Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CgqpxuEknacYfhj1Y7o72nOJE14.roa
File: CgqpxuEknacYfhj1Y7o72nOJE14.roa (raw, json)
Hash identifier: kBIXIuqA2pgO/xFCOG2FYjNVWjZ3GsaEM1EKnZ1jwvQ=
Subject key identifier: 0A:0A:A9:C6:E1:24:9D:A7:18:7E:18:F5:63:BA:3B:DA:73:89:13:5E
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018A1C4C6D45FE0D060A2AD5C335E5F3B8E3
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CgqpxuEknacYfhj1Y7o72nOJE14.roa
Signing time: Tue 22 Aug 2023 08:11:25 +0000
ROA not before: Tue 22 Aug 2023 08:11:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 147291
IP address blocks: 213.152.62.0/24 maxlen: 24
89.213.135.0/24 maxlen: 24
89.213.138.0/24 maxlen: 24
89.213.137.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:1c:4c:6d:45:fe:0d:06:0a:2a:d5:c3:35:e5:f3:b8:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 22 08:11:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0a0aa9c6e1249da7187e18f563ba3bda7389135e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:10:88:ae:30:62:92:94:3e:de:2b:25:d9:a1:
c4:c7:04:19:88:d4:7f:d3:3b:dd:45:bf:e6:c8:42:
f2:ab:84:82:2b:c1:08:02:ba:1d:3b:b1:b9:a1:e1:
45:6b:05:de:1f:40:ab:02:86:4e:f1:70:a5:34:36:
cf:55:77:a5:b4:b3:05:14:4d:66:fc:c3:7f:80:2b:
92:1d:d4:aa:a8:54:a4:45:48:99:02:dd:c2:f0:fa:
9e:99:02:8e:2c:a8:f5:33:e6:67:52:60:b2:9f:be:
fd:7e:6a:73:07:ca:93:9b:27:9c:34:57:83:f1:25:
f2:49:b5:46:ba:de:7f:08:77:ed:e3:91:37:51:be:
38:4e:24:2e:22:a3:0a:64:ed:13:99:e6:13:0f:07:
92:ee:6b:6e:28:ab:2a:54:1a:80:42:48:c7:a1:54:
6d:72:91:af:e3:f0:55:3d:ab:00:51:f7:00:ab:1f:
2a:ca:f5:7b:09:94:3f:34:da:10:d2:c8:44:2f:35:
f9:dd:36:a9:a8:b4:5f:2a:1c:4b:9c:85:27:d4:a9:
b2:d0:2c:f0:cc:3e:c7:aa:ec:66:45:0f:17:8c:12:
3d:31:fb:30:9f:36:5d:7c:d6:86:4e:6c:9f:dc:af:
54:5b:ce:72:85:7a:d7:09:6d:44:3a:42:b6:21:80:
46:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:0A:A9:C6:E1:24:9D:A7:18:7E:18:F5:63:BA:3B:DA:73:89:13:5E
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/CgqpxuEknacYfhj1Y7o72nOJE14.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.213.135.0/24
89.213.137.0-89.213.138.255
89.213.146.0/24
213.152.62.0/24
Signature Algorithm: sha256WithRSAEncryption
34:0b:a6:c5:dd:1b:f7:a8:69:83:77:9a:d7:77:c0:ea:bf:01:
00:2c:ee:59:1f:8b:de:b6:2a:2d:4e:c5:db:68:82:dc:b2:90:
9b:1e:4f:29:43:da:bc:77:2b:35:47:36:e8:e5:84:8e:dc:79:
80:ec:41:1e:08:b3:bd:2a:ac:33:56:1e:cb:f2:2c:ab:97:93:
8b:3c:09:93:8d:0b:df:30:84:ec:cf:a5:a4:e6:77:ac:0c:8e:
d2:68:e6:38:ea:66:90:1e:1d:ed:25:07:dd:80:48:53:aa:2b:
f6:57:a1:fe:48:4b:a8:4b:eb:72:ba:10:4a:c3:60:fc:b0:1e:
78:77:53:8d:13:d1:66:a6:77:55:e6:61:5c:3e:4b:74:bc:40:
10:10:9f:e4:6e:ff:38:54:bb:17:0a:6b:f4:da:a8:c1:6b:de:
39:3b:f0:90:88:12:da:53:83:e4:7a:d1:28:89:ef:d4:15:74:
67:5c:e1:71:d8:48:4f:ef:49:18:39:15:bd:c3:77:ee:cc:50:
2e:74:e8:fd:e2:ab:46:7d:f8:42:e3:38:25:e5:66:b6:a4:1c:
13:40:3c:c3:05:b5:8b:13:14:06:c7:f3:7b:a3:f9:f0:a5:e7:
54:51:94:90:bc:20:2f:7e:54:9b:67:b5:57:38:d5:07:e3:d5:
07:09:24:d0
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYocTG1F/g0GCirVwzXl87jjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODIyMDgxMTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTBhYTljNmUxMjQ5ZGE3MTg3ZTE4ZjU2M2JhM2JkYTczODkxMzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBCIrjBikpQ+3isl2aHExwQZiNR/
0zvdRb/myELyq4SCK8EIArodO7G5oeFFawXeH0CrAoZO8XClNDbPVXeltLMFFE1m
/MN/gCuSHdSqqFSkRUiZAt3C8PqemQKOLKj1M+ZnUmCyn779fmpzB8qTmyecNFeD
8SXySbVGut5/CHft45E3Ub44TiQuIqMKZO0TmeYTDweS7mtuKKsqVBqAQkjHoVRt
cpGv4/BVPasAUfcAqx8qyvV7CZQ/NNoQ0shELzX53TapqLRfKhxLnIUn1Kmy0Czw
zD7HquxmRQ8XjBI9MfswnzZdfNaGTmyf3K9UW85yhXrXCW1EOkK2IYBGlQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAoKqcbhJJ2nGH4Y9WO6O9pziRNeMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQ2dxcHh1RWtuYWNZZmhqMVk3bzcybk9KRTE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAWdWHMAwD
BABZ1YkDBABZ1YoDBABZ1ZIDBADVmD4wDQYJKoZIhvcNAQELBQADggEBADQLpsXd
G/eoaYN3mtd3wOq/AQAs7lkfi962Ki1OxdtogtyykJseTylD2rx3KzVHNujlhI7c
eYDsQR4Is70qrDNWHsvyLKuXk4s8CZONC98whOzPpaTmd6wMjtJo5jjqZpAeHe0l
B92ASFOqK/ZXof5IS6hL63K6EErDYPywHnh3U40T0Wamd1XmYVw+S3S8QBAQn+Ru
/zhUuxcKa/TaqMFr3jk78JCIEtpTg+R60SiJ79QVdGdc4XHYSE/vSRg5Fb3Dd+7M
UC506P3iq0Z9+ELjOCXlZrakHBNAPMMFtYsTFAbH83uj+fCl51RRlJC8IC9+VJtn
tVc41Qfj1QcJJNA=
-----END CERTIFICATE-----
Generated at Sat May 17 02:25:51 2025 by rpki-client