Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/PEKfG08FMJDuavlr0WqwWybEvOc.roa
File: PEKfG08FMJDuavlr0WqwWybEvOc.roa (raw, json)
Hash identifier: 5ihj8dz7LJl4c0/WbjpxamhmILonSqaz3LmyanYfVig=
Subject key identifier: 3C:42:9F:1B:4F:05:30:90:EE:6A:F9:6B:D1:6A:B0:5B:26:C4:BC:E7
Certificate issuer: /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial: 018539832A1EA5321E642D695A5DA98D27D2
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/PEKfG08FMJDuavlr0WqwWybEvOc.roa
Signing time: Thu 22 Dec 2022 11:06:15 +0000
ROA not before: Thu 22 Dec 2022 11:06:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29119
IP address blocks: 45.146.224.0/22 maxlen: 24
185.131.188.0/22 maxlen: 24
185.151.176.0/22 maxlen: 24
185.230.0.0/22 maxlen: 24
141.98.52.0/22 maxlen: 24
185.114.64.0/22 maxlen: 24
185.123.136.0/22 maxlen: 24
185.126.232.0/22 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:39:83:2a:1e:a5:32:1e:64:2d:69:5a:5d:a9:8d:27:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Validity
Not Before: Dec 22 11:06:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3c429f1b4f053090ee6af96bd16ab05b26c4bce7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:5a:1f:ca:c6:cc:0b:ea:7f:dc:5e:0c:ac:ef:
cb:8c:a3:80:5b:80:43:c0:dd:c3:6c:ce:14:b0:3b:
ef:e4:13:d3:09:51:f1:b9:0f:64:e3:5a:4d:e0:cf:
2d:20:72:82:6a:dd:f5:0b:a0:ee:fd:6f:92:bf:f1:
06:0d:70:62:7b:fa:e9:b1:1b:a3:ed:f7:e3:6b:16:
87:e9:21:f0:84:5f:72:73:45:6e:5f:cc:4b:ba:39:
cf:ed:27:66:75:a2:46:89:e9:b3:d9:3a:79:14:27:
02:28:49:71:5b:05:80:fa:46:f9:5e:72:39:cd:ef:
3f:cd:34:c8:e4:46:95:ec:5d:c8:1a:28:7d:1b:57:
81:3e:23:2b:90:0a:0b:d3:61:dc:0f:ad:bf:85:34:
a3:94:e6:02:15:11:ce:bc:f7:ae:1e:f0:89:34:e0:
25:07:f1:20:2c:66:43:0b:67:87:ae:42:d3:ab:17:
0e:15:da:79:0b:a5:40:e4:86:57:de:c5:8f:a7:33:
bb:59:e0:32:49:4b:52:02:73:cb:fd:ef:8e:fe:3d:
8b:9d:c1:0d:4c:91:b4:fe:52:1b:45:8b:53:08:97:
4a:49:ed:7e:88:85:e7:8c:f2:fc:e6:52:7d:c1:c8:
52:32:83:6e:0a:0c:19:bc:ae:9b:a0:f3:e0:00:7e:
69:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:42:9F:1B:4F:05:30:90:EE:6A:F9:6B:D1:6A:B0:5B:26:C4:BC:E7
X509v3 Authority Key Identifier:
keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/PEKfG08FMJDuavlr0WqwWybEvOc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.224.0/22
141.98.52.0/22
185.114.64.0/22
185.123.136.0/22
185.126.232.0/22
185.131.188.0/22
185.151.176.0/22
185.230.0.0/22
Signature Algorithm: sha256WithRSAEncryption
71:e7:dc:c3:3d:21:5f:53:57:54:af:4b:0c:98:9d:d3:0f:9c:
0b:6c:54:9a:e4:1b:eb:6c:60:0b:4d:85:12:5d:39:cf:6c:0b:
dd:ed:22:7b:88:b6:b5:fb:13:da:d7:dc:a1:63:0c:a1:3a:e3:
d9:79:c0:b7:65:ae:a8:bd:c9:fc:50:57:3b:d1:30:86:ae:76:
ba:98:54:cd:ba:5a:75:e4:8e:67:b2:92:25:92:f2:fb:9c:68:
53:2e:37:0b:80:33:fb:8d:d3:d7:80:b7:b1:15:91:9f:af:15:
c0:d1:60:cb:2f:6c:f6:06:f9:74:f8:9e:73:dd:e1:13:8d:3a:
85:fa:b0:e8:66:d8:5d:be:88:fe:3b:e1:0d:2a:fd:4f:a9:9b:
14:b4:a8:fa:fc:18:a7:c6:ef:14:13:84:ab:9e:33:84:a2:8a:
f8:ff:6c:fc:90:21:a4:32:6e:29:7e:60:f1:61:f6:30:c2:75:
96:16:5b:56:dc:e2:29:a2:84:b3:81:3f:94:6b:60:cf:ed:6d:
73:30:3b:7d:85:8d:fe:3a:14:56:f0:06:10:c3:2f:f4:5f:20:
17:15:08:c8:3d:2a:ae:07:38:89:14:2b:1f:b1:aa:db:1c:96:
7a:4b:76:02:9f:ed:71:00:51:21:ab:c8:d6:ff:78:58:a8:60:
7d:b3:e8:f4
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYU5gyoepTIeZC1pWl2pjSfSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjIxMjIyMTEwNjE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQyOWYxYjRmMDUzMDkwZWU2YWY5NmJkMTZhYjA1YjI2YzRiY2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FofysbMC+p/3F4MrO/LjKOAW4BD
wN3DbM4UsDvv5BPTCVHxuQ9k41pN4M8tIHKCat31C6Du/W+Sv/EGDXBie/rpsRuj
7ffjaxaH6SHwhF9yc0VuX8xLujnP7SdmdaJGiemz2Tp5FCcCKElxWwWA+kb5XnI5
ze8/zTTI5EaV7F3IGih9G1eBPiMrkAoL02HcD62/hTSjlOYCFRHOvPeuHvCJNOAl
B/EgLGZDC2eHrkLTqxcOFdp5C6VA5IZX3sWPpzO7WeAySUtSAnPL/e+O/j2LncEN
TJG0/lIbRYtTCJdKSe1+iIXnjPL85lJ9wchSMoNuCgwZvK6boPPgAH5pewIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDxCnxtPBTCQ7mr5a9FqsFsmxLznMB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvUEVLZkcwOEZNSkR1YXZscjBXcXdXeWJFdk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLZLgAwQC
jWI0AwQCuXJAAwQCuXuIAwQCuX7oAwQCuYO8AwQCuZewAwQCueYAMA0GCSqGSIb3
DQEBCwUAA4IBAQBx59zDPSFfU1dUr0sMmJ3TD5wLbFSa5BvrbGALTYUSXTnPbAvd
7SJ7iLa1+xPa19yhYwyhOuPZecC3Za6ovcn8UFc70TCGrna6mFTNulp15I5nspIl
kvL7nGhTLjcLgDP7jdPXgLexFZGfrxXA0WDLL2z2Bvl0+J5z3eETjTqF+rDoZthd
voj+O+ENKv1PqZsUtKj6/Binxu8UE4SrnjOEoor4/2z8kCGkMm4pfmDxYfYwwnWW
FltW3OIpooSzgT+Ua2DP7W1zMDt9hY3+OhRW8AYQwy/0XyAXFQjIPSquBziJFCsf
sarbHJZ6S3YCn+1xAFEhq8jW/3hYqGB9s+j0
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:42:11 2023 by rpki-client on console.sobornost.net