Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JQ6q-ncmfaLpR1k9C9KP7zDMs3Q.roa
File: JQ6q-ncmfaLpR1k9C9KP7zDMs3Q.roa (raw, json)
Hash identifier: uEH0K6Zlc1jPVmjMW/6I/CntDzgD/QW8R0XDh4jW3ck=
Subject key identifier: 25:0E:AA:FA:77:26:7D:A2:E9:47:59:3D:0B:D2:8F:EF:30:CC:B3:74
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01851C871E2438E6FCC12F1C7E35822C1F14
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JQ6q-ncmfaLpR1k9C9KP7zDMs3Q.roa
Signing time: Fri 16 Dec 2022 20:01:35 +0000
ROA not before: Fri 16 Dec 2022 20:01:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 211237
IP address blocks: 81.168.116.0/24 maxlen: 24
82.153.79.0/24 maxlen: 24
81.168.35.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:1c:87:1e:24:38:e6:fc:c1:2f:1c:7e:35:82:2c:1f:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 16 20:01:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=250eaafa77267da2e947593d0bd28fef30ccb374
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:05:e9:16:63:f6:5c:86:ec:3f:a9:b0:41:b0:
eb:79:98:af:f8:02:73:73:53:83:59:38:6f:84:46:
75:a3:64:e4:25:34:9a:8f:48:45:a7:6d:53:8c:37:
9b:3d:a2:70:69:13:88:be:36:9e:7d:09:a8:b0:83:
e1:bc:1e:cb:ad:53:83:40:29:69:e1:19:ad:39:05:
4c:39:e8:de:a3:eb:8f:6d:91:ce:9a:0a:01:90:fc:
81:48:93:0e:bd:fb:0c:87:ff:ee:90:19:3c:01:b1:
d9:b7:91:a9:e8:6e:d3:65:ad:26:3b:7b:f4:69:2a:
e1:94:47:8e:de:7c:06:a5:e2:27:5e:79:15:ec:5f:
6f:9f:dd:f6:e1:5d:c8:a5:14:5b:2b:18:b4:cc:47:
45:e9:d3:5e:12:fa:77:10:d4:01:07:90:13:0e:3c:
13:46:b5:ec:2a:a4:8f:ad:42:c7:81:3d:c7:21:bc:
2d:e6:bc:d3:9a:09:f3:1f:2d:fa:53:da:21:65:1e:
99:1a:fa:50:aa:8a:41:4f:f1:70:7b:b4:9b:7c:40:
6d:50:8f:a8:ad:e9:a9:e8:c6:b9:e9:56:78:e4:1a:
25:6b:13:e7:ec:15:94:4a:2a:f6:4f:f5:8b:26:9b:
d3:48:2b:38:10:a4:c4:f6:ad:25:07:b0:c6:7d:a3:
c0:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:0E:AA:FA:77:26:7D:A2:E9:47:59:3D:0B:D2:8F:EF:30:CC:B3:74
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/JQ6q-ncmfaLpR1k9C9KP7zDMs3Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.35.0/24
81.168.116.0/24
82.153.79.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:cc:bc:a3:18:95:67:b8:ca:df:6a:67:14:78:28:ad:69:8c:
7d:e8:d0:f7:6d:71:42:2c:42:5c:f6:c6:51:bf:6c:91:13:48:
b9:b9:57:c6:6f:da:2b:8b:d8:52:58:24:11:07:13:d8:e7:a5:
61:a8:c6:10:a4:eb:6c:8b:06:a3:a0:09:1a:1b:bb:35:8c:c1:
4a:22:41:ef:15:a3:f9:87:54:a2:8e:ac:5a:a3:ca:8f:4f:13:
b8:be:bc:81:53:d7:c2:84:62:35:60:2c:5f:06:3a:b6:3f:d6:
d1:e8:2c:fd:e9:8f:d1:6e:83:38:21:56:d3:c6:5c:5a:b2:9f:
b0:f4:de:f4:02:3b:9a:5c:52:4b:b4:ea:2a:78:c1:31:cd:24:
ae:80:05:a6:e6:7c:36:c9:6d:bf:f7:30:d3:65:cb:4b:be:44:
b4:07:15:57:91:0f:11:0d:b6:4e:a2:9e:65:fe:59:4d:67:5f:
3a:2b:07:55:23:26:64:72:bf:dc:e8:52:35:2c:b4:10:01:bc:
69:e9:ca:78:eb:ce:eb:bb:8f:09:3b:a1:e1:09:0a:d7:a5:16:
7a:2d:46:45:50:5e:ae:0f:a7:2c:aa:87:45:b9:40:2d:10:66:
e8:6d:1b:bf:17:57:45:98:99:b6:e6:e6:8e:e5:a8:f7:f7:43:
75:94:7f:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYUchx4kOOb8wS8cfjWCLB8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjE2MjAwMTM1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTBlYWFmYTc3MjY3ZGEyZTk0NzU5M2QwYmQyOGZlZjMwY2NiMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwXpFmP2XIbsP6mwQbDreZiv+AJz
c1ODWThvhEZ1o2TkJTSaj0hFp21TjDebPaJwaROIvjaefQmosIPhvB7LrVODQClp
4RmtOQVMOejeo+uPbZHOmgoBkPyBSJMOvfsMh//ukBk8AbHZt5Gp6G7TZa0mO3v0
aSrhlEeO3nwGpeInXnkV7F9vn9324V3IpRRbKxi0zEdF6dNeEvp3ENQBB5ATDjwT
RrXsKqSPrULHgT3HIbwt5rzTmgnzHy36U9ohZR6ZGvpQqopBT/Fwe7SbfEBtUI+o
remp6Ma56VZ45BolaxPn7BWUSir2T/WLJpvTSCs4EKTE9q0lB7DGfaPAyQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCUOqvp3Jn2i6UdZPQvSj+8wzLN0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSlE2cS1uY21mYUxwUjFrOUM5S1A3ekRNczNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUagjAwQA
Uah0AwQAUplPMA0GCSqGSIb3DQEBCwUAA4IBAQANzLyjGJVnuMrfamcUeCitaYx9
6ND3bXFCLEJc9sZRv2yRE0i5uVfGb9ori9hSWCQRBxPY56VhqMYQpOtsiwajoAka
G7s1jMFKIkHvFaP5h1Sijqxao8qPTxO4vryBU9fChGI1YCxfBjq2P9bR6Cz96Y/R
boM4IVbTxlxasp+w9N70AjuaXFJLtOoqeMExzSSugAWm5nw2yW2/9zDTZctLvkS0
BxVXkQ8RDbZOop5l/llNZ186KwdVIyZkcr/c6FI1LLQQAbxp6cp4687ru48JO6Hh
CQrXpRZ6LUZFUF6uD6csqodFuUAtEGbobRu/F1dFmJm25uaO5aj390N1lH9u
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:28:27 2025 by rpki-client