Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/oeDv5FNT77EXqALBxcYLbpXoS0Q.roa
File: oeDv5FNT77EXqALBxcYLbpXoS0Q.roa (raw, json)
Hash identifier: rUxEmXwW0UBx54zlX2qWyD2+Yu/1Fn7Zbdt1pkw4fRc=
Subject key identifier: A1:E0:EF:E4:53:53:EF:B1:17:A8:02:C1:C5:C6:0B:6E:95:E8:4B:44
Certificate issuer: /CN=861c67bdb6d8c230fcdb427a9f71b80135872fc2
Certificate serial: 01857315E94B439B055202237FD1A1196E6E
Authority key identifier: 86:1C:67:BD:B6:D8:C2:30:FC:DB:42:7A:9F:71:B8:01:35:87:2F:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hhxnvbbYwjD820J6n3G4ATWHL8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/oeDv5FNT77EXqALBxcYLbpXoS0Q.roa
Signing time: Mon 02 Jan 2023 15:24:53 +0000
ROA not before: Mon 02 Jan 2023 15:24:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41960
IP address blocks: 195.140.240.0/22 maxlen: 24
185.238.52.0/22 maxlen: 24
193.221.114.0/24 maxlen: 24
185.17.60.0/22 maxlen: 24
185.241.76.0/22 maxlen: 24
2a03:e0c0::/32 maxlen: 48
2a0c:2680::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:15:e9:4b:43:9b:05:52:02:23:7f:d1:a1:19:6e:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=861c67bdb6d8c230fcdb427a9f71b80135872fc2
Validity
Not Before: Jan 2 15:24:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a1e0efe45353efb117a802c1c5c60b6e95e84b44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:de:f6:e5:55:33:f9:60:e0:ba:5f:84:8f:5a:
22:81:80:b9:8c:c5:5d:ec:27:3e:c9:a4:5f:2d:f3:
65:80:56:6c:ad:76:63:3a:29:93:68:20:32:5f:88:
60:2e:74:6a:9c:16:83:01:de:ce:2d:69:a3:05:06:
4b:af:42:c0:ed:b5:a7:b3:96:cc:d2:4c:01:19:e5:
97:70:3d:c4:20:0c:11:97:f6:af:c9:ba:ce:aa:9a:
2f:47:42:fc:40:29:96:e2:22:a2:03:d7:0c:14:65:
c5:75:ae:72:f3:1b:13:07:ab:8f:1e:cb:29:ae:65:
0d:77:14:27:10:a1:28:5e:7b:4d:ea:01:03:5f:ea:
36:e8:04:6d:58:06:16:53:b4:1b:a0:2d:61:ff:9c:
ce:1a:21:57:e2:3c:ea:2a:61:ba:3a:9a:a2:ca:9e:
53:23:ed:5c:c4:39:aa:14:70:0b:df:08:23:02:f6:
b5:77:4e:1c:ce:5c:b6:04:5f:02:43:b6:45:dc:f4:
87:16:b1:05:7b:60:31:87:f9:53:e1:ef:ff:4c:9e:
81:d5:85:fd:bf:6a:23:29:97:6e:43:f4:c2:30:e6:
93:b6:12:df:86:de:d0:5e:fd:7d:8d:dd:43:bc:7f:
f6:fa:da:0f:09:dd:13:e4:fc:af:10:41:94:72:5a:
b2:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:E0:EF:E4:53:53:EF:B1:17:A8:02:C1:C5:C6:0B:6E:95:E8:4B:44
X509v3 Authority Key Identifier:
keyid:86:1C:67:BD:B6:D8:C2:30:FC:DB:42:7A:9F:71:B8:01:35:87:2F:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhxnvbbYwjD820J6n3G4ATWHL8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/oeDv5FNT77EXqALBxcYLbpXoS0Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/8a115b-3859-4759-85ae-fb853c65334a/1/hhxnvbbYwjD820J6n3G4ATWHL8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.17.60.0/22
185.238.52.0/22
185.241.76.0/22
193.221.114.0/24
195.140.240.0/22
IPv6:
2a03:e0c0::/32
2a0c:2680::/29
Signature Algorithm: sha256WithRSAEncryption
31:bb:70:8c:9c:28:d0:3d:6a:b8:1c:63:59:ca:f2:91:ca:5e:
43:6b:e8:89:2c:1f:22:a8:36:17:d6:32:d1:78:b3:99:03:f4:
7d:ac:1b:b7:c4:73:e2:03:1f:b2:90:d4:f2:27:62:43:66:fb:
2d:f4:16:3a:e9:fa:d5:60:93:cf:c4:75:1b:55:e6:66:7c:15:
de:19:f7:50:36:d9:a0:38:18:98:70:69:d7:17:8f:d6:94:b3:
89:fe:4c:92:71:39:ca:80:36:99:e2:8f:6e:f3:fb:52:72:9d:
15:2b:57:89:6a:4f:3e:13:e6:d2:83:21:89:b3:7f:30:77:4e:
41:ac:83:72:0a:82:11:8f:28:ca:12:15:9a:3b:71:23:1e:a2:
52:91:18:5a:9f:0e:db:03:f8:42:c6:9c:62:40:6b:0c:1d:41:
14:37:ce:65:2a:d9:ab:35:55:e1:57:a6:46:d3:7f:1c:df:e1:
0d:f6:db:04:4c:d8:8b:c8:55:88:42:b7:d3:91:56:ba:13:2b:
f9:e6:e9:3b:8a:71:14:db:f0:87:3e:72:26:5f:bd:45:bf:ac:
15:82:24:4d:68:ec:43:7c:43:80:61:cb:20:2b:27:ca:82:61:
c1:a6:08:6b:e6:fa:88:7d:fd:69:a0:b3:66:ce:d8:13:bf:a9:
5e:28:20:a2
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYVzFelLQ5sFUgIjf9GhGW5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MWM2N2JkYjZkOGMyMzBmY2RiNDI3YTlmNzFiODAxMzU4
NzJmYzIwHhcNMjMwMTAyMTUyNDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWUwZWZlNDUzNTNlZmIxMTdhODAyYzFjNWM2MGI2ZTk1ZTg0YjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgN725VUz+WDgul+Ej1oigYC5jMVd
7Cc+yaRfLfNlgFZsrXZjOimTaCAyX4hgLnRqnBaDAd7OLWmjBQZLr0LA7bWns5bM
0kwBGeWXcD3EIAwRl/avybrOqpovR0L8QCmW4iKiA9cMFGXFda5y8xsTB6uPHssp
rmUNdxQnEKEoXntN6gEDX+o26ARtWAYWU7QboC1h/5zOGiFX4jzqKmG6Opqiyp5T
I+1cxDmqFHAL3wgjAva1d04czly2BF8CQ7ZF3PSHFrEFe2Axh/lT4e//TJ6B1YX9
v2ojKZduQ/TCMOaTthLfht7QXv19jd1DvH/2+toPCd0T5PyvEEGUclqyoQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFKHg7+RTU++xF6gCwcXGC26V6EtEMB8GA1UdIwQY
MBaAFIYcZ7222MIw/NtCep9xuAE1hy/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGh4bnZiYll3akQ4MjBKNm4zRzRBVFdITDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC84YTExNWItMzg1OS00NzU5LTg1YWUt
ZmI4NTNjNjUzMzRhLzEvb2VEdjVGTlQ3N0VYcUFMQnhjWUxicFhvUzBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC84YTExNWItMzg1OS00NzU5LTg1YWUtZmI4NTNjNjUzMzRh
LzEvaGh4bnZiYll3akQ4MjBKNm4zRzRBVFdITDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQCuRE8AwQC
ue40AwQCufFMAwQAwd1yAwQCw4zwMBQEAgACMA4DBQAqA+DAAwUDKgwmgDANBgkq
hkiG9w0BAQsFAAOCAQEAMbtwjJwo0D1quBxjWcrykcpeQ2voiSwfIqg2F9Yy0Xiz
mQP0fawbt8Rz4gMfspDU8idiQ2b7LfQWOun61WCTz8R1G1XmZnwV3hn3UDbZoDgY
mHBp1xeP1pSzif5MknE5yoA2meKPbvP7UnKdFStXiWpPPhPm0oMhibN/MHdOQayD
cgqCEY8oyhIVmjtxIx6iUpEYWp8O2wP4QsacYkBrDB1BFDfOZSrZqzVV4VemRtN/
HN/hDfbbBEzYi8hViEK305FWuhMr+ebpO4pxFNvwhz5yJl+9Rb+sFYIkTWjsQ3xD
gGHLICsnyoJhwaYIa+b6iH39aaCzZs7YE7+pXiggog==
-----END CERTIFICATE-----
Generated at Sun Apr 13 09:46:55 2025 by rpki-client