Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/2a226d-c72c-4c12-bbba-a4b55a71c228/1/oh8mR88RMpceFDzzMuEPvy7qjcE.roa
File: oh8mR88RMpceFDzzMuEPvy7qjcE.roa (raw, json)
Hash identifier: 5pgxmhvGke3JYtvQv4bUOkKEYKKSkWh35P6JKPYlg8U=
Subject key identifier: A2:1F:26:47:CF:11:32:97:1E:14:3C:F3:32:E1:0F:BF:2E:EA:8D:C1
Certificate issuer: /CN=2db616f3ad0363e7269cc2eb58d1bc086cc975f2
Certificate serial: 01856EB9004A471EF67B43B0D1B0E9EBA186
Authority key identifier: 2D:B6:16:F3:AD:03:63:E7:26:9C:C2:EB:58:D1:BC:08:6C:C9:75:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LbYW860DY-cmnMLrWNG8CGzJdfI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/2a226d-c72c-4c12-bbba-a4b55a71c228/1/oh8mR88RMpceFDzzMuEPvy7qjcE.roa
Signing time: Sun 01 Jan 2023 19:04:56 +0000
ROA not before: Sun 01 Jan 2023 19:04:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51056
IP address blocks: 109.233.192.0/21 maxlen: 24
185.64.236.0/22 maxlen: 24
2a02:1618::/32 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:b9:00:4a:47:1e:f6:7b:43:b0:d1:b0:e9:eb:a1:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2db616f3ad0363e7269cc2eb58d1bc086cc975f2
Validity
Not Before: Jan 1 19:04:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a21f2647cf1132971e143cf332e10fbf2eea8dc1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:70:5a:2f:32:7b:c7:24:0d:61:c3:6a:68:a6:
3a:15:5e:a1:f1:83:da:91:10:d2:62:51:d7:4c:58:
41:d0:1c:c3:ab:83:fb:a1:dc:c1:20:c1:57:f6:24:
55:6d:8d:cd:00:73:64:31:21:89:65:8b:17:b7:32:
0f:aa:2f:1d:b2:25:7d:f2:3e:7d:e2:8e:1c:5b:2d:
f5:25:b2:a2:34:0e:88:5f:b0:e7:c9:ed:00:a1:9b:
62:55:0a:00:ac:c0:6c:41:c6:05:86:d3:f4:21:34:
41:ea:2f:52:47:e5:e4:f3:99:27:16:76:fe:f5:77:
12:7c:c8:bf:f0:f7:1a:06:4e:28:57:86:e4:63:ec:
c4:ae:13:0f:fc:61:44:00:dd:a7:02:ac:28:47:a3:
c2:51:fe:99:f5:35:60:c5:7d:f4:11:0e:e7:7a:51:
b6:ba:d1:0c:ed:c8:5c:dc:77:19:0d:dc:79:89:34:
2e:49:9d:77:f7:2f:59:32:52:b5:b2:4b:ed:2d:39:
12:8c:3f:06:31:5d:d0:66:76:57:4a:22:e2:3e:0a:
58:56:26:6e:28:64:71:1f:9a:8a:cc:f8:96:bb:cc:
9c:e7:6e:43:41:3f:a2:0e:b1:09:c7:dc:dd:a0:2d:
fb:08:b1:8a:98:d1:df:a1:9e:43:91:5e:2a:ec:d8:
55:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:1F:26:47:CF:11:32:97:1E:14:3C:F3:32:E1:0F:BF:2E:EA:8D:C1
X509v3 Authority Key Identifier:
keyid:2D:B6:16:F3:AD:03:63:E7:26:9C:C2:EB:58:D1:BC:08:6C:C9:75:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LbYW860DY-cmnMLrWNG8CGzJdfI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2a226d-c72c-4c12-bbba-a4b55a71c228/1/oh8mR88RMpceFDzzMuEPvy7qjcE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/2a226d-c72c-4c12-bbba-a4b55a71c228/1/LbYW860DY-cmnMLrWNG8CGzJdfI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.233.192.0/21
185.64.236.0/22
IPv6:
2a02:1618::/32
Signature Algorithm: sha256WithRSAEncryption
7c:f2:44:33:03:9c:ea:3b:54:de:01:e4:69:fd:15:14:3c:16:
52:e2:fc:b0:8a:16:ef:51:ad:d3:4d:c6:f7:eb:ab:2c:20:bd:
2f:bd:03:8a:d9:2c:4b:cd:d6:31:c4:38:42:39:d2:53:8d:c0:
35:5d:3c:ec:f4:af:76:30:15:2f:5e:a2:55:8e:f6:0f:90:9e:
98:4b:9c:b2:3c:eb:0b:41:56:13:3a:d6:8e:7b:70:9c:6d:de:
4b:f3:2b:96:a4:41:be:b7:f1:3d:54:ff:88:e0:a0:28:a0:e3:
57:41:bf:0e:5b:7f:ad:df:ed:2e:7b:a0:a9:9b:03:d5:a9:c4:
c8:f9:3a:27:4d:80:4b:8f:80:05:97:a0:7e:c0:54:b1:33:9b:
f9:01:4f:97:5e:2e:1c:5f:f5:08:15:ab:16:d9:1d:b6:26:55:
aa:fb:43:be:e0:23:ef:33:1a:a0:53:85:2a:0f:35:74:e3:b9:
b0:12:af:d5:62:ca:cc:4c:77:35:cc:ef:ae:80:15:7b:6f:4c:
47:b7:ab:f7:de:a6:9e:2d:18:51:0b:e3:54:ed:79:55:7d:56:
5d:42:fe:1e:ef:9c:16:9e:f4:fb:d5:49:97:6f:68:c6:4f:c2:
f8:ed:0f:39:e1:5e:e1:07:61:27:db:89:8e:57:d1:f4:47:ac:
cc:f3:f8:58
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVuuQBKRx72e0Ow0bDp66GGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkYjYxNmYzYWQwMzYzZTcyNjljYzJlYjU4ZDFiYzA4NmNj
OTc1ZjIwHhcNMjMwMTAxMTkwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjFmMjY0N2NmMTEzMjk3MWUxNDNjZjMzMmUxMGZiZjJlZWE4ZGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3BaLzJ7xyQNYcNqaKY6FV6h8YPa
kRDSYlHXTFhB0BzDq4P7odzBIMFX9iRVbY3NAHNkMSGJZYsXtzIPqi8dsiV98j59
4o4cWy31JbKiNA6IX7Dnye0AoZtiVQoArMBsQcYFhtP0ITRB6i9SR+Xk85knFnb+
9XcSfMi/8PcaBk4oV4bkY+zErhMP/GFEAN2nAqwoR6PCUf6Z9TVgxX30EQ7nelG2
utEM7chc3HcZDdx5iTQuSZ139y9ZMlK1skvtLTkSjD8GMV3QZnZXSiLiPgpYViZu
KGRxH5qKzPiWu8yc525DQT+iDrEJx9zdoC37CLGKmNHfoZ5DkV4q7NhVmwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKIfJkfPETKXHhQ88zLhD78u6o3BMB8GA1UdIwQY
MBaAFC22FvOtA2PnJpzC61jRvAhsyXXyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGJZVzg2MERZLWNtbk1McldORzhDR3pKZGZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yYTIyNmQtYzcyYy00YzEyLWJiYmEt
YTRiNTVhNzFjMjI4LzEvb2g4bVI4OFJNcGNlRkR6ek11RVB2eTdxamNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yYTIyNmQtYzcyYy00YzEyLWJiYmEtYTRiNTVhNzFjMjI4
LzEvTGJZVzg2MERZLWNtbk1McldORzhDR3pKZGZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDbenAAwQC
uUDsMA0EAgACMAcDBQAqAhYYMA0GCSqGSIb3DQEBCwUAA4IBAQB88kQzA5zqO1Te
AeRp/RUUPBZS4vywihbvUa3TTcb366ssIL0vvQOK2SxLzdYxxDhCOdJTjcA1XTzs
9K92MBUvXqJVjvYPkJ6YS5yyPOsLQVYTOtaOe3Ccbd5L8yuWpEG+t/E9VP+I4KAo
oONXQb8OW3+t3+0ue6CpmwPVqcTI+TonTYBLj4AFl6B+wFSxM5v5AU+XXi4cX/UI
FasW2R22JlWq+0O+4CPvMxqgU4UqDzV047mwEq/VYsrMTHc1zO+ugBV7b0xHt6v3
3qaeLRhRC+NU7XlVfVZdQv4e75wWnvT71UmXb2jGT8L47Q854V7hB2En24mOV9H0
R6zM8/hY
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:01:58 2025 by rpki-client