Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/oeNQYrfueKhwaCrh0NTp7f7SQlk.roa
File: oeNQYrfueKhwaCrh0NTp7f7SQlk.roa (raw, json)
Hash identifier: ltk+LnvQuWDn8dYcIli1pwjClUET1N4E7oQiuVZehQc=
Subject key identifier: A1:E3:50:62:B7:EE:78:A8:70:68:2A:E1:D0:D4:E9:ED:FE:D2:42:59
Certificate issuer: /CN=ecb612e1f6b4d83f8a5d552cf3b60edd23bfe9f4
Certificate serial: 01856E8B0BBBE53A8CFA344E798D39919714
Authority key identifier: EC:B6:12:E1:F6:B4:D8:3F:8A:5D:55:2C:F3:B6:0E:DD:23:BF:E9:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7LYS4fa02D-KXVUs87YO3SO_6fQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/oeNQYrfueKhwaCrh0NTp7f7SQlk.roa
Signing time: Sun 01 Jan 2023 18:14:44 +0000
ROA not before: Sun 01 Jan 2023 18:14:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49282
IP address blocks: 95.175.96.0/19 maxlen: 19
85.194.204.0/22 maxlen: 22
95.175.124.0/22 maxlen: 22
164.215.32.0/21 maxlen: 21
185.162.156.0/22 maxlen: 22
185.18.76.0/22 maxlen: 22
2a03:e580::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:8b:0b:bb:e5:3a:8c:fa:34:4e:79:8d:39:91:97:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ecb612e1f6b4d83f8a5d552cf3b60edd23bfe9f4
Validity
Not Before: Jan 1 18:14:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a1e35062b7ee78a870682ae1d0d4e9edfed24259
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:1d:ea:89:bc:8e:10:33:d6:8e:28:44:f1:56:
2d:7a:0a:48:4a:27:47:c7:52:1d:be:e4:30:9e:ba:
e9:33:b6:ab:31:97:e0:27:2e:41:18:62:92:1e:3d:
ed:7b:10:f0:18:33:5a:b6:23:cb:97:17:7b:92:d8:
a6:3c:43:22:6a:be:56:66:67:db:bc:b6:dc:c1:92:
a7:6e:bb:5f:3f:e9:aa:6f:cf:64:92:a1:4a:51:16:
b0:48:b5:ca:27:18:d5:1a:2e:cf:8f:15:a6:0d:bb:
ab:88:7e:9f:8c:87:8a:4f:1a:a0:75:af:f0:39:8c:
99:fa:00:6d:c5:42:de:35:1b:1d:e4:55:ca:e9:24:
f0:1d:82:e5:02:6c:98:65:6f:45:fc:23:55:89:b3:
d7:97:5d:b4:83:43:d8:ea:bb:a5:5b:09:37:36:b9:
81:e3:48:be:3c:8c:d2:24:c2:64:2a:cd:43:1d:2f:
a2:7e:0d:2c:13:95:25:be:4f:44:b9:e6:52:8d:7c:
89:11:3e:ef:79:15:40:e8:a1:b1:6a:c8:50:7f:6c:
1c:d0:57:55:ec:87:43:78:21:b4:1d:f6:b6:41:94:
57:4b:58:d6:ad:36:e7:08:a4:9d:a5:14:da:ed:7e:
fa:57:ac:e7:91:d4:c7:90:f4:8d:e4:54:9f:0c:8d:
da:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:E3:50:62:B7:EE:78:A8:70:68:2A:E1:D0:D4:E9:ED:FE:D2:42:59
X509v3 Authority Key Identifier:
keyid:EC:B6:12:E1:F6:B4:D8:3F:8A:5D:55:2C:F3:B6:0E:DD:23:BF:E9:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7LYS4fa02D-KXVUs87YO3SO_6fQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/oeNQYrfueKhwaCrh0NTp7f7SQlk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/5cd884-79f5-483d-904a-96fe1911d0b3/1/7LYS4fa02D-KXVUs87YO3SO_6fQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.194.204.0/22
95.175.96.0/19
164.215.32.0/21
185.18.76.0/22
185.162.156.0/22
IPv6:
2a03:e580::/29
Signature Algorithm: sha256WithRSAEncryption
94:fe:4b:6f:1a:ba:c5:c8:03:ec:fc:6c:7d:4e:61:f8:9b:a0:
c3:7c:bb:01:3c:38:6d:59:d6:3f:b8:12:33:21:d2:3b:9c:9a:
91:bf:68:f5:25:21:e3:47:a6:10:da:fd:99:4a:a1:ae:e0:71:
7f:ed:71:dd:7e:05:ca:5b:94:6e:c8:a1:3d:21:1f:09:b5:00:
87:eb:af:5e:d1:72:1b:cd:56:f0:c1:4e:a1:7b:45:30:94:f0:
06:dc:9b:0e:97:b9:1f:7c:66:7c:e6:12:96:e4:0f:8f:89:0d:
51:65:97:5e:c4:32:69:9a:a6:18:72:b7:81:59:9f:ab:1f:64:
5f:d0:10:e7:9a:f6:f2:70:92:fa:f9:04:e9:ec:67:f8:d9:9c:
f7:07:32:31:7b:7d:29:4a:8f:4f:b5:7a:3e:81:68:85:93:b4:
f8:cd:ae:d2:7f:16:de:9a:d7:b3:76:6c:2a:a1:f3:15:aa:80:
68:06:9b:10:93:0a:13:67:33:a7:85:f4:02:ec:2e:1b:94:32:
e1:91:d6:e8:50:74:f4:dd:51:d4:e2:cf:e2:82:21:97:e3:f3:
76:73:63:67:93:6b:02:03:cd:2f:21:d6:40:bc:0d:e1:53:e6:
78:78:48:5c:ac:eb:f8:dc:55:c2:2c:56:cf:30:cf:3d:b0:39:
70:92:4f:ac
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVuiwu75TqM+jROeY05kZcUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjYjYxMmUxZjZiNGQ4M2Y4YTVkNTUyY2YzYjYwZWRkMjNi
ZmU5ZjQwHhcNMjMwMTAxMTgxNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWUzNTA2MmI3ZWU3OGE4NzA2ODJhZTFkMGQ0ZTllZGZlZDI0MjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjx3qibyOEDPWjihE8VYtegpISidH
x1IdvuQwnrrpM7arMZfgJy5BGGKSHj3texDwGDNatiPLlxd7ktimPEMiar5WZmfb
vLbcwZKnbrtfP+mqb89kkqFKURawSLXKJxjVGi7PjxWmDburiH6fjIeKTxqgda/w
OYyZ+gBtxULeNRsd5FXK6STwHYLlAmyYZW9F/CNVibPXl120g0PY6rulWwk3NrmB
40i+PIzSJMJkKs1DHS+ifg0sE5Ulvk9EueZSjXyJET7veRVA6KGxashQf2wc0FdV
7IdDeCG0Hfa2QZRXS1jWrTbnCKSdpRTa7X76V6znkdTHkPSN5FSfDI3aRQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKHjUGK37niocGgq4dDU6e3+0kJZMB8GA1UdIwQY
MBaAFOy2EuH2tNg/il1VLPO2Dt0jv+n0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0xZUzRmYTAyRC1LWFZVczg3WU8zU09fNmZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81Y2Q4ODQtNzlmNS00ODNkLTkwNGEt
OTZmZTE5MTFkMGIzLzEvb2VOUVlyZnVlS2h3YUNyaDBOVHA3ZjdTUWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81Y2Q4ODQtNzlmNS00ODNkLTkwNGEtOTZmZTE5MTFkMGIz
LzEvN0xZUzRmYTAyRC1LWFZVczg3WU8zU09fNmZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCVcLMAwQF
X69gAwQDpNcgAwQCuRJMAwQCuaKcMA0EAgACMAcDBQMqA+WAMA0GCSqGSIb3DQEB
CwUAA4IBAQCU/ktvGrrFyAPs/Gx9TmH4m6DDfLsBPDhtWdY/uBIzIdI7nJqRv2j1
JSHjR6YQ2v2ZSqGu4HF/7XHdfgXKW5RuyKE9IR8JtQCH669e0XIbzVbwwU6he0Uw
lPAG3JsOl7kffGZ85hKW5A+PiQ1RZZdexDJpmqYYcreBWZ+rH2Rf0BDnmvbycJL6
+QTp7Gf42Zz3BzIxe30pSo9PtXo+gWiFk7T4za7SfxbemtezdmwqofMVqoBoBpsQ
kwoTZzOnhfQC7C4blDLhkdboUHT03VHU4s/igiGX4/N2c2Nnk2sCA80vIdZAvA3h
U+Z4eEhcrOv43FXCLFbPMM89sDlwkk+s
-----END CERTIFICATE-----
Generated at Wed Apr 23 04:18:14 2025 by rpki-client