Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/XmkJ_NmUuQUacqmzYZHBEdb6-pI.roa
File: XmkJ_NmUuQUacqmzYZHBEdb6-pI.roa (raw, json)
Hash identifier: H5UzHdwnwf70MLGooy7jSnXsu7Zt3uxzx9hTPtHARzM=
Subject key identifier: 5E:69:09:FC:D9:94:B9:05:1A:72:A9:B3:61:91:C1:11:D6:FA:FA:92
Certificate issuer: /CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
Certificate serial: 018572D5A71825C28F82C20D76A09B3C4D58
Authority key identifier: 0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/XmkJ_NmUuQUacqmzYZHBEdb6-pI.roa
Signing time: Mon 02 Jan 2023 14:14:42 +0000
ROA not before: Mon 02 Jan 2023 14:14:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15782
IP address blocks: 89.236.0.0/18 maxlen: 18
94.245.0.0/18 maxlen: 18
81.88.0.0/20 maxlen: 20
81.186.240.0/20 maxlen: 20
85.235.16.0/20 maxlen: 20
213.185.0.0/19 maxlen: 19
217.72.48.0/20 maxlen: 20
2001:7a0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:d5:a7:18:25:c2:8f:82:c2:0d:76:a0:9b:3c:4d:58
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
Validity
Not Before: Jan 2 14:14:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5e6909fcd994b9051a72a9b36191c111d6fafa92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:c8:48:e7:17:db:35:ce:eb:44:ee:d2:64:d4:
65:fb:be:b8:e8:26:e7:a8:e4:96:10:07:fa:99:bd:
bd:5a:6c:bd:fb:30:b2:f0:8a:55:13:3d:ab:25:2d:
4d:3a:f2:a3:f2:bd:1e:10:90:0a:11:c8:49:2a:ad:
2c:dd:2c:df:4e:96:02:55:4f:0c:74:bf:49:0a:2d:
4e:95:e0:13:84:c3:d8:8d:cd:f4:dd:73:83:cc:dc:
4a:3b:87:cd:f5:15:f4:6f:96:93:1a:c0:db:bd:32:
8d:70:54:c3:fe:a8:c4:b5:f3:63:4b:52:ea:bf:ab:
e1:4b:67:d5:4e:e7:be:e9:73:c2:d5:ef:d6:ee:cb:
82:9c:55:01:07:b1:09:68:22:78:9a:93:fc:4f:d2:
1a:44:fe:0b:84:f7:8e:d1:14:c3:6a:0d:4d:5f:f9:
45:57:fc:d8:8c:0c:09:b3:12:89:de:80:88:09:d6:
6d:a4:d8:4b:34:b6:2c:00:8d:de:c0:b7:bb:5a:c8:
f4:b8:2e:28:c6:a4:5a:42:94:c9:c8:19:7e:db:43:
56:a2:e4:b5:9b:91:98:1e:f1:f0:19:71:24:bf:cb:
34:80:fa:7c:27:72:91:a3:e6:3e:a4:fc:17:97:2a:
8a:e7:ad:59:be:77:61:2e:2b:8f:de:32:31:af:b9:
c7:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:69:09:FC:D9:94:B9:05:1A:72:A9:B3:61:91:C1:11:D6:FA:FA:92
X509v3 Authority Key Identifier:
keyid:0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/XmkJ_NmUuQUacqmzYZHBEdb6-pI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.0.0/20
81.186.240.0/20
85.235.16.0/20
89.236.0.0/18
94.245.0.0/18
213.185.0.0/19
217.72.48.0/20
IPv6:
2001:7a0::/32
Signature Algorithm: sha256WithRSAEncryption
29:69:32:00:4e:29:af:4b:d7:cb:eb:c8:00:46:09:21:76:7d:
d2:1e:5b:d8:2e:16:a9:33:aa:1b:b2:d5:e1:f5:5d:5e:1a:88:
65:a9:21:a0:bc:68:40:1c:a2:b1:04:11:43:f1:b1:20:40:d7:
5a:38:1a:4a:df:55:22:df:c3:99:47:62:fd:7f:68:6b:6b:c8:
1c:5e:b4:a7:cb:67:0c:c2:e6:64:0e:9e:52:2c:fc:2a:91:f5:
97:18:8d:09:fa:4c:af:b4:9f:97:a0:62:36:c7:46:b7:a6:df:
7d:3b:e3:3d:a7:b9:17:6c:c9:8b:29:2c:63:d8:fc:f3:fb:d5:
67:3e:45:58:a5:ee:a9:da:47:f4:54:3a:7a:16:3b:4f:40:69:
35:4b:cc:10:40:03:7d:83:28:40:e7:05:d3:6f:17:03:e9:a0:
c7:bb:0a:2a:e4:71:ee:52:8f:b5:e7:db:04:f0:66:e1:d1:94:
f7:55:4c:34:6c:1d:8d:fc:4b:9e:76:5f:cc:3c:00:49:cb:1f:
d1:7f:53:c3:9c:ec:aa:94:ea:fc:d2:ad:3a:65:de:c0:89:86:
35:3d:38:94:47:0b:94:da:51:37:db:d3:c9:44:b8:f1:8e:98:
ea:00:c9:d1:55:d4:cb:d5:f2:ce:cc:ce:63:1a:b2:f2:3b:65:
df:46:17:9b
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVy1acYJcKPgsINdqCbPE1YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTEzMDhlYWQ2YWRiMWQwODVlN2U1OTEwYTBjYjJkZTU2
YWEzMmUwHhcNMjMwMTAyMTQxNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTY5MDlmY2Q5OTRiOTA1MWE3MmE5YjM2MTkxYzExMWQ2ZmFmYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtchI5xfbNc7rRO7SZNRl+7646Cbn
qOSWEAf6mb29Wmy9+zCy8IpVEz2rJS1NOvKj8r0eEJAKEchJKq0s3SzfTpYCVU8M
dL9JCi1OleAThMPYjc303XODzNxKO4fN9RX0b5aTGsDbvTKNcFTD/qjEtfNjS1Lq
v6vhS2fVTue+6XPC1e/W7suCnFUBB7EJaCJ4mpP8T9IaRP4LhPeO0RTDag1NX/lF
V/zYjAwJsxKJ3oCICdZtpNhLNLYsAI3ewLe7Wsj0uC4oxqRaQpTJyBl+20NWouS1
m5GYHvHwGXEkv8s0gPp8J3KRo+Y+pPwXlyqK561ZvndhLiuP3jIxr7nHBQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFF5pCfzZlLkFGnKps2GRwRHW+vqSMB8GA1UdIwQY
MBaAFAzhMI6tatsdCF5+WRCgyy3laqMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUt
YjBiYWQxOGYwMmQwLzEvWG1rSl9ObVV1UVVhY3FtellaSEJFZGI2LXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUtYjBiYWQxOGYwMmQw
LzEvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEUVgAAwQE
UbrwAwQEVesQAwQGWewAAwQGXvUAAwQF1bkAAwQE2UgwMA0EAgACMAcDBQAgAQeg
MA0GCSqGSIb3DQEBCwUAA4IBAQApaTIATimvS9fL68gARgkhdn3SHlvYLhapM6ob
stXh9V1eGohlqSGgvGhAHKKxBBFD8bEgQNdaOBpK31Ui38OZR2L9f2hra8gcXrSn
y2cMwuZkDp5SLPwqkfWXGI0J+kyvtJ+XoGI2x0a3pt99O+M9p7kXbMmLKSxj2Pzz
+9VnPkVYpe6p2kf0VDp6FjtPQGk1S8wQQAN9gyhA5wXTbxcD6aDHuwoq5HHuUo+1
59sE8Gbh0ZT3VUw0bB2N/Euedl/MPABJyx/Rf1PDnOyqlOr80q06Zd7AiYY1PTiU
RwuU2lE329PJRLjxjpjqAMnRVdTL1fLOzM5jGrLyO2XfRheb
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:07:22 2025 by rpki-client