Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LHPqxBKz8vXZSdFuISTXboPKuq4.roa
File: LHPqxBKz8vXZSdFuISTXboPKuq4.roa (raw, json)
Hash identifier: VMHv9gzG7TS4H9ScIlDQ5KgwjfGH24MxzM2WuxTQvPY=
Subject key identifier: 2C:73:EA:C4:12:B3:F2:F5:D9:49:D1:6E:21:24:D7:6E:83:CA:BA:AE
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018AFB722BC7F8F707CF4748595B11495CFF
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LHPqxBKz8vXZSdFuISTXboPKuq4.roa
Signing time: Wed 04 Oct 2023 16:07:58 +0000
ROA not before: Wed 04 Oct 2023 16:07:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.213.176.0/22 maxlen: 24
89.213.180.0/22 maxlen: 24
185.49.126.0/23 maxlen: 24
82.153.136.0/22 maxlen: 22
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
109.176.240.0/24 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.148.0/22 maxlen: 24
213.152.42.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fb:72:2b:c7:f8:f7:07:cf:47:48:59:5b:11:49:5c:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Oct 4 16:07:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2c73eac412b3f2f5d949d16e2124d76e83cabaae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:12:9a:7f:72:50:06:b6:68:72:26:cd:de:70:
f2:d5:2e:0d:6e:79:f4:11:43:e9:2a:59:89:69:dc:
3a:c4:05:d3:6b:3a:24:a7:49:fa:89:be:40:26:96:
ed:ae:36:28:ab:f9:7b:27:9d:84:04:e4:0d:22:0a:
84:6c:36:ef:29:d0:39:d4:1c:ff:58:e0:79:d4:7b:
c5:9f:c9:de:ff:57:c6:9b:25:48:9a:fb:56:5e:d7:
5d:9d:9f:69:a3:c6:eb:28:95:04:58:18:2f:ec:9c:
67:26:5c:41:12:91:52:b8:52:68:ab:28:14:c7:4d:
4c:f9:2c:d1:b7:4a:59:6e:6f:94:de:9a:ae:aa:bb:
70:74:96:46:d1:42:fb:5f:06:63:6d:39:f8:fd:c8:
d9:54:59:0d:68:83:e0:14:af:ec:7c:ec:0c:af:f1:
0a:a9:1c:1c:73:c7:47:f6:33:29:d8:83:b6:da:62:
3b:17:b0:2c:50:6b:5e:30:c3:10:df:ed:eb:77:cd:
f8:fe:d7:5b:17:e5:3f:ee:4b:89:39:47:7a:5f:29:
94:d7:9f:97:9c:56:bf:50:f8:14:0a:76:62:fc:04:
7c:56:1c:1c:91:cc:8c:c1:b3:f5:19:6e:a2:76:40:
ef:cf:84:97:ee:9d:2d:01:ce:cc:2c:1f:25:b3:bb:
cb:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:73:EA:C4:12:B3:F2:F5:D9:49:D1:6E:21:24:D7:6E:83:CA:BA:AE
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LHPqxBKz8vXZSdFuISTXboPKuq4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
81.168.123.0/24
82.153.136.0/22
89.213.148.0-89.213.155.255
89.213.176.0/21
109.176.240.0/24
185.49.126.0/23
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:c0:e9:8e:f6:56:3f:1a:21:d5:3d:f2:1f:d0:69:7b:e4:0c:
34:1d:6b:45:da:d0:90:df:7f:88:65:4b:f9:9a:a8:ad:77:b1:
3a:dd:5d:81:cc:a1:3e:46:d4:d7:21:8c:78:b2:fd:df:bf:14:
d6:8f:b5:ae:bd:25:0b:dd:0c:bf:b8:0b:47:d4:28:a9:aa:69:
8b:f5:b6:5c:94:5c:b8:34:4d:26:f4:a8:29:5b:6c:01:91:df:
3d:da:3a:68:1f:d8:8c:cc:08:c4:9f:bf:90:9c:c5:d6:b4:e6:
67:e7:04:8c:68:25:5b:8c:b5:62:49:e2:62:1b:aa:00:56:fa:
3f:57:68:1b:20:55:42:a6:e5:f9:fc:65:a5:1f:2c:ce:da:cd:
4c:84:f6:40:4a:13:ee:f2:ce:8d:cf:2b:da:2e:04:ad:64:32:
b9:22:48:e2:ca:2f:9d:f3:ff:ea:a7:c9:60:65:87:3a:30:e6:
94:a2:27:51:4b:db:b8:e9:dd:96:3a:72:fb:ce:e6:01:e7:d9:
db:66:f6:cc:08:e2:6a:71:0a:8c:46:fe:1d:3c:66:b1:c8:76:
46:21:a6:a4:dc:f2:74:58:df:cb:65:bc:ce:0e:71:ef:dc:4f:
c2:53:66:c9:d5:d0:b7:2d:d8:bb:c2:d2:81:33:19:81:e3:63:
63:5d:bf:0b
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYr7civH+PcHz0dIWVsRSVz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDA0MTYwNzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzczZWFjNDEyYjNmMmY1ZDk0OWQxNmUyMTI0ZDc2ZTgzY2FiYWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhKaf3JQBrZocibN3nDy1S4Nbnn0
EUPpKlmJadw6xAXTazokp0n6ib5AJpbtrjYoq/l7J52EBOQNIgqEbDbvKdA51Bz/
WOB51HvFn8ne/1fGmyVImvtWXtddnZ9po8brKJUEWBgv7JxnJlxBEpFSuFJoqygU
x01M+SzRt0pZbm+U3pquqrtwdJZG0UL7XwZjbTn4/cjZVFkNaIPgFK/sfOwMr/EK
qRwcc8dH9jMp2IO22mI7F7AsUGteMMMQ3+3rd834/tdbF+U/7kuJOUd6XymU15+X
nFa/UPgUCnZi/AR8VhwckcyMwbP1GW6idkDvz4SX7p0tAc7MLB8ls7vLPwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFCxz6sQSs/L12UnRbiEk126DyrquMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTEhQcXhCS3o4dlhaU2RGdUlTVFhib1BLdXE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQA
Uah7AwQCUpmIMAwDBAJZ1ZQDBAJZ1ZgDBANZ1bADBABtsPADBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAKrA6Y72Vj8aIdU98h/QaXvkDDQda0Xa0JDff4hl
S/maqK13sTrdXYHMoT5G1NchjHiy/d+/FNaPta69JQvdDL+4C0fUKKmqaYv1tlyU
XLg0TSb0qClbbAGR3z3aOmgf2IzMCMSfv5Ccxda05mfnBIxoJVuMtWJJ4mIbqgBW
+j9XaBsgVUKm5fn8ZaUfLM7azUyE9kBKE+7yzo3PK9ouBK1kMrkiSOLKL53z/+qn
yWBlhzow5pSiJ1FL27jp3ZY6cvvO5gHn2dtm9swI4mpxCoxG/h08ZrHIdkYhpqTc
8nRY38tlvM4Oce/cT8JTZsnV0Lct2LvC0oEzGYHjY2Ndvws=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:25:51 2025 by rpki-client