Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PEhdgAcyvgdqIzbU747WidAGfas.roa
File: PEhdgAcyvgdqIzbU747WidAGfas.roa (raw, json)
Hash identifier: WHMzfQQi7G+eicpjoOMesQHjh1D6FX9pgmecs7tm87Y=
Subject key identifier: 3C:48:5D:80:07:32:BE:07:6A:23:36:D4:EF:8E:D6:89:D0:06:7D:AB
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018BD2013844CF1F4342429808B1E4F611B6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PEhdgAcyvgdqIzbU747WidAGfas.roa
Signing time: Wed 15 Nov 2023 08:02:57 +0000
ROA not before: Wed 15 Nov 2023 08:02:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49981
IP address blocks: 109.176.245.0/24 maxlen: 24
89.213.157.0/24 maxlen: 24
82.153.220.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d2:01:38:44:cf:1f:43:42:42:98:08:b1:e4:f6:11:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 15 08:02:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3c485d800732be076a2336d4ef8ed689d0067dab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:e3:08:d9:ad:24:13:f7:86:81:45:08:58:2a:
fd:e7:84:ed:64:ed:b7:13:47:84:ee:a3:72:95:6d:
a1:be:90:2a:f3:6f:eb:89:33:9b:a5:89:80:bf:1e:
37:6d:b3:4f:a9:73:5b:3d:03:c8:ba:1b:b5:d9:02:
76:64:db:46:70:c2:4a:da:eb:f5:25:fc:2a:db:fd:
cb:b0:e5:a9:ae:6c:47:f2:ca:37:2f:2a:bf:72:a1:
a9:89:ce:e2:ad:ad:c2:29:a6:58:a4:1a:bd:b3:b9:
5a:41:ba:99:c3:82:d9:ea:0f:31:65:f4:ae:2a:35:
29:fb:9f:07:30:b9:cb:21:23:c9:14:79:0b:a0:3f:
d6:29:7d:02:c1:d7:0e:ee:7d:29:e9:7d:4a:88:58:
8b:8b:ad:1d:d6:95:bb:dd:e8:92:2e:aa:00:b0:64:
35:d4:6d:1e:ab:2b:10:a9:2c:cb:16:b8:33:24:ef:
2d:1b:8d:f5:f4:eb:3c:42:17:6c:fd:da:32:fa:49:
fd:ed:94:32:00:59:76:a7:8c:47:46:2e:de:cc:bd:
ac:ce:a9:46:f3:30:c7:b4:07:54:d7:db:7a:c0:ae:
66:42:ff:b3:ff:f8:31:57:be:60:f3:77:25:36:22:
05:9e:01:5b:67:9b:60:34:bf:00:c5:f2:46:a2:b1:
8b:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:48:5D:80:07:32:BE:07:6A:23:36:D4:EF:8E:D6:89:D0:06:7D:AB
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/PEhdgAcyvgdqIzbU747WidAGfas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.220.0/24
89.213.157.0/24
109.176.245.0/24
Signature Algorithm: sha256WithRSAEncryption
7b:20:10:7e:09:e3:46:c3:c0:a0:46:96:5d:99:79:4b:0d:ae:
4f:21:b4:92:6a:66:3f:b9:72:5d:d2:4e:5d:ea:36:f6:72:05:
26:ce:b7:f3:91:a1:7f:6d:d3:b8:ad:51:5d:6b:9c:76:e1:3b:
d3:bd:dd:c2:aa:32:23:90:cf:16:20:c5:91:8b:24:a1:ec:00:
a8:82:a8:41:2a:ac:96:23:85:b5:60:28:f8:fc:6c:27:f4:e6:
01:93:89:e4:27:f8:67:3c:c6:e3:9e:e2:6d:aa:4f:0f:f4:cd:
96:82:12:b0:a1:e1:72:37:bf:98:4b:e0:50:34:10:86:bc:97:
b4:8b:d5:35:37:d5:18:ca:07:22:75:0f:ab:25:ef:6c:be:79:
94:95:de:58:6e:ab:27:d1:e2:18:e6:b4:2f:1f:85:7c:f4:78:
9d:f5:2b:d0:41:1d:b1:11:91:59:b0:52:11:96:75:bc:97:d4:
c6:e0:28:a8:1b:5d:78:e1:a3:f8:73:19:86:de:76:de:1a:a0:
08:e0:8e:8c:a1:f2:d7:97:6e:97:c9:d8:ce:80:b6:ba:b9:b4:
a1:a6:03:fa:34:1c:c8:98:7a:5c:09:e5:1c:00:8c:0e:c7:db:
1d:77:36:f3:6c:2e:55:04:56:b2:47:74:6c:a3:82:a6:9c:f9:
95:95:21:ff
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYvSAThEzx9DQkKYCLHk9hG2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE1MDgwMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQ4NWQ4MDA3MzJiZTA3NmEyMzM2ZDRlZjhlZDY4OWQwMDY3ZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+MI2a0kE/eGgUUIWCr954TtZO23
E0eE7qNylW2hvpAq82/riTObpYmAvx43bbNPqXNbPQPIuhu12QJ2ZNtGcMJK2uv1
Jfwq2/3LsOWprmxH8so3Lyq/cqGpic7ira3CKaZYpBq9s7laQbqZw4LZ6g8xZfSu
KjUp+58HMLnLISPJFHkLoD/WKX0CwdcO7n0p6X1KiFiLi60d1pW73eiSLqoAsGQ1
1G0eqysQqSzLFrgzJO8tG4319Os8Qhds/doy+kn97ZQyAFl2p4xHRi7ezL2szqlG
8zDHtAdU19t6wK5mQv+z//gxV75g83clNiIFngFbZ5tgNL8AxfJGorGLDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDxIXYAHMr4HaiM21O+O1onQBn2rMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUEVoZGdBY3l2Z2RxSXpiVTc0N1dpZEFHZmFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUpncAwQA
WdWdAwQAbbD1MA0GCSqGSIb3DQEBCwUAA4IBAQB7IBB+CeNGw8CgRpZdmXlLDa5P
IbSSamY/uXJd0k5d6jb2cgUmzrfzkaF/bdO4rVFda5x24TvTvd3CqjIjkM8WIMWR
iySh7ACogqhBKqyWI4W1YCj4/Gwn9OYBk4nkJ/hnPMbjnuJtqk8P9M2WghKwoeFy
N7+YS+BQNBCGvJe0i9U1N9UYygcidQ+rJe9svnmUld5Ybqsn0eIY5rQvH4V89Hid
9SvQQR2xEZFZsFIRlnW8l9TG4CioG1144aP4cxmG3nbeGqAI4I6MofLXl26XydjO
gLa6ubShpgP6NBzImHpcCeUcAIwOx9sddzbzbC5VBFayR3Rso4KmnPmVlSH/
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:15:29 2025 by rpki-client