Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1IrsQ579LHfjjyPTriMqnUSQEDw.roa
File: 1IrsQ579LHfjjyPTriMqnUSQEDw.roa (raw, json)
Hash identifier: GDTRSQs+lnFXrqZxQeNGrogjW69dbqhsVtGyNKPMDtM=
Subject key identifier: D4:8A:EC:43:9E:FD:2C:77:E3:8F:23:D3:AE:23:2A:9D:44:90:10:3C
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0184F6F9C4AC88DD90289A5D03E5BD97647B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1IrsQ579LHfjjyPTriMqnUSQEDw.roa
Signing time: Fri 09 Dec 2022 13:01:14 +0000
ROA not before: Fri 09 Dec 2022 13:01:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 81.5.191.0/24 maxlen: 24
82.153.245.0/24 maxlen: 24
82.153.64.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.72.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.120.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
81.168.126.0/24 maxlen: 24
82.153.1.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:f6:f9:c4:ac:88:dd:90:28:9a:5d:03:e5:bd:97:64:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 9 13:01:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d48aec439efd2c77e38f23d3ae232a9d4490103c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:4f:10:5c:26:0d:7b:b4:b6:1a:20:72:a4:1d:
80:5e:62:8c:d9:23:38:eb:3d:f5:75:2c:18:40:6f:
8d:a4:9d:7b:d0:2b:c2:6d:7f:61:e8:58:28:0b:ac:
e9:aa:db:cc:e3:2e:78:83:c4:0e:88:99:8f:ad:82:
d3:3e:8c:08:2a:ac:c9:be:9a:7b:59:e6:5e:9e:ce:
bb:50:d1:19:95:ed:f5:a7:77:c1:ee:cd:2e:3b:48:
ed:5d:6c:52:7e:c5:49:af:83:a9:0a:39:5d:0a:24:
cc:8c:9b:4f:ed:8b:c6:78:db:ba:06:10:9d:e8:f6:
7e:29:62:aa:f7:61:46:70:4c:58:bf:31:a8:09:a8:
3d:2f:fc:7a:c5:b1:cf:67:86:67:72:94:d6:e2:1e:
39:f0:7d:f6:f0:4a:43:b0:d2:87:b8:b0:d6:b0:61:
be:fb:c1:10:c6:06:ef:b8:c6:17:e9:48:11:e1:e8:
c7:d0:6c:48:97:7d:90:78:77:a8:46:8f:63:05:0f:
88:15:5b:ed:f0:5f:25:6f:2f:09:01:a4:71:d8:21:
c0:d9:c4:9f:2f:c5:85:bc:7c:9d:79:5a:58:c3:dd:
87:19:2b:92:5a:ce:be:48:7b:5c:04:ff:3e:b3:14:
16:1e:4e:08:ec:66:98:21:a8:7f:3e:fb:0d:2c:d4:
32:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:8A:EC:43:9E:FD:2C:77:E3:8F:23:D3:AE:23:2A:9D:44:90:10:3C
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/1IrsQ579LHfjjyPTriMqnUSQEDw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.191.0/24
81.168.119.0-81.168.120.255
81.168.123.0/24
81.168.126.0/24
82.153.1.0/24
82.153.64.0/24
82.153.72.0/24
82.153.78.0/24
82.153.245.0/24
Signature Algorithm: sha256WithRSAEncryption
32:53:f4:e7:33:98:e1:6a:45:49:68:d7:1e:db:4a:d9:ce:7c:
ca:2e:b2:9b:89:da:58:1e:f1:e4:5f:22:d5:6c:42:85:87:04:
6c:22:79:85:ff:64:88:95:4a:48:dd:bb:97:8b:86:f8:a1:52:
e8:c5:34:29:31:ea:47:c9:52:f5:e2:76:72:1a:54:ce:d4:24:
5a:ed:c8:72:5c:7a:02:5f:a1:e5:41:c7:f1:8f:af:66:89:df:
e7:9d:33:08:74:22:2b:a2:2a:0b:08:3d:e2:c5:ce:c2:72:08:
48:32:c9:73:dc:ca:69:9c:39:32:cb:4c:e1:78:f2:99:d9:08:
00:ba:0f:de:6c:a8:7d:6a:12:1d:70:41:1e:4c:0a:74:65:7c:
fc:11:7e:3a:be:d3:5b:82:8b:4f:ca:5f:be:04:18:1c:d2:fd:
78:c0:75:11:1a:cb:6d:ea:0a:98:ee:20:44:67:15:e5:f1:70:
7f:4a:2f:d5:73:57:82:57:c6:d3:f7:9a:8c:31:3c:6c:ac:db:
ee:f5:05:b8:bb:67:de:33:27:ab:2c:c4:e9:f9:01:a1:55:19:
74:ef:12:e5:b9:31:91:d5:89:0c:a1:d7:1d:28:02:01:67:03:
be:8d:a0:62:1c:6b:aa:23:eb:c7:08:84:34:ee:48:9a:2f:e1:
6e:3f:ed:9b
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYT2+cSsiN2QKJpdA+W9l2R7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjA5MTMwMTE0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDhhZWM0MzllZmQyYzc3ZTM4ZjIzZDNhZTIzMmE5ZDQ0OTAxMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx08QXCYNe7S2GiBypB2AXmKM2SM4
6z31dSwYQG+NpJ170CvCbX9h6FgoC6zpqtvM4y54g8QOiJmPrYLTPowIKqzJvpp7
WeZens67UNEZle31p3fB7s0uO0jtXWxSfsVJr4OpCjldCiTMjJtP7YvGeNu6BhCd
6PZ+KWKq92FGcExYvzGoCag9L/x6xbHPZ4ZncpTW4h458H328EpDsNKHuLDWsGG+
+8EQxgbvuMYX6UgR4ejH0GxIl32QeHeoRo9jBQ+IFVvt8F8lby8JAaRx2CHA2cSf
L8WFvHydeVpYw92HGSuSWs6+SHtcBP8+sxQWHk4I7GaYIah/PvsNLNQyLwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFNSK7EOe/Sx3448j064jKp1EkBA8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMUlyc1E1NzlMSGZqanlQVHJpTXFuVVNRRUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUQW/MAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUADBABSmUgDBABSmU4D
BABSmfUwDQYJKoZIhvcNAQELBQADggEBADJT9OczmOFqRUlo1x7bStnOfMouspuJ
2lge8eRfItVsQoWHBGwieYX/ZIiVSkjdu5eLhvihUujFNCkx6kfJUvXidnIaVM7U
JFrtyHJcegJfoeVBx/GPr2aJ3+edMwh0IiuiKgsIPeLFzsJyCEgyyXPcymmcOTLL
TOF48pnZCAC6D95sqH1qEh1wQR5MCnRlfPwRfjq+01uCi0/KX74EGBzS/XjAdREa
y23qCpjuIERnFeXxcH9KL9VzV4JXxtP3mowxPGys2+71Bbi7Z94zJ6ssxOn5AaFV
GXTvEuW5MZHViQyh1x0oAgFnA76NoGIca6oj68cIhDTuSJov4W4/7Zs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:13 2024 by rpki-client on console-fra.rpki-client.org