Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/3HQs5yXCrU91SQ3CLm226br5DP0.roa
File: 3HQs5yXCrU91SQ3CLm226br5DP0.roa (raw, json)
Hash identifier: VnjH02KbBzq26cwJGPtRqXhcUgG71yPDOdXKUi1cu3Q=
Subject key identifier: DC:74:2C:E7:25:C2:AD:4F:75:49:0D:C2:2E:6D:B6:E9:BA:F9:0C:FD
Certificate issuer: /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial: 018476334E7849C9DE1246A25F2E330BA8DE
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/3HQs5yXCrU91SQ3CLm226br5DP0.roa
Signing time: Mon 14 Nov 2022 12:53:04 +0000
ROA not before: Mon 14 Nov 2022 12:53:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8263
IP address blocks: 109.188.0.0/16 maxlen: 24
46.29.192.0/21 maxlen: 24
212.14.160.0/19 maxlen: 24
195.230.64.0/19 maxlen: 24
77.233.160.0/19 maxlen: 24
195.149.111.0/24 maxlen: 24
195.16.96.0/19 maxlen: 24
85.26.128.0/17 maxlen: 24
79.171.8.0/21 maxlen: 24
81.24.128.0/20 maxlen: 24
195.78.116.0/23 maxlen: 24
78.41.100.0/22 maxlen: 24
193.201.228.0/22 maxlen: 24
178.23.144.0/21 maxlen: 24
109.124.64.0/18 maxlen: 24
83.169.192.0/18 maxlen: 24
213.154.160.0/19 maxlen: 24
213.168.32.0/19 maxlen: 24
185.3.32.0/22 maxlen: 24
94.25.128.0/17 maxlen: 24
93.153.128.0/17 maxlen: 24
86.109.192.0/19 maxlen: 24
212.69.96.0/19 maxlen: 24
188.162.0.0/16 maxlen: 24
188.94.168.0/21 maxlen: 24
109.74.112.0/20 maxlen: 24
46.232.200.0/21 maxlen: 24
78.25.64.0/18 maxlen: 24
62.64.0.0/19 maxlen: 24
178.176.224.0/24 maxlen: 24
185.210.140.0/22 maxlen: 24
178.176.226.0/24 maxlen: 24
178.176.225.0/24 maxlen: 24
212.119.160.0/19 maxlen: 24
80.247.176.0/20 maxlen: 24
91.193.212.0/22 maxlen: 24
213.243.64.0/18 maxlen: 24
217.115.80.0/20 maxlen: 24
83.222.192.0/19 maxlen: 24
212.44.64.0/19 maxlen: 24
195.5.128.0/19 maxlen: 24
46.229.128.0/20 maxlen: 24
83.229.128.0/17 maxlen: 24
128.204.64.0/18 maxlen: 24
95.137.0.0/17 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:76:33:4e:78:49:c9:de:12:46:a2:5f:2e:33:0b:a8:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Validity
Not Before: Nov 14 12:53:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dc742ce725c2ad4f75490dc22e6db6e9baf90cfd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:c9:72:0e:ab:b0:2e:e0:d2:66:0b:a5:c0:7b:
e8:f3:9c:7c:97:b2:97:0a:21:34:0f:56:3c:da:3a:
8b:30:93:31:92:ed:57:be:38:a1:69:ab:f5:33:c3:
75:a7:93:cc:a6:e3:d1:84:24:cb:15:eb:68:46:fa:
7d:88:70:90:ed:84:a4:f2:19:27:71:71:f1:fd:3a:
54:bc:41:9b:00:1c:d4:5f:50:5b:96:35:07:d7:9d:
ea:3b:d3:f0:1f:15:d8:97:e8:c9:70:ff:31:a2:91:
ae:93:93:51:2b:de:37:f6:4e:24:dc:89:56:4c:c7:
d7:92:7a:9d:e5:75:60:fd:16:e5:47:ec:73:cc:4a:
2b:59:51:cf:41:d0:d5:89:d4:36:b4:98:85:11:9b:
2c:af:7f:7d:d8:e2:32:27:c6:4b:e1:d0:b8:cb:e7:
4d:58:52:77:80:08:fe:f9:14:34:38:15:16:eb:3c:
2f:64:88:63:95:24:e0:fb:29:58:7d:89:9c:90:bb:
7f:81:70:bf:86:ce:5d:23:d3:c1:b5:6a:fd:25:ad:
db:1e:86:de:45:c5:54:48:31:3f:4a:0c:6e:b4:8c:
a4:30:cc:80:e4:bd:e0:96:51:72:a1:f4:84:b7:8d:
f8:bb:06:7f:d3:11:ab:bc:1f:70:99:23:1a:4d:a6:
25:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:74:2C:E7:25:C2:AD:4F:75:49:0D:C2:2E:6D:B6:E9:BA:F9:0C:FD
X509v3 Authority Key Identifier:
keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/3HQs5yXCrU91SQ3CLm226br5DP0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.29.192.0/21
46.229.128.0/20
46.232.200.0/21
62.64.0.0/19
77.233.160.0/19
78.25.64.0/18
78.41.100.0/22
79.171.8.0/21
80.247.176.0/20
81.24.128.0/20
83.169.192.0/18
83.222.192.0/19
83.229.128.0/17
85.26.128.0/17
86.109.192.0/19
91.193.212.0/22
93.153.128.0/17
94.25.128.0/17
95.137.0.0/17
109.74.112.0/20
109.124.64.0/18
109.188.0.0/16
128.204.64.0/18
178.23.144.0/21
178.176.224.0-178.176.226.255
185.3.32.0/22
185.210.140.0/22
188.94.168.0/21
188.162.0.0/16
193.201.228.0/22
195.5.128.0/19
195.16.96.0/19
195.78.116.0/23
195.149.111.0/24
195.230.64.0/19
212.14.160.0/19
212.44.64.0/19
212.69.96.0/19
212.119.160.0/19
213.154.160.0/19
213.168.32.0/19
213.243.64.0/18
217.115.80.0/20
Signature Algorithm: sha256WithRSAEncryption
60:a1:a8:51:0c:65:a9:96:ad:a8:2e:62:8c:f1:dd:2c:07:f7:
43:df:49:12:b9:15:74:43:cc:04:03:99:b1:f5:95:27:d9:b9:
09:5f:ed:f3:91:78:42:20:3f:64:1f:04:9a:e3:d3:a5:ef:09:
72:39:33:66:28:7b:3d:37:4e:54:e3:92:30:54:83:6a:c3:8a:
04:58:e8:29:de:26:e9:9e:a6:83:6e:79:ad:53:74:bf:c5:af:
b8:0f:ec:52:b8:3a:bf:37:45:d1:c0:e6:10:15:37:bd:9b:4c:
64:3c:93:22:46:dc:a2:c9:b9:b8:30:49:e5:58:5a:cb:c8:fb:
fd:bc:eb:b0:ac:51:23:4e:43:fa:7c:b9:dd:c5:3d:8f:00:d4:
8a:d1:75:0e:4f:57:a8:1c:81:9e:3c:37:65:02:2d:d4:93:d8:
e4:93:3f:17:dc:bc:3e:33:41:14:c3:22:c1:44:42:a0:94:87:
91:c3:b5:14:96:b2:76:04:3e:59:45:e9:dd:db:98:54:54:f8:
82:12:aa:77:2e:29:d2:3a:61:82:c1:4a:18:6e:c2:41:ca:c3:
70:dd:8d:71:95:d0:9e:f2:54:70:38:76:2b:b0:38:04:99:7e:
af:79:8f:92:d1:6f:0d:a4:46:4b:2e:21:0a:b4:35:ff:e1:31:
fe:4c:6b:57
-----BEGIN CERTIFICATE-----
MIIGCTCCBPGgAwIBAgISAYR2M054ScneEkaiXy4zC6jeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjIxMTE0MTI1MzA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzc0MmNlNzI1YzJhZDRmNzU0OTBkYzIyZTZkYjZlOWJhZjkwY2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58lyDquwLuDSZgulwHvo85x8l7KX
CiE0D1Y82jqLMJMxku1Xvjihaav1M8N1p5PMpuPRhCTLFetoRvp9iHCQ7YSk8hkn
cXHx/TpUvEGbABzUX1BbljUH153qO9PwHxXYl+jJcP8xopGuk5NRK9439k4k3IlW
TMfXknqd5XVg/RblR+xzzEorWVHPQdDVidQ2tJiFEZssr3992OIyJ8ZL4dC4y+dN
WFJ3gAj++RQ0OBUW6zwvZIhjlSTg+ylYfYmckLt/gXC/hs5dI9PBtWr9Ja3bHobe
RcVUSDE/SgxutIykMMyA5L3gllFyofSEt434uwZ/0xGrvB9wmSMaTaYlswIDAQAB
o4IDFTCCAxEwHQYDVR0OBBYEFNx0LOclwq1PdUkNwi5ttum6+Qz9MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvM0hRczV5WENyVTkxU1EzQ0xtMjI2YnI1RFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKQYIKwYBBQUHAQcBAf8EggEYMIIBFDCCARAEAgABMIIB
CAMEAy4dwAMEBC7lgAMEAy7oyAMEBT5AAAMEBU3poAMEBk4ZQAMEAk4pZAMEA0+r
CAMEBFD3sAMEBFEYgAMEBlOpwAMEBVPewAMEB1PlgAMEB1UagAMEBVZtwAMEAlvB
1AMEB12ZgAMEB14ZgAMEB1+JAAMEBG1KcAMEBm18QAMDAG28AwQGgMxAAwQDsheQ
MAwDBAWysOADBACysOIDBAK5AyADBAK50owDBAO8XqgDAwC8ogMEAsHJ5AMEBcMF
gAMEBcMQYAMEAcNOdAMEAMOVbwMEBcPmQAMEBdQOoAMEBdQsQAMEBdRFYAMEBdR3
oAMEBdWaoAMEBdWoIAMEBtXzQAMEBNlzUDANBgkqhkiG9w0BAQsFAAOCAQEAYKGo
UQxlqZatqC5ijPHdLAf3Q99JErkVdEPMBAOZsfWVJ9m5CV/t85F4QiA/ZB8EmuPT
pe8JcjkzZih7PTdOVOOSMFSDasOKBFjoKd4m6Z6mg255rVN0v8WvuA/sUrg6vzdF
0cDmEBU3vZtMZDyTIkbcosm5uDBJ5Vhay8j7/bzrsKxRI05D+ny53cU9jwDUitF1
Dk9XqByBnjw3ZQIt1JPY5JM/F9y8PjNBFMMiwURCoJSHkcO1FJaydgQ+WUXp3duY
VFT4ghKqdy4p0jphgsFKGG7CQcrDcN2NcZXQnvJUcDh2K7A4BJl+r3mPktFvDaRG
Sy4hCrQ1/+Ex/kxrVw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:24 2024 by rpki-client on console-fra.rpki-client.org