Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TOvbuPtiCCETGc9k3qO5zqJqQmI.roa
File: TOvbuPtiCCETGc9k3qO5zqJqQmI.roa (raw, json)
Hash identifier: 881v+OTu/pDl3so/No2zjhkFXBp6Lv1RFk7d41xkN+4=
Subject key identifier: 4C:EB:DB:B8:FB:62:08:21:13:19:CF:64:DE:A3:B9:CE:A2:6A:42:62
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01890251EC80EEB0B428967E46FB04EEC933
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TOvbuPtiCCETGc9k3qO5zqJqQmI.roa
Signing time: Wed 28 Jun 2023 14:04:30 +0000
ROA not before: Wed 28 Jun 2023 14:04:30 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 82.153.136.0/22 maxlen: 22
82.153.246.0/24 maxlen: 24
82.153.249.0/24 maxlen: 24
82.153.65.0/24 maxlen: 24
82.152.108.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
213.152.43.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:02:51:ec:80:ee:b0:b4:28:96:7e:46:fb:04:ee:c9:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 28 14:04:30 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4cebdbb8fb6208211319cf64dea3b9cea26a4262
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:0a:66:50:73:9a:98:e4:42:88:70:33:8d:3c:
0c:b0:f8:ef:df:68:24:89:bc:6b:97:55:87:34:96:
e9:54:a0:cc:48:58:03:45:e4:f3:4a:c3:8c:a9:46:
75:e7:ab:ba:27:ff:28:70:a1:a4:61:99:4f:6a:62:
1b:13:4b:41:5a:62:f4:d7:52:a5:60:c5:57:55:80:
85:2f:3a:86:e8:89:49:df:6e:f6:99:ce:5f:bb:9c:
33:c0:07:38:f3:e8:83:9b:1b:28:4b:21:d3:08:3f:
04:c8:4a:a4:ee:0d:da:56:6d:9f:fc:a1:a9:d5:8e:
25:ea:01:f9:e1:dd:d8:c3:94:f3:d2:54:2f:55:86:
97:a5:b8:16:2e:16:bd:5e:c3:99:96:a7:96:6b:b8:
95:1d:2c:1f:79:c9:dc:fe:e1:b2:25:0c:8d:ea:7b:
c9:c8:93:8e:70:f1:be:42:13:cb:fb:99:68:b0:cc:
0d:b9:9b:12:b3:1e:40:c1:40:0e:51:ee:c1:a5:f3:
98:3e:3a:da:1f:01:f5:32:70:86:78:c4:36:6a:99:
fc:f8:ed:a6:7b:64:e4:e7:08:fb:8a:8a:22:25:8d:
f2:ce:31:0f:70:a5:58:63:7c:e5:0f:c6:9e:73:c6:
b9:0e:5a:96:d0:15:83:85:83:3b:28:ae:c4:cc:8a:
83:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:EB:DB:B8:FB:62:08:21:13:19:CF:64:DE:A3:B9:CE:A2:6A:42:62
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TOvbuPtiCCETGc9k3qO5zqJqQmI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
81.168.123.0/24
82.152.108.0/24
82.153.65.0/24
82.153.73.0/24
82.153.136.0/22
82.153.246.0/24
82.153.249.0/24
213.152.43.0/24
Signature Algorithm: sha256WithRSAEncryption
26:43:5c:2a:90:30:df:d2:b9:73:9a:42:40:e4:cf:34:16:cd:
a6:1b:43:d3:e7:ec:c0:be:d5:02:59:ea:c6:45:5c:20:92:2f:
68:ac:d4:86:e2:8e:f4:a1:2f:95:a9:84:cf:e8:72:d4:9b:44:
a7:52:81:6a:4f:76:b5:8f:eb:9f:55:ec:60:5f:cb:1b:9e:e1:
91:88:c0:fe:42:9e:cc:0b:61:1c:d4:53:e2:c3:d7:d0:4c:46:
a5:26:89:68:64:ad:4f:ea:e7:08:a1:4f:3e:d9:8e:88:f1:2a:
a0:8d:38:70:b7:ac:ff:42:43:43:37:eb:14:f5:5b:80:f4:63:
d8:6a:5d:5f:81:12:e5:6d:75:5e:e1:58:63:85:2e:9c:d7:ba:
f0:ba:87:43:96:21:63:7b:f5:16:7f:10:d7:10:e6:c2:20:c2:
04:45:62:19:e7:01:f5:02:61:07:91:1f:b0:49:6c:f2:de:db:
77:a6:3d:5d:30:40:9f:c9:ea:a9:5c:be:e9:9d:38:4c:e1:13:
d0:2d:58:2c:1d:cd:f5:94:ae:27:35:12:1c:25:c5:19:17:fb:
1a:c1:a8:56:b1:9f:94:da:e1:3a:3e:32:6e:cb:10:3a:95:b1:
70:0a:73:2b:14:30:bf:02:29:a2:52:c9:14:d9:8d:a6:c2:c5:
f5:95:a0:00
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYkCUeyA7rC0KJZ+RvsE7skzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjI4MTQwNDMwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2ViZGJiOGZiNjIwODIxMTMxOWNmNjRkZWEzYjljZWEyNmE0MjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwpmUHOamORCiHAzjTwMsPjv32gk
ibxrl1WHNJbpVKDMSFgDReTzSsOMqUZ156u6J/8ocKGkYZlPamIbE0tBWmL011Kl
YMVXVYCFLzqG6IlJ3272mc5fu5wzwAc48+iDmxsoSyHTCD8EyEqk7g3aVm2f/KGp
1Y4l6gH54d3Yw5Tz0lQvVYaXpbgWLha9XsOZlqeWa7iVHSwfecnc/uGyJQyN6nvJ
yJOOcPG+QhPL+5losMwNuZsSsx5AwUAOUe7BpfOYPjraHwH1MnCGeMQ2apn8+O2m
e2Tk5wj7iooiJY3yzjEPcKVYY3zlD8aec8a5DlqW0BWDhYM7KK7EzIqDOwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEzr27j7YgghExnPZN6juc6iakJiMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVE92YnVQdGlDQ0VUR2M5azNxTzV6cUpxUW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUah3AwQA
Uah7AwQAUphsAwQAUplBAwQAUplJAwQCUpmIAwQAUpn2AwQAUpn5AwQA1ZgrMA0G
CSqGSIb3DQEBCwUAA4IBAQAmQ1wqkDDf0rlzmkJA5M80Fs2mG0PT5+zAvtUCWerG
RVwgki9orNSG4o70oS+VqYTP6HLUm0SnUoFqT3a1j+ufVexgX8sbnuGRiMD+Qp7M
C2Ec1FPiw9fQTEalJoloZK1P6ucIoU8+2Y6I8SqgjThwt6z/QkNDN+sU9VuA9GPY
al1fgRLlbXVe4VhjhS6c17rwuodDliFje/UWfxDXEObCIMIERWIZ5wH1AmEHkR+w
SWzy3tt3pj1dMECfyeqpXL7pnThM4RPQLVgsHc31lK4nNRIcJcUZF/sawahWsZ+U
2uE6PjJuyxA6lbFwCnMrFDC/AimiUskU2Y2mwsX1laAA
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:10:31 2025 by rpki-client