Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/oYPNc7GXwEiQ_cvR4C38VRg9xDg.roa
File: oYPNc7GXwEiQ_cvR4C38VRg9xDg.roa (raw, json)
Hash identifier: cmRe+G/NL27SZNbl+FiD98/daAjxt/fdff570pYsOp8=
Subject key identifier: A1:83:CD:73:B1:97:C0:48:90:FD:CB:D1:E0:2D:FC:55:18:3D:C4:38
Certificate issuer: /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial: 018B1E4EB1B6D7CA5068EFD673E898C10FAB
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/oYPNc7GXwEiQ_cvR4C38VRg9xDg.roa
Signing time: Wed 11 Oct 2023 10:35:55 +0000
ROA not before: Wed 11 Oct 2023 10:35:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203622
IP address blocks: 46.32.166.0/24 maxlen: 24
46.32.165.0/24 maxlen: 24
46.32.164.0/24 maxlen: 24
46.32.160.0/24 maxlen: 24
46.32.162.0/24 maxlen: 24
46.32.161.0/24 maxlen: 24
46.32.167.0/24 maxlen: 24
46.32.170.0/24 maxlen: 24
46.32.171.0/24 maxlen: 24
46.32.191.0/24 maxlen: 24
46.32.190.0/24 maxlen: 24
46.32.189.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:1e:4e:b1:b6:d7:ca:50:68:ef:d6:73:e8:98:c1:0f:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Validity
Not Before: Oct 11 10:35:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a183cd73b197c04890fdcbd1e02dfc55183dc438
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:e3:f5:53:88:17:4a:96:ff:3e:94:a9:ad:99:
d2:aa:65:9c:83:53:5c:2f:1e:84:b1:71:17:c9:ce:
06:75:b3:78:b8:e7:20:07:18:47:56:92:65:ee:40:
e6:6f:c9:c9:3f:e0:39:3d:da:92:99:2e:18:d5:5c:
3f:64:0a:3f:7d:db:05:b1:37:3b:97:09:34:e4:f5:
15:ee:c5:33:eb:aa:12:12:e6:c4:87:9c:f6:63:6a:
0f:32:ed:0d:1d:3a:93:7a:04:ea:38:67:27:30:79:
9e:99:48:d2:a5:e2:f5:f0:c6:e5:de:ba:33:6d:af:
8f:06:b2:99:e8:46:2f:d4:56:af:fa:8f:d0:2d:4a:
03:37:73:d5:21:82:9a:68:0b:1d:21:ec:7d:ab:8c:
3c:8f:01:e1:9c:27:a9:bd:0d:b6:68:c0:e9:eb:c0:
4f:09:5f:ba:b9:60:4f:0d:df:02:0c:73:82:a6:f8:
f5:30:e4:1c:a7:5d:c9:d0:9f:20:3c:4a:b4:97:42:
80:25:28:61:41:09:32:9e:9c:4e:33:7e:52:0c:86:
27:e6:a8:63:07:ba:db:79:4e:e0:5f:3a:11:93:dd:
06:e5:f9:62:ba:e7:64:6b:b2:08:71:48:f5:3e:5f:
f4:2e:10:61:d6:be:c4:28:7a:30:a8:ec:ab:0f:98:
57:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:83:CD:73:B1:97:C0:48:90:FD:CB:D1:E0:2D:FC:55:18:3D:C4:38
X509v3 Authority Key Identifier:
keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/oYPNc7GXwEiQ_cvR4C38VRg9xDg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.32.160.0-46.32.162.255
46.32.164.0/22
46.32.170.0/23
46.32.189.0-46.32.191.255
Signature Algorithm: sha256WithRSAEncryption
2d:c2:8e:2f:c2:98:2e:e4:91:ae:99:3c:95:ec:91:31:4c:6a:
f3:4b:d4:88:a4:da:7f:cf:f8:3e:ca:9b:1b:fa:d7:f9:38:b1:
ce:e0:c5:29:fd:2a:8c:ba:56:4a:aa:9b:b4:87:e6:9b:a5:15:
a6:c8:e8:a4:eb:ac:62:31:29:30:0f:08:7d:75:6f:38:d1:ca:
50:49:e2:33:bf:72:0c:d9:a4:a4:01:43:c3:47:0e:ac:97:24:
69:e7:b8:c0:3a:00:a1:ca:18:d8:47:2d:f0:f2:56:33:61:b0:
75:8c:7b:25:a7:a6:26:e6:a1:11:52:bc:5c:87:aa:46:1f:54:
48:bc:bd:ec:9c:b0:2b:13:39:39:a3:9f:19:cc:57:fc:26:c7:
7e:7f:25:f9:d7:f1:64:69:5a:28:c1:c3:f4:9b:b8:2c:f8:a3:
70:94:e6:83:ed:56:bb:f5:5d:16:3e:c0:33:1a:a8:1f:6a:db:
f5:10:0c:7f:5e:7f:f0:e5:80:6f:58:a1:cc:de:4e:c9:34:4c:
c7:05:44:fd:8e:ea:f6:52:ad:f2:8c:08:23:74:81:3c:20:0b:
db:f9:3d:dd:10:4f:96:26:be:9e:8b:dd:1f:a3:71:39:6c:79:
24:b5:5d:bf:93:26:f2:43:f3:e4:aa:04:0e:c8:25:d4:84:86:
14:c9:6c:d1
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYseTrG218pQaO/Wc+iYwQ+rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjMxMDExMTAzNTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTgzY2Q3M2IxOTdjMDQ4OTBmZGNiZDFlMDJkZmM1NTE4M2RjNDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uP1U4gXSpb/PpSprZnSqmWcg1Nc
Lx6EsXEXyc4GdbN4uOcgBxhHVpJl7kDmb8nJP+A5PdqSmS4Y1Vw/ZAo/fdsFsTc7
lwk05PUV7sUz66oSEubEh5z2Y2oPMu0NHTqTegTqOGcnMHmemUjSpeL18Mbl3roz
ba+PBrKZ6EYv1Fav+o/QLUoDN3PVIYKaaAsdIex9q4w8jwHhnCepvQ22aMDp68BP
CV+6uWBPDd8CDHOCpvj1MOQcp13J0J8gPEq0l0KAJShhQQkynpxOM35SDIYn5qhj
B7rbeU7gXzoRk90G5fliuudka7IIcUj1Pl/0LhBh1r7EKHowqOyrD5hX2wIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFKGDzXOxl8BIkP3L0eAt/FUYPcQ4MB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvb1lQTmM3R1h3RWlRX2N2UjRDMzhWUmc5eERnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAuBAIAATAoMAwDBAUuIKAD
BAAuIKIDBAIuIKQDBAEuIKowDAMEAC4gvQMEBi4ggDANBgkqhkiG9w0BAQsFAAOC
AQEALcKOL8KYLuSRrpk8leyRMUxq80vUiKTaf8/4PsqbG/rX+TixzuDFKf0qjLpW
SqqbtIfmm6UVpsjopOusYjEpMA8IfXVvONHKUEniM79yDNmkpAFDw0cOrJckaee4
wDoAocoY2Ect8PJWM2GwdYx7JaemJuahEVK8XIeqRh9USLy97JywKxM5OaOfGcxX
/CbHfn8l+dfxZGlaKMHD9Ju4LPijcJTmg+1Wu/VdFj7AMxqoH2rb9RAMf15/8OWA
b1ihzN5OyTRMxwVE/Y7q9lKt8owII3SBPCAL2/k93RBPlia+novdH6NxOWx5JLVd
v5Mm8kPz5KoEDsgl1ISGFMls0Q==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:30:27 2025 by rpki-client