Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Dx83pMhgf7ISHPdliuhJ_qw78k0.roa
File: Dx83pMhgf7ISHPdliuhJ_qw78k0.roa (raw, json)
Hash identifier: Yy9QZG/0N3wbeyphZcBkqItpmmybo8StNGg3anv55DM=
Subject key identifier: 0F:1F:37:A4:C8:60:7F:B2:12:1C:F7:65:8A:E8:49:FE:AC:3B:F2:4D
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01890CE5DD7B11E5788E4D00C838386BAFDA
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Dx83pMhgf7ISHPdliuhJ_qw78k0.roa
Signing time: Fri 30 Jun 2023 15:22:18 +0000
ROA not before: Fri 30 Jun 2023 15:22:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 81.5.189.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.246.0/24 maxlen: 24
82.153.249.0/24 maxlen: 24
82.152.108.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:0c:e5:dd:7b:11:e5:78:8e:4d:00:c8:38:38:6b:af:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 30 15:22:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0f1f37a4c8607fb2121cf7658ae849feac3bf24d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:2e:5e:2f:48:8a:70:c5:da:2a:8b:64:d4:d4:
8c:7a:78:4b:4d:25:47:9e:31:30:e3:43:a7:b8:f0:
3b:db:15:87:7f:5a:9d:ee:2c:b5:d8:47:14:68:dd:
53:e1:ad:6f:ba:5d:da:99:05:6a:ad:46:23:d7:05:
37:37:03:96:16:11:68:e0:18:e9:6e:c8:c1:5b:2a:
21:d7:d2:1f:d9:5f:85:84:e1:0d:b2:27:f3:0a:7f:
f8:8b:d5:0c:5e:59:ce:9b:5f:d8:ac:e0:57:72:bb:
81:cf:c6:d6:5a:25:02:7b:f7:11:f9:9a:8a:a8:2c:
95:37:70:f2:7f:2f:64:86:1c:65:fe:bf:62:b0:5d:
b7:d3:c3:2e:48:fd:00:d6:e4:a2:c4:53:93:6f:98:
47:49:32:cc:16:6d:c1:a1:05:7e:27:c8:3b:d1:49:
f2:5b:99:ff:b3:4f:e2:70:04:85:cb:36:b9:eb:2a:
dd:a3:c4:86:44:9e:8d:1d:6a:a1:2b:d2:1d:05:9a:
a4:90:4f:7e:81:c6:82:29:7f:86:59:90:5e:af:ec:
3c:a4:cb:88:1b:c0:3b:65:51:db:09:1c:22:d4:85:
4e:c6:5d:38:97:d2:63:59:ac:bc:2f:b2:8e:2e:ed:
0d:72:73:9b:e2:d3:9e:c7:30:60:62:0e:ab:2e:08:
e4:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:1F:37:A4:C8:60:7F:B2:12:1C:F7:65:8A:E8:49:FE:AC:3B:F2:4D
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Dx83pMhgf7ISHPdliuhJ_qw78k0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.189.0/24
81.168.119.0/24
81.168.123.0/24
82.152.108.0/24
82.152.253.0/24
82.153.73.0/24
82.153.136.0/22
82.153.246.0/24
82.153.249.0/24
Signature Algorithm: sha256WithRSAEncryption
56:97:89:b5:7c:41:34:98:a4:e5:5e:3a:2e:11:54:cc:2d:5d:
0f:b8:22:fa:87:90:2c:05:46:d5:ca:99:76:c7:3a:56:00:cc:
4d:bb:ab:e6:54:68:b3:b8:4a:e2:c3:d8:06:bd:44:04:81:b7:
4d:01:ea:21:92:ad:97:99:87:fb:8c:f0:1d:07:5c:68:66:43:
64:c0:4b:87:c7:2f:e7:9d:31:fa:35:20:c7:33:e0:43:f3:17:
ce:30:bb:a0:d9:0c:c9:1f:8e:5b:c0:34:47:ca:a0:fd:51:18:
95:58:f2:9f:22:85:d6:38:c2:67:c2:3c:03:a0:a9:b8:51:74:
99:9c:81:7e:e1:38:90:8e:35:a1:db:a7:5d:ba:f2:a9:7c:62:
0e:4a:d2:8e:a3:7b:00:18:5b:89:86:9b:52:f5:ec:f9:d7:56:
f6:36:d2:49:94:a5:d4:e1:0a:63:02:3f:07:49:35:8c:03:94:
49:49:f1:e1:a7:8d:e3:d7:c3:f6:ae:c8:5c:97:a0:92:da:51:
72:28:3f:74:0f:d1:4a:3f:a6:ab:ba:f9:a0:d7:f2:0d:60:92:
38:e3:b4:ff:98:96:bc:bd:04:e6:7c:e9:35:64:a5:69:8b:a2:
87:a7:2d:d9:90:02:19:b0:0c:86:89:60:51:34:c4:18:e5:4c:
76:d1:6a:93
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYkM5d17EeV4jk0AyDg4a6/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjMwMTUyMjE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjFmMzdhNGM4NjA3ZmIyMTIxY2Y3NjU4YWU4NDlmZWFjM2JmMjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiC5eL0iKcMXaKotk1NSMenhLTSVH
njEw40OnuPA72xWHf1qd7iy12EcUaN1T4a1vul3amQVqrUYj1wU3NwOWFhFo4Bjp
bsjBWyoh19If2V+FhOENsifzCn/4i9UMXlnOm1/YrOBXcruBz8bWWiUCe/cR+ZqK
qCyVN3Dyfy9khhxl/r9isF2308MuSP0A1uSixFOTb5hHSTLMFm3BoQV+J8g70Uny
W5n/s0/icASFyza56yrdo8SGRJ6NHWqhK9IdBZqkkE9+gcaCKX+GWZBer+w8pMuI
G8A7ZVHbCRwi1IVOxl04l9JjWay8L7KOLu0NcnOb4tOexzBgYg6rLgjkWwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFA8fN6TIYH+yEhz3ZYroSf6sO/JNMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRHg4M3BNaGdmN0lTSFBkbGl1aEpfcXc3OGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUQW9AwQA
Uah3AwQAUah7AwQAUphsAwQAUpj9AwQAUplJAwQCUpmIAwQAUpn2AwQAUpn5MA0G
CSqGSIb3DQEBCwUAA4IBAQBWl4m1fEE0mKTlXjouEVTMLV0PuCL6h5AsBUbVypl2
xzpWAMxNu6vmVGizuEriw9gGvUQEgbdNAeohkq2XmYf7jPAdB1xoZkNkwEuHxy/n
nTH6NSDHM+BD8xfOMLug2QzJH45bwDRHyqD9URiVWPKfIoXWOMJnwjwDoKm4UXSZ
nIF+4TiQjjWh26dduvKpfGIOStKOo3sAGFuJhptS9ez511b2NtJJlKXU4QpjAj8H
STWMA5RJSfHhp43j18P2rshcl6CS2lFyKD90D9FKP6aruvmg1/INYJI447T/mJa8
vQTmfOk1ZKVpi6KHpy3ZkAIZsAyGiWBRNMQY5Ux20WqT
-----END CERTIFICATE-----
Generated at Sat May 17 02:12:43 2025 by rpki-client