Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/33oanJFV2FM2RYZ0pNo2GZhCkNs.roa
File: 33oanJFV2FM2RYZ0pNo2GZhCkNs.roa (raw, json)
Hash identifier: EZaDcXIqikp/OCYAv4dP+lHv7l5WRXsokfoAit7OmZU=
Subject key identifier: DF:7A:1A:9C:91:55:D8:53:36:45:86:74:A4:DA:36:19:98:42:90:DB
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018659787969A727E24C8680101DF0BAC31A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/33oanJFV2FM2RYZ0pNo2GZhCkNs.roa
Signing time: Thu 16 Feb 2023 09:05:13 +0000
ROA not before: Thu 16 Feb 2023 09:05:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211936
IP address blocks: 82.153.250.0/24 maxlen: 24
82.153.220.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:59:78:79:69:a7:27:e2:4c:86:80:10:1d:f0:ba:c3:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Feb 16 09:05:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=df7a1a9c9155d85336458674a4da3619984290db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:cd:51:ca:24:ca:6c:35:8d:f4:81:92:c1:20:
19:ec:bc:9d:5e:01:55:27:c8:b9:ed:42:43:b8:b3:
74:d1:28:45:91:5f:bb:99:75:7b:73:1e:24:e6:79:
b4:cf:be:f0:28:12:d3:7d:28:44:a7:d9:ff:77:3f:
83:4c:21:c8:a6:a6:19:38:ec:bd:72:cf:dc:64:61:
61:7d:5c:b5:a5:92:71:37:0d:da:32:ac:1d:48:89:
94:1b:86:20:b4:2a:c8:06:93:ee:a4:6c:97:f4:7b:
b9:0c:52:0d:7e:2b:11:44:53:c1:74:62:0a:9b:b8:
b2:22:a5:e5:cb:45:ea:66:de:ee:68:a5:66:5a:9d:
5b:f9:c9:9c:46:2c:aa:22:a9:1e:1f:f9:0f:a1:a0:
3d:1e:ca:0d:a9:7b:6f:6c:45:d4:22:aa:2d:d4:38:
7e:1d:2b:da:08:6d:34:34:d0:02:09:c2:ce:dd:ef:
7d:cd:ac:8b:f3:10:e8:a1:5e:88:19:39:97:9b:25:
5e:f4:09:18:26:f1:d1:49:83:e9:1e:0a:7f:47:bb:
43:fc:3b:81:5d:fb:a1:e5:8f:43:01:4f:56:37:62:
d2:6b:a6:26:d1:e7:f8:9c:5b:15:e0:1d:ba:fb:0b:
57:38:a2:e9:54:de:4f:31:d4:d7:71:32:f3:2b:99:
16:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:7A:1A:9C:91:55:D8:53:36:45:86:74:A4:DA:36:19:98:42:90:DB
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/33oanJFV2FM2RYZ0pNo2GZhCkNs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.220.0/23
82.153.223.0/24
82.153.250.0/24
Signature Algorithm: sha256WithRSAEncryption
53:ed:c3:90:5e:cf:e1:8c:b2:00:51:10:e4:65:47:2b:88:ef:
5e:42:59:36:0d:de:75:f2:65:c4:47:1c:53:81:48:7c:4e:d1:
e8:a8:45:74:f0:66:e9:f5:58:8c:4d:90:77:25:dc:07:dd:e9:
75:4e:12:44:8e:43:50:d5:27:f8:08:0e:36:a5:7e:91:e6:c9:
ea:78:ac:5f:cd:02:f6:aa:91:a2:49:18:c7:b7:f0:56:c8:ec:
c4:e4:67:63:cd:ee:12:9c:86:87:1a:c1:b4:61:c1:a2:1c:2b:
f2:61:e4:ae:85:91:10:c4:d5:2b:9e:13:f8:19:ee:60:d9:ae:
6b:86:9d:d4:68:bd:bc:69:13:44:32:94:40:8b:02:ef:60:1f:
d3:c4:66:1a:87:d0:64:3b:55:0d:58:30:c6:2b:6f:c6:13:70:
8a:ec:a1:1e:c7:ce:5a:c5:e5:3c:92:59:ac:03:e0:17:b8:87:
5b:26:8f:80:ae:ac:00:a2:60:80:88:5c:e3:09:9e:6e:7b:3d:
77:41:20:cd:f5:0a:75:90:33:92:cc:f1:0b:ca:50:36:38:35:
26:81:37:c3:e5:8e:47:49:4b:c6:78:da:24:ca:51:b1:94:4e:
7c:62:3c:98:70:99:2b:9a:c6:f1:8c:23:8a:70:05:e7:4b:58:
43:0d:d1:f7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYZZeHlppyfiTIaAEB3wusMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMjE2MDkwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjdhMWE5YzkxNTVkODUzMzY0NTg2NzRhNGRhMzYxOTk4NDI5MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjM1RyiTKbDWN9IGSwSAZ7LydXgFV
J8i57UJDuLN00ShFkV+7mXV7cx4k5nm0z77wKBLTfShEp9n/dz+DTCHIpqYZOOy9
cs/cZGFhfVy1pZJxNw3aMqwdSImUG4YgtCrIBpPupGyX9Hu5DFINfisRRFPBdGIK
m7iyIqXly0XqZt7uaKVmWp1b+cmcRiyqIqkeH/kPoaA9HsoNqXtvbEXUIqot1Dh+
HSvaCG00NNACCcLO3e99zayL8xDooV6IGTmXmyVe9AkYJvHRSYPpHgp/R7tD/DuB
Xfuh5Y9DAU9WN2LSa6Ym0ef4nFsV4B26+wtXOKLpVN5PMdTXcTLzK5kWbQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN96GpyRVdhTNkWGdKTaNhmYQpDbMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMzNvYW5KRlYyRk0yUllaMHBObzJHWmhDa05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBUpncAwQA
UpnfAwQAUpn6MA0GCSqGSIb3DQEBCwUAA4IBAQBT7cOQXs/hjLIAURDkZUcriO9e
Qlk2Dd518mXERxxTgUh8TtHoqEV08Gbp9ViMTZB3JdwH3el1ThJEjkNQ1Sf4CA42
pX6R5snqeKxfzQL2qpGiSRjHt/BWyOzE5Gdjze4SnIaHGsG0YcGiHCvyYeSuhZEQ
xNUrnhP4Ge5g2a5rhp3UaL28aRNEMpRAiwLvYB/TxGYah9BkO1UNWDDGK2/GE3CK
7KEex85axeU8klmsA+AXuIdbJo+ArqwAomCAiFzjCZ5uez13QSDN9Qp1kDOSzPEL
ylA2ODUmgTfD5Y5HSUvGeNokylGxlE58YjyYcJkrmsbxjCOKcAXnS1hDDdH3
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:24:20 2025 by rpki-client