Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QO_nSNfOMBg-pG7y482VkpVAK9E.roa
File: QO_nSNfOMBg-pG7y482VkpVAK9E.roa (raw, json)
Hash identifier: Ev61733kgDxabUR8B8pK4ULKqTEeAFbiPHrFCM0u7QE=
Subject key identifier: 40:EF:E7:48:D7:CE:30:18:3E:A4:6E:F2:E3:CD:95:92:95:40:2B:D1
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0186548822F346D9130BFA8DC7B0433E664C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QO_nSNfOMBg-pG7y482VkpVAK9E.roa
Signing time: Wed 15 Feb 2023 10:04:13 +0000
ROA not before: Wed 15 Feb 2023 10:04:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60721
IP address blocks: 82.152.176.0/24 maxlen: 24
82.152.177.0/24 maxlen: 24
82.153.243.0/24 maxlen: 24
82.153.68.0/24 maxlen: 24
82.152.249.0/24 maxlen: 24
82.152.254.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:54:88:22:f3:46:d9:13:0b:fa:8d:c7:b0:43:3e:66:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Feb 15 10:04:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=40efe748d7ce30183ea46ef2e3cd959295402bd1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:fa:3f:90:f6:60:0d:65:92:9d:1a:32:79:c4:
f0:71:47:1e:62:65:18:03:02:de:c0:bb:ba:d5:e8:
96:bb:e1:7b:47:87:8b:52:ad:72:bc:db:0b:6b:61:
06:7c:35:d6:53:28:01:e9:4d:8e:e6:77:70:86:3a:
9c:10:be:0a:e2:61:f2:7c:ef:3e:f0:47:e8:ca:97:
b2:a8:58:45:9a:25:90:eb:77:c0:02:db:06:aa:db:
9c:9e:06:d2:14:2f:f6:14:c8:37:87:7b:7e:77:a6:
28:11:81:dd:98:4e:b6:1a:86:7b:43:29:f6:80:30:
1b:2d:74:58:6e:5b:b7:e1:9a:66:1b:33:0e:5d:b8:
3e:2e:59:2f:0e:42:23:0b:4c:db:aa:f7:dc:2b:33:
1a:ce:7b:e7:8b:2c:70:4d:e7:9a:7f:e5:f4:0e:44:
cb:bf:d0:2f:00:1e:20:eb:8d:12:9b:61:cb:86:9a:
61:13:fe:e6:3e:ec:c1:25:cb:a1:0f:c4:10:d9:06:
e4:12:90:5a:8e:cc:72:d8:71:2e:85:f1:b5:14:cb:
11:91:c5:36:ad:90:17:0b:10:28:5b:4b:32:38:40:
f4:b6:c2:9d:b5:11:3e:1b:9b:05:02:f5:f4:60:d3:
83:db:de:c3:6e:eb:d9:8a:af:d7:86:64:82:14:69:
9c:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:EF:E7:48:D7:CE:30:18:3E:A4:6E:F2:E3:CD:95:92:95:40:2B:D1
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QO_nSNfOMBg-pG7y482VkpVAK9E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.176.0/23
82.152.249.0/24
82.152.254.0/24
82.153.68.0/24
82.153.243.0/24
Signature Algorithm: sha256WithRSAEncryption
27:ee:99:af:99:c5:95:26:07:2d:ae:b9:14:a0:3f:ff:3c:a3:
81:e1:13:18:8a:83:1d:0d:bc:db:03:d9:44:a4:a3:0c:1f:13:
83:5e:d8:f0:81:f3:87:01:d8:d3:03:3f:bd:f1:08:06:4c:dd:
7d:96:2c:31:48:87:92:0d:c7:bd:85:29:e0:0b:c0:6e:50:8b:
61:95:14:56:d8:a5:45:fc:bd:e9:89:03:d5:29:a4:27:12:e0:
73:61:3d:99:5d:a6:63:7a:af:9f:58:36:47:f4:b3:22:95:25:
e4:fa:68:1f:32:52:e8:7d:27:e2:19:9e:21:d0:29:3f:0d:85:
1b:09:d2:78:a4:07:4d:bb:b6:c6:15:c8:e7:c3:1a:00:34:bf:
af:78:60:4b:9d:35:66:71:9c:b4:f0:1d:79:f5:42:aa:bd:44:
23:8c:23:11:67:38:52:85:3d:46:6b:2a:7e:1c:56:b2:d4:9a:
3e:a8:fe:d2:ae:fc:c9:fc:6b:90:50:88:34:03:5c:fd:fa:44:
de:0a:4e:38:fe:c7:7a:dc:15:13:21:6c:0e:38:4d:70:9c:30:
2f:64:ce:35:5b:b6:95:18:de:e3:a1:ea:02:b6:53:73:63:06:
e3:27:90:94:5c:04:0d:b7:38:1b:83:f2:32:14:22:d7:4a:6c:
b7:f1:60:42
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYZUiCLzRtkTC/qNx7BDPmZMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMjE1MTAwNDEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGVmZTc0OGQ3Y2UzMDE4M2VhNDZlZjJlM2NkOTU5Mjk1NDAyYmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfo/kPZgDWWSnRoyecTwcUceYmUY
AwLewLu61eiWu+F7R4eLUq1yvNsLa2EGfDXWUygB6U2O5ndwhjqcEL4K4mHyfO8+
8EfoypeyqFhFmiWQ63fAAtsGqtucngbSFC/2FMg3h3t+d6YoEYHdmE62GoZ7Qyn2
gDAbLXRYblu34ZpmGzMOXbg+LlkvDkIjC0zbqvfcKzMaznvniyxwTeeaf+X0DkTL
v9AvAB4g640Sm2HLhpphE/7mPuzBJcuhD8QQ2QbkEpBajsxy2HEuhfG1FMsRkcU2
rZAXCxAoW0syOED0tsKdtRE+G5sFAvX0YNOD297DbuvZiq/XhmSCFGmcRQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEDv50jXzjAYPqRu8uPNlZKVQCvRMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUU9fblNOZk9NQmctcEc3eTQ4MlZrcFZBSzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBUpiwAwQA
Upj5AwQAUpj+AwQAUplEAwQAUpnzMA0GCSqGSIb3DQEBCwUAA4IBAQAn7pmvmcWV
JgctrrkUoD//PKOB4RMYioMdDbzbA9lEpKMMHxODXtjwgfOHAdjTAz+98QgGTN19
liwxSIeSDce9hSngC8BuUIthlRRW2KVF/L3piQPVKaQnEuBzYT2ZXaZjeq+fWDZH
9LMilSXk+mgfMlLofSfiGZ4h0Ck/DYUbCdJ4pAdNu7bGFcjnwxoANL+veGBLnTVm
cZy08B159UKqvUQjjCMRZzhShT1Gayp+HFay1Jo+qP7SrvzJ/GuQUIg0A1z9+kTe
Ck44/sd63BUTIWwOOE1wnDAvZM41W7aVGN7joeoCtlNzYwbjJ5CUXAQNtzgbg/Iy
FCLXSmy38WBC
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:34:57 2025 by rpki-client