Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/oxbUBi0wZF70XwZ8XuUxDehEph0.roa
File: oxbUBi0wZF70XwZ8XuUxDehEph0.roa (raw, json)
Hash identifier: qSlntgxC0j2TcFT2E7Q1EwtHo6iis6A6OEJ8B00aiRc=
Subject key identifier: A3:16:D4:06:2D:30:64:5E:F4:5F:06:7C:5E:E5:31:0D:E8:44:A6:1D
Certificate issuer: /CN=344c0836dd5c73b0775904eaa3b7e87a4a0c0cf5
Certificate serial: 0185706741CB4BD7E406941A1D776C124F4C
Authority key identifier: 34:4C:08:36:DD:5C:73:B0:77:59:04:EA:A3:B7:E8:7A:4A:0C:0C:F5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NEwINt1cc7B3WQTqo7foekoMDPU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/oxbUBi0wZF70XwZ8XuUxDehEph0.roa
Signing time: Mon 02 Jan 2023 02:54:53 +0000
ROA not before: Mon 02 Jan 2023 02:54:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201568
IP address blocks: 185.60.68.0/22 maxlen: 22
185.60.68.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:67:41:cb:4b:d7:e4:06:94:1a:1d:77:6c:12:4f:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=344c0836dd5c73b0775904eaa3b7e87a4a0c0cf5
Validity
Not Before: Jan 2 02:54:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a316d4062d30645ef45f067c5ee5310de844a61d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:d8:a1:53:cf:8c:fc:61:7c:2a:54:00:5a:ba:
fe:5a:2b:b0:df:03:c0:84:ee:90:10:f8:d1:2e:7a:
f4:f2:55:54:4c:68:aa:4f:71:05:10:dd:9b:d1:b5:
b8:7e:3d:d7:0a:7c:1a:ec:eb:fc:44:95:84:f2:35:
d0:41:0b:f0:98:aa:eb:de:54:b0:de:cb:ad:88:f5:
76:46:24:4a:1e:12:69:91:1d:9d:7e:75:97:a2:5d:
61:35:a8:ff:e1:ce:9d:d1:a8:1b:1f:d0:f0:ad:5d:
7e:1c:a7:0c:84:7b:38:ad:fa:b7:70:31:f7:6f:fb:
45:df:52:3b:b9:37:2f:3a:5b:2f:06:fe:55:2b:1d:
e2:52:0a:db:88:1a:6e:42:27:47:67:55:a7:f9:3c:
97:c0:fa:d8:92:a6:88:0b:c4:34:66:b7:da:c8:e4:
2a:81:04:3d:f7:b3:3a:c5:5f:a7:6a:92:91:b1:92:
d5:7e:13:31:aa:13:90:1c:2c:c7:39:a2:46:db:e6:
a9:fb:20:2e:0a:47:a4:38:50:39:a5:5e:ae:07:f1:
57:31:5f:eb:d9:07:8b:6e:2a:78:e5:98:a1:fe:4f:
78:55:0a:8d:36:b2:c7:8f:ce:db:86:dd:4e:7c:c6:
3a:63:fc:5b:9a:35:d2:b0:eb:e9:1d:78:f9:e7:6b:
3f:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:16:D4:06:2D:30:64:5E:F4:5F:06:7C:5E:E5:31:0D:E8:44:A6:1D
X509v3 Authority Key Identifier:
keyid:34:4C:08:36:DD:5C:73:B0:77:59:04:EA:A3:B7:E8:7A:4A:0C:0C:F5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NEwINt1cc7B3WQTqo7foekoMDPU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/oxbUBi0wZF70XwZ8XuUxDehEph0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/010dc3-4cef-44e3-ae92-19e134712e92/1/NEwINt1cc7B3WQTqo7foekoMDPU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.60.68.0/22
Signature Algorithm: sha256WithRSAEncryption
88:a9:be:be:3f:ca:b6:88:58:d5:5f:14:75:76:f9:3e:6d:41:
12:19:7c:d9:ad:4b:c3:77:04:1d:e0:f7:02:ab:b2:d5:3b:27:
2c:e2:89:b5:a4:48:1e:93:9b:9d:30:7a:ba:d0:5e:c3:f1:68:
42:15:1a:c9:e0:69:95:0f:69:32:9b:e3:11:ff:4a:18:e7:15:
a1:e3:61:dc:bd:c6:38:61:75:58:b0:57:8e:e9:ab:02:4d:3b:
ef:a1:04:84:e9:29:ef:9b:b6:10:75:9c:d2:e6:48:42:7d:f5:
4d:e4:e6:7d:1d:69:7a:5c:bb:02:47:76:16:5b:0d:d9:04:b0:
8c:d2:cf:e4:fa:80:5b:e1:83:bb:6d:c9:ea:06:56:8e:5b:cc:
e6:1c:1b:f0:e4:59:60:b6:46:47:5a:34:7a:56:7c:c2:41:13:
7d:11:a9:e1:09:fb:2f:9a:83:be:a2:46:45:76:98:0e:eb:29:
57:7d:2f:62:b5:f1:6a:1c:66:74:79:e3:0e:b4:25:11:dd:55:
ab:9e:4b:9c:1a:97:53:db:cf:44:2b:63:b2:c0:34:0f:48:ef:
e9:92:02:1c:d5:22:f9:0f:d4:bb:a9:e7:5e:10:65:bd:7a:6e:
d3:e7:c2:3e:9d:3b:fc:f0:5e:ad:1d:4b:6a:2e:95:94:09:81:
46:98:10:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwZ0HLS9fkBpQaHXdsEk9MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NGMwODM2ZGQ1YzczYjA3NzU5MDRlYWEzYjdlODdhNGEw
YzBjZjUwHhcNMjMwMTAyMDI1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzE2ZDQwNjJkMzA2NDVlZjQ1ZjA2N2M1ZWU1MzEwZGU4NDRhNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwNihU8+M/GF8KlQAWrr+Wiuw3wPA
hO6QEPjRLnr08lVUTGiqT3EFEN2b0bW4fj3XCnwa7Ov8RJWE8jXQQQvwmKrr3lSw
3sutiPV2RiRKHhJpkR2dfnWXol1hNaj/4c6d0agbH9DwrV1+HKcMhHs4rfq3cDH3
b/tF31I7uTcvOlsvBv5VKx3iUgrbiBpuQidHZ1Wn+TyXwPrYkqaIC8Q0ZrfayOQq
gQQ997M6xV+napKRsZLVfhMxqhOQHCzHOaJG2+ap+yAuCkekOFA5pV6uB/FXMV/r
2QeLbip45Zih/k94VQqNNrLHj87bht1OfMY6Y/xbmjXSsOvpHXj552s/3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMW1AYtMGRe9F8GfF7lMQ3oRKYdMB8GA1UdIwQY
MBaAFDRMCDbdXHOwd1kE6qO36HpKDAz1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkV3SU50MWNjN0IzV1FUcW83Zm9la29NRFBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8wMTBkYzMtNGNlZi00NGUzLWFlOTIt
MTllMTM0NzEyZTkyLzEvb3hiVUJpMHdaRjcwWHdaOFh1VXhEZWhFcGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8wMTBkYzMtNGNlZi00NGUzLWFlOTItMTllMTM0NzEyZTky
LzEvTkV3SU50MWNjN0IzV1FUcW83Zm9la29NRFBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTxEMA0G
CSqGSIb3DQEBCwUAA4IBAQCIqb6+P8q2iFjVXxR1dvk+bUESGXzZrUvDdwQd4PcC
q7LVOycs4om1pEgek5udMHq60F7D8WhCFRrJ4GmVD2kym+MR/0oY5xWh42HcvcY4
YXVYsFeO6asCTTvvoQSE6Snvm7YQdZzS5khCffVN5OZ9HWl6XLsCR3YWWw3ZBLCM
0s/k+oBb4YO7bcnqBlaOW8zmHBvw5FlgtkZHWjR6VnzCQRN9EanhCfsvmoO+okZF
dpgO6ylXfS9itfFqHGZ0eeMOtCUR3VWrnkucGpdT289EK2OywDQPSO/pkgIc1SL5
D9S7qedeEGW9em7T58I+nTv88F6tHUtqLpWUCYFGmBDS
-----END CERTIFICATE-----
Generated at Mon Apr 7 18:17:29 2025 by rpki-client