Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LerzlpahuqcQWuaW3YZu6j1t9g.roa
File: 4LerzlpahuqcQWuaW3YZu6j1t9g.roa (raw, json)
Hash identifier: DOxJPLhWNExUq66xv2GsevJ8zNuz7Tj9N0Hp1uGPs30=
Subject key identifier: E0:B7:AB:CE:5A:5A:86:EA:9C:41:6B:9A:5B:76:19:BB:A8:F5:B7:D8
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0189A6053840363FB8975FFAF4A166E1E5EC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LerzlpahuqcQWuaW3YZu6j1t9g.roa
Signing time: Sun 30 Jul 2023 08:58:27 +0000
ROA not before: Sun 30 Jul 2023 08:58:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204843
IP address blocks: 109.176.213.0/24 maxlen: 24
89.213.158.0/24 maxlen: 24
89.213.157.0/24 maxlen: 24
89.213.156.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:a6:05:38:40:36:3f:b8:97:5f:fa:f4:a1:66:e1:e5:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jul 30 08:58:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0b7abce5a5a86ea9c416b9a5b7619bba8f5b7d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:4a:29:8d:ae:87:4c:48:54:a4:69:39:b0:f8:
67:2d:94:9c:09:4d:a1:95:be:9b:2c:0d:cd:35:05:
97:7b:d7:93:57:9b:0a:bc:8e:4c:ea:2b:b8:90:23:
4e:66:22:81:fa:d8:57:39:b9:c8:0c:86:b8:03:a0:
d3:86:78:f7:79:dc:ad:4a:ec:21:b0:b2:04:3d:c8:
e2:38:10:b5:36:d3:bf:14:af:59:76:be:5d:23:ab:
41:57:af:0d:57:f2:8c:a2:16:90:11:cc:0a:31:0f:
e4:93:d0:f7:09:62:46:df:fd:ed:e9:ed:4a:82:06:
ab:44:7b:36:ea:ed:b6:2c:b9:5a:78:e3:4e:0e:5c:
07:2c:d9:73:8b:d6:ce:6a:df:b7:66:2f:19:a5:5d:
02:75:63:05:a7:4a:76:5a:01:e3:1c:77:fd:de:bd:
a5:e6:a0:0d:a6:0e:84:58:00:dc:23:33:37:b8:4f:
b2:7f:83:d5:2a:1d:15:1b:3f:7f:83:bc:c6:9d:19:
04:cf:02:6a:6e:a3:f5:3d:83:1d:4f:bd:de:45:14:
6c:c4:aa:bb:67:12:9c:12:52:8a:f0:11:ab:52:c3:
43:93:92:de:e2:a4:3c:fe:b5:d9:e2:d5:38:12:c8:
84:6d:03:f9:76:19:1e:91:e8:16:65:e4:7e:9e:86:
7b:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:B7:AB:CE:5A:5A:86:EA:9C:41:6B:9A:5B:76:19:BB:A8:F5:B7:D8
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LerzlpahuqcQWuaW3YZu6j1t9g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.213.156.0-89.213.158.255
109.176.213.0/24
Signature Algorithm: sha256WithRSAEncryption
33:99:6b:d2:24:fe:06:5b:4d:8b:4f:19:d5:4b:7f:24:de:6b:
e5:b3:de:8e:c4:4d:b7:34:e9:24:d8:09:23:55:86:c7:ec:6b:
43:ed:cd:c7:6e:74:68:6c:3d:6b:91:e4:84:ef:e1:0f:1f:24:
01:8c:bf:82:f3:50:b9:a0:22:c9:11:53:a7:a3:68:47:24:9f:
b3:06:a4:2e:60:fe:e1:ed:04:3d:dc:04:5f:ce:e8:fc:d2:2a:
e7:e6:e4:c0:6c:de:1a:c1:68:3c:2a:28:ee:97:b8:70:0b:ef:
8f:45:0a:ef:3c:31:20:1c:21:74:ff:f2:98:b0:e1:95:15:f5:
bf:de:3a:f8:b6:fe:0b:e7:38:0b:9a:f1:71:f8:e1:0d:08:49:
96:62:80:16:88:a7:52:29:e5:51:6e:98:0d:f9:f2:09:1a:88:
e7:28:1f:58:ae:6c:a2:a7:0d:6d:ee:b6:32:62:21:75:1f:6e:
8f:38:03:d7:77:94:f2:a9:34:80:02:2e:39:c0:bc:4d:fc:51:
58:83:ee:3d:b6:69:63:55:c4:0c:15:67:b7:0b:e8:89:c7:3c:
8b:85:ad:30:67:d4:7e:5e:5a:14:43:1f:ba:d7:8e:07:6d:5e:
48:6b:43:90:70:f5:e3:7f:26:b0:c3:67:68:35:3a:f9:3d:32:
ac:88:d0:15
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYmmBThANj+4l1/69KFm4eXsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzMwMDg1ODI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI3YWJjZTVhNWE4NmVhOWM0MTZiOWE1Yjc2MTliYmE4ZjViN2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkopja6HTEhUpGk5sPhnLZScCU2h
lb6bLA3NNQWXe9eTV5sKvI5M6iu4kCNOZiKB+thXObnIDIa4A6DThnj3edytSuwh
sLIEPcjiOBC1NtO/FK9Zdr5dI6tBV68NV/KMohaQEcwKMQ/kk9D3CWJG3/3t6e1K
ggarRHs26u22LLlaeONODlwHLNlzi9bOat+3Zi8ZpV0CdWMFp0p2WgHjHHf93r2l
5qANpg6EWADcIzM3uE+yf4PVKh0VGz9/g7zGnRkEzwJqbqP1PYMdT73eRRRsxKq7
ZxKcElKK8BGrUsNDk5Le4qQ8/rXZ4tU4EsiEbQP5dhkekegWZeR+noZ7KwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFOC3q85aWobqnEFrmlt2Gbuo9bfYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNExlcnpscGFodXFjUVd1YVczWVp1NmoxdDlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJZ1ZwD
BABZ1Z4DBABtsNUwDQYJKoZIhvcNAQELBQADggEBADOZa9Ik/gZbTYtPGdVLfyTe
a+Wz3o7ETbc06STYCSNVhsfsa0PtzcdudGhsPWuR5ITv4Q8fJAGMv4LzULmgIskR
U6ejaEckn7MGpC5g/uHtBD3cBF/O6PzSKufm5MBs3hrBaDwqKO6XuHAL749FCu88
MSAcIXT/8piw4ZUV9b/eOvi2/gvnOAua8XH44Q0ISZZigBaIp1Ip5VFumA358gka
iOcoH1iubKKnDW3utjJiIXUfbo84A9d3lPKpNIACLjnAvE38UViD7j22aWNVxAwV
Z7cL6InHPIuFrTBn1H5eWhRDH7rXjgdtXkhrQ5Bw9eN/JrDDZ2g1Ovk9MqyI0BU=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:13:49 2025 by rpki-client