Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/o4KSHOk0m5KUXuMIqcm-xXceS84.roa
File: o4KSHOk0m5KUXuMIqcm-xXceS84.roa (raw, json)
Hash identifier: 8OZ/gihbTqfD4JKa3AjUS+c+fGhnQmCob+RvT5uhcOw=
Subject key identifier: A3:82:92:1C:E9:34:9B:92:94:5E:E3:08:A9:C9:BE:C5:77:1E:4B:CE
Certificate issuer: /CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Certificate serial: 018570B98A302943D8CDAFF28EED8AEA5F22
Authority key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/o4KSHOk0m5KUXuMIqcm-xXceS84.roa
Signing time: Mon 02 Jan 2023 04:24:45 +0000
ROA not before: Mon 02 Jan 2023 04:24:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12850
IP address blocks: 212.91.64.0/19 maxlen: 24
37.139.88.0/21 maxlen: 24
212.29.128.0/19 maxlen: 24
80.247.64.0/20 maxlen: 24
178.239.176.0/20 maxlen: 24
87.248.32.0/19 maxlen: 24
185.48.32.0/22 maxlen: 24
185.21.172.0/22 maxlen: 24
2001:4d38::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:b9:8a:30:29:43:d8:cd:af:f2:8e:ed:8a:ea:5f:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7539b7a123417aa719325946aa89e0f30ab0ca09
Validity
Not Before: Jan 2 04:24:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a382921ce9349b92945ee308a9c9bec5771e4bce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:b8:07:cc:f2:27:f5:45:5a:88:c3:b9:c9:9b:
0b:ef:08:d8:db:f9:2b:90:76:45:26:50:66:89:1a:
19:7d:c0:67:ae:21:fb:b3:f1:18:48:d2:0c:58:ac:
c5:c3:8e:c4:cb:5d:36:d4:b7:04:d2:83:b5:5b:c5:
ea:00:6f:96:9c:97:ea:9c:7b:ff:bd:99:ff:13:1b:
3c:99:19:68:7d:d9:9b:e4:48:bc:16:f4:95:97:d9:
f5:d1:16:e4:e2:9e:c9:56:15:16:92:f5:5f:ce:de:
2e:8c:f5:b4:e9:03:49:32:a9:e3:75:db:5e:e9:d5:
37:a1:2d:2d:f9:c2:9a:39:b1:49:35:b4:7a:a8:73:
7e:a8:a2:4e:3e:cb:dc:e5:e0:3e:16:b2:6b:8d:4e:
32:40:cc:2d:5f:68:65:e4:02:bc:b2:52:76:06:f3:
ea:25:ee:9f:8a:56:25:0f:3b:1d:d6:14:ee:16:fc:
52:29:48:e0:28:6a:ae:a1:7d:5e:c2:d2:ea:5e:f8:
6d:ae:7c:d2:1a:ef:85:2b:e6:aa:9e:81:fb:45:57:
9d:9c:5e:ac:3b:22:b4:c0:56:9a:1f:3a:95:af:f3:
54:4b:87:99:47:33:b9:0a:06:1b:c1:d1:1d:b6:0b:
3a:3d:68:cb:2c:01:97:cf:bc:ec:3e:d3:aa:ba:e8:
bf:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:82:92:1C:E9:34:9B:92:94:5E:E3:08:A9:C9:BE:C5:77:1E:4B:CE
X509v3 Authority Key Identifier:
keyid:75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/o4KSHOk0m5KUXuMIqcm-xXceS84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.88.0/21
80.247.64.0/20
87.248.32.0/19
178.239.176.0/20
185.21.172.0/22
185.48.32.0/22
212.29.128.0/19
212.91.64.0/19
IPv6:
2001:4d38::/32
Signature Algorithm: sha256WithRSAEncryption
7c:e3:d5:e5:55:1b:51:9f:0e:d6:eb:8e:e3:c2:da:a2:c5:ed:
b1:cf:f2:8e:9b:cb:20:92:8e:4c:ec:7d:57:29:be:8a:f5:71:
12:86:3c:d4:3b:0e:fb:82:c5:c3:72:ca:55:cd:02:17:8c:b9:
5a:a3:de:d7:e8:8c:06:de:d3:aa:79:4a:87:63:59:25:1d:10:
a3:d4:93:78:f3:40:06:1b:42:19:87:fb:3e:82:6c:9f:33:f8:
dc:d0:ee:cc:9f:15:f3:24:66:b6:46:0f:30:57:b8:a7:77:9f:
75:29:5f:c0:74:f1:dc:e1:f8:31:89:be:31:24:ee:70:67:f5:
de:73:59:40:19:56:ae:d4:93:d1:69:76:2d:20:a0:6c:1c:22:
21:77:38:60:1b:1a:fc:22:2b:33:d3:d6:9d:41:61:08:2f:e9:
f3:59:de:dc:36:4c:09:33:7e:55:14:a6:09:6e:d6:55:54:8a:
1c:65:de:6b:c9:48:ea:5d:49:67:e7:32:1b:86:09:37:ea:a6:
45:13:5c:54:03:cf:26:c1:a9:e0:21:33:1b:30:fa:cd:57:5f:
f0:c1:37:96:a6:47:6d:ca:81:42:dd:71:42:6a:27:1b:37:ea:
b5:c4:ec:f6:bc:41:7f:08:0c:e2:81:4f:da:5f:32:c0:e1:a5:
ec:b2:ca:f0
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVwuYowKUPYza/yju2K6l8iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MzliN2ExMjM0MTdhYTcxOTMyNTk0NmFhODllMGYzMGFi
MGNhMDkwHhcNMjMwMTAyMDQyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzgyOTIxY2U5MzQ5YjkyOTQ1ZWUzMDhhOWM5YmVjNTc3MWU0YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7gHzPIn9UVaiMO5yZsL7wjY2/kr
kHZFJlBmiRoZfcBnriH7s/EYSNIMWKzFw47Ey1021LcE0oO1W8XqAG+WnJfqnHv/
vZn/Exs8mRlofdmb5Ei8FvSVl9n10Rbk4p7JVhUWkvVfzt4ujPW06QNJMqnjddte
6dU3oS0t+cKaObFJNbR6qHN+qKJOPsvc5eA+FrJrjU4yQMwtX2hl5AK8slJ2BvPq
Je6filYlDzsd1hTuFvxSKUjgKGquoX1ewtLqXvhtrnzSGu+FK+aqnoH7RVednF6s
OyK0wFaaHzqVr/NUS4eZRzO5CgYbwdEdtgs6PWjLLAGXz7zsPtOquui/RwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFKOCkhzpNJuSlF7jCKnJvsV3HkvOMB8GA1UdIwQY
MBaAFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjct
NWI1ZTMzY2U3MGFkLzEvbzRLU0hPazBtNUtVWHVNSXFjbS14WGNlUzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi84MDdlZDUtNTBiMy00ZTVmLTkzNjctNWI1ZTMzY2U3MGFk
LzEvZFRtM29TTkJlcWNaTWxsR3Fvbmc4d3F3eWdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDJYtYAwQE
UPdAAwQFV/ggAwQEsu+wAwQCuRWsAwQCuTAgAwQF1B2AAwQF1FtAMA0EAgACMAcD
BQAgAU04MA0GCSqGSIb3DQEBCwUAA4IBAQB849XlVRtRnw7W647jwtqixe2xz/KO
m8sgko5M7H1XKb6K9XEShjzUOw77gsXDcspVzQIXjLlao97X6IwG3tOqeUqHY1kl
HRCj1JN480AGG0IZh/s+gmyfM/jc0O7MnxXzJGa2Rg8wV7ind591KV/AdPHc4fgx
ib4xJO5wZ/Xec1lAGVau1JPRaXYtIKBsHCIhdzhgGxr8Iisz09adQWEIL+nzWd7c
NkwJM35VFKYJbtZVVIocZd5ryUjqXUln5zIbhgk36qZFE1xUA88mwangITMbMPrN
V1/wwTeWpkdtyoFC3XFCaicbN+q1xOz2vEF/CAzigU/aXzLA4aXsssrw
-----END CERTIFICATE-----
Generated at Sat Apr 19 07:17:38 2025 by rpki-client