Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/013d7e-13f5-4e6e-ab87-2013618c04ff/1/OqGFYTwav9-Hz0eYgFlMaE0SuxQ.roa
File: OqGFYTwav9-Hz0eYgFlMaE0SuxQ.roa (raw, json)
Hash identifier: PB7BpkHS4oLYz/i0H/5+6WGkREOrkA495WprqY1/Gpg=
Subject key identifier: 3A:A1:85:61:3C:1A:BF:DF:87:CF:47:98:80:59:4C:68:4D:12:BB:14
Certificate issuer: /CN=aee9d5086369076a78d761638b32a8a9b8ef70e7
Certificate serial: 018570D54AEEC848531645784FB2BDB6300F
Authority key identifier: AE:E9:D5:08:63:69:07:6A:78:D7:61:63:8B:32:A8:A9:B8:EF:70:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/runVCGNpB2p412FjizKoqbjvcOc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/013d7e-13f5-4e6e-ab87-2013618c04ff/1/OqGFYTwav9-Hz0eYgFlMaE0SuxQ.roa
Signing time: Mon 02 Jan 2023 04:55:04 +0000
ROA not before: Mon 02 Jan 2023 04:55:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48078
IP address blocks: 91.210.24.0/24 maxlen: 24
91.210.24.0/22 maxlen: 22
185.15.63.0/24 maxlen: 24
185.15.62.0/24 maxlen: 24
185.15.61.0/24 maxlen: 24
185.15.60.0/24 maxlen: 24
185.15.60.0/22 maxlen: 22
91.210.27.0/24 maxlen: 24
91.210.26.0/24 maxlen: 24
91.210.25.0/24 maxlen: 24
91.215.89.0/24 maxlen: 24
91.215.88.0/24 maxlen: 24
91.215.88.0/22 maxlen: 22
91.215.91.0/24 maxlen: 24
91.215.90.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:d5:4a:ee:c8:48:53:16:45:78:4f:b2:bd:b6:30:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aee9d5086369076a78d761638b32a8a9b8ef70e7
Validity
Not Before: Jan 2 04:55:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3aa185613c1abfdf87cf479880594c684d12bb14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:4a:9d:bc:30:53:cd:f8:54:11:8d:3a:15:a0:
b1:f7:52:0e:99:67:d9:e4:23:a8:21:8f:21:5a:47:
38:dc:a6:b2:81:e2:83:e1:8d:9a:57:49:ff:45:21:
70:e1:1c:be:72:58:4a:72:bb:90:8c:2b:ae:12:8e:
12:8a:d0:37:56:70:85:bd:bd:e5:04:c2:a3:e5:d0:
ea:7f:f9:e6:07:ac:97:46:c8:3b:0e:1b:50:f8:4e:
90:b5:fc:43:07:fb:32:a0:23:98:ae:27:14:35:eb:
e6:e1:05:84:72:42:49:c7:4a:8e:44:db:54:0f:cd:
5a:cf:fc:ac:06:c0:92:00:a6:db:61:c5:60:b2:54:
39:a0:68:77:66:d1:98:f3:fd:eb:cf:5a:b9:d2:73:
e4:78:36:32:b7:af:ed:d0:f1:de:e5:0f:3f:12:3e:
af:8b:2e:a6:71:f5:52:81:4b:96:10:c4:63:b9:f9:
d1:b3:79:d4:f3:16:fb:a7:b2:dc:ec:e3:81:d6:2b:
98:8b:fb:6e:c2:57:cd:cf:7c:9e:c8:5e:ea:6a:a2:
43:1e:b8:f5:aa:62:f2:94:0d:22:19:0e:f0:3d:85:
23:20:f7:47:e0:76:9f:e5:6e:64:a2:2a:19:1d:9d:
42:57:7e:8f:ea:19:73:c2:20:0c:c6:e4:b2:50:da:
6b:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:A1:85:61:3C:1A:BF:DF:87:CF:47:98:80:59:4C:68:4D:12:BB:14
X509v3 Authority Key Identifier:
keyid:AE:E9:D5:08:63:69:07:6A:78:D7:61:63:8B:32:A8:A9:B8:EF:70:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/runVCGNpB2p412FjizKoqbjvcOc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/013d7e-13f5-4e6e-ab87-2013618c04ff/1/OqGFYTwav9-Hz0eYgFlMaE0SuxQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/013d7e-13f5-4e6e-ab87-2013618c04ff/1/runVCGNpB2p412FjizKoqbjvcOc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.210.24.0/22
91.215.88.0/22
185.15.60.0/22
Signature Algorithm: sha256WithRSAEncryption
74:72:eb:95:42:5f:a7:01:da:a5:ea:ed:4a:fe:bf:d1:fc:aa:
d0:54:bc:2a:6a:42:d8:6d:a6:fb:24:c8:9e:64:7a:cf:c7:2e:
d3:48:d6:db:d8:f9:50:58:40:c6:97:a5:f6:99:72:c0:bb:03:
f1:2d:be:9c:83:8e:66:6e:99:7b:a4:b0:22:79:80:6f:11:8f:
65:90:6f:87:f2:24:bd:ab:6d:71:36:06:e1:d2:5f:1d:0c:3c:
29:e3:5f:a2:c1:69:17:41:ed:32:66:ec:43:49:01:38:7c:f3:
07:2c:3b:42:0b:8a:66:3c:c9:61:fa:31:e8:61:a5:3f:9e:92:
a7:10:dc:cc:84:e6:d4:58:56:0c:1c:c1:38:fb:32:16:56:cc:
4b:50:5c:82:cc:85:d9:61:e4:2a:f5:ae:70:08:fc:c5:4b:5a:
56:5f:48:33:c9:a8:7b:4d:e9:d1:9e:71:71:f1:a5:5d:1f:d7:
48:30:8c:0a:9f:c3:b7:5c:3d:85:30:52:ba:1c:df:ec:b5:e0:
8a:93:ea:61:be:9a:aa:57:56:0f:4a:22:34:24:46:99:df:ac:
bf:db:b1:9e:f9:1c:7a:d3:c4:85:6b:5f:ff:4f:46:2b:82:43:
f6:3d:62:eb:b1:a9:9f:0b:61:c1:34:c5:f3:2a:fd:5e:bd:eb:
21:e0:27:18
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVw1UruyEhTFkV4T7K9tjAPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZTlkNTA4NjM2OTA3NmE3OGQ3NjE2MzhiMzJhOGE5Yjhl
ZjcwZTcwHhcNMjMwMTAyMDQ1NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWExODU2MTNjMWFiZmRmODdjZjQ3OTg4MDU5NGM2ODRkMTJiYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkqdvDBTzfhUEY06FaCx91IOmWfZ
5COoIY8hWkc43KaygeKD4Y2aV0n/RSFw4Ry+clhKcruQjCuuEo4SitA3VnCFvb3l
BMKj5dDqf/nmB6yXRsg7DhtQ+E6QtfxDB/syoCOYricUNevm4QWEckJJx0qORNtU
D81az/ysBsCSAKbbYcVgslQ5oGh3ZtGY8/3rz1q50nPkeDYyt6/t0PHe5Q8/Ej6v
iy6mcfVSgUuWEMRjufnRs3nU8xb7p7Lc7OOB1iuYi/tuwlfNz3yeyF7qaqJDHrj1
qmLylA0iGQ7wPYUjIPdH4Haf5W5koioZHZ1CV36P6hlzwiAMxuSyUNprmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDqhhWE8Gr/fh89HmIBZTGhNErsUMB8GA1UdIwQY
MBaAFK7p1QhjaQdqeNdhY4syqKm473DnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnVuVkNHTnBCMnA0MTJGaml6S29xYmp2Y09jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMTNkN2UtMTNmNS00ZTZlLWFiODct
MjAxMzYxOGMwNGZmLzEvT3FHRllUd2F2OS1IejBlWWdGbE1hRTBTdXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMTNkN2UtMTNmNS00ZTZlLWFiODctMjAxMzYxOGMwNGZm
LzEvcnVuVkNHTnBCMnA0MTJGaml6S29xYmp2Y09jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW9IYAwQC
W9dYAwQCuQ88MA0GCSqGSIb3DQEBCwUAA4IBAQB0cuuVQl+nAdql6u1K/r/R/KrQ
VLwqakLYbab7JMieZHrPxy7TSNbb2PlQWEDGl6X2mXLAuwPxLb6cg45mbpl7pLAi
eYBvEY9lkG+H8iS9q21xNgbh0l8dDDwp41+iwWkXQe0yZuxDSQE4fPMHLDtCC4pm
PMlh+jHoYaU/npKnENzMhObUWFYMHME4+zIWVsxLUFyCzIXZYeQq9a5wCPzFS1pW
X0gzyah7TenRnnFx8aVdH9dIMIwKn8O3XD2FMFK6HN/steCKk+phvpqqV1YPSiI0
JEaZ36y/27Ge+Rx608SFa1//T0YrgkP2PWLrsamfC2HBNMXzKv1evesh4CcY
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:01:21 2025 by rpki-client