Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/hLnXlS3AsD_kycBxIzwRzT2cLNY.roa
File: hLnXlS3AsD_kycBxIzwRzT2cLNY.roa (raw, json)
Hash identifier: bfOMzY7YaSifw9yQxTBRXpkZVRPzR1cTpQBXSMLohJg=
Subject key identifier: 84:B9:D7:95:2D:C0:B0:3F:E4:C9:C0:71:23:3C:11:CD:3D:9C:2C:D6
Certificate issuer: /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial: 0186CD97A81214464DF59A876D150AE7EE86
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/hLnXlS3AsD_kycBxIzwRzT2cLNY.roa
Signing time: Fri 10 Mar 2023 22:15:13 +0000
ROA not before: Fri 10 Mar 2023 22:15:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 393427
IP address blocks: 46.3.160.0/24 maxlen: 24
46.3.161.0/24 maxlen: 24
46.3.162.0/24 maxlen: 24
46.3.163.0/24 maxlen: 24
46.3.184.0/24 maxlen: 24
46.3.185.0/24 maxlen: 24
46.3.186.0/24 maxlen: 24
46.3.187.0/24 maxlen: 24
46.3.188.0/24 maxlen: 24
46.3.101.0/24 maxlen: 24
46.3.88.0/24 maxlen: 24
46.3.89.0/24 maxlen: 24
46.3.90.0/24 maxlen: 24
46.3.91.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:cd:97:a8:12:14:46:4d:f5:9a:87:6d:15:0a:e7:ee:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
Validity
Not Before: Mar 10 22:15:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=84b9d7952dc0b03fe4c9c071233c11cd3d9c2cd6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:b8:00:9c:8a:7b:65:6e:a2:da:4e:9d:f5:63:
8f:5a:88:1c:f0:b2:ce:13:4f:f9:c7:ac:8a:eb:bf:
a3:5c:19:9a:a3:74:ae:dd:66:76:b2:c1:47:ba:9e:
89:29:2e:34:2d:50:62:76:a3:94:52:5e:d4:e0:d1:
c2:08:c3:63:ea:22:2b:03:e5:29:93:41:8b:f9:6f:
e0:5b:56:33:79:44:05:5e:5c:b2:c8:9e:ba:5a:0f:
c8:71:57:64:76:6c:7a:1f:e0:0f:14:f5:2c:d9:97:
e7:e1:1a:f2:e0:6d:66:58:85:54:74:e3:9b:f7:7f:
a8:ab:86:1b:7f:f2:1e:33:4d:d7:cf:39:1f:9a:5a:
b4:63:e7:88:33:83:ac:b8:a0:54:0b:03:64:7d:6e:
88:61:29:84:58:7a:2f:89:96:76:ff:05:bf:c5:df:
60:1c:2d:5d:1b:0a:a7:57:7d:d8:89:51:64:3f:0a:
4d:a5:76:09:3f:2a:ab:eb:f8:4d:2b:a9:82:d8:e7:
3f:8e:ff:9f:33:54:9a:14:35:94:41:26:6c:74:c5:
1d:9a:65:14:59:3c:4b:25:ce:3f:c6:d4:6b:f9:3f:
ea:45:cf:96:0a:00:b1:fc:a2:29:43:71:7e:92:be:
48:a4:75:2d:65:ee:1f:8c:ad:ea:d1:11:84:6c:5e:
d4:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:B9:D7:95:2D:C0:B0:3F:E4:C9:C0:71:23:3C:11:CD:3D:9C:2C:D6
X509v3 Authority Key Identifier:
keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/hLnXlS3AsD_kycBxIzwRzT2cLNY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.3.88.0/22
46.3.101.0/24
46.3.160.0/22
46.3.184.0-46.3.188.255
Signature Algorithm: sha256WithRSAEncryption
59:54:bc:25:aa:f9:e9:32:8e:7f:71:36:21:68:d6:33:b6:97:
5d:69:e7:08:3c:95:cf:43:b0:7f:6f:84:9e:f4:06:72:ba:d1:
43:c5:e1:05:11:00:09:66:8a:56:96:9e:8b:10:d2:12:6d:60:
d8:61:5e:03:5f:fa:17:cf:2a:80:9a:77:0c:2f:86:42:bd:d4:
59:a0:51:0e:5c:7a:ca:a8:3a:d4:7d:ff:39:b9:4e:7b:b5:40:
66:df:85:e3:03:74:2d:f5:c4:f3:b2:52:03:a5:f9:68:52:58:
f7:be:de:31:a8:31:37:0c:4a:60:f2:58:1e:20:84:7a:7b:61:
db:d8:36:a4:92:58:0b:52:e3:03:e8:96:3f:ab:3c:25:f2:1f:
8f:9f:f4:c7:53:48:fb:ab:d3:ad:be:72:ee:2b:30:21:ea:31:
4a:2f:20:d1:14:96:c6:d8:32:23:2b:c1:7a:75:93:da:bd:a8:
90:07:6b:0d:b9:9a:d1:2d:2a:61:ad:80:28:7e:65:e2:81:26:
75:1e:c1:76:38:12:f3:c2:c5:1d:2c:b0:b5:ce:24:56:57:15:
20:8d:35:27:b7:7a:8f:77:a4:1b:52:42:98:2e:cc:74:52:ea:
b7:bb:93:aa:fe:ff:8f:08:51:5a:8e:b1:0b:92:7e:23:cc:95:
5a:43:0b:b2
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYbNl6gSFEZN9ZqHbRUK5+6GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjMwMzEwMjIxNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGI5ZDc5NTJkYzBiMDNmZTRjOWMwNzEyMzNjMTFjZDNkOWMyY2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsLgAnIp7ZW6i2k6d9WOPWogc8LLO
E0/5x6yK67+jXBmao3Su3WZ2ssFHup6JKS40LVBidqOUUl7U4NHCCMNj6iIrA+Up
k0GL+W/gW1YzeUQFXlyyyJ66Wg/IcVdkdmx6H+APFPUs2Zfn4Rry4G1mWIVUdOOb
93+oq4Ybf/IeM03Xzzkfmlq0Y+eIM4OsuKBUCwNkfW6IYSmEWHoviZZ2/wW/xd9g
HC1dGwqnV33YiVFkPwpNpXYJPyqr6/hNK6mC2Oc/jv+fM1SaFDWUQSZsdMUdmmUU
WTxLJc4/xtRr+T/qRc+WCgCx/KIpQ3F+kr5IpHUtZe4fjK3q0RGEbF7U4wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIS515UtwLA/5MnAcSM8Ec09nCzWMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvaExuWGxTM0FzRF9reWNCeEl6d1J6VDJjTE5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCLgNYAwQA
LgNlAwQCLgOgMAwDBAMuA7gDBAAuA7wwDQYJKoZIhvcNAQELBQADggEBAFlUvCWq
+ekyjn9xNiFo1jO2l11p5wg8lc9DsH9vhJ70BnK60UPF4QURAAlmilaWnosQ0hJt
YNhhXgNf+hfPKoCadwwvhkK91FmgUQ5cesqoOtR9/zm5Tnu1QGbfheMDdC31xPOy
UgOl+WhSWPe+3jGoMTcMSmDyWB4ghHp7YdvYNqSSWAtS4wPolj+rPCXyH4+f9MdT
SPur062+cu4rMCHqMUovINEUlsbYMiMrwXp1k9q9qJAHaw25mtEtKmGtgCh+ZeKB
JnUewXY4EvPCxR0ssLXOJFZXFSCNNSe3eo93pBtSQpguzHRS6re7k6r+/48IUVqO
sQuSfiPMlVpDC7I=
-----END CERTIFICATE-----
Generated at Sun Jun 15 01:16:29 2025 by rpki-client