Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wer9-4F86QuKAyHQAPQoEnK3-n8.roa
File: Wer9-4F86QuKAyHQAPQoEnK3-n8.roa (raw, json)
Hash identifier: BrFYrMWcTbIUxAp8tFgJmNLchP2i6Bm+aHytOSBgXUo=
Subject key identifier: 59:EA:FD:FB:81:7C:E9:0B:8A:03:21:D0:00:F4:28:12:72:B7:FA:7F
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018510EEF3272FDCB083EF69716C9EB2586F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wer9-4F86QuKAyHQAPQoEnK3-n8.roa
Signing time: Wed 14 Dec 2022 13:59:33 +0000
ROA not before: Wed 14 Dec 2022 13:59:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 82.153.245.0/24 maxlen: 24
82.153.64.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
82.153.72.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.120.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
81.168.126.0/24 maxlen: 24
82.153.1.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:10:ee:f3:27:2f:dc:b0:83:ef:69:71:6c:9e:b2:58:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 14 13:59:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=59eafdfb817ce90b8a0321d000f4281272b7fa7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:55:71:e0:52:13:b2:0f:39:59:af:90:91:bd:
de:f1:14:5b:66:fb:b8:0a:da:34:4f:c5:ec:50:f9:
4a:42:b6:a4:4a:a3:b9:67:cb:81:9e:62:d0:c1:e8:
b0:fe:09:6b:79:01:b6:f3:3c:a0:e8:a4:09:23:3b:
6b:51:63:cd:4d:ee:3b:29:9e:ce:0b:e0:8b:f1:86:
63:db:8e:56:0a:65:de:95:98:67:93:3b:cf:f1:30:
8c:0f:1c:a6:f0:f7:7b:c3:5e:07:bf:f8:a7:e8:0a:
74:6d:93:fb:37:05:87:fc:75:00:18:a3:5e:1f:64:
12:1c:bf:b1:dd:59:6d:af:4b:4b:fe:82:59:45:f9:
56:50:8d:da:31:da:a4:44:5a:4a:7e:70:c1:c0:f9:
c4:3d:43:56:67:2a:d5:aa:f1:ba:94:a3:45:b8:41:
5b:7a:91:ac:10:32:19:bb:a8:d4:12:e9:c7:a2:6a:
73:a6:24:f3:3a:ae:53:35:75:4c:97:17:76:40:b9:
ef:c0:4c:9a:59:2f:c8:52:36:5f:ce:09:7e:64:c3:
5b:dc:f5:ad:f3:cc:85:03:1d:eb:05:a8:b7:66:2a:
ae:70:28:05:04:06:db:48:77:c1:bb:36:21:92:70:
b8:2d:f6:b8:85:68:83:04:c2:4b:ac:ba:60:d0:0a:
89:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:EA:FD:FB:81:7C:E9:0B:8A:03:21:D0:00:F4:28:12:72:B7:FA:7F
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Wer9-4F86QuKAyHQAPQoEnK3-n8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0-81.168.120.255
81.168.123.0/24
81.168.126.0/24
82.153.1.0/24
82.153.64.0/24
82.153.72.0/24
82.153.78.0/24
82.153.245.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:b5:19:3e:31:14:20:a0:75:91:c7:55:8b:c4:55:8d:8b:75:
ab:76:c1:c1:2a:2b:c8:d4:64:3d:b1:ff:7d:e4:a8:cc:c4:13:
c5:8e:1c:2f:42:61:7d:52:fb:a0:56:c3:fa:01:6e:e0:d0:35:
e3:02:60:f9:63:de:e3:9e:8e:a6:88:8d:ae:0c:b2:a8:8b:01:
12:55:0e:1b:44:b1:76:bd:fa:68:2e:f9:14:b1:3a:f3:e2:e8:
2c:99:87:a9:04:9c:41:27:2d:c2:2d:57:fa:d2:0d:71:9c:f1:
86:2a:e8:30:10:d1:b7:f3:90:8e:af:87:14:b8:09:8e:90:65:
16:3d:03:c5:8c:04:87:0f:f5:c5:b4:14:ce:94:d5:5f:f5:7f:
59:e8:b3:f4:51:1d:de:78:e2:bb:b0:de:76:1b:08:7e:7c:06:
2f:a5:dc:e4:12:23:6a:86:3b:c6:46:82:94:83:9c:31:c9:42:
ea:24:75:de:3b:85:2d:e4:a7:2f:8b:0f:9a:4d:bd:77:75:61:
74:c3:8f:5b:aa:cb:fe:49:0b:f7:ed:b3:aa:88:ad:53:70:e5:
7f:2f:0c:d2:50:cb:5c:95:15:bb:27:28:c0:2a:bd:ca:1d:67:
e8:69:10:3b:56:ef:6c:b9:d8:4d:6d:46:cd:90:21:f4:23:cf:
60:90:27:c9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYUQ7vMnL9ywg+9pcWyeslhvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjE0MTM1OTMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWVhZmRmYjgxN2NlOTBiOGEwMzIxZDAwMGY0MjgxMjcyYjdmYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVVx4FITsg85Wa+Qkb3e8RRbZvu4
Cto0T8XsUPlKQrakSqO5Z8uBnmLQweiw/glreQG28zyg6KQJIztrUWPNTe47KZ7O
C+CL8YZj245WCmXelZhnkzvP8TCMDxym8Pd7w14Hv/in6Ap0bZP7NwWH/HUAGKNe
H2QSHL+x3Vltr0tL/oJZRflWUI3aMdqkRFpKfnDBwPnEPUNWZyrVqvG6lKNFuEFb
epGsEDIZu6jUEunHompzpiTzOq5TNXVMlxd2QLnvwEyaWS/IUjZfzgl+ZMNb3PWt
88yFAx3rBai3ZiqucCgFBAbbSHfBuzYhknC4Lfa4hWiDBMJLrLpg0AqJawIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFFnq/fuBfOkLigMh0AD0KBJyt/p/MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvV2VyOS00Rjg2UXVLQXlIUUFQUW9FbkszLW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBABRqHcD
BABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUADBABSmUgDBABSmU4DBABSmfUw
DQYJKoZIhvcNAQELBQADggEBADq1GT4xFCCgdZHHVYvEVY2Ldat2wcEqK8jUZD2x
/33kqMzEE8WOHC9CYX1S+6BWw/oBbuDQNeMCYPlj3uOejqaIja4MsqiLARJVDhtE
sXa9+mgu+RSxOvPi6CyZh6kEnEEnLcItV/rSDXGc8YYq6DAQ0bfzkI6vhxS4CY6Q
ZRY9A8WMBIcP9cW0FM6U1V/1f1nos/RRHd544ruw3nYbCH58Bi+l3OQSI2qGO8ZG
gpSDnDHJQuokdd47hS3kpy+LD5pNvXd1YXTDj1uqy/5JC/fts6qIrVNw5X8vDNJQ
y1yVFbsnKMAqvcodZ+hpEDtW72y52E1tRs2QIfQjz2CQJ8k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:23 2024 by rpki-client on console-ams.rpki-client.org