Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/On-VAELjyYpbTMBpGyADW9Yrs2Y.roa
File: On-VAELjyYpbTMBpGyADW9Yrs2Y.roa (raw, json)
Hash identifier: PlApPGcxzZwzxyJtc4WEROL+NHHEhLENY0O/szGp9qI=
Subject key identifier: 3A:7F:95:00:42:E3:C9:8A:5B:4C:C0:69:1B:20:03:5B:D6:2B:B3:66
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 018C8BD5DDFCE592151F696B9B3530D8A5F1
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/On-VAELjyYpbTMBpGyADW9Yrs2Y.roa
Signing time: Thu 21 Dec 2023 10:04:58 +0000
ROA not before: Thu 21 Dec 2023 10:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.249.204.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:8b:d5:dd:fc:e5:92:15:1f:69:6b:9b:35:30:d8:a5:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Dec 21 10:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3a7f950042e3c98a5b4cc0691b20035bd62bb366
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:41:4e:82:8e:72:bc:72:53:41:d7:36:f7:d1:
f9:8f:51:82:76:f3:28:9d:36:b0:35:cf:f6:fb:c2:
a2:b6:4a:e0:e2:3c:b2:29:5d:e5:30:47:3f:b4:32:
03:ee:53:cb:94:cc:40:fc:05:e9:23:d7:6d:e1:65:
cd:df:c8:4a:b0:66:c1:8c:84:33:ea:6e:a4:c3:13:
df:20:ff:61:a1:88:c6:3c:56:4c:2b:0f:ef:06:d6:
cf:e7:e3:1f:b4:8e:16:59:c6:f5:08:c2:d4:bf:67:
b0:96:aa:67:e4:3b:c2:a8:97:9f:bd:51:71:54:b0:
47:87:19:21:08:ab:13:c8:4b:44:9e:2a:39:dc:f6:
54:17:3e:b9:da:ee:2d:2d:e4:fb:fe:b6:f9:58:27:
b1:13:64:0d:00:fb:e9:b1:a8:39:2d:d5:fe:b4:74:
68:6b:d7:7b:03:63:13:d6:b5:6b:83:13:f1:9e:c0:
7e:9b:d2:d3:73:8f:a2:1c:44:b3:99:7f:57:3a:65:
e4:74:94:67:0c:7c:7c:64:76:7b:88:e7:05:8f:72:
20:69:19:de:4a:25:01:3b:8c:c1:0f:c9:1f:03:bb:
17:f9:5a:09:86:38:72:dd:03:35:a5:b2:7f:7f:4e:
57:7d:2b:83:20:a8:6a:dc:80:d9:06:b1:95:e3:a9:
1c:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:7F:95:00:42:E3:C9:8A:5B:4C:C0:69:1B:20:03:5B:D6:2B:B3:66
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/On-VAELjyYpbTMBpGyADW9Yrs2Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.204.0/24
Signature Algorithm: sha256WithRSAEncryption
d2:69:56:f5:61:2a:1f:be:ae:02:c4:ba:2e:35:ce:7f:77:dd:
67:5f:82:16:8f:cf:bf:4c:93:a7:fa:af:93:34:93:81:71:f1:
44:59:1d:db:c2:c0:10:bc:8f:49:38:55:42:ef:a0:c6:47:a3:
14:d7:5d:ed:eb:03:72:3e:1d:a5:38:a4:1b:9a:1a:2c:47:44:
06:b1:74:b0:a5:1e:b3:ed:84:06:c5:3b:eb:ca:b0:a3:b6:0e:
80:2d:a9:3c:a8:cf:36:cc:aa:14:6b:56:44:fd:b3:84:7a:44:
c5:0c:05:bf:ee:2c:01:c3:9f:7e:21:8a:1a:1b:93:5f:44:76:
09:6a:30:34:93:08:3b:cb:55:2f:84:c3:b4:43:9b:02:e3:32:
1b:16:f9:be:19:43:93:f2:a2:53:c8:be:98:2e:db:23:7d:04:
0a:33:ce:f2:60:06:b4:b3:7a:a3:f3:f8:94:46:77:ae:6c:bb:
71:fb:d9:d0:3c:41:01:87:d5:fb:fb:11:5b:53:d2:da:44:07:
3d:5a:ea:e0:57:a2:4a:8b:ff:5d:a5:24:23:cd:0e:36:99:cc:
f0:ed:d6:ed:20:55:72:3d:32:59:cb:f7:ba:29:c3:1b:9c:62:
c8:e5:e2:d8:02:1f:7e:e6:bc:ef:ef:2a:48:72:6f:b2:02:96:
00:62:17:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyL1d385ZIVH2lrmzUw2KXxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjMxMjIxMTAwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTdmOTUwMDQyZTNjOThhNWI0Y2MwNjkxYjIwMDM1YmQ2MmJiMzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkFOgo5yvHJTQdc299H5j1GCdvMo
nTawNc/2+8Kitkrg4jyyKV3lMEc/tDID7lPLlMxA/AXpI9dt4WXN38hKsGbBjIQz
6m6kwxPfIP9hoYjGPFZMKw/vBtbP5+MftI4WWcb1CMLUv2ewlqpn5DvCqJefvVFx
VLBHhxkhCKsTyEtEnio53PZUFz652u4tLeT7/rb5WCexE2QNAPvpsag5LdX+tHRo
a9d7A2MT1rVrgxPxnsB+m9LTc4+iHESzmX9XOmXkdJRnDHx8ZHZ7iOcFj3IgaRne
SiUBO4zBD8kfA7sX+VoJhjhy3QM1pbJ/f05XfSuDIKhq3IDZBrGV46kcYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDp/lQBC48mKW0zAaRsgA1vWK7NmMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvT24tVkFFTGp5WXBiVE1CcEd5QURXOVlyczJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfnMMA0G
CSqGSIb3DQEBCwUAA4IBAQDSaVb1YSofvq4CxLouNc5/d91nX4IWj8+/TJOn+q+T
NJOBcfFEWR3bwsAQvI9JOFVC76DGR6MU113t6wNyPh2lOKQbmhosR0QGsXSwpR6z
7YQGxTvryrCjtg6ALak8qM82zKoUa1ZE/bOEekTFDAW/7iwBw59+IYoaG5NfRHYJ
ajA0kwg7y1UvhMO0Q5sC4zIbFvm+GUOT8qJTyL6YLtsjfQQKM87yYAa0s3qj8/iU
RneubLtx+9nQPEEBh9X7+xFbU9LaRAc9WurgV6JKi/9dpSQjzQ42mczw7dbtIFVy
PTJZy/e6KcMbnGLI5eLYAh9+5rzv7ypIcm+yApYAYhdr
-----END CERTIFICATE-----
Generated at Sun May 11 22:20:48 2025 by rpki-client