Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/cE0KZawBzSBWqqgJyowTez8-tiU.roa
File: cE0KZawBzSBWqqgJyowTez8-tiU.roa (raw, json)
Hash identifier: 8vh7dUge0AU/TN5zdw2/fvEjZYZiNcV1UIeft2djkt0=
Subject key identifier: 70:4D:0A:65:AC:01:CD:20:56:AA:A8:09:CA:8C:13:7B:3F:3E:B6:25
Certificate issuer: /CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Certificate serial: 018B612C9F637476FBDC2E1FF6F0014F4273
Authority key identifier: F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/cE0KZawBzSBWqqgJyowTez8-tiU.roa
Signing time: Tue 24 Oct 2023 10:13:16 +0000
ROA not before: Tue 24 Oct 2023 10:13:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42337
IP address blocks: 95.38.240.0/21 maxlen: 21
95.38.136.0/22 maxlen: 22
95.38.248.0/22 maxlen: 22
95.38.140.0/22 maxlen: 22
95.38.152.0/21 maxlen: 21
95.38.168.0/22 maxlen: 22
95.38.104.0/22 maxlen: 22
95.38.132.0/22 maxlen: 22
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:61:2c:9f:63:74:76:fb:dc:2e:1f:f6:f0:01:4f:42:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0c104041691dc384f3b1a8cdf95c96628ea6daf
Validity
Not Before: Oct 24 10:13:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=704d0a65ac01cd2056aaa809ca8c137b3f3eb625
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:b4:ca:ac:fd:95:6e:69:b5:2c:e7:51:d9:41:
f9:38:17:5d:7a:d4:19:ae:2c:9c:a3:c4:08:89:1d:
ea:3a:de:46:3c:24:b3:2a:a9:a8:99:5f:d4:e4:ff:
04:4a:da:30:b2:8f:e5:b7:51:ed:ee:dc:8b:04:9a:
24:99:7f:85:f1:53:df:23:3f:b2:aa:70:6a:c4:28:
dd:e5:8e:28:dc:35:58:57:7d:19:06:e4:7a:5b:8a:
5d:43:7f:1b:fd:1d:89:fc:33:4a:ef:2e:8d:40:77:
5b:40:50:5d:3e:d3:15:12:5b:95:2e:c2:97:f9:3a:
d4:0e:91:bf:fc:a4:26:c0:92:91:37:6d:d8:c3:ef:
2b:25:ca:f1:be:cf:5f:6e:9e:d0:93:ac:1b:d8:5e:
50:3e:1b:c0:02:78:44:e3:65:bf:7b:ae:fe:88:5d:
4e:e2:48:0e:77:e6:a6:7d:3d:76:ca:b4:c4:4b:50:
76:05:b7:0d:32:5c:ef:67:45:05:53:fa:57:78:3f:
c1:4c:a6:cd:ca:0d:3c:c7:de:b5:8a:f8:42:07:34:
9f:c2:10:e1:32:1b:cb:ed:9b:21:78:4a:7b:94:9d:
a7:83:e5:10:31:06:99:fe:64:1f:4b:66:2b:9e:c3:
7b:0f:ab:ce:8f:32:db:c9:c9:15:7d:5b:0d:78:75:
32:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:4D:0A:65:AC:01:CD:20:56:AA:A8:09:CA:8C:13:7B:3F:3E:B6:25
X509v3 Authority Key Identifier:
keyid:F0:C1:04:04:16:91:DC:38:4F:3B:1A:8C:DF:95:C9:66:28:EA:6D:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8MEEBBaR3DhPOxqM35XJZijqba8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/cE0KZawBzSBWqqgJyowTez8-tiU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/789caf-c8d2-419e-ae04-691422311729/1/8MEEBBaR3DhPOxqM35XJZijqba8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.38.104.0/22
95.38.132.0-95.38.143.255
95.38.152.0/21
95.38.168.0/22
95.38.240.0-95.38.251.255
Signature Algorithm: sha256WithRSAEncryption
20:a5:97:13:a8:04:27:e3:9c:fb:b1:73:90:b0:a9:5e:9a:c8:
f2:e1:ba:8e:c7:26:6d:ad:71:4a:22:05:0d:ba:1c:b1:03:e5:
11:9f:9b:88:3e:52:65:45:72:ab:ba:78:19:a9:78:44:66:77:
4b:37:17:e8:b2:9c:c3:5e:f3:75:16:7e:40:58:6e:70:b4:9c:
ba:ea:b1:86:a4:d6:a7:68:03:43:b3:0d:13:1c:f1:8c:07:b2:
1b:63:a2:8b:9e:46:15:2b:6c:ef:ea:9d:22:9f:46:7d:8e:bb:
88:33:d4:2a:40:02:ff:fe:c0:4a:37:46:09:7a:b4:44:3e:9e:
79:a8:7f:9e:2a:41:80:73:58:65:ca:19:bd:79:d5:47:5f:6a:
64:ba:7a:ce:07:88:7e:2c:77:65:5f:b9:c7:29:ad:43:5b:11:
bc:6a:34:94:0a:6d:10:1f:c7:3e:e7:9c:c2:16:f1:e4:df:e7:
08:f5:5d:63:80:51:3c:e9:e8:f6:8f:aa:f0:17:43:23:80:0e:
3a:ac:8f:1f:0a:32:d7:ca:f5:d2:de:dd:a4:d5:1d:8f:ce:05:
cc:83:2c:25:c7:1d:18:f3:62:53:db:0e:4e:c9:63:51:05:64:
42:5a:c3:2d:f2:fc:b9:bd:ae:20:f3:d6:e6:7d:6f:c4:6d:c7:
69:d9:77:15
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYthLJ9jdHb73C4f9vABT0JzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwYzEwNDA0MTY5MWRjMzg0ZjNiMWE4Y2RmOTVjOTY2Mjhl
YTZkYWYwHhcNMjMxMDI0MTAxMzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRkMGE2NWFjMDFjZDIwNTZhYWE4MDljYThjMTM3YjNmM2ViNjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurTKrP2Vbmm1LOdR2UH5OBddetQZ
riyco8QIiR3qOt5GPCSzKqmomV/U5P8EStowso/lt1Ht7tyLBJokmX+F8VPfIz+y
qnBqxCjd5Y4o3DVYV30ZBuR6W4pdQ38b/R2J/DNK7y6NQHdbQFBdPtMVEluVLsKX
+TrUDpG//KQmwJKRN23Yw+8rJcrxvs9fbp7Qk6wb2F5QPhvAAnhE42W/e67+iF1O
4kgOd+amfT12yrTES1B2BbcNMlzvZ0UFU/pXeD/BTKbNyg08x961ivhCBzSfwhDh
MhvL7ZsheEp7lJ2ng+UQMQaZ/mQfS2YrnsN7D6vOjzLbyckVfVsNeHUySQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFHBNCmWsAc0gVqqoCcqME3s/PrYlMB8GA1UdIwQY
MBaAFPDBBAQWkdw4TzsajN+VyWYo6m2vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQt
NjkxNDIyMzExNzI5LzEvY0UwS1phd0J6U0JXcXFnSnlvd1RlejgtdGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS83ODljYWYtYzhkMi00MTllLWFlMDQtNjkxNDIyMzExNzI5
LzEvOE1FRUJCYVIzRGhQT3hxTTM1WEpaaWpxYmE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuAwQCXyZoMAwD
BAJfJoQDBARfJoADBANfJpgDBAJfJqgwDAMEBF8m8AMEAl8m+DANBgkqhkiG9w0B
AQsFAAOCAQEAIKWXE6gEJ+Oc+7FzkLCpXprI8uG6jscmba1xSiIFDbocsQPlEZ+b
iD5SZUVyq7p4Gal4RGZ3SzcX6LKcw17zdRZ+QFhucLScuuqxhqTWp2gDQ7MNExzx
jAeyG2Oii55GFSts7+qdIp9GfY67iDPUKkAC//7ASjdGCXq0RD6eeah/nipBgHNY
ZcoZvXnVR19qZLp6zgeIfix3ZV+5xymtQ1sRvGo0lAptEB/HPuecwhbx5N/nCPVd
Y4BRPOno9o+q8BdDI4AOOqyPHwoy18r10t7dpNUdj84FzIMsJccdGPNiU9sOTslj
UQVkQlrDLfL8ub2uIPPW5n1vxG3Hadl3FQ==
-----END CERTIFICATE-----
Generated at Tue Jun 10 18:26:44 2025 by rpki-client