Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gfGywOtc0DtCcwjxfQhy4KRnUec.roa
File: gfGywOtc0DtCcwjxfQhy4KRnUec.roa (raw, json)
Hash identifier: O/NgCvrVtwDkHQdldXUIMpsCalTg9rFwTK+P46zBvpc=
Subject key identifier: 81:F1:B2:C0:EB:5C:D0:3B:42:73:08:F1:7D:08:72:E0:A4:67:51:E7
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018C7C410A6A207296D7CCB1AAC3836035D2
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gfGywOtc0DtCcwjxfQhy4KRnUec.roa
Signing time: Mon 18 Dec 2023 09:28:06 +0000
ROA not before: Mon 18 Dec 2023 09:28:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25369
IP address blocks: 109.176.208.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
82.153.225.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:7c:41:0a:6a:20:72:96:d7:cc:b1:aa:c3:83:60:35:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 18 09:28:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=81f1b2c0eb5cd03b427308f17d0872e0a46751e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:ba:4d:fd:e8:e4:4b:da:85:26:4f:49:bd:1c:
31:a1:8c:f1:46:b9:1b:be:36:91:5f:81:f4:5f:25:
d0:02:7c:f5:ba:ef:1b:0c:25:84:c0:4b:79:03:86:
cb:5d:07:2b:4e:94:73:8c:22:28:aa:e5:a9:a6:50:
3f:55:64:f9:39:4e:00:6c:16:fd:0b:3b:88:9f:54:
fe:ee:05:cf:d0:46:24:85:6a:3d:bc:47:c5:8b:bb:
06:27:01:d0:ee:e5:67:5c:8b:a1:11:79:b9:20:4e:
41:38:aa:fe:4e:1f:3c:9e:7a:78:87:13:d9:0d:46:
11:81:29:4e:84:5d:22:62:0e:ba:70:6f:39:6d:c0:
38:dc:9c:14:54:56:c5:1e:95:ce:6c:05:09:6c:10:
af:5b:ed:c8:ad:e4:7b:d7:77:56:6d:90:2f:73:05:
99:30:66:82:ca:f4:f3:b8:6c:7c:e8:a9:80:67:ed:
41:b3:df:e6:52:4b:7e:50:34:59:ef:d9:d9:2e:d9:
7e:59:06:ff:06:e1:9a:d7:f5:82:1e:32:df:33:b6:
4b:b2:1d:89:28:af:52:7e:1d:5d:14:3d:0d:d3:22:
87:b1:c8:97:16:7d:c1:f0:2b:1b:1c:07:4c:ce:14:
fc:36:d4:52:1d:e9:e1:c0:4f:4b:94:e2:12:41:c0:
1c:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:F1:B2:C0:EB:5C:D0:3B:42:73:08:F1:7D:08:72:E0:A4:67:51:E7
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gfGywOtc0DtCcwjxfQhy4KRnUec.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.225.0/24
89.213.145.0-89.213.146.255
109.176.208.0/24
Signature Algorithm: sha256WithRSAEncryption
18:94:c9:cd:2b:1c:c7:d2:e2:f6:70:ee:cb:23:25:a2:c8:79:
da:f1:99:9b:05:20:3d:8e:9a:d6:d9:a9:b1:ba:cc:65:f0:0b:
32:18:9b:d3:8b:f8:c9:f0:80:eb:5c:bb:86:15:de:42:83:58:
e2:73:9a:d5:5b:a4:16:fd:05:dd:6e:2d:88:4f:41:39:47:e1:
18:a5:76:d2:31:c4:9d:a0:43:5f:3a:75:15:83:44:f0:c2:a0:
89:45:08:db:20:76:cc:7f:8a:21:da:de:c4:53:c8:96:a5:53:
1a:01:06:6d:63:b8:dd:13:60:e9:0e:5b:fd:17:49:58:13:92:
f8:78:c5:d9:36:59:64:68:0f:1b:94:09:eb:09:70:0f:3e:36:
85:c5:7a:69:a9:b3:29:0b:b0:34:9a:9a:8e:c2:19:c3:f7:9f:
b0:6a:18:e0:79:e6:4e:f9:3f:7c:28:55:bf:56:f9:88:2f:45:
38:fe:14:51:83:e5:1e:7d:f0:0c:77:aa:ce:2a:3c:94:c0:45:
8a:39:2d:10:b1:86:8e:58:9c:9e:df:ad:c6:66:17:93:0b:a8:
6d:4a:68:12:85:92:c7:f7:db:65:4f:04:c0:fb:09:ca:70:f7:
1d:7e:6e:8e:3c:1b:ad:c7:3c:20:03:60:39:1b:68:21:d2:14:
ef:60:40:88
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYx8QQpqIHKW18yxqsODYDXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjE4MDkyODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWYxYjJjMGViNWNkMDNiNDI3MzA4ZjE3ZDA4NzJlMGE0Njc1MWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrpN/ejkS9qFJk9JvRwxoYzxRrkb
vjaRX4H0XyXQAnz1uu8bDCWEwEt5A4bLXQcrTpRzjCIoquWpplA/VWT5OU4AbBb9
CzuIn1T+7gXP0EYkhWo9vEfFi7sGJwHQ7uVnXIuhEXm5IE5BOKr+Th88nnp4hxPZ
DUYRgSlOhF0iYg66cG85bcA43JwUVFbFHpXObAUJbBCvW+3IreR713dWbZAvcwWZ
MGaCyvTzuGx86KmAZ+1Bs9/mUkt+UDRZ79nZLtl+WQb/BuGa1/WCHjLfM7ZLsh2J
KK9Sfh1dFD0N0yKHsciXFn3B8CsbHAdMzhT8NtRSHenhwE9LlOISQcAcZwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIHxssDrXNA7QnMI8X0IcuCkZ1HnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ2ZHeXdPdGMwRHRDY3dqeGZRaHk0S1JuVWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAUpnhMAwD
BABZ1ZEDBABZ1ZIDBABtsNAwDQYJKoZIhvcNAQELBQADggEBABiUyc0rHMfS4vZw
7ssjJaLIedrxmZsFID2OmtbZqbG6zGXwCzIYm9OL+MnwgOtcu4YV3kKDWOJzmtVb
pBb9Bd1uLYhPQTlH4RildtIxxJ2gQ186dRWDRPDCoIlFCNsgdsx/iiHa3sRTyJal
UxoBBm1juN0TYOkOW/0XSVgTkvh4xdk2WWRoDxuUCesJcA8+NoXFemmpsykLsDSa
mo7CGcP3n7BqGOB55k75P3woVb9W+YgvRTj+FFGD5R598Ax3qs4qPJTARYo5LRCx
ho5YnJ7frcZmF5MLqG1KaBKFksf322VPBMD7Ccpw9x1+bo48G63HPCADYDkbaCHS
FO9gQIg=
-----END CERTIFICATE-----
Generated at Sat May 17 02:30:26 2025 by rpki-client