maxlen: 24
46.21.28.0/24 maxlen: 24
46.21.30.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:f6:2f:fc:0e:19:58:4c:1f:ac:78:46:fc:ad:fb:49:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Nov 22 08:40:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b4f383b33b3e5f619db19fa8a0afc30a282d5f94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:df:23:e6:14:48:5f:cd:8a:32:7b:9b:27:86:
8c:e5:19:01:e0:c7:72:45:7e:e5:14:d1:ff:89:6f:
26:6c:42:7a:c3:a5:78:24:a8:09:d2:95:5b:2f:3d:
88:38:af:2f:99:28:5d:d4:ad:c7:f4:70:4c:9e:5b:
a2:b7:4f:30:64:e9:0e:72:f3:e1:1d:9a:da:d8:ff:
40:e5:e3:82:4c:ba:be:6c:f4:60:ca:a6:a8:93:a1:
df:2a:9c:c4:b6:e7:6f:57:08:ef:f4:3e:10:67:15:
db:43:0d:30:0e:d9:b4:53:3a:f5:11:fb:df:9f:f1:
de:ed:bc:12:67:19:86:aa:a1:5b:c0:04:ea:19:e7:
05:18:c1:76:4a:88:8d:1e:3a:dd:76:8e:68:72:30:
dd:a3:70:30:78:7e:bd:86:39:03:df:6e:dd:c3:c2:
7e:47:86:1b:03:9d:09:d3:8d:99:bf:f3:65:9c:84:
3c:98:ab:28:6c:ce:95:e3:1c:50:95:2f:87:60:e9:
bd:26:c1:08:cc:f6:0a:df:57:27:b3:a1:4c:1d:fd:
b9:cf:fd:49:1c:ab:94:20:b3:82:39:27:18:fa:83:
62:d7:9e:8f:76:e4:03:1f:ab:f8:72:3a:69:b1:11:
3f:3c:99:2d:7a:58:03:a3:3c:9a:6b:2d:cb:de:0c:
ad:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:F3:83:B3:3B:3E:5F:61:9D:B1:9F:A8:A0:AF:C3:0A:28:2D:5F:94
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/tPODszs-X2GdsZ-ooK_DCigtX5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.158.0/23
46.21.16.0/24
46.21.20.0/24
46.21.23.0/24
46.21.28.0/24
46.21.30.0/24
185.155.186.0/23
Signature Algorithm: sha256WithRSAEncryption
34:06:37:be:2f:a7:c9:2c:fc:ac:58:89:b8:c2:9e:1c:dd:73:
71:7a:42:d8:be:94:3d:74:e0:ca:c6:97:db:cf:ae:87:2a:27:
eb:ae:6d:ea:cc:93:3d:f1:be:58:66:1a:02:ec:9f:c0:fc:36:
69:03:ed:4d:42:85:a7:5d:d9:7d:b9:4a:59:3c:fe:d2:a4:f6:
34:ed:0f:be:9d:4d:ef:c9:6a:3e:db:2d:e8:a3:e5:7d:ec:b1:
95:d6:77:c6:9c:ef:bc:c4:b4:e8:49:14:c8:86:76:16:7a:06:
15:91:44:6c:6a:93:43:6a:55:30:3a:a9:07:ec:65:75:89:99:
3b:ed:86:d9:b7:e7:98:fd:93:6b:a5:6b:a3:9d:26:29:5f:ea:
49:0a:21:72:9f:b1:1c:97:dd:ba:75:59:78:bc:f3:e9:66:d6:
6e:ac:11:96:a1:d1:f2:55:fa:59:e4:e4:44:5b:69:f9:8c:19:
ec:7f:bd:ce:ad:1c:7e:da:ef:54:89:a6:98:4d:d9:05:29:be:
26:28:76:bb:73:0c:f9:13:9a:eb:95:e4:de:2a:1d:a8:88:c6:
38:b0:46:d1:b8:5c:dc:09:01:a9:d5:90:c0:6d:a2:2d:51:a0:
d7:90:5c:9f:22:7b:90:29:23:93:54:21:c2:27:b8:ba:49:aa:
af:ba:93:63
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYv2L/wOGVhMH6x4Rvyt+0kYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjMxMTIyMDg0MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGYzODNiMzNiM2U1ZjYxOWRiMTlmYThhMGFmYzMwYTI4MmQ1Zjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqN8j5hRIX82KMnubJ4aM5RkB4Mdy
RX7lFNH/iW8mbEJ6w6V4JKgJ0pVbLz2IOK8vmShd1K3H9HBMnluit08wZOkOcvPh
HZra2P9A5eOCTLq+bPRgyqaok6HfKpzEtudvVwjv9D4QZxXbQw0wDtm0Uzr1Efvf
n/He7bwSZxmGqqFbwATqGecFGMF2SoiNHjrddo5ocjDdo3AweH69hjkD327dw8J+
R4YbA50J042Zv/NlnIQ8mKsobM6V4xxQlS+HYOm9JsEIzPYK31cns6FMHf25z/1J
HKuUILOCOScY+oNi156PduQDH6v4cjppsRE/PJktelgDozyaay3L3gytuwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFLTzg7M7Pl9hnbGfqKCvwwooLV+UMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvdFBPRHN6cy1YMkdkc1otb29LX0RDaWd0WDVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBLY+eAwQA
LhUQAwQALhUUAwQALhUXAwQALhUcAwQALhUeAwQBuZu6MA0GCSqGSIb3DQEBCwUA
A4IBAQA0Bje+L6fJLPysWIm4wp4c3XNxekLYvpQ9dODKxpfbz66HKifrrm3qzJM9
8b5YZhoC7J/A/DZpA+1NQoWnXdl9uUpZPP7SpPY07Q++nU3vyWo+2y3oo+V97LGV
1nfGnO+8xLToSRTIhnYWegYVkURsapNDalUwOqkH7GV1iZk77YbZt+eY/ZNrpWuj
nSYpX+pJCiFyn7Ecl926dVl4vPPpZtZurBGWodHyVfpZ5OREW2n5jBnsf73OrRx+
2u9UiaaYTdkFKb4mKHa7cwz5E5rrleTeKh2oiMY4sEbRuFzcCQGp1ZDAbaItUaDX
kFyfInuQKSOTVCHCJ7i6SaqvupNj
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:43:17 2025 by rpki-client