Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-ktNijgK6uPi2Whjh5ZkcvANOgc.roa
File: 1-ktNijgK6uPi2Whjh5ZkcvANOgc.roa (raw, json)
Hash identifier: YmdqoJO6MiF7oqMZe4ipYK6ESlu6elmoSZk0eAHsQtc=
Subject key identifier: FA:4B:4D:8A:38:0A:EA:E3:E2:D9:68:63:87:96:64:72:F0:0D:3A:07
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018755944BBB436A3C0F83D99AF3DAAEB551
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-ktNijgK6uPi2Whjh5ZkcvANOgc.roa
Signing time: Thu 06 Apr 2023 07:59:54 +0000
ROA not before: Thu 06 Apr 2023 07:59:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 82.153.78.0/24 maxlen: 24
82.153.72.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.120.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
81.168.126.0/24 maxlen: 24
82.153.1.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:55:94:4b:bb:43:6a:3c:0f:83:d9:9a:f3:da:ae:b5:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 6 07:59:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fa4b4d8a380aeae3e2d9686387966472f00d3a07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:8c:c2:f2:d7:c7:79:13:6b:51:6f:0e:9f:c8:
07:7f:6f:3e:ce:1f:d0:ab:de:d4:6b:ed:b2:82:9d:
85:fe:b7:1c:7a:2d:d2:c4:0b:d7:d3:c5:1b:f4:62:
3a:8a:d6:ed:db:15:3b:c9:59:d1:d0:9e:ba:c1:35:
ec:0c:9d:aa:f9:25:48:ca:9a:72:1d:73:d9:94:34:
fe:25:ce:d4:c6:6b:43:60:75:8f:d1:13:85:8f:76:
1b:dd:98:91:0c:d6:5a:8c:cc:d2:f0:79:a0:79:01:
06:77:d3:0c:66:e9:3c:ef:c0:4a:3d:67:d0:96:29:
83:89:96:8b:88:56:a0:50:0f:4e:61:3d:6b:b6:1a:
bf:27:ac:e6:1b:f1:e3:4e:62:73:36:f9:92:fb:f3:
c3:05:9c:0a:bd:e0:d7:f3:73:bd:a1:3d:ba:3e:a8:
60:db:7a:24:ec:ad:fc:d8:af:9b:33:61:6d:ad:0a:
27:cf:ea:b0:7b:64:53:8e:95:c4:e8:fe:54:24:b2:
c2:df:0c:da:85:63:8d:a7:0c:41:cc:1a:df:a7:18:
09:82:47:2b:1b:b9:f9:a2:7e:a0:26:c5:be:ab:b9:
5b:14:bc:36:0b:9c:79:40:44:3b:2b:e7:c6:2a:68:
8a:bb:c2:3d:0f:5b:c8:1c:0b:52:d6:95:7b:ed:e7:
30:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:4B:4D:8A:38:0A:EA:E3:E2:D9:68:63:87:96:64:72:F0:0D:3A:07
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1-ktNijgK6uPi2Whjh5ZkcvANOgc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0-81.168.120.255
81.168.123.0/24
81.168.126.0/24
82.153.1.0/24
82.153.72.0/24
82.153.78.0/24
Signature Algorithm: sha256WithRSAEncryption
94:7c:8e:b8:12:31:2d:f7:d3:d9:06:12:33:57:ba:02:3d:ea:
71:af:3a:1e:7f:33:7d:35:f3:02:35:02:33:3b:18:3e:2a:fe:
17:bb:a2:f5:20:04:0e:d5:41:78:1f:34:36:d3:81:ae:c1:f1:
13:e4:2f:61:ed:19:83:16:94:5d:6c:d7:17:b5:c0:55:0d:86:
cf:16:59:95:61:0a:3a:85:2c:97:87:87:9e:a6:97:9f:40:f5:
4a:10:d3:7f:a3:68:9e:34:c4:5f:9d:18:33:4f:17:0a:97:12:
94:e9:98:10:e1:7a:56:04:67:d5:82:e9:d6:0f:78:a6:b5:da:
da:02:6e:72:c6:ac:cb:54:21:ba:68:2e:10:a9:5e:bc:5a:ac:
79:4b:be:b0:ab:a9:f0:43:1b:8f:6b:99:90:e3:c1:75:ef:d2:
8b:b8:30:9b:5f:b1:c6:08:1c:82:7a:7b:2f:fc:54:d3:ec:37:
7f:bc:6d:21:b0:e7:72:0a:6e:c7:6f:c3:4a:e2:10:07:99:9e:
c9:94:fe:e6:ae:2d:42:28:05:c9:17:0d:3f:0c:c8:7f:0f:10:
05:75:8d:27:3c:03:56:b2:37:e1:df:40:91:ef:8f:f2:39:b0:
24:87:e2:82:ab:28:9c:d0:b5:2b:ba:2c:e2:e5:ac:74:45:67:
b5:59:e3:e2
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYdVlEu7Q2o8D4PZmvParrVRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDA2MDc1OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTRiNGQ4YTM4MGFlYWUzZTJkOTY4NjM4Nzk2NjQ3MmYwMGQzYTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhozC8tfHeRNrUW8On8gHf28+zh/Q
q97Ua+2ygp2F/rccei3SxAvX08Ub9GI6itbt2xU7yVnR0J66wTXsDJ2q+SVIyppy
HXPZlDT+Jc7UxmtDYHWP0ROFj3Yb3ZiRDNZajMzS8HmgeQEGd9MMZuk878BKPWfQ
limDiZaLiFagUA9OYT1rthq/J6zmG/HjTmJzNvmS+/PDBZwKveDX83O9oT26Pqhg
23ok7K382K+bM2FtrQonz+qwe2RTjpXE6P5UJLLC3wzahWONpwxBzBrfpxgJgkcr
G7n5on6gJsW+q7lbFLw2C5x5QEQ7K+fGKmiKu8I9D1vIHAtS1pV77ecwAwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFPpLTYo4Curj4tloY4eWZHLwDToHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMS1rdE5pamdLNnVQaTJXaGpoNVprY3ZBTk9nYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGEvNDlkYzAwLTk3ZTItNDYyOC1hZTM5LTQxMjI4ZTM5ZmY3
Yy8xL1A5TU5pbjRTX0h2Mkxnd1NIbnpDSnQ2bE81cy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBFBggrBgEFBQcBBwEB/wQ2MDQwMgQCAAEwLDAMAwQAUah3
AwQAUah4AwQAUah7AwQAUah+AwQAUpkBAwQAUplIAwQAUplOMA0GCSqGSIb3DQEB
CwUAA4IBAQCUfI64EjEt99PZBhIzV7oCPepxrzoefzN9NfMCNQIzOxg+Kv4Xu6L1
IAQO1UF4HzQ204GuwfET5C9h7RmDFpRdbNcXtcBVDYbPFlmVYQo6hSyXh4eeppef
QPVKENN/o2ieNMRfnRgzTxcKlxKU6ZgQ4XpWBGfVgunWD3imtdraAm5yxqzLVCG6
aC4QqV68Wqx5S76wq6nwQxuPa5mQ48F179KLuDCbX7HGCByCensv/FTT7Dd/vG0h
sOdyCm7Hb8NK4hAHmZ7JlP7mri1CKAXJFw0/DMh/DxAFdY0nPANWsjfh30CR74/y
ObAkh+KCqyic0LUruizi5ax0RWe1WePi
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:27:04 2025 by rpki-client