Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/0boMtffa-RCl14Fh7I-QB3sKwZE.roa
File: 0boMtffa-RCl14Fh7I-QB3sKwZE.roa (raw, json)
Hash identifier: OHZ7D+FGpKxRFtKST0keJzRfISeipLE+FT6NQjAPcmQ=
Subject key identifier: D1:BA:0C:B5:F7:DA:F9:10:A5:D7:81:61:EC:8F:90:07:7B:0A:C1:91
Certificate issuer: /CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Certificate serial: 0188F8728CB3765D8EF4071840D64F62F032
Authority key identifier: C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/0boMtffa-RCl14Fh7I-QB3sKwZE.roa
Signing time: Mon 26 Jun 2023 16:03:56 +0000
ROA not before: Mon 26 Jun 2023 16:03:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206610
IP address blocks: 185.104.168.0/22 maxlen: 24
185.173.180.0/22 maxlen: 24
78.111.128.0/20 maxlen: 24
2a0b:b880::/29 maxlen: 48
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:f8:72:8c:b3:76:5d:8e:f4:07:18:40:d6:4f:62:f0:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c453f5e230420bc4a70d0a61de3b47dcda1a8d0e
Validity
Not Before: Jun 26 16:03:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d1ba0cb5f7daf910a5d78161ec8f90077b0ac191
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:c5:4e:56:6c:3e:85:9a:e2:0b:8d:1a:92:ff:
4c:ed:e6:5a:92:e1:dd:96:56:d7:a0:1f:b4:68:a1:
67:b7:b1:6d:0b:14:63:6c:97:46:a1:b3:de:4e:9a:
c9:07:dc:64:c1:d3:26:66:cb:27:17:20:46:47:0e:
de:e9:dd:89:ea:7d:9d:96:54:bd:1e:39:fd:22:a1:
c9:ea:08:1a:a8:32:59:05:ad:b8:6c:59:e7:ee:07:
d2:6a:f6:63:49:6a:71:8f:2f:35:9b:fe:fe:5e:1f:
5f:35:98:e9:ad:ab:cc:1e:0c:87:08:a6:ec:41:5f:
3c:58:a0:65:c6:6e:79:51:bc:dc:fa:c1:14:03:d0:
49:9a:03:71:df:f7:d3:da:7d:ff:d8:ca:2c:24:dd:
a3:e4:ed:aa:09:aa:d6:30:c4:04:49:3f:0e:66:4e:
e9:ba:fb:df:f0:97:4b:32:98:0b:a7:bb:6d:cf:73:
49:e1:70:92:09:92:b6:86:77:43:f3:65:b8:9d:dd:
d8:f3:2d:68:0c:99:9e:d6:7d:a0:b4:94:4f:50:50:
9e:e5:a7:53:bb:46:bc:ff:85:2e:e5:ce:d3:6e:39:
0c:ad:25:79:04:3d:31:7b:80:26:a7:f2:a9:90:bd:
80:72:94:7a:c8:dc:0b:d2:49:10:21:a2:ad:4f:79:
99:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:BA:0C:B5:F7:DA:F9:10:A5:D7:81:61:EC:8F:90:07:7B:0A:C1:91
X509v3 Authority Key Identifier:
keyid:C4:53:F5:E2:30:42:0B:C4:A7:0D:0A:61:DE:3B:47:DC:DA:1A:8D:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFP14jBCC8SnDQph3jtH3NoajQ4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/0boMtffa-RCl14Fh7I-QB3sKwZE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/487562-d171-4686-8569-e6cf17cdda4f/1/xFP14jBCC8SnDQph3jtH3NoajQ4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.111.128.0/20
185.104.168.0/22
185.173.180.0/22
IPv6:
2a0b:b880::/29
Signature Algorithm: sha256WithRSAEncryption
8f:72:ad:54:0a:1e:42:bc:24:db:e2:ab:ba:8e:c1:f2:46:a0:
c8:5c:ff:6a:9c:35:6a:26:56:5f:1c:77:5d:70:00:c4:cd:cf:
40:45:83:77:cc:17:ed:22:47:22:5a:c0:2b:6c:88:64:27:0a:
6c:0c:52:10:f8:9b:2d:87:1d:91:15:61:4b:15:8b:fd:e4:60:
d7:aa:aa:41:38:01:24:11:a0:11:ae:ba:ef:9f:8c:11:57:93:
01:75:c3:af:71:c0:8a:e9:4a:76:cf:2d:b8:92:5d:98:c0:93:
b5:67:4c:3c:f6:43:08:86:be:7d:df:20:53:90:e6:c8:0f:81:
3d:89:44:2a:ea:7d:4e:b4:d5:58:1f:6b:36:6f:5b:dd:14:e1:
e0:e5:10:90:c4:ee:75:41:c2:8e:13:90:b7:1e:d5:83:4c:a2:
d7:a4:f9:01:d4:ad:ec:65:1c:ba:13:49:07:54:ac:09:5a:8b:
95:58:fe:c3:83:c1:22:74:44:aa:4c:de:8c:1d:2b:a6:45:6a:
88:fe:d0:a7:82:9a:75:ac:91:6c:f6:99:3f:32:16:88:4e:4a:
cf:29:97:3b:8a:52:b9:98:0f:f0:7f:54:51:e1:44:db:ff:1e:
ad:89:29:36:65:61:19:64:5a:9b:74:8b:66:57:1e:9d:e0:3b:
dd:bd:c5:59
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYj4coyzdl2O9AcYQNZPYvAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NTNmNWUyMzA0MjBiYzRhNzBkMGE2MWRlM2I0N2RjZGEx
YThkMGUwHhcNMjMwNjI2MTYwMzU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWJhMGNiNWY3ZGFmOTEwYTVkNzgxNjFlYzhmOTAwNzdiMGFjMTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcVOVmw+hZriC40akv9M7eZakuHd
llbXoB+0aKFnt7FtCxRjbJdGobPeTprJB9xkwdMmZssnFyBGRw7e6d2J6n2dllS9
Hjn9IqHJ6ggaqDJZBa24bFnn7gfSavZjSWpxjy81m/7+Xh9fNZjpravMHgyHCKbs
QV88WKBlxm55Ubzc+sEUA9BJmgNx3/fT2n3/2MosJN2j5O2qCarWMMQEST8OZk7p
uvvf8JdLMpgLp7ttz3NJ4XCSCZK2hndD82W4nd3Y8y1oDJme1n2gtJRPUFCe5adT
u0a8/4Uu5c7TbjkMrSV5BD0xe4Amp/KpkL2AcpR6yNwL0kkQIaKtT3mZTwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFNG6DLX32vkQpdeBYeyPkAd7CsGRMB8GA1UdIwQY
MBaAFMRT9eIwQgvEpw0KYd47R9zaGo0OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1Njkt
ZTZjZjE3Y2RkYTRmLzEvMGJvTXRmZmEtUkNsMTRGaDdJLVFCM3NLd1pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS80ODc1NjItZDE3MS00Njg2LTg1NjktZTZjZjE3Y2RkYTRm
LzEveEZQMTRqQkNDOFNuRFFwaDNqdEgzTm9halE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQETm+AAwQC
uWioAwQCua20MA0EAgACMAcDBQMqC7iAMA0GCSqGSIb3DQEBCwUAA4IBAQCPcq1U
Ch5CvCTb4qu6jsHyRqDIXP9qnDVqJlZfHHddcADEzc9ARYN3zBftIkciWsArbIhk
JwpsDFIQ+Jsthx2RFWFLFYv95GDXqqpBOAEkEaARrrrvn4wRV5MBdcOvccCK6Up2
zy24kl2YwJO1Z0w89kMIhr593yBTkObID4E9iUQq6n1OtNVYH2s2b1vdFOHg5RCQ
xO51QcKOE5C3HtWDTKLXpPkB1K3sZRy6E0kHVKwJWouVWP7Dg8EidESqTN6MHSum
RWqI/tCngpp1rJFs9pk/MhaITkrPKZc7ilK5mA/wf1RR4UTb/x6tiSk2ZWEZZFqb
dItmVx6d4DvdvcVZ
-----END CERTIFICATE-----
Generated at Wed May 7 15:18:24 2025 by rpki-client