Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/3-O5zt7E1NQMnbWpMK7HGXx3t-o.roa
File: 3-O5zt7E1NQMnbWpMK7HGXx3t-o.roa (raw, json)
Hash identifier: gCsWvQUyQ3k9/vToQ3tkScIK2eQowrxZO24zdxUx2Ys=
Subject key identifier: DF:E3:B9:CE:DE:C4:D4:D4:0C:9D:B5:A9:30:AE:C7:19:7C:77:B7:EA
Certificate issuer: /CN=70c9d06c51add6829063f1b67b175d0c0001e736
Certificate serial: 01856E145BF064D94417B2C63AD758913165
Authority key identifier: 70:C9:D0:6C:51:AD:D6:82:90:63:F1:B6:7B:17:5D:0C:00:01:E7:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cMnQbFGt1oKQY_G2exddDAAB5zY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/3-O5zt7E1NQMnbWpMK7HGXx3t-o.roa
Signing time: Sun 01 Jan 2023 16:05:05 +0000
ROA not before: Sun 01 Jan 2023 16:05:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16097
IP address blocks: 37.230.40.0/21 maxlen: 21
89.107.160.0/21 maxlen: 21
185.188.200.0/22 maxlen: 22
2a0b:2400::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:14:5b:f0:64:d9:44:17:b2:c6:3a:d7:58:91:31:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70c9d06c51add6829063f1b67b175d0c0001e736
Validity
Not Before: Jan 1 16:05:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dfe3b9cedec4d4d40c9db5a930aec7197c77b7ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:e8:a1:f7:d3:6c:6c:1c:27:d1:35:2b:4d:6c:
f6:71:d7:c7:39:82:42:c8:2e:f0:f5:2f:e6:da:34:
e6:9f:f8:69:e9:33:b9:40:0c:c7:f0:b0:fc:85:cf:
88:6a:55:f2:fe:62:c3:01:59:9d:ff:b1:f7:05:1d:
2f:7a:8d:4d:6c:6e:74:c6:43:d4:29:6e:81:01:3c:
cc:47:f8:19:10:36:c5:6d:4a:47:db:bb:99:bf:43:
01:9b:42:6c:6f:f3:b5:28:fb:75:a6:2d:2c:7a:2e:
41:6e:9f:28:a0:11:cd:25:38:e6:15:ec:70:ce:95:
24:78:de:8b:ab:20:2f:cf:9e:f6:3e:bc:5f:b4:a9:
ab:ca:2b:2a:94:38:ff:95:a0:70:6f:23:48:f2:f1:
8d:19:e2:c7:4f:dd:9f:8d:ce:25:a3:b2:af:00:66:
b8:1a:73:5d:01:19:d8:f2:3c:2f:7f:d2:eb:16:a4:
fa:c7:0e:10:9c:de:80:c8:d2:6b:d3:81:bf:ec:15:
e7:8f:e6:d1:74:a0:3a:fb:0d:48:ea:99:b6:c7:9d:
99:66:67:fc:67:01:14:a2:6e:45:f7:a0:b0:e9:c3:
f6:31:39:b8:59:22:81:6f:e5:49:2a:36:fd:a6:5f:
23:ab:9b:c6:94:b9:a2:1b:77:a7:e8:80:08:e4:12:
0a:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:E3:B9:CE:DE:C4:D4:D4:0C:9D:B5:A9:30:AE:C7:19:7C:77:B7:EA
X509v3 Authority Key Identifier:
keyid:70:C9:D0:6C:51:AD:D6:82:90:63:F1:B6:7B:17:5D:0C:00:01:E7:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMnQbFGt1oKQY_G2exddDAAB5zY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/3-O5zt7E1NQMnbWpMK7HGXx3t-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/28dd30-ec08-4dc8-a1d1-5d3a86494775/1/cMnQbFGt1oKQY_G2exddDAAB5zY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.230.40.0/21
89.107.160.0/21
185.188.200.0/22
IPv6:
2a0b:2400::/32
Signature Algorithm: sha256WithRSAEncryption
77:70:97:7e:d0:e2:d2:28:82:7b:da:20:81:84:70:3c:c8:88:
4d:88:07:c4:1b:40:11:12:3f:89:7e:83:2c:86:61:9f:8d:60:
f9:dc:31:c5:4b:cb:02:9e:14:57:ec:0a:67:82:e6:c1:1e:52:
8b:fa:71:40:2d:2c:a8:b9:8b:ac:49:26:20:3b:17:c3:b4:93:
27:88:8b:9f:ac:38:b0:8d:e5:05:5d:15:68:1d:57:b0:31:c5:
0e:8a:3c:4f:22:d8:8a:1e:c8:ee:66:df:a0:1c:7b:58:38:46:
ff:e7:9a:ae:4f:6b:c1:4c:89:9c:28:4d:24:08:08:71:63:6d:
ce:ea:9b:71:46:b0:64:cb:dc:cc:ac:b7:29:3e:bc:23:74:e0:
34:86:1f:92:57:35:1e:5f:ba:53:6e:5e:dd:33:6a:ae:f7:6a:
8e:75:14:ab:b9:3b:2a:1f:05:9b:a9:a5:33:0d:9e:f7:d4:6d:
11:25:0c:1b:47:35:af:ed:22:46:a5:89:5d:da:c6:ef:08:ec:
03:ac:96:92:0a:69:27:65:d5:fe:ea:3d:15:a6:53:2e:ba:69:
53:d5:c1:c9:09:f4:db:a1:70:56:b1:7e:5b:f1:8f:32:61:2a:
9c:f9:e2:d9:be:bf:48:51:87:5e:b7:f6:0b:2e:fe:fa:6b:bc:
5d:f3:7a:95
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVuFFvwZNlEF7LGOtdYkTFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYzlkMDZjNTFhZGQ2ODI5MDYzZjFiNjdiMTc1ZDBjMDAw
MWU3MzYwHhcNMjMwMTAxMTYwNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmUzYjljZWRlYzRkNGQ0MGM5ZGI1YTkzMGFlYzcxOTdjNzdiN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuih99NsbBwn0TUrTWz2cdfHOYJC
yC7w9S/m2jTmn/hp6TO5QAzH8LD8hc+IalXy/mLDAVmd/7H3BR0veo1NbG50xkPU
KW6BATzMR/gZEDbFbUpH27uZv0MBm0Jsb/O1KPt1pi0sei5Bbp8ooBHNJTjmFexw
zpUkeN6LqyAvz572PrxftKmryisqlDj/laBwbyNI8vGNGeLHT92fjc4lo7KvAGa4
GnNdARnY8jwvf9LrFqT6xw4QnN6AyNJr04G/7BXnj+bRdKA6+w1I6pm2x52ZZmf8
ZwEUom5F96Cw6cP2MTm4WSKBb+VJKjb9pl8jq5vGlLmiG3en6IAI5BIKTwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFN/juc7exNTUDJ21qTCuxxl8d7fqMB8GA1UdIwQY
MBaAFHDJ0GxRrdaCkGPxtnsXXQwAAec2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY01uUWJGR3Qxb0tRWV9HMmV4ZGREQUFCNXpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi8yOGRkMzAtZWMwOC00ZGM4LWExZDEt
NWQzYTg2NDk0Nzc1LzEvMy1PNXp0N0UxTlFNbmJXcE1LN0hHWHgzdC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi8yOGRkMzAtZWMwOC00ZGM4LWExZDEtNWQzYTg2NDk0Nzc1
LzEvY01uUWJGR3Qxb0tRWV9HMmV4ZGREQUFCNXpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJeYoAwQD
WWugAwQCubzIMA0EAgACMAcDBQAqCyQAMA0GCSqGSIb3DQEBCwUAA4IBAQB3cJd+
0OLSKIJ72iCBhHA8yIhNiAfEG0AREj+JfoMshmGfjWD53DHFS8sCnhRX7ApngubB
HlKL+nFALSyouYusSSYgOxfDtJMniIufrDiwjeUFXRVoHVewMcUOijxPItiKHsju
Zt+gHHtYOEb/55quT2vBTImcKE0kCAhxY23O6ptxRrBky9zMrLcpPrwjdOA0hh+S
VzUeX7pTbl7dM2qu92qOdRSruTsqHwWbqaUzDZ731G0RJQwbRzWv7SJGpYld2sbv
COwDrJaSCmknZdX+6j0VplMuumlT1cHJCfTboXBWsX5b8Y8yYSqc+eLZvr9IUYde
t/YLLv76a7xd83qV
-----END CERTIFICATE-----
Generated at Mon Apr 21 17:18:25 2025 by rpki-client