Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/0c9dbb-f2ef-4f15-8b2e-643e447444d6/1/ohb7n0nrbkXscBvz70Orj0CresQ.roa
File: ohb7n0nrbkXscBvz70Orj0CresQ.roa (raw, json)
Hash identifier: 8v8Mehi3wAB2nxZYj6r2TJnNbv8r4ENUXbLtHH7GWQ8=
Subject key identifier: A2:16:FB:9F:49:EB:6E:45:EC:70:1B:F3:EF:43:AB:8F:40:AB:7A:C4
Certificate issuer: /CN=fce25aca434feeb6f573aa463a12c6940bc4d198
Certificate serial: 0186EF054C8DF823715961607BE8F578A6B3
Authority key identifier: FC:E2:5A:CA:43:4F:EE:B6:F5:73:AA:46:3A:12:C6:94:0B:C4:D1:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_OJaykNP7rb1c6pGOhLGlAvE0Zg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/0c9dbb-f2ef-4f15-8b2e-643e447444d6/1/ohb7n0nrbkXscBvz70Orj0CresQ.roa
Signing time: Fri 17 Mar 2023 10:02:27 +0000
ROA not before: Fri 17 Mar 2023 10:02:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21351
IP address blocks: 93.121.128.0/17 maxlen: 24
95.138.0.0/17 maxlen: 24
213.188.160.0/19 maxlen: 24
5.187.96.0/19 maxlen: 24
213.16.0.0/19 maxlen: 24
185.29.48.0/22 maxlen: 24
46.238.128.0/18 maxlen: 24
2a02:1390::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ef:05:4c:8d:f8:23:71:59:61:60:7b:e8:f5:78:a6:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fce25aca434feeb6f573aa463a12c6940bc4d198
Validity
Not Before: Mar 17 10:02:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a216fb9f49eb6e45ec701bf3ef43ab8f40ab7ac4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:46:7a:91:85:ff:f8:48:f3:1b:48:97:98:40:
6b:6d:26:47:0f:3a:d7:6f:dc:8e:a9:ed:29:f0:a4:
37:99:be:33:9a:86:6b:1c:44:2d:03:6f:5c:b7:31:
be:0c:68:c2:db:fc:18:0b:a6:44:35:d7:c9:07:00:
d5:76:79:8d:cd:06:d2:7f:25:a1:95:e9:9a:46:14:
f6:c3:15:1f:09:9d:bf:6c:ec:50:a9:34:a6:67:22:
72:ee:c1:6c:cf:e1:e2:de:84:7b:72:0e:17:5a:fb:
60:63:75:79:7a:65:3a:eb:72:e9:42:6b:db:4b:50:
c8:0e:39:de:28:29:60:70:60:81:91:3f:70:70:d6:
ad:18:ac:be:81:be:2e:89:c8:87:18:b0:9a:ba:45:
96:99:b7:13:fc:87:fa:58:f4:2f:58:9e:0a:0d:e7:
0b:a6:6a:0e:ec:25:b9:36:37:e6:d2:8e:dd:b3:1c:
4a:33:38:c2:1d:78:55:4c:eb:46:79:df:02:b2:69:
d1:72:f7:12:9f:49:29:04:ba:33:95:5b:fd:05:d7:
73:1f:9b:c8:29:a6:0b:0d:e2:a4:76:db:83:23:45:
c2:53:16:50:be:87:92:04:55:c8:31:72:1e:40:73:
96:65:06:6b:53:45:12:60:af:8e:93:cd:59:51:3a:
13:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:16:FB:9F:49:EB:6E:45:EC:70:1B:F3:EF:43:AB:8F:40:AB:7A:C4
X509v3 Authority Key Identifier:
keyid:FC:E2:5A:CA:43:4F:EE:B6:F5:73:AA:46:3A:12:C6:94:0B:C4:D1:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_OJaykNP7rb1c6pGOhLGlAvE0Zg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0c9dbb-f2ef-4f15-8b2e-643e447444d6/1/ohb7n0nrbkXscBvz70Orj0CresQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0c9dbb-f2ef-4f15-8b2e-643e447444d6/1/_OJaykNP7rb1c6pGOhLGlAvE0Zg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.96.0/19
46.238.128.0/18
93.121.128.0/17
95.138.0.0/17
185.29.48.0/22
213.16.0.0/19
213.188.160.0/19
IPv6:
2a02:1390::/29
Signature Algorithm: sha256WithRSAEncryption
51:d9:df:76:52:08:e4:2e:68:d8:43:7e:86:c2:e3:15:0c:4d:
6c:03:27:1b:5d:ec:67:65:62:20:12:83:f3:4c:11:10:5d:23:
6c:d0:47:cd:32:9e:62:29:9e:00:be:10:71:45:2c:ec:65:73:
bd:d1:42:02:fb:36:05:72:32:34:45:23:9b:b9:e1:3c:b2:23:
b5:94:8d:b7:6a:f0:73:08:56:3e:7d:7b:ce:02:90:28:a6:24:
4c:4f:f6:35:36:5f:5d:0b:f4:20:a1:dc:66:5e:a5:a0:74:8f:
70:32:96:39:3f:16:67:dc:ba:d2:54:99:ea:97:62:eb:43:59:
84:dc:2f:8c:3e:9b:31:ec:9d:5e:1d:33:fa:7c:33:1d:c5:b7:
04:2d:84:00:ef:22:bd:94:da:dc:30:4f:24:01:40:a2:32:94:
7e:0e:6c:2a:e9:7d:b5:af:8a:60:59:3a:6e:b3:c9:97:1c:1e:
0e:25:98:1c:7f:1a:e1:09:c8:fd:bb:3c:e8:f0:d6:e0:6c:63:
bf:09:99:31:93:8f:23:4d:00:91:50:a0:cc:e5:8c:bd:89:b9:
c8:e0:3c:0f:91:fa:59:a0:d8:a3:45:b3:a2:4d:a3:d3:04:ca:
22:01:10:03:ce:a4:e6:3e:40:4d:1e:b2:5b:d1:70:ac:50:a0:
19:74:1a:d3
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYbvBUyN+CNxWWFge+j1eKazMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZTI1YWNhNDM0ZmVlYjZmNTczYWE0NjNhMTJjNjk0MGJj
NGQxOTgwHhcNMjMwMzE3MTAwMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE2ZmI5ZjQ5ZWI2ZTQ1ZWM3MDFiZjNlZjQzYWI4ZjQwYWI3YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUZ6kYX/+EjzG0iXmEBrbSZHDzrX
b9yOqe0p8KQ3mb4zmoZrHEQtA29ctzG+DGjC2/wYC6ZENdfJBwDVdnmNzQbSfyWh
lemaRhT2wxUfCZ2/bOxQqTSmZyJy7sFsz+Hi3oR7cg4XWvtgY3V5emU663LpQmvb
S1DIDjneKClgcGCBkT9wcNatGKy+gb4uiciHGLCaukWWmbcT/If6WPQvWJ4KDecL
pmoO7CW5Njfm0o7dsxxKMzjCHXhVTOtGed8CsmnRcvcSn0kpBLozlVv9BddzH5vI
KaYLDeKkdtuDI0XCUxZQvoeSBFXIMXIeQHOWZQZrU0USYK+Ok81ZUToThwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFKIW+59J625F7HAb8+9Dq49Aq3rEMB8GA1UdIwQY
MBaAFPziWspDT+629XOqRjoSxpQLxNGYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09KYXlrTlA3cmIxYzZwR09oTEdsQXZFMFpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wYzlkYmItZjJlZi00ZjE1LThiMmUt
NjQzZTQ0NzQ0NGQ2LzEvb2hiN24wbnJia1hzY0J2ejcwT3JqMENyZXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wYzlkYmItZjJlZi00ZjE1LThiMmUtNjQzZTQ0NzQ0NGQ2
LzEvX09KYXlrTlA3cmIxYzZwR09oTEdsQXZFMFpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQFBbtgAwQG
Lu6AAwQHXXmAAwQHX4oAAwQCuR0wAwQF1RAAAwQF1bygMA0EAgACMAcDBQMqAhOQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBR2d92UgjkLmjYQ36GwuMVDE1sAycbXexnZWIg
EoPzTBEQXSNs0EfNMp5iKZ4AvhBxRSzsZXO90UIC+zYFcjI0RSObueE8siO1lI23
avBzCFY+fXvOApAopiRMT/Y1Nl9dC/QgodxmXqWgdI9wMpY5PxZn3LrSVJnql2Lr
Q1mE3C+MPpsx7J1eHTP6fDMdxbcELYQA7yK9lNrcME8kAUCiMpR+Dmwq6X21r4pg
WTpus8mXHB4OJZgcfxrhCcj9uzzo8NbgbGO/CZkxk48jTQCRUKDM5Yy9ibnI4DwP
kfpZoNijRbOiTaPTBMoiARADzqTmPkBNHrJb0XCsUKAZdBrT
-----END CERTIFICATE-----
Generated at Thu Apr 10 20:25:07 2025 by rpki-client