Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/O2gJBOBHbuOwXXSVT9dgUcNkRzU.roa
File: O2gJBOBHbuOwXXSVT9dgUcNkRzU.roa (raw, json)
Hash identifier: y3clLx9G6+COI0O54Sh99h8rjq/mOA1iaMQ6N834v1c=
Subject key identifier: 3B:68:09:04:E0:47:6E:E3:B0:5D:74:95:4F:D7:60:51:C3:64:47:35
Certificate issuer: /CN=58015cc8da1f1bbf343e26ab208df8bb26fd53ae
Certificate serial: 0187BC4BDF3C28D0D8A3E9360284AB2056A7
Authority key identifier: 58:01:5C:C8:DA:1F:1B:BF:34:3E:26:AB:20:8D:F8:BB:26:FD:53:AE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WAFcyNofG780PiarII34uyb9U64.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/O2gJBOBHbuOwXXSVT9dgUcNkRzU.roa
Signing time: Wed 26 Apr 2023 06:41:41 +0000
ROA not before: Wed 26 Apr 2023 06:41:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39040
IP address blocks: 77.95.120.64/26 maxlen: 26
77.95.120.0/26 maxlen: 26
77.95.120.192/26 maxlen: 26
77.95.120.128/27 maxlen: 27
77.95.120.160/27 maxlen: 27
77.95.120.0/24 maxlen: 24
194.187.90.0/23 maxlen: 23
194.187.89.0/24 maxlen: 24
185.63.149.0/24 maxlen: 24
212.103.64.0/24 maxlen: 24
2a02:388::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:bc:4b:df:3c:28:d0:d8:a3:e9:36:02:84:ab:20:56:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58015cc8da1f1bbf343e26ab208df8bb26fd53ae
Validity
Not Before: Apr 26 06:41:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3b680904e0476ee3b05d74954fd76051c3644735
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:ca:88:3a:f2:27:44:b5:2c:55:28:9a:b7:8c:
c7:2c:d2:32:d5:d6:83:be:4d:36:fe:65:bc:25:24:
9f:f4:8d:4d:80:3b:c9:6f:08:41:bc:9c:6c:32:44:
03:c1:21:22:7f:42:c5:f1:ea:3f:b5:8b:7e:58:67:
e6:2d:08:3f:fb:53:70:98:d8:83:9b:b7:c7:4e:bf:
47:ca:11:ed:3b:90:04:46:01:6a:d1:10:ff:48:34:
11:a2:24:c2:ad:0b:86:5e:c5:0a:f4:29:79:35:7c:
07:41:3f:77:71:49:d1:94:ac:4c:da:3b:e0:fb:b0:
b7:6e:da:6b:2f:55:17:58:a0:17:1d:6f:f7:25:de:
93:8e:e2:b8:e4:0e:7b:fe:e5:9c:11:0e:e9:ef:a9:
14:1b:95:9d:ad:77:78:8b:8b:28:8b:b6:80:c1:74:
93:31:ea:05:fd:a7:74:d5:7e:29:d7:fa:5b:2d:c8:
24:30:a4:c6:fb:e4:6a:fd:23:32:e5:f6:57:5d:b3:
8f:76:30:8b:7f:14:ba:dc:2e:9c:98:a8:c9:3f:82:
55:50:07:9a:49:ac:86:81:b7:63:60:88:1f:eb:fb:
8b:0d:b7:91:83:7c:cd:7c:e6:64:49:d0:ef:44:7b:
be:02:b6:bb:42:61:1a:da:2c:3e:3a:d4:2d:5a:c3:
17:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:68:09:04:E0:47:6E:E3:B0:5D:74:95:4F:D7:60:51:C3:64:47:35
X509v3 Authority Key Identifier:
keyid:58:01:5C:C8:DA:1F:1B:BF:34:3E:26:AB:20:8D:F8:BB:26:FD:53:AE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WAFcyNofG780PiarII34uyb9U64.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/O2gJBOBHbuOwXXSVT9dgUcNkRzU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/d4175d-192c-418c-972f-8ee21b74dd56/1/WAFcyNofG780PiarII34uyb9U64.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.95.120.0/24
185.63.149.0/24
194.187.89.0-194.187.91.255
212.103.64.0/24
IPv6:
2a02:388::/32
Signature Algorithm: sha256WithRSAEncryption
84:1f:a0:53:74:1e:f2:41:66:0f:6d:c5:b7:c7:b4:68:42:2e:
1b:ef:bf:61:30:1f:5a:72:48:20:00:08:06:10:74:21:86:c9:
6f:33:fa:ea:dd:8d:9d:bb:c4:06:eb:2b:ca:22:9f:f3:ce:c6:
31:d9:21:05:a5:b8:61:35:83:54:5a:56:14:7d:3c:3b:71:2d:
1c:3f:1f:21:cf:8d:d9:71:a6:3a:d6:a7:86:26:80:42:f7:bd:
05:24:91:af:19:bb:f4:de:a8:81:d3:dd:4c:0c:6e:5f:ea:96:
94:44:dd:fb:4e:ca:64:32:89:b6:a7:34:78:e9:57:83:0c:31:
54:39:2c:a0:9d:5a:01:85:4a:9c:30:a9:c9:25:66:7f:79:e9:
44:26:a6:62:d9:37:59:69:1d:c4:67:0e:d2:1f:3b:8b:86:50:
0f:62:73:3f:cb:61:97:10:31:79:b8:c3:01:77:f9:7a:0b:15:
c0:3c:5d:11:14:24:ed:d6:1d:e5:6a:fd:71:ee:51:ad:b3:b5:
fd:3c:60:62:e0:e9:dc:32:c8:ea:6d:2f:71:a5:29:05:ed:b2:
9e:dc:8d:01:7e:20:6e:c1:99:5e:62:e2:08:51:59:b2:8e:f4:
0f:80:ce:36:b7:9f:30:c9:24:c8:5d:6a:9d:3a:ff:f5:27:c1:
4e:95:e0:ed
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYe8S988KNDYo+k2AoSrIFanMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MDE1Y2M4ZGExZjFiYmYzNDNlMjZhYjIwOGRmOGJiMjZm
ZDUzYWUwHhcNMjMwNDI2MDY0MTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY4MDkwNGUwNDc2ZWUzYjA1ZDc0OTU0ZmQ3NjA1MWMzNjQ0NzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysqIOvInRLUsVSiat4zHLNIy1daD
vk02/mW8JSSf9I1NgDvJbwhBvJxsMkQDwSEif0LF8eo/tYt+WGfmLQg/+1NwmNiD
m7fHTr9HyhHtO5AERgFq0RD/SDQRoiTCrQuGXsUK9Cl5NXwHQT93cUnRlKxM2jvg
+7C3btprL1UXWKAXHW/3Jd6TjuK45A57/uWcEQ7p76kUG5WdrXd4i4soi7aAwXST
MeoF/ad01X4p1/pbLcgkMKTG++Rq/SMy5fZXXbOPdjCLfxS63C6cmKjJP4JVUAea
SayGgbdjYIgf6/uLDbeRg3zNfOZkSdDvRHu+Ara7QmEa2iw+OtQtWsMXbQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFDtoCQTgR27jsF10lU/XYFHDZEc1MB8GA1UdIwQY
MBaAFFgBXMjaHxu/ND4mqyCN+Lsm/VOuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0FGY3lOb2ZHNzgwUGlhcklJMzR1eWI5VTY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kNDE3NWQtMTkyYy00MThjLTk3MmYt
OGVlMjFiNzRkZDU2LzEvTzJnSkJPQkhidU93WFhTVlQ5ZGdVY05rUnpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kNDE3NWQtMTkyYy00MThjLTk3MmYtOGVlMjFiNzRkZDU2
LzEvV0FGY3lOb2ZHNzgwUGlhcklJMzR1eWI5VTY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAmBAIAATAgAwQATV94AwQA
uT+VMAwDBADCu1kDBALCu1gDBADUZ0AwDQQCAAIwBwMFACoCA4gwDQYJKoZIhvcN
AQELBQADggEBAIQfoFN0HvJBZg9txbfHtGhCLhvvv2EwH1pySCAACAYQdCGGyW8z
+urdjZ27xAbrK8oin/POxjHZIQWluGE1g1RaVhR9PDtxLRw/HyHPjdlxpjrWp4Ym
gEL3vQUkka8Zu/TeqIHT3UwMbl/qlpRE3ftOymQyibanNHjpV4MMMVQ5LKCdWgGF
SpwwqcklZn956UQmpmLZN1lpHcRnDtIfO4uGUA9icz/LYZcQMXm4wwF3+XoLFcA8
XREUJO3WHeVq/XHuUa2ztf08YGLg6dwyyOptL3GlKQXtsp7cjQF+IG7BmV5i4ghR
WbKO9A+Azja3nzDJJMhdap06//UnwU6V4O0=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:16:52 2025 by rpki-client