Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/A2sI7QcxAFtoK3hhx0W8G-5Fb2Y.roa
File: A2sI7QcxAFtoK3hhx0W8G-5Fb2Y.roa (raw, json)
Hash identifier: BiupYC2leVj5ohP5Ecdsx56lwXQ0gwzXyE4xsMKhm50=
Subject key identifier: 03:6B:08:ED:07:31:00:5B:68:2B:78:61:C7:45:BC:1B:EE:45:6F:66
Certificate issuer: /CN=3890e7a4549a571f68b688dad4f5ced8e529068b
Certificate serial: 01856B0A1D6F37496A0DB2983522F7C1B2F3
Authority key identifier: 38:90:E7:A4:54:9A:57:1F:68:B6:88:DA:D4:F5:CE:D8:E5:29:06:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/A2sI7QcxAFtoK3hhx0W8G-5Fb2Y.roa
Signing time: Sun 01 Jan 2023 01:55:03 +0000
ROA not before: Sun 01 Jan 2023 01:55:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201644
IP address blocks: 185.68.89.0/24 maxlen: 24
185.68.90.0/23 maxlen: 23
185.68.90.0/24 maxlen: 24
185.68.91.0/24 maxlen: 24
185.68.88.0/22 maxlen: 22
185.68.88.0/24 maxlen: 24
185.68.88.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:0a:1d:6f:37:49:6a:0d:b2:98:35:22:f7:c1:b2:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3890e7a4549a571f68b688dad4f5ced8e529068b
Validity
Not Before: Jan 1 01:55:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=036b08ed0731005b682b7861c745bc1bee456f66
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:06:c6:d8:f8:ed:1a:45:91:e3:f9:3a:35:5e:
66:a4:f7:b2:7c:46:a0:06:d5:a8:ef:ca:1a:5e:34:
c0:f9:bb:e3:b4:d3:77:22:0c:16:67:9a:f4:76:0a:
1b:fc:7c:1e:07:91:a1:95:71:e5:c1:bd:8a:fe:2e:
a7:6c:63:ac:c3:40:c9:df:a3:04:08:80:d4:4d:86:
b6:60:f8:b0:bd:00:b4:1f:d9:e5:43:22:58:40:7e:
e8:5c:ee:f9:53:07:b1:fd:c5:5e:c6:ca:5a:82:bc:
e8:c3:d4:34:df:41:51:6b:40:c4:34:96:9e:c4:b7:
44:1a:77:69:79:8f:aa:c0:63:29:bd:73:68:f5:42:
42:ee:a2:ef:e1:a9:84:37:bb:91:f0:e2:5d:0e:46:
8c:24:c9:00:f0:d1:b9:9a:e7:8d:93:97:57:a5:e6:
cb:f8:b9:54:43:71:f1:15:23:67:45:c7:f2:39:18:
fd:a3:b1:c9:d6:83:4f:0c:1e:aa:c0:b6:4b:34:45:
3c:ec:41:c5:35:2d:f3:fc:a0:2b:b1:73:60:26:e6:
36:a9:78:2e:6a:41:96:4c:8a:1b:57:37:46:19:f7:
43:d1:bb:57:eb:1c:0a:a8:cc:98:02:5d:f5:62:9b:
97:dc:20:3f:cb:4d:07:b4:a5:92:7b:03:2c:bb:91:
44:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:6B:08:ED:07:31:00:5B:68:2B:78:61:C7:45:BC:1B:EE:45:6F:66
X509v3 Authority Key Identifier:
keyid:38:90:E7:A4:54:9A:57:1F:68:B6:88:DA:D4:F5:CE:D8:E5:29:06:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OJDnpFSaVx9otoja1PXO2OUpBos.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/A2sI7QcxAFtoK3hhx0W8G-5Fb2Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/25df4e-afc5-4c50-8de2-94812c7f449e/1/OJDnpFSaVx9otoja1PXO2OUpBos.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.68.88.0/22
Signature Algorithm: sha256WithRSAEncryption
94:f2:83:56:85:e8:97:f8:c5:fd:a9:0e:7f:fb:6a:3d:ed:97:
1e:6c:7d:83:71:99:f1:54:7a:90:19:fd:2c:0b:20:5a:e9:9a:
d4:a9:95:7f:cb:14:50:a9:98:c8:ac:11:75:ed:7f:33:d6:c4:
67:cd:b3:02:75:ea:9c:7c:52:8a:47:06:1e:d4:86:fa:c7:d4:
31:12:54:56:a8:b7:cd:6c:6e:37:3f:99:a4:4e:b5:b3:55:4c:
7a:f5:bc:97:6d:9e:fa:5b:28:79:41:ef:cc:8e:14:16:e1:ca:
b5:df:21:d3:38:89:0d:f9:c9:1e:b7:6d:0d:8d:e5:7e:f7:31:
44:90:1f:fa:ce:88:e1:76:ef:f6:00:fe:a4:8e:4a:5c:59:2b:
68:5c:be:04:bd:03:af:c2:32:a3:9d:6c:36:f0:92:60:2e:18:
80:bf:d3:b5:f1:ac:80:52:33:f5:6b:e2:50:14:26:38:18:e4:
7e:02:69:a5:cb:df:99:69:cb:a1:28:9f:1f:ce:95:f5:69:6d:
26:36:2c:28:51:25:04:1a:8e:1a:02:50:a5:ec:04:1c:77:95:
05:8d:aa:c8:6b:77:1c:38:70:cd:f6:28:81:df:fe:26:e5:2b:
bd:9b:79:d1:38:3b:ae:bb:26:f9:3a:3e:68:0f:51:12:17:43:
0d:1a:51:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVrCh1vN0lqDbKYNSL3wbLzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OTBlN2E0NTQ5YTU3MWY2OGI2ODhkYWQ0ZjVjZWQ4ZTUy
OTA2OGIwHhcNMjMwMTAxMDE1NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzZiMDhlZDA3MzEwMDViNjgyYjc4NjFjNzQ1YmMxYmVlNDU2ZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhQbG2PjtGkWR4/k6NV5mpPeyfEag
BtWo78oaXjTA+bvjtNN3IgwWZ5r0dgob/HweB5GhlXHlwb2K/i6nbGOsw0DJ36ME
CIDUTYa2YPiwvQC0H9nlQyJYQH7oXO75Uwex/cVexspagrzow9Q030FRa0DENJae
xLdEGndpeY+qwGMpvXNo9UJC7qLv4amEN7uR8OJdDkaMJMkA8NG5mueNk5dXpebL
+LlUQ3HxFSNnRcfyORj9o7HJ1oNPDB6qwLZLNEU87EHFNS3z/KArsXNgJuY2qXgu
akGWTIobVzdGGfdD0btX6xwKqMyYAl31YpuX3CA/y00HtKWSewMsu5FEzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANrCO0HMQBbaCt4YcdFvBvuRW9mMB8GA1UdIwQY
MBaAFDiQ56RUmlcfaLaI2tT1ztjlKQaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0pEbnBGU2FWeDlvdG9qYTFQWE8yT1VwQm9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8yNWRmNGUtYWZjNS00YzUwLThkZTIt
OTQ4MTJjN2Y0NDllLzEvQTJzSTdRY3hBRnRvSzNoaHgwVzhHLTVGYjJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8yNWRmNGUtYWZjNS00YzUwLThkZTItOTQ4MTJjN2Y0NDll
LzEvT0pEbnBGU2FWeDlvdG9qYTFQWE8yT1VwQm9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuURYMA0G
CSqGSIb3DQEBCwUAA4IBAQCU8oNWheiX+MX9qQ5/+2o97ZcebH2DcZnxVHqQGf0s
CyBa6ZrUqZV/yxRQqZjIrBF17X8z1sRnzbMCdeqcfFKKRwYe1Ib6x9QxElRWqLfN
bG43P5mkTrWzVUx69byXbZ76Wyh5Qe/MjhQW4cq13yHTOIkN+cket20NjeV+9zFE
kB/6zojhdu/2AP6kjkpcWStoXL4EvQOvwjKjnWw28JJgLhiAv9O18ayAUjP1a+JQ
FCY4GOR+Ammly9+ZacuhKJ8fzpX1aW0mNiwoUSUEGo4aAlCl7AQcd5UFjarIa3cc
OHDN9iiB3/4m5Su9m3nRODuuuyb5Oj5oD1ESF0MNGlHZ
-----END CERTIFICATE-----
Generated at Mon Apr 21 07:09:43 2025 by rpki-client