Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aN8qdUaox2p8WATRgj4MkRguFhs.roa
File: aN8qdUaox2p8WATRgj4MkRguFhs.roa (raw, json)
Hash identifier: k3m1UvHDrqtmm4i0cd8ed4awVme9wD6x3eUtJheh3xI=
Subject key identifier: 68:DF:2A:75:46:A8:C7:6A:7C:58:04:D1:82:3E:0C:91:18:2E:16:1B
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01891663A96850BB59887CBBF7DD827D9F69
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aN8qdUaox2p8WATRgj4MkRguFhs.roa
Signing time: Sun 02 Jul 2023 11:36:17 +0000
ROA not before: Sun 02 Jul 2023 11:36:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 140155
IP address blocks: 82.153.227.0/24 maxlen: 24
89.213.189.0/24 maxlen: 24
89.213.188.0/24 maxlen: 24
89.213.141.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
109.176.252.0/24 maxlen: 24
109.176.253.0/24 maxlen: 24
89.213.154.0/24 maxlen: 24
82.153.225.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:16:63:a9:68:50:bb:59:88:7c:bb:f7:dd:82:7d:9f:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jul 2 11:36:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=68df2a7546a8c76a7c5804d1823e0c91182e161b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:8e:51:4f:8f:97:95:17:57:c2:45:d7:cc:46:
dc:31:5d:9b:b7:68:f1:3c:da:a9:f2:3c:84:b5:3a:
c9:8f:04:1c:55:3a:12:46:1c:47:ba:71:26:3d:fd:
5e:00:22:b4:c3:42:0a:50:bc:0d:cc:31:b2:7e:b3:
8b:e8:f4:55:a8:88:9a:18:22:02:64:a2:54:c6:60:
c8:7e:8b:d1:b8:89:18:38:8f:6e:7e:a5:52:23:54:
47:2c:72:a3:10:74:61:03:63:79:87:f7:c6:6a:49:
81:45:5e:e6:cf:b9:1a:77:06:29:9b:0a:0b:a4:84:
ef:95:db:2c:75:40:09:74:0b:04:a8:28:f9:da:bf:
d2:25:df:a9:78:b8:6e:c8:0c:e3:4c:e8:e2:4e:07:
7f:39:21:6a:82:cb:d6:df:d8:9c:3d:24:70:30:77:
1b:5c:41:8b:f8:af:7f:28:89:45:8a:19:f8:74:9c:
10:85:f7:57:75:73:65:4d:0a:0a:25:76:79:0e:23:
8f:de:0c:e2:7a:27:7f:f9:45:6c:f9:9a:ff:a9:a0:
cc:14:b7:de:50:72:37:e1:80:b3:7a:28:71:77:53:
d3:a7:82:54:eb:0b:3d:84:dc:fd:24:bc:71:32:7f:
ee:7c:a1:3a:10:5f:c7:c0:a8:c3:33:5d:70:88:60:
51:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:DF:2A:75:46:A8:C7:6A:7C:58:04:D1:82:3E:0C:91:18:2E:16:1B
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aN8qdUaox2p8WATRgj4MkRguFhs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.225.0/24
82.153.227.0/24
89.213.141.0/24
89.213.146.0/24
89.213.154.0/24
89.213.188.0/23
109.176.252.0/23
Signature Algorithm: sha256WithRSAEncryption
1b:ec:06:ef:a1:16:e0:46:6f:d6:37:30:88:ef:ad:31:5f:af:
24:1a:f2:e3:e3:2d:32:c6:e8:36:06:73:84:59:3c:0c:23:b8:
53:ae:ec:f7:62:73:75:3b:df:83:97:fa:04:5c:32:40:fa:2d:
e1:1d:32:8a:59:cb:c3:67:99:b8:42:8a:47:48:d3:18:17:5e:
00:d5:47:ce:8e:7f:1b:8b:73:ef:e8:bd:80:78:d1:a3:2f:31:
ba:68:6c:3b:12:73:ef:2f:2a:89:10:41:4b:35:85:d2:7d:b8:
87:c5:bb:0d:38:19:73:f9:8e:b7:f7:28:d5:be:34:09:1c:8a:
04:62:59:76:0e:70:83:19:92:14:98:0c:9f:8a:30:99:f8:eb:
79:fc:52:30:ca:b4:89:5d:7e:da:88:d5:f7:57:36:90:63:05:
71:9c:be:61:2a:3c:7d:85:f2:d1:17:47:d4:64:c2:9d:fe:af:
7b:08:70:ca:42:3c:ca:39:62:5a:e3:b5:d2:29:ef:ad:63:38:
54:01:1a:36:d6:23:97:18:7e:2e:24:91:9b:af:fe:8c:f5:0e:
b9:1a:aa:ca:88:cd:1f:e1:4c:69:36:74:bf:b9:8e:28:d2:2b:
7e:fe:a3:fc:3a:19:cb:39:24:54:e0:cc:81:6f:9a:f2:fd:82:
1f:88:a0:f6
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYkWY6loULtZiHy7992CfZ9pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzAyMTEzNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGRmMmE3NTQ2YThjNzZhN2M1ODA0ZDE4MjNlMGM5MTE4MmUxNjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I5RT4+XlRdXwkXXzEbcMV2bt2jx
PNqp8jyEtTrJjwQcVToSRhxHunEmPf1eACK0w0IKULwNzDGyfrOL6PRVqIiaGCIC
ZKJUxmDIfovRuIkYOI9ufqVSI1RHLHKjEHRhA2N5h/fGakmBRV7mz7kadwYpmwoL
pITvldssdUAJdAsEqCj52r/SJd+peLhuyAzjTOjiTgd/OSFqgsvW39icPSRwMHcb
XEGL+K9/KIlFihn4dJwQhfdXdXNlTQoKJXZ5DiOP3gzieid/+UVs+Zr/qaDMFLfe
UHI34YCzeihxd1PTp4JU6ws9hNz9JLxxMn/ufKE6EF/HwKjDM11wiGBRdQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGjfKnVGqMdqfFgE0YI+DJEYLhYbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYU44cWRVYW94MnA4V0FUUmdqNE1rUmd1RmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAUpnhAwQA
UpnjAwQAWdWNAwQAWdWSAwQAWdWaAwQBWdW8AwQBbbD8MA0GCSqGSIb3DQEBCwUA
A4IBAQAb7AbvoRbgRm/WNzCI760xX68kGvLj4y0yxug2BnOEWTwMI7hTruz3YnN1
O9+Dl/oEXDJA+i3hHTKKWcvDZ5m4QopHSNMYF14A1UfOjn8bi3Pv6L2AeNGjLzG6
aGw7EnPvLyqJEEFLNYXSfbiHxbsNOBlz+Y639yjVvjQJHIoEYll2DnCDGZIUmAyf
ijCZ+Ot5/FIwyrSJXX7aiNX3VzaQYwVxnL5hKjx9hfLRF0fUZMKd/q97CHDKQjzK
OWJa47XSKe+tYzhUARo21iOXGH4uJJGbr/6M9Q65GqrKiM0f4UxpNnS/uY4o0it+
/qP8OhnLOSRU4MyBb5ry/YIfiKD2
-----END CERTIFICATE-----
Generated at Sat May 17 02:22:37 2025 by rpki-client