Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/8YMhfbEEIER3C8TbONQ835wIayQ.roa
File: 8YMhfbEEIER3C8TbONQ835wIayQ.roa (raw, json)
Hash identifier: goC39NYAy2fgt65LrN2hsto381uXsLSHnD1QkLC6plY=
Subject key identifier: F1:83:21:7D:B1:04:20:44:77:0B:C4:DB:38:D4:3C:DF:9C:08:6B:24
Certificate issuer: /CN=33b9f91816dd4d8226a41e3b4c3b09c7bdcc64a9
Certificate serial: 01856D786FA5762964BF82C4AA45573EA28B
Authority key identifier: 33:B9:F9:18:16:DD:4D:82:26:A4:1E:3B:4C:3B:09:C7:BD:CC:64:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M7n5GBbdTYImpB47TDsJx73MZKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/8YMhfbEEIER3C8TbONQ835wIayQ.roa
Signing time: Sun 01 Jan 2023 13:14:47 +0000
ROA not before: Sun 01 Jan 2023 13:14:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39257
IP address blocks: 91.212.106.0/24 maxlen: 24
78.31.200.0/22 maxlen: 22
185.26.200.0/22 maxlen: 22
87.238.184.0/21 maxlen: 21
87.238.190.0/24 maxlen: 24
87.238.187.0/24 maxlen: 24
91.214.127.0/24 maxlen: 24
2a02:8c0::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:78:6f:a5:76:29:64:bf:82:c4:aa:45:57:3e:a2:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=33b9f91816dd4d8226a41e3b4c3b09c7bdcc64a9
Validity
Not Before: Jan 1 13:14:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f183217db1042044770bc4db38d43cdf9c086b24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:e7:76:54:6b:db:88:28:07:5e:40:86:d7:5d:
e7:44:da:1f:a7:78:09:fa:05:5c:b3:91:a5:e9:99:
0c:eb:03:3f:af:3f:32:cd:d2:45:d4:cf:27:0c:bf:
03:5b:5d:94:82:67:f5:2d:92:17:33:cb:db:95:8b:
8d:18:88:a4:dd:e5:00:cc:5c:3a:4f:aa:2f:d6:e0:
31:bc:0f:ad:49:68:32:f4:6e:dd:e7:6c:1c:fa:f8:
3e:9a:31:7d:91:bf:07:94:63:52:1b:f5:02:41:09:
84:0e:68:d9:49:a7:90:73:8f:05:98:57:65:ba:09:
27:df:71:a3:d7:bd:2e:9e:77:04:10:66:c5:5e:9e:
c2:e4:b7:f0:c0:5b:74:ae:c9:ff:2d:0a:68:bc:af:
db:ae:7b:7a:92:b8:61:b6:25:b2:a8:b5:33:23:d0:
cd:af:ce:e0:35:fd:5b:57:b8:1b:c4:e6:ad:5a:6c:
63:60:6d:9b:4a:fd:af:61:5b:91:e8:76:fe:cc:f5:
92:46:f5:aa:8e:a5:1e:ad:1f:53:35:0a:fa:49:99:
f5:4f:34:d2:34:56:8f:1e:9e:3e:96:90:bd:68:24:
7f:de:60:d2:7b:95:b3:e5:c9:5f:fc:66:91:f2:17:
59:d9:fa:31:b8:a0:4e:e5:27:be:ee:c5:8d:59:f0:
79:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:83:21:7D:B1:04:20:44:77:0B:C4:DB:38:D4:3C:DF:9C:08:6B:24
X509v3 Authority Key Identifier:
keyid:33:B9:F9:18:16:DD:4D:82:26:A4:1E:3B:4C:3B:09:C7:BD:CC:64:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M7n5GBbdTYImpB47TDsJx73MZKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/8YMhfbEEIER3C8TbONQ835wIayQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/8132f0-702e-4044-b6d6-ca8cf6acfaeb/1/M7n5GBbdTYImpB47TDsJx73MZKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.31.200.0/22
87.238.184.0/21
91.212.106.0/24
91.214.127.0/24
185.26.200.0/22
IPv6:
2a02:8c0::/32
Signature Algorithm: sha256WithRSAEncryption
9a:04:21:01:ca:70:20:2c:16:60:41:60:1d:c9:29:69:ae:ff:
a0:cd:66:9a:30:6f:09:c3:21:64:1b:97:70:16:7d:10:77:cb:
a0:a2:d5:53:20:0d:87:13:8b:ae:9c:93:01:c3:5c:f3:59:a5:
a2:3c:eb:94:cf:09:48:a9:2f:43:d1:dd:17:6f:c9:79:32:24:
b5:c0:63:ec:c7:17:41:27:5d:04:7c:49:48:8b:5a:ea:cb:60:
ee:7d:66:e9:a7:d5:e5:d8:6c:71:7c:73:fe:13:0a:39:73:79:
19:d6:8e:21:8f:10:5f:87:ed:53:ee:86:e6:48:e5:ec:d0:b6:
db:ce:b0:0c:18:bc:87:c4:24:58:c1:46:14:4d:19:e1:4f:29:
3b:4c:79:76:8f:d1:45:8e:53:c9:65:8a:e2:ac:dd:85:74:da:
d9:35:4e:84:43:cf:15:68:00:f4:be:ca:35:86:bb:e4:61:ef:
cd:37:19:c9:44:9e:74:40:51:a0:c0:e2:ff:b4:80:d7:04:15:
c0:3d:f2:0f:b5:d1:0f:f5:6f:c3:c1:08:5b:1c:6c:f5:8c:3b:
59:6c:df:70:4d:45:0e:99:fd:24:ae:c3:54:39:4c:8d:a3:a6:
47:54:77:5f:4c:06:e0:31:ef:5a:6c:cd:32:89:5b:a7:6c:f3:
97:79:cd:4a
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVteG+ldilkv4LEqkVXPqKLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYjlmOTE4MTZkZDRkODIyNmE0MWUzYjRjM2IwOWM3YmRj
YzY0YTkwHhcNMjMwMTAxMTMxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTgzMjE3ZGIxMDQyMDQ0NzcwYmM0ZGIzOGQ0M2NkZjljMDg2YjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgud2VGvbiCgHXkCG113nRNofp3gJ
+gVcs5Gl6ZkM6wM/rz8yzdJF1M8nDL8DW12Ugmf1LZIXM8vblYuNGIik3eUAzFw6
T6ov1uAxvA+tSWgy9G7d52wc+vg+mjF9kb8HlGNSG/UCQQmEDmjZSaeQc48FmFdl
ugkn33Gj170unncEEGbFXp7C5LfwwFt0rsn/LQpovK/brnt6krhhtiWyqLUzI9DN
r87gNf1bV7gbxOatWmxjYG2bSv2vYVuR6Hb+zPWSRvWqjqUerR9TNQr6SZn1TzTS
NFaPHp4+lpC9aCR/3mDSe5Wz5clf/GaR8hdZ2foxuKBO5Se+7sWNWfB5swIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFPGDIX2xBCBEdwvE2zjUPN+cCGskMB8GA1UdIwQY
MBaAFDO5+RgW3U2CJqQeO0w7Cce9zGSpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTduNUdCYmRUWUltcEI0N1REc0p4NzNNWktrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi84MTMyZjAtNzAyZS00MDQ0LWI2ZDYt
Y2E4Y2Y2YWNmYWViLzEvOFlNaGZiRUVJRVIzQzhUYk9OUTgzNXdJYXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi84MTMyZjAtNzAyZS00MDQ0LWI2ZDYtY2E4Y2Y2YWNmYWVi
LzEvTTduNUdCYmRUWUltcEI0N1REc0p4NzNNWktrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQCTh/IAwQD
V+64AwQAW9RqAwQAW9Z/AwQCuRrIMA0EAgACMAcDBQAqAgjAMA0GCSqGSIb3DQEB
CwUAA4IBAQCaBCEBynAgLBZgQWAdySlprv+gzWaaMG8JwyFkG5dwFn0Qd8ugotVT
IA2HE4uunJMBw1zzWaWiPOuUzwlIqS9D0d0Xb8l5MiS1wGPsxxdBJ10EfElIi1rq
y2DufWbpp9Xl2GxxfHP+Ewo5c3kZ1o4hjxBfh+1T7obmSOXs0LbbzrAMGLyHxCRY
wUYUTRnhTyk7THl2j9FFjlPJZYrirN2FdNrZNU6EQ88VaAD0vso1hrvkYe/NNxnJ
RJ50QFGgwOL/tIDXBBXAPfIPtdEP9W/DwQhbHGz1jDtZbN9wTUUOmf0krsNUOUyN
o6ZHVHdfTAbgMe9abM0yiVunbPOXec1K
-----END CERTIFICATE-----
Generated at Wed May 7 16:45:26 2025 by rpki-client