Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/68b1d3-c938-423e-90dd-21098a61357e/1/WShXZiEZHXYpPaAIBcGUOVIBjeQ.roa
File: WShXZiEZHXYpPaAIBcGUOVIBjeQ.roa (raw, json)
Hash identifier: bIiRGBO7jkuDjHwO/tvt2v+pjaPfykAElaCgsjj3Lhc=
Subject key identifier: 59:28:57:66:21:19:1D:76:29:3D:A0:08:05:C1:94:39:52:01:8D:E4
Certificate issuer: /CN=388cccd78bf16533f33185443ea82dcdad920410
Certificate serial: 0185710BF19B45961FA13BB3F09F8ABF728E
Authority key identifier: 38:8C:CC:D7:8B:F1:65:33:F3:31:85:44:3E:A8:2D:CD:AD:92:04:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OIzM14vxZTPzMYVEPqgtza2SBBA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/68b1d3-c938-423e-90dd-21098a61357e/1/WShXZiEZHXYpPaAIBcGUOVIBjeQ.roa
Signing time: Mon 02 Jan 2023 05:54:46 +0000
ROA not before: Mon 02 Jan 2023 05:54:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51681
IP address blocks: 185.105.16.0/24 maxlen: 24
185.105.17.0/24 maxlen: 24
185.105.19.0/24 maxlen: 24
178.239.208.0/20 maxlen: 20
185.105.18.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:0b:f1:9b:45:96:1f:a1:3b:b3:f0:9f:8a:bf:72:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=388cccd78bf16533f33185443ea82dcdad920410
Validity
Not Before: Jan 2 05:54:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5928576621191d76293da00805c1943952018de4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:30:2c:c9:b1:c2:20:79:a7:f7:67:9b:fb:1b:
de:ca:15:7a:ad:f0:9f:ce:dc:20:42:33:7f:90:11:
0a:9c:8f:dd:52:d1:56:10:0c:d3:11:73:e2:c5:01:
ac:88:b4:2d:1d:af:17:31:1a:80:8a:01:bb:a0:02:
08:50:9f:c9:fb:84:db:0e:59:71:25:60:51:75:bb:
75:09:56:fd:2e:bf:b7:f2:c1:9c:6e:cb:59:75:23:
f3:e0:3a:0f:b4:18:ef:17:ae:e4:ea:11:7a:64:12:
63:b6:51:e3:39:57:d9:3d:7e:56:37:b6:02:bc:2b:
78:85:d2:a4:96:2e:f6:88:8e:97:ea:ab:41:ef:4e:
9f:18:f9:85:88:35:71:44:92:dd:d1:3f:a4:28:4a:
f8:b8:ec:10:78:54:93:23:ce:9b:64:ea:30:a9:5e:
45:ee:68:81:f5:e1:f9:7d:30:be:36:3d:f7:4e:4f:
48:e1:8f:a8:da:be:12:b5:a2:0c:ff:77:a7:0a:23:
a5:c4:cd:34:6a:31:40:e1:54:65:27:a3:21:66:1f:
07:99:4c:c7:a9:ed:64:1b:50:b3:17:03:e3:52:1f:
17:00:a8:20:c2:38:4d:08:2a:5a:4b:67:fa:51:fb:
71:10:7e:da:86:3e:09:c7:08:79:0b:62:ad:ba:b8:
31:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:28:57:66:21:19:1D:76:29:3D:A0:08:05:C1:94:39:52:01:8D:E4
X509v3 Authority Key Identifier:
keyid:38:8C:CC:D7:8B:F1:65:33:F3:31:85:44:3E:A8:2D:CD:AD:92:04:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OIzM14vxZTPzMYVEPqgtza2SBBA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/68b1d3-c938-423e-90dd-21098a61357e/1/WShXZiEZHXYpPaAIBcGUOVIBjeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/68b1d3-c938-423e-90dd-21098a61357e/1/OIzM14vxZTPzMYVEPqgtza2SBBA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.239.208.0/20
185.105.16.0/22
Signature Algorithm: sha256WithRSAEncryption
05:46:75:e9:80:10:ab:9c:a8:62:cb:d5:c2:f5:3e:08:ba:63:
a4:4e:17:26:55:3c:b0:f8:23:11:6e:bb:db:31:4f:5e:72:9a:
36:f8:4f:83:e9:d9:5d:a4:c7:f4:25:cb:df:ac:72:55:1d:46:
9e:a7:73:0e:9f:fa:d5:1a:52:1e:0b:ba:90:77:39:1e:c3:a1:
6b:55:dd:28:f5:7c:1b:ea:12:d6:6b:23:dd:fa:c3:1a:f2:54:
b2:bc:b1:c3:c4:13:5e:06:68:e7:48:8f:6f:8b:df:83:95:17:
94:ea:17:de:91:4d:e7:3b:fe:2f:01:04:d6:e7:64:29:81:dc:
03:df:75:ff:ce:44:bb:19:ed:ef:02:3e:0c:68:69:73:26:4f:
3b:7b:05:62:4d:d5:b6:28:57:94:e6:a8:42:fb:57:53:90:cb:
5c:ab:3e:28:8d:f6:90:79:b8:55:56:03:e1:15:82:8c:8a:da:
25:c5:46:01:9c:72:b5:38:80:3b:cb:bf:d5:24:ad:58:57:96:
8e:76:84:11:9e:92:5b:1b:d5:8a:b1:84:ff:f9:76:af:71:6d:
93:cb:41:82:c3:09:23:6d:28:2a:a9:61:7c:17:64:4d:74:cb:
52:ed:b4:34:99:d7:d0:6a:f4:74:45:c1:8f:81:13:16:b6:15:
6a:0a:26:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxC/GbRZYfoTuz8J+Kv3KOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4OGNjY2Q3OGJmMTY1MzNmMzMxODU0NDNlYTgyZGNkYWQ5
MjA0MTAwHhcNMjMwMTAyMDU1NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTI4NTc2NjIxMTkxZDc2MjkzZGEwMDgwNWMxOTQzOTUyMDE4ZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijAsybHCIHmn92eb+xveyhV6rfCf
ztwgQjN/kBEKnI/dUtFWEAzTEXPixQGsiLQtHa8XMRqAigG7oAIIUJ/J+4TbDllx
JWBRdbt1CVb9Lr+38sGcbstZdSPz4DoPtBjvF67k6hF6ZBJjtlHjOVfZPX5WN7YC
vCt4hdKkli72iI6X6qtB706fGPmFiDVxRJLd0T+kKEr4uOwQeFSTI86bZOowqV5F
7miB9eH5fTC+Nj33Tk9I4Y+o2r4StaIM/3enCiOlxM00ajFA4VRlJ6MhZh8HmUzH
qe1kG1CzFwPjUh8XAKggwjhNCCpaS2f6UftxEH7ahj4Jxwh5C2KturgxgwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFkoV2YhGR12KT2gCAXBlDlSAY3kMB8GA1UdIwQY
MBaAFDiMzNeL8WUz8zGFRD6oLc2tkgQQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0l6TTE0dnhaVFB6TVlWRVBxZ3R6YTJTQkJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS82OGIxZDMtYzkzOC00MjNlLTkwZGQt
MjEwOThhNjEzNTdlLzEvV1NoWFppRVpIWFlwUGFBSUJjR1VPVklCamVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS82OGIxZDMtYzkzOC00MjNlLTkwZGQtMjEwOThhNjEzNTdl
LzEvT0l6TTE0dnhaVFB6TVlWRVBxZ3R6YTJTQkJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEsu/QAwQC
uWkQMA0GCSqGSIb3DQEBCwUAA4IBAQAFRnXpgBCrnKhiy9XC9T4IumOkThcmVTyw
+CMRbrvbMU9ecpo2+E+D6dldpMf0JcvfrHJVHUaep3MOn/rVGlIeC7qQdzkew6Fr
Vd0o9Xwb6hLWayPd+sMa8lSyvLHDxBNeBmjnSI9vi9+DlReU6hfekU3nO/4vAQTW
52QpgdwD33X/zkS7Ge3vAj4MaGlzJk87ewViTdW2KFeU5qhC+1dTkMtcqz4ojfaQ
ebhVVgPhFYKMitolxUYBnHK1OIA7y7/VJK1YV5aOdoQRnpJbG9WKsYT/+XavcW2T
y0GCwwkjbSgqqWF8F2RNdMtS7bQ0mdfQavR0RcGPgRMWthVqCiZ8
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:02:08 2025 by rpki-client