Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YPX6kjZJHS1IBUjfA8uPSkKNuiw.roa
File: YPX6kjZJHS1IBUjfA8uPSkKNuiw.roa (raw, json)
Hash identifier: KPPIkJ8OZ7Ulv3jgKeoZPA2mxLe+0qQREh05KohMteY=
Subject key identifier: 60:F5:FA:92:36:49:1D:2D:48:05:48:DF:03:CB:8F:4A:42:8D:BA:2C
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0186B62BAC6B3CE943B328807A663945C5C5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YPX6kjZJHS1IBUjfA8uPSkKNuiw.roa
Signing time: Mon 06 Mar 2023 09:06:00 +0000
ROA not before: Mon 06 Mar 2023 09:06:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212953
IP address blocks: 82.153.70.0/24 maxlen: 24
82.153.71.0/24 maxlen: 24
82.152.251.0/24 maxlen: 24
82.153.210.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.222.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b6:2b:ac:6b:3c:e9:43:b3:28:80:7a:66:39:45:c5:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 6 09:06:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=60f5fa9236491d2d480548df03cb8f4a428dba2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:10:e4:ee:6b:f4:06:3a:23:ba:25:75:ad:fa:
61:a4:22:c1:bc:2b:e6:c7:a6:d3:02:b4:87:ce:a1:
f9:d2:64:ee:44:40:e2:87:d3:86:ab:27:23:57:14:
b7:6a:30:2c:03:b1:0c:5b:34:dc:bb:a9:28:b6:ff:
75:f2:53:25:81:1d:7e:f0:4f:56:c4:0d:82:04:e7:
c0:af:43:c9:ba:95:16:60:4f:31:86:7f:dc:f5:6c:
7c:6a:d0:cc:40:df:a5:7e:13:d5:96:89:69:62:5f:
3d:bf:21:ec:59:96:75:95:6c:49:86:8a:8b:71:4f:
1b:87:fc:0d:c8:d6:20:bf:0a:51:c0:c9:32:da:25:
f6:c9:e3:67:c1:98:2b:cf:70:59:86:90:73:bb:59:
a1:9e:42:d3:aa:c4:84:6a:22:e2:72:f7:4e:3a:dc:
29:e9:1a:18:c8:38:cf:47:d5:9d:4a:e0:56:32:bd:
41:bd:9d:3b:fc:48:ae:ce:2c:91:5d:cd:d9:10:ab:
da:3e:81:9e:39:97:5b:c9:11:b0:f9:af:1e:1c:19:
20:80:12:a1:2d:6d:c6:f7:22:a9:f8:fc:09:8b:89:
d6:39:35:48:e0:cd:6d:e7:c8:00:70:de:a6:03:ba:
d2:2b:31:02:f0:59:06:fb:ca:9e:ab:52:c1:44:61:
02:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:F5:FA:92:36:49:1D:2D:48:05:48:DF:03:CB:8F:4A:42:8D:BA:2C
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YPX6kjZJHS1IBUjfA8uPSkKNuiw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.251.0/24
82.152.255.0/24
82.153.70.0/23
82.153.210.0/24
82.153.222.0/24
Signature Algorithm: sha256WithRSAEncryption
55:a9:ad:a6:ae:4f:db:f3:b7:ab:0f:be:ed:82:7e:fc:56:21:
07:d9:02:76:32:af:70:56:dd:78:5b:aa:f5:1e:a7:2a:8a:73:
19:7f:ed:15:10:73:0c:0f:04:74:d7:55:09:22:c6:45:30:ae:
45:9b:b0:d4:44:6a:e3:f8:19:35:d1:b1:ba:88:3c:3f:28:6a:
9d:8e:b5:74:1f:85:5e:94:2e:cf:98:04:ac:94:f1:db:bc:d9:
2c:ff:6d:c1:ee:10:47:45:7c:e8:36:39:4b:72:06:2b:98:5a:
33:54:9d:be:bb:0c:92:77:6a:35:97:1f:0a:57:38:8f:65:d2:
49:9f:04:49:83:20:58:32:ba:63:5c:43:81:45:7f:ff:3f:2b:
25:7d:41:1b:5f:b1:38:14:42:cb:d7:e5:8d:01:b0:f7:05:ee:
6f:8b:2e:42:64:32:49:c2:95:53:fe:67:34:eb:c8:ef:e8:02:
bf:6d:1f:4f:30:ac:c0:1d:6c:ce:c5:f7:ff:a3:30:b3:f9:27:
4f:03:f6:a7:80:95:15:73:6e:46:4a:df:2e:18:7d:0c:79:45:
e6:f9:d0:33:48:a7:2d:d6:4a:83:55:54:43:6b:a6:55:ce:c1:
e9:13:8a:25:1e:bb:38:7e:38:f3:2a:aa:76:73:08:f0:5d:e9:
27:39:d9:f7
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYa2K6xrPOlDsyiAemY5RcXFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwMzA2MDkwNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGY1ZmE5MjM2NDkxZDJkNDgwNTQ4ZGYwM2NiOGY0YTQyOGRiYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhDk7mv0BjojuiV1rfphpCLBvCvm
x6bTArSHzqH50mTuREDih9OGqycjVxS3ajAsA7EMWzTcu6kotv918lMlgR1+8E9W
xA2CBOfAr0PJupUWYE8xhn/c9Wx8atDMQN+lfhPVlolpYl89vyHsWZZ1lWxJhoqL
cU8bh/wNyNYgvwpRwMky2iX2yeNnwZgrz3BZhpBzu1mhnkLTqsSEaiLicvdOOtwp
6RoYyDjPR9WdSuBWMr1BvZ07/EiuziyRXc3ZEKvaPoGeOZdbyRGw+a8eHBkggBKh
LW3G9yKp+PwJi4nWOTVI4M1t58gAcN6mA7rSKzEC8FkG+8qeq1LBRGEC1QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGD1+pI2SR0tSAVI3wPLj0pCjbosMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWVBYNmtqWkpIUzFJQlVqZkE4dVBTa0tOdWl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUpj7AwQA
Upj/AwQBUplGAwQAUpnSAwQAUpneMA0GCSqGSIb3DQEBCwUAA4IBAQBVqa2mrk/b
87erD77tgn78ViEH2QJ2Mq9wVt14W6r1HqcqinMZf+0VEHMMDwR011UJIsZFMK5F
m7DURGrj+Bk10bG6iDw/KGqdjrV0H4VelC7PmASslPHbvNks/23B7hBHRXzoNjlL
cgYrmFozVJ2+uwySd2o1lx8KVziPZdJJnwRJgyBYMrpjXEOBRX//PyslfUEbX7E4
FELL1+WNAbD3Be5viy5CZDJJwpVT/mc068jv6AK/bR9PMKzAHWzOxff/ozCz+SdP
A/angJUVc25GSt8uGH0MeUXm+dAzSKct1kqDVVRDa6ZVzsHpE4olHrs4fjjzKqp2
cwjwXeknOdn3
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:32:25 2025 by rpki-client