Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/OQXNIoTspz-J5kb6OrVuQe_xxT4.roa
File: OQXNIoTspz-J5kb6OrVuQe_xxT4.roa (raw, json)
Hash identifier: SESWYXiSStXyF7Hl55PGqYUl0YIxuSet2NrtY4KQYWE=
Subject key identifier: 39:05:CD:22:84:EC:A7:3F:89:E6:46:FA:3A:B5:6E:41:EF:F1:C5:3E
Certificate issuer: /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial: 01856D8B0D536042980363397CC3B3BE59F7
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/OQXNIoTspz-J5kb6OrVuQe_xxT4.roa
Signing time: Sun 01 Jan 2023 13:35:07 +0000
ROA not before: Sun 01 Jan 2023 13:35:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60633
IP address blocks: 193.246.32.0/21 maxlen: 21
193.246.40.0/21 maxlen: 21
193.246.208.0/20 maxlen: 20
2a02:a90:c405::/48 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:8b:0d:53:60:42:98:03:63:39:7c:c3:b3:be:59:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
Validity
Not Before: Jan 1 13:35:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3905cd2284eca73f89e646fa3ab56e41eff1c53e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:d6:ef:84:7b:c0:b6:c2:93:31:6c:9a:aa:27:
04:2d:95:a5:fa:42:95:0d:5e:25:2c:55:ab:e9:a3:
a8:93:a3:38:73:02:62:0f:59:aa:b4:f6:04:64:0c:
12:a0:49:83:9b:8f:36:95:3a:84:bd:b1:1a:86:3d:
3d:c5:c7:cc:f7:3a:0d:61:0d:3b:1d:11:92:cd:42:
7b:70:b5:e9:a0:52:1e:01:6f:d1:a3:77:2e:b5:2c:
ae:58:ef:95:11:7d:9b:a2:38:8b:15:f4:c0:94:c3:
29:b2:74:f9:5a:80:4f:54:31:26:1f:c8:25:fb:1a:
47:15:20:00:e1:fe:1b:00:97:95:65:d5:48:39:b4:
ee:c8:53:69:d9:93:30:eb:cb:e1:81:78:6a:7d:f8:
d3:d8:79:0e:ad:22:f5:50:69:e4:7f:78:68:b5:3e:
56:aa:61:9d:f6:39:7c:5b:5d:fe:40:3b:d0:45:0e:
4d:77:2e:b1:70:19:b5:c8:6b:07:9f:69:78:09:83:
1b:e9:40:70:57:43:60:bf:c0:78:d1:7a:ee:18:31:
c9:8b:69:52:d9:bb:53:05:58:25:48:04:76:c8:31:
2a:f2:18:45:6f:45:7d:ad:28:4b:5a:b0:e9:08:95:
29:4c:15:54:98:5e:85:05:0c:49:66:8a:cb:82:e5:
22:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:05:CD:22:84:EC:A7:3F:89:E6:46:FA:3A:B5:6E:41:EF:F1:C5:3E
X509v3 Authority Key Identifier:
keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/OQXNIoTspz-J5kb6OrVuQe_xxT4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.246.32.0/20
193.246.208.0/20
IPv6:
2a02:a90:c405::/48
Signature Algorithm: sha256WithRSAEncryption
1e:49:95:c6:3d:38:02:3f:91:7e:5d:4e:72:5d:ec:b0:0b:0b:
41:8c:69:4e:e4:12:c5:dd:43:fe:cc:85:06:90:b8:ab:e6:6b:
15:be:86:5d:1e:95:5c:48:5d:9d:d2:9b:8d:45:a5:c2:92:0d:
33:19:5c:dd:7d:a0:da:9d:3b:45:cf:fe:d8:31:45:0e:1c:75:
91:6e:53:6e:cf:bf:af:60:58:9b:fc:fe:b2:f1:b8:e3:2b:d1:
8f:22:0b:40:a2:93:36:24:d8:46:85:63:bc:d2:85:e6:66:94:
4a:6b:7d:e8:2d:1a:41:1e:16:6d:ad:97:71:71:5a:b6:ef:b0:
f6:e0:48:a9:d2:cd:e6:51:fe:19:50:73:8c:9c:c8:fc:61:f5:
61:17:a9:c6:34:48:2a:0a:a5:ec:83:6f:26:45:52:0a:9f:87:
a7:2c:72:d0:be:11:1f:34:32:f5:fd:f7:82:9b:9a:65:d2:0b:
f6:87:6b:80:3d:08:b8:31:e4:21:3f:30:ed:66:ee:82:3f:07:
65:ec:45:5a:6f:1e:23:90:f2:d1:11:c0:56:9a:b2:55:90:a9:
d5:de:f6:cf:72:39:7e:19:e7:c8:a5:97:7c:07:11:8c:d3:5c:
61:97:ca:df:6e:b2:86:ec:27:9b:2c:39:6b:f5:2b:44:e1:83:
ce:ce:cc:3a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVtiw1TYEKYA2M5fMOzvln3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjMwMTAxMTMzNTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTA1Y2QyMjg0ZWNhNzNmODllNjQ2ZmEzYWI1NmU0MWVmZjFjNTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdbvhHvAtsKTMWyaqicELZWl+kKV
DV4lLFWr6aOok6M4cwJiD1mqtPYEZAwSoEmDm482lTqEvbEahj09xcfM9zoNYQ07
HRGSzUJ7cLXpoFIeAW/Ro3cutSyuWO+VEX2bojiLFfTAlMMpsnT5WoBPVDEmH8gl
+xpHFSAA4f4bAJeVZdVIObTuyFNp2ZMw68vhgXhqffjT2HkOrSL1UGnkf3hotT5W
qmGd9jl8W13+QDvQRQ5Ndy6xcBm1yGsHn2l4CYMb6UBwV0Ngv8B40XruGDHJi2lS
2btTBVglSAR2yDEq8hhFb0V9rShLWrDpCJUpTBVUmF6FBQxJZorLguUihQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDkFzSKE7Kc/ieZG+jq1bkHv8cU+MB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvT1FYTklvVHNwei1KNWtiNk9yVnVRZV94eFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQEwfYgAwQE
wfbQMA8EAgACMAkDBwAqAgqQxAUwDQYJKoZIhvcNAQELBQADggEBAB5JlcY9OAI/
kX5dTnJd7LALC0GMaU7kEsXdQ/7MhQaQuKvmaxW+hl0elVxIXZ3Sm41FpcKSDTMZ
XN19oNqdO0XP/tgxRQ4cdZFuU27Pv69gWJv8/rLxuOMr0Y8iC0CikzYk2EaFY7zS
heZmlEprfegtGkEeFm2tl3FxWrbvsPbgSKnSzeZR/hlQc4ycyPxh9WEXqcY0SCoK
peyDbyZFUgqfh6csctC+ER80MvX994KbmmXSC/aHa4A9CLgx5CE/MO1m7oI/B2Xs
RVpvHiOQ8tERwFaaslWQqdXe9s9yOX4Z58ill3wHEYzTXGGXyt9usobsJ5ssOWv1
K0Thg87OzDo=
-----END CERTIFICATE-----
Generated at Sun Apr 6 11:01:27 2025 by rpki-client