Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ZkVQpKAAyys-ZkiZFglDWT6UWsA.roa
File: ZkVQpKAAyys-ZkiZFglDWT6UWsA.roa (raw, json)
Hash identifier: RiFMTHMpC4j2mBx7YLTDYnxzQTjfTkcFhDmHoeNfZO4=
Subject key identifier: 66:45:50:A4:A0:00:CB:2B:3E:66:48:99:16:09:43:59:3E:94:5A:C0
Certificate issuer: /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial: 018B95E8FC16EE6CFE19187BB7A2D35DDE85
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ZkVQpKAAyys-ZkiZFglDWT6UWsA.roa
Signing time: Fri 03 Nov 2023 15:59:15 +0000
ROA not before: Fri 03 Nov 2023 15:59:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34458
IP address blocks: 46.20.106.0/24 maxlen: 24
46.20.111.0/24 maxlen: 24
185.100.170.0/24 maxlen: 24
185.100.171.0/24 maxlen: 24
185.100.168.0/24 maxlen: 24
185.100.169.0/24 maxlen: 24
46.20.104.0/24 maxlen: 24
185.169.222.0/24 maxlen: 24
185.169.223.0/24 maxlen: 24
46.20.101.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:95:e8:fc:16:ee:6c:fe:19:18:7b:b7:a2:d3:5d:de:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
Validity
Not Before: Nov 3 15:59:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=664550a4a000cb2b3e664899160943593e945ac0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:17:4b:78:1c:35:77:5e:1b:45:39:a0:39:9f:
95:45:23:5f:dc:71:97:00:a6:53:e8:84:c8:93:ea:
11:d4:84:0e:9b:b6:ca:13:10:55:3f:2e:79:78:a7:
80:24:c8:49:f0:1a:42:3b:a4:b6:a7:9c:9e:8a:d1:
04:53:a1:ed:40:cf:8d:57:d3:b5:c7:c5:7c:ea:32:
b6:2e:05:21:bf:c3:5c:8b:01:13:56:9e:6f:0b:21:
a7:01:1d:e6:06:cc:42:e8:ff:b0:65:2a:c2:c5:1c:
55:57:70:f8:58:d3:e7:9c:a5:b9:2f:1a:e8:76:ea:
da:c2:f4:94:f0:f3:0a:3b:57:16:60:4a:81:94:74:
a6:c4:c5:c8:86:ad:43:a9:86:ce:42:11:c4:1f:b6:
0b:1c:39:c1:10:6c:c7:9e:c6:c8:a6:20:33:c6:9c:
47:4c:f6:77:9c:2b:f7:c9:f8:a5:82:db:61:93:5a:
5f:0e:1d:11:c4:0f:fb:e1:bf:5e:f2:f1:bf:d1:86:
79:ed:1c:d5:f5:a8:68:b4:47:98:bc:f0:08:74:1c:
fa:0d:ac:32:d6:0e:6a:56:29:b2:9b:4d:9b:5f:94:
e0:27:96:ab:75:d0:88:3a:2e:86:0c:75:ea:58:41:
cc:40:30:19:0a:38:e4:37:c7:94:37:6e:ef:a5:4f:
cf:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:45:50:A4:A0:00:CB:2B:3E:66:48:99:16:09:43:59:3E:94:5A:C0
X509v3 Authority Key Identifier:
keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/ZkVQpKAAyys-ZkiZFglDWT6UWsA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.20.101.0/24
46.20.104.0/24
46.20.106.0/24
46.20.111.0/24
185.100.168.0/22
185.169.222.0/23
Signature Algorithm: sha256WithRSAEncryption
5c:64:cf:29:80:9b:06:92:fc:f4:ac:a8:79:db:45:77:5d:c3:
7b:08:06:92:77:21:f2:64:3d:46:a7:aa:c5:b7:0f:d7:09:5f:
e9:ad:78:5c:dd:45:9c:4a:08:38:2a:e6:42:bd:d8:e0:9c:9e:
43:c1:82:dd:56:1a:40:70:ed:ae:55:6e:33:0c:38:96:35:db:
16:04:15:2c:01:d7:6f:40:ed:06:f2:1f:68:8e:98:6e:aa:21:
7f:7e:3a:19:9b:11:e7:45:e2:71:d0:ae:f6:1a:6f:a6:af:fe:
91:15:33:15:72:41:a3:5e:33:6f:46:b7:3e:be:4d:32:42:00:
13:e2:7e:7b:d3:6e:25:50:2c:39:02:e8:9f:65:a6:3d:f8:65:
a8:bb:f0:28:0d:bc:c4:e2:87:32:e4:6b:2e:3b:27:4d:aa:d4:
b3:a3:9d:b8:c6:ff:5f:62:31:51:a3:bb:fd:6e:78:57:36:7d:
e0:10:11:e9:af:f6:74:b5:3b:76:51:15:a6:93:67:2f:14:5b:
d7:68:15:36:4d:83:f3:0e:fc:77:7f:49:99:be:e4:c6:46:27:
5b:92:b6:5d:96:fc:bf:c6:79:c9:90:a4:dd:be:8d:6e:a7:e7:
2b:99:6f:45:05:7a:96:a3:73:02:73:28:cc:a2:0a:28:bb:93:
38:e5:f5:9f
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYuV6PwW7mz+GRh7t6LTXd6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjMxMTAzMTU1OTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjQ1NTBhNGEwMDBjYjJiM2U2NjQ4OTkxNjA5NDM1OTNlOTQ1YWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRdLeBw1d14bRTmgOZ+VRSNf3HGX
AKZT6ITIk+oR1IQOm7bKExBVPy55eKeAJMhJ8BpCO6S2p5yeitEEU6HtQM+NV9O1
x8V86jK2LgUhv8NciwETVp5vCyGnAR3mBsxC6P+wZSrCxRxVV3D4WNPnnKW5Lxro
durawvSU8PMKO1cWYEqBlHSmxMXIhq1DqYbOQhHEH7YLHDnBEGzHnsbIpiAzxpxH
TPZ3nCv3yfilgtthk1pfDh0RxA/74b9e8vG/0YZ57RzV9ahotEeYvPAIdBz6Dawy
1g5qVimym02bX5TgJ5arddCIOi6GDHXqWEHMQDAZCjjkN8eUN27vpU/PgwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFGZFUKSgAMsrPmZImRYJQ1k+lFrAMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvWmtWUXBLQUF5eXMtWmtpWkZnbERXVDZVV3NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALhRlAwQA
LhRoAwQALhRqAwQALhRvAwQCuWSoAwQBuaneMA0GCSqGSIb3DQEBCwUAA4IBAQBc
ZM8pgJsGkvz0rKh520V3XcN7CAaSdyHyZD1Gp6rFtw/XCV/prXhc3UWcSgg4KuZC
vdjgnJ5DwYLdVhpAcO2uVW4zDDiWNdsWBBUsAddvQO0G8h9ojphuqiF/fjoZmxHn
ReJx0K72Gm+mr/6RFTMVckGjXjNvRrc+vk0yQgAT4n57024lUCw5AuifZaY9+GWo
u/AoDbzE4ocy5GsuOydNqtSzo524xv9fYjFRo7v9bnhXNn3gEBHpr/Z0tTt2URWm
k2cvFFvXaBU2TYPzDvx3f0mZvuTGRidbkrZdlvy/xnnJkKTdvo1up+crmW9FBXqW
o3MCcyjMogoou5M45fWf
-----END CERTIFICATE-----
Generated at Sun May 11 12:20:31 2025 by rpki-client