Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QznF3dA5dbHiVeg8KzfphjyTGeQ.roa
File: QznF3dA5dbHiVeg8KzfphjyTGeQ.roa (raw, json)
Hash identifier: h9h5n3ZKj4cc7gz8/0r/fkuX88yV9S0AusAEEaxns9E=
Subject key identifier: 43:39:C5:DD:D0:39:75:B1:E2:55:E8:3C:2B:37:E9:86:3C:93:19:E4
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018B1DD3AACB27E2ED7C0480DF06F531D34A
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QznF3dA5dbHiVeg8KzfphjyTGeQ.roa
Signing time: Wed 11 Oct 2023 08:21:32 +0000
ROA not before: Wed 11 Oct 2023 08:21:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.213.176.0/22 maxlen: 24
89.213.180.0/22 maxlen: 24
185.49.126.0/23 maxlen: 24
82.153.136.0/22 maxlen: 22
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.148.0/22 maxlen: 24
213.152.42.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:1d:d3:aa:cb:27:e2:ed:7c:04:80:df:06:f5:31:d3:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Oct 11 08:21:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4339c5ddd03975b1e255e83c2b37e9863c9319e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:06:eb:b3:a9:0c:aa:f4:c0:bd:ad:6e:c6:e0:
d0:d8:54:48:d5:cd:0c:55:16:77:c9:5b:1e:25:6f:
af:53:2a:7d:81:a3:d8:d0:6a:26:c6:2c:34:25:f9:
fc:b0:8a:d7:52:37:00:4e:30:b9:14:dc:0b:46:45:
8d:6f:eb:8f:80:bd:15:0d:52:6b:52:03:3c:1c:e4:
0e:36:2c:13:a6:b5:c9:8e:65:c9:e8:11:d5:89:9f:
e6:3f:b7:45:16:19:24:ff:e1:78:ad:d4:3c:7d:5b:
d9:15:e6:11:bf:7c:53:c1:c0:e4:40:e6:31:6c:9c:
20:14:12:cb:98:66:75:d8:78:00:fb:9e:50:e4:15:
e7:27:62:e6:6a:4c:c1:b5:c3:c9:e1:ec:16:72:60:
73:23:5a:74:41:60:e7:49:f1:d0:36:c1:f8:c0:a2:
9c:84:80:56:11:ca:2c:d0:23:dc:fe:ca:85:32:41:
08:a3:be:8e:44:bf:9c:cf:19:29:90:6d:cb:13:11:
54:38:b1:f1:ba:a3:a8:36:7b:b5:b7:e3:e2:ae:1f:
2f:97:ba:b1:70:a7:ca:c9:7b:dc:69:a5:7a:76:59:
24:f6:3f:b8:98:9e:ab:63:72:4e:ac:4d:64:8a:b0:
f7:09:a1:a4:67:18:05:f7:9f:56:a3:57:fa:63:d3:
a0:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:39:C5:DD:D0:39:75:B1:E2:55:E8:3C:2B:37:E9:86:3C:93:19:E4
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/QznF3dA5dbHiVeg8KzfphjyTGeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
81.168.123.0/24
82.153.136.0/22
89.213.148.0-89.213.155.255
89.213.167.0/24
89.213.176.0/21
185.49.126.0/23
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:91:48:e6:bb:91:49:c8:d0:5a:98:f9:bf:cc:5c:8a:9b:cd:
63:0a:00:05:84:b1:03:c7:0f:19:0a:12:e8:ed:70:80:42:b0:
c9:4d:58:0c:ba:30:e9:4b:1a:f5:57:c5:a1:f9:eb:36:94:a5:
90:b6:12:a3:fe:1b:de:db:7e:cc:70:ad:22:51:fe:f9:97:ca:
b5:43:1b:6d:4a:51:45:a1:97:5f:a3:f3:3f:38:16:d6:c9:67:
7d:31:3f:1a:f0:8f:24:9a:9c:15:ef:bb:eb:3c:d0:30:8c:d8:
23:b8:30:0a:38:6e:a3:03:c8:4a:41:45:8f:ff:68:a9:6d:6f:
9f:20:7b:11:1a:08:dd:85:a7:62:0a:5b:f7:3a:af:c6:ff:c0:
bc:d3:a3:14:ee:18:fc:c7:17:76:fe:4b:55:3b:e8:90:4c:40:
ea:24:69:18:d0:3a:5d:e6:25:cc:e7:3b:b4:d0:db:9f:b8:d8:
8b:70:e8:c8:bc:38:2f:94:f2:8b:9f:c7:bc:31:cc:79:c4:65:
22:a0:91:e1:50:80:6c:3a:db:77:9e:99:64:03:c3:3b:95:d0:
da:8e:98:79:39:26:33:90:b1:3b:23:d4:58:a7:99:ab:70:32:
97:11:ee:bb:c3:be:a0:a4:9f:f9:f9:fa:45:97:72:51:15:1c:
c7:c9:37:1d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYsd06rLJ+LtfASA3wb1MdNKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDExMDgyMTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzM5YzVkZGQwMzk3NWIxZTI1NWU4M2MyYjM3ZTk4NjNjOTMxOWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwbrs6kMqvTAva1uxuDQ2FRI1c0M
VRZ3yVseJW+vUyp9gaPY0Gomxiw0Jfn8sIrXUjcATjC5FNwLRkWNb+uPgL0VDVJr
UgM8HOQONiwTprXJjmXJ6BHViZ/mP7dFFhkk/+F4rdQ8fVvZFeYRv3xTwcDkQOYx
bJwgFBLLmGZ12HgA+55Q5BXnJ2LmakzBtcPJ4ewWcmBzI1p0QWDnSfHQNsH4wKKc
hIBWEcos0CPc/sqFMkEIo76ORL+czxkpkG3LExFUOLHxuqOoNnu1t+Pirh8vl7qx
cKfKyXvcaaV6dlkk9j+4mJ6rY3JOrE1kirD3CaGkZxgF959Wo1f6Y9OgdwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFEM5xd3QOXWx4lXoPCs36YY8kxnkMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvUXpuRjNkQTVkYkhpVmVnOEt6ZnBoanlUR2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQA
Uah7AwQCUpmIMAwDBAJZ1ZQDBAJZ1ZgDBABZ1acDBANZ1bADBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAH2RSOa7kUnI0FqY+b/MXIqbzWMKAAWEsQPHDxkK
EujtcIBCsMlNWAy6MOlLGvVXxaH56zaUpZC2EqP+G97bfsxwrSJR/vmXyrVDG21K
UUWhl1+j8z84FtbJZ30xPxrwjySanBXvu+s80DCM2CO4MAo4bqMDyEpBRY//aKlt
b58gexEaCN2Fp2IKW/c6r8b/wLzToxTuGPzHF3b+S1U76JBMQOokaRjQOl3mJczn
O7TQ25+42Itw6Mi8OC+U8oufx7wxzHnEZSKgkeFQgGw623eemWQDwzuV0NqOmHk5
JjOQsTsj1FinmatwMpcR7rvDvqCkn/n5+kWXclEVHMfJNx0=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:10:54 2025 by rpki-client