Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/4be259-be96-40fa-880e-bbd2106f3370/1/xmPOTVhm7FW-D6ma5aukTIvLK0o.roa
File: xmPOTVhm7FW-D6ma5aukTIvLK0o.roa (raw, json)
Hash identifier: Q2/UxfJcEgeYlj4xRg2od3GRpOr+XxScw4go+beOLGU=
Subject key identifier: C6:63:CE:4D:58:66:EC:55:BE:0F:A9:9A:E5:AB:A4:4C:8B:CB:2B:4A
Certificate issuer: /CN=437e030d44661a4c201eba03de452b04b8e7d9e5
Certificate serial: 0184668108F078D4AE94E3472CB7BC0D3C5F
Authority key identifier: 43:7E:03:0D:44:66:1A:4C:20:1E:BA:03:DE:45:2B:04:B8:E7:D9:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q34DDURmGkwgHroD3kUrBLjn2eU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/4be259-be96-40fa-880e-bbd2106f3370/1/xmPOTVhm7FW-D6ma5aukTIvLK0o.roa
Signing time: Fri 11 Nov 2022 11:44:02 +0000
ROA not before: Fri 11 Nov 2022 11:44:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202813
IP address blocks: 185.14.60.0/22 maxlen: 24
185.178.16.0/22 maxlen: 24
185.153.224.0/22 maxlen: 24
2a09:74c0::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:66:81:08:f0:78:d4:ae:94:e3:47:2c:b7:bc:0d:3c:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=437e030d44661a4c201eba03de452b04b8e7d9e5
Validity
Not Before: Nov 11 11:44:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c663ce4d5866ec55be0fa99ae5aba44c8bcb2b4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:f5:15:25:ea:55:e4:08:67:ea:da:77:d1:1b:
cf:c2:56:8c:bd:c5:af:e2:59:a2:fc:f5:0f:1e:97:
da:88:b0:d9:1a:4e:a2:a0:6e:78:41:16:01:62:ba:
20:76:d8:db:54:24:ac:b5:36:ff:a5:fa:bf:6f:e2:
0f:6d:12:59:e3:df:b4:d3:9e:9d:b1:59:64:e8:cb:
de:00:ec:7a:73:16:b7:40:c7:db:9f:10:12:5e:0f:
f4:45:d3:93:c1:1d:16:87:33:6e:71:8d:8d:ef:aa:
37:e0:10:1d:a5:c5:1b:3f:33:59:1c:5f:b7:89:05:
9a:e7:51:5b:dd:3f:8d:ec:4a:6f:27:f5:5a:b4:50:
47:8c:9f:48:b4:d2:ca:91:be:d3:bb:26:92:e1:77:
0f:34:e1:d5:13:f2:0b:a2:2c:30:63:24:30:74:f3:
86:1f:78:b5:17:31:a3:48:eb:c7:4c:ae:48:4d:08:
43:08:a7:84:0d:81:2a:3c:04:96:92:a4:5a:41:d7:
bc:73:fd:c8:2a:45:21:43:e8:20:a9:73:d2:c4:11:
eb:27:82:8c:df:b9:b9:61:1a:62:16:fb:d9:4d:b9:
15:19:4d:60:0e:4e:db:6f:a1:90:2d:e7:73:22:ac:
40:e5:ee:7e:b3:d7:9f:d3:4a:91:b2:f6:eb:e8:53:
7f:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:63:CE:4D:58:66:EC:55:BE:0F:A9:9A:E5:AB:A4:4C:8B:CB:2B:4A
X509v3 Authority Key Identifier:
keyid:43:7E:03:0D:44:66:1A:4C:20:1E:BA:03:DE:45:2B:04:B8:E7:D9:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q34DDURmGkwgHroD3kUrBLjn2eU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/4be259-be96-40fa-880e-bbd2106f3370/1/xmPOTVhm7FW-D6ma5aukTIvLK0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/4be259-be96-40fa-880e-bbd2106f3370/1/Q34DDURmGkwgHroD3kUrBLjn2eU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.14.60.0/22
185.153.224.0/22
185.178.16.0/22
IPv6:
2a09:74c0::/29
Signature Algorithm: sha256WithRSAEncryption
64:03:73:2f:b6:c1:d9:55:21:f7:27:23:d0:4f:74:f9:94:17:
eb:73:33:8b:be:7a:28:df:d9:d6:82:21:61:43:75:a9:1e:5b:
36:15:7b:1f:7f:77:59:04:48:43:75:91:b7:f7:fc:03:50:44:
1c:7b:47:7a:dc:34:ca:2e:f7:21:13:4c:c5:a1:f8:67:c0:26:
49:b9:c0:02:86:ed:06:b1:2c:d1:ca:65:90:17:18:2a:b8:9f:
40:f5:3c:5b:57:ff:e1:41:cb:b0:c9:9a:f1:ab:a7:c2:78:27:
b8:8a:08:fe:2d:96:93:16:1e:60:ec:ed:e9:a1:89:33:f2:e5:
bc:07:05:06:71:3c:19:45:26:5d:42:2a:7e:e8:7e:01:51:ed:
89:39:cf:b2:25:57:5a:c2:7b:3b:83:2d:6a:6c:bb:cc:18:70:
c3:fb:01:3e:2d:06:4e:4b:ac:e7:7d:20:7a:af:d2:26:c6:d6:
84:ca:b2:78:60:a6:c9:cc:aa:b7:0f:62:8b:27:dc:dc:1e:a0:
0c:48:d9:f5:68:2c:b7:3f:a2:09:16:a7:10:8c:d7:82:44:7f:
e3:65:f0:f5:44:d4:8a:23:b3:f0:f4:12:fb:c5:1b:4c:6f:1c:
69:95:7b:e3:2a:d8:b1:24:56:ef:1c:f9:40:c1:af:6e:c8:c2:
02:ea:be:7c
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYRmgQjweNSulONHLLe8DTxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzN2UwMzBkNDQ2NjFhNGMyMDFlYmEwM2RlNDUyYjA0Yjhl
N2Q5ZTUwHhcNMjIxMTExMTE0NDAyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjYzY2U0ZDU4NjZlYzU1YmUwZmE5OWFlNWFiYTQ0YzhiY2IyYjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfUVJepV5Ahn6tp30RvPwlaMvcWv
4lmi/PUPHpfaiLDZGk6ioG54QRYBYrogdtjbVCSstTb/pfq/b+IPbRJZ49+0056d
sVlk6MveAOx6cxa3QMfbnxASXg/0RdOTwR0WhzNucY2N76o34BAdpcUbPzNZHF+3
iQWa51Fb3T+N7EpvJ/VatFBHjJ9ItNLKkb7TuyaS4XcPNOHVE/ILoiwwYyQwdPOG
H3i1FzGjSOvHTK5ITQhDCKeEDYEqPASWkqRaQde8c/3IKkUhQ+ggqXPSxBHrJ4KM
37m5YRpiFvvZTbkVGU1gDk7bb6GQLedzIqxA5e5+s9ef00qRsvbr6FN/MQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFMZjzk1YZuxVvg+pmuWrpEyLyytKMB8GA1UdIwQY
MBaAFEN+Aw1EZhpMIB66A95FKwS459nlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTM0RERVUm1Ha3dnSHJvRDNrVXJCTGpuMmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS80YmUyNTktYmU5Ni00MGZhLTg4MGUt
YmJkMjEwNmYzMzcwLzEveG1QT1RWaG03RlctRDZtYTVhdWtUSXZMSzBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS80YmUyNTktYmU5Ni00MGZhLTg4MGUtYmJkMjEwNmYzMzcw
LzEvUTM0RERVUm1Ha3dnSHJvRDNrVXJCTGpuMmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuQ48AwQC
uZngAwQCubIQMA0EAgACMAcDBQMqCXTAMA0GCSqGSIb3DQEBCwUAA4IBAQBkA3Mv
tsHZVSH3JyPQT3T5lBfrczOLvnoo39nWgiFhQ3WpHls2FXsff3dZBEhDdZG39/wD
UEQce0d63DTKLvchE0zFofhnwCZJucAChu0GsSzRymWQFxgquJ9A9TxbV//hQcuw
yZrxq6fCeCe4igj+LZaTFh5g7O3poYkz8uW8BwUGcTwZRSZdQip+6H4BUe2JOc+y
JVdawns7gy1qbLvMGHDD+wE+LQZOS6znfSB6r9ImxtaEyrJ4YKbJzKq3D2KLJ9zc
HqAMSNn1aCy3P6IJFqcQjNeCRH/jZfD1RNSKI7Pw9BL7xRtMbxxplXvjKtixJFbv
HPlAwa9uyMIC6r58
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:41:19 2025 by rpki-client