Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/rOzK3lPb5Sg-wQMoJrGpTsAclws.roa
File: rOzK3lPb5Sg-wQMoJrGpTsAclws.roa (raw, json)
Hash identifier: x6nX+80Zv5bsT2Xoa22FQy696bVBKkLmvoerwnjonO0=
Subject key identifier: AC:EC:CA:DE:53:DB:E5:28:3E:C1:03:28:26:B1:A9:4E:C0:1C:97:0B
Certificate issuer: /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial: 018C1A6787BC2C36695AEB7BD454B36056DA
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/rOzK3lPb5Sg-wQMoJrGpTsAclws.roa
Signing time: Wed 29 Nov 2023 09:27:21 +0000
ROA not before: Wed 29 Nov 2023 09:27:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42350
IP address blocks: 93.170.89.0/24 maxlen: 24
95.46.198.0/23 maxlen: 24
146.120.220.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1a:67:87:bc:2c:36:69:5a:eb:7b:d4:54:b3:60:56:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Validity
Not Before: Nov 29 09:27:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aceccade53dbe5283ec1032826b1a94ec01c970b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:10:4e:a0:4f:8c:a7:c0:d7:0c:2e:01:aa:e2:
8c:bb:3c:7d:4d:ef:4d:04:97:48:ff:6e:25:be:5b:
6f:6d:f5:56:51:ae:c9:81:f9:40:4c:73:ad:1f:b4:
e3:24:01:81:a9:83:3d:f1:ee:c3:68:f0:b7:5e:7a:
fd:9b:e5:df:ec:21:f9:de:11:ab:10:ee:52:c1:05:
87:fe:ec:b3:9d:9a:5b:91:fd:1c:2e:78:29:c4:99:
6c:6e:53:c9:71:b6:ae:7e:64:1b:27:99:e6:ef:74:
6c:ae:2f:6e:ce:92:06:70:24:a0:7d:03:4c:a9:08:
d1:8f:2a:23:64:bf:10:14:70:4a:dd:62:a9:1d:fd:
d3:5c:4b:c8:55:5e:76:48:20:df:53:fc:60:68:85:
96:15:e5:70:df:74:44:93:8d:a3:91:eb:23:34:f6:
38:e3:1a:ef:28:85:f3:15:6e:c1:bb:e4:94:07:f3:
aa:a8:7a:c1:41:49:f5:54:38:d5:cf:da:22:18:d8:
5c:a9:fc:60:0b:1b:e4:04:b3:b5:06:a6:22:b5:b9:
14:31:ee:71:33:4a:19:59:42:a2:e2:1f:7b:a6:f0:
a1:68:d4:6f:6b:9e:b0:5d:71:20:a5:99:e8:75:b2:
e4:a2:80:be:8a:40:a6:93:e6:30:93:ad:23:92:36:
ec:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:EC:CA:DE:53:DB:E5:28:3E:C1:03:28:26:B1:A9:4E:C0:1C:97:0B
X509v3 Authority Key Identifier:
keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/rOzK3lPb5Sg-wQMoJrGpTsAclws.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.170.89.0/24
95.46.198.0/23
146.120.220.0/24
Signature Algorithm: sha256WithRSAEncryption
53:38:61:91:88:11:9e:d0:1c:11:6f:ae:69:d9:76:a1:43:b3:
15:ef:2b:91:93:c2:14:33:63:e4:c1:dd:61:67:8d:62:08:b6:
79:3d:c2:3f:db:2a:6e:16:7e:60:87:b5:e2:fd:2e:c9:7b:97:
75:d1:3e:e8:4c:de:3c:19:30:ee:9c:63:03:7d:09:72:56:a0:
fe:e6:6b:b0:4a:89:de:7e:c0:23:90:d1:7e:7d:2b:1b:3b:1a:
39:04:8f:ce:60:22:88:c7:1a:2c:d4:dd:54:5f:24:a2:a3:65:
55:05:03:19:fd:70:15:4d:80:df:9d:7e:35:8e:4b:f8:e3:82:
a3:28:16:15:d8:3b:45:96:e7:8c:b3:3d:9a:4d:b3:5b:5c:a7:
74:50:b3:72:7b:4b:22:1d:30:2c:75:33:b0:2f:ea:13:61:70:
b8:6f:1b:35:db:3e:ba:ba:20:cd:15:f0:d1:8d:a5:e0:1f:85:
65:d4:99:47:4a:92:56:49:7a:6a:1c:67:bf:f6:d6:47:67:01:
64:9e:cc:b3:84:b6:03:b6:f0:1f:4d:b4:0b:ac:ba:d1:45:08:
7b:40:ea:77:d6:4c:d3:51:4a:73:9d:68:51:8c:09:e9:58:ec:
c4:db:80:e7:29:21:f9:cb:ea:79:f2:0e:c1:d4:b3:a7:29:14:
d0:ba:82:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYwaZ4e8LDZpWut71FSzYFbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjMxMTI5MDkyNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2VjY2FkZTUzZGJlNTI4M2VjMTAzMjgyNmIxYTk0ZWMwMWM5NzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRBOoE+Mp8DXDC4BquKMuzx9Te9N
BJdI/24lvltvbfVWUa7JgflATHOtH7TjJAGBqYM98e7DaPC3Xnr9m+Xf7CH53hGr
EO5SwQWH/uyznZpbkf0cLngpxJlsblPJcbaufmQbJ5nm73Rsri9uzpIGcCSgfQNM
qQjRjyojZL8QFHBK3WKpHf3TXEvIVV52SCDfU/xgaIWWFeVw33REk42jkesjNPY4
4xrvKIXzFW7Bu+SUB/OqqHrBQUn1VDjVz9oiGNhcqfxgCxvkBLO1BqYitbkUMe5x
M0oZWUKi4h97pvChaNRva56wXXEgpZnodbLkooC+ikCmk+Ywk60jkjbswQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKzsyt5T2+UoPsEDKCaxqU7AHJcLMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvck96SzNsUGI1U2ctd1FNb0pyR3BUc0FjbHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXapZAwQB
Xy7GAwQAknjcMA0GCSqGSIb3DQEBCwUAA4IBAQBTOGGRiBGe0BwRb65p2XahQ7MV
7yuRk8IUM2Pkwd1hZ41iCLZ5PcI/2ypuFn5gh7Xi/S7Je5d10T7oTN48GTDunGMD
fQlyVqD+5muwSonefsAjkNF+fSsbOxo5BI/OYCKIxxos1N1UXySio2VVBQMZ/XAV
TYDfnX41jkv444KjKBYV2DtFlueMsz2aTbNbXKd0ULNye0siHTAsdTOwL+oTYXC4
bxs12z66uiDNFfDRjaXgH4Vl1JlHSpJWSXpqHGe/9tZHZwFknsyzhLYDtvAfTbQL
rLrRRQh7QOp31kzTUUpznWhRjAnpWOzE24DnKSH5y+p58g7B1LOnKRTQuoJu
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:44:15 2025 by rpki-client