Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YZa1hxs9FRqkIP0qNRdBx4HoKTA.roa
File: YZa1hxs9FRqkIP0qNRdBx4HoKTA.roa (raw, json)
Hash identifier: rY2Q4QVmhyrkKn4gM6TrEBqLxy9/ob+oPuU5eXyQZX4=
Subject key identifier: 61:96:B5:87:1B:3D:15:1A:A4:20:FD:2A:35:17:41:C7:81:E8:29:30
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01891C7D74E891F4E1CB90631FD4B1E87870
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YZa1hxs9FRqkIP0qNRdBx4HoKTA.roa
Signing time: Mon 03 Jul 2023 16:02:11 +0000
ROA not before: Mon 03 Jul 2023 16:02:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 63023
IP address blocks: 82.153.245.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
89.213.144.0/24 maxlen: 24
82.153.10.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:1c:7d:74:e8:91:f4:e1:cb:90:63:1f:d4:b1:e8:78:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jul 3 16:02:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6196b5871b3d151aa420fd2a351741c781e82930
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:ac:28:af:b6:32:38:09:30:34:ff:15:b1:4a:
ef:80:d9:a2:28:81:57:e7:04:1c:09:c5:b4:c9:e5:
e6:a5:9b:96:4a:c4:69:2d:bc:a2:96:d3:ab:83:d1:
f1:2d:f5:e0:95:f2:40:7f:33:3a:a3:d3:c7:ca:75:
c8:b2:7d:b8:0e:c8:b6:22:e8:87:3a:d8:35:de:b7:
dc:03:f5:43:6f:e2:90:7b:4b:40:b7:89:d3:04:11:
ad:3d:cb:90:0e:98:16:01:c0:27:b0:f2:b5:b8:ec:
d4:37:b1:52:e8:50:42:e9:dd:eb:f0:fb:0f:25:22:
f5:46:2d:d0:1d:3f:08:2f:cf:29:73:7c:6f:28:80:
c2:88:de:61:9d:99:a8:5b:93:6c:13:60:82:b1:84:
04:a8:68:64:61:10:e5:64:09:d0:85:17:92:63:2e:
f7:3a:20:4d:1d:15:fc:d6:1d:78:ce:d1:fa:1d:f3:
ae:1a:2a:e4:f9:43:e7:38:fa:54:2a:25:94:47:8b:
3d:3f:ad:7f:db:18:62:4f:fe:aa:0b:f8:59:8a:13:
82:86:2f:fb:c7:28:9f:67:eb:f1:72:25:37:7a:a5:
47:1f:7c:66:34:b4:be:cd:ab:b6:a0:70:36:5a:00:
f6:e5:5b:9a:cf:a3:56:1d:36:85:73:6f:eb:78:80:
36:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:96:B5:87:1B:3D:15:1A:A4:20:FD:2A:35:17:41:C7:81:E8:29:30
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/YZa1hxs9FRqkIP0qNRdBx4HoKTA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.123.0/24
82.153.10.0/24
82.153.245.0/24
89.213.144.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:13:af:68:40:a5:1f:c1:35:99:30:7b:f2:e8:82:9a:26:4d:
2b:36:6f:d8:22:10:98:6d:48:fc:a2:73:c0:2d:ae:3d:7f:91:
dd:db:c7:59:d1:ef:56:2e:cc:a7:13:2f:86:69:b2:41:d3:16:
d6:db:cc:97:0c:2c:bd:03:16:35:74:2f:c6:76:79:97:b4:2b:
e4:4e:33:36:81:02:4b:33:6b:1a:ce:b3:94:a0:62:9f:c8:b9:
3f:04:6a:05:63:9c:3e:bd:d7:f8:5a:c4:5b:d2:c3:60:98:01:
74:7a:97:a2:e4:13:86:de:c9:b6:a4:4b:c0:77:6b:85:92:04:
8a:73:48:9f:fc:7d:ff:7c:89:42:8d:fd:a7:dd:ba:08:f5:bb:
94:9d:c9:08:a8:fd:a3:fe:0c:e5:fe:83:e2:b7:0b:80:44:11:
e0:6d:88:78:f1:16:55:5e:4c:7c:1e:13:8a:f0:49:e9:85:90:
44:da:0f:57:13:f8:6e:10:ca:52:63:49:98:18:3f:72:72:4f:
a6:37:63:54:47:46:03:7a:d1:66:50:12:43:1a:89:36:eb:fc:
db:e5:9a:b7:77:3e:53:b1:2e:ce:37:85:dc:94:82:89:be:2e:
2b:8d:a4:7b:a6:13:7e:c2:f2:d9:48:30:85:8b:dd:b2:58:ec:
bc:33:c4:5b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYkcfXTokfThy5BjH9Sx6HhwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNzAzMTYwMjExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTk2YjU4NzFiM2QxNTFhYTQyMGZkMmEzNTE3NDFjNzgxZTgyOTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqwor7YyOAkwNP8VsUrvgNmiKIFX
5wQcCcW0yeXmpZuWSsRpLbyiltOrg9HxLfXglfJAfzM6o9PHynXIsn24Dsi2IuiH
Otg13rfcA/VDb+KQe0tAt4nTBBGtPcuQDpgWAcAnsPK1uOzUN7FS6FBC6d3r8PsP
JSL1Ri3QHT8IL88pc3xvKIDCiN5hnZmoW5NsE2CCsYQEqGhkYRDlZAnQhReSYy73
OiBNHRX81h14ztH6HfOuGirk+UPnOPpUKiWUR4s9P61/2xhiT/6qC/hZihOChi/7
xyifZ+vxciU3eqVHH3xmNLS+zau2oHA2WgD25Vuaz6NWHTaFc2/reIA2lwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGGWtYcbPRUapCD9KjUXQceB6CkwMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvWVphMWh4czlGUnFrSVAwcU5SZEJ4NEhvS1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUah7AwQA
UpkKAwQAUpn1AwQAWdWQMA0GCSqGSIb3DQEBCwUAA4IBAQB9E69oQKUfwTWZMHvy
6IKaJk0rNm/YIhCYbUj8onPALa49f5Hd28dZ0e9WLsynEy+GabJB0xbW28yXDCy9
AxY1dC/GdnmXtCvkTjM2gQJLM2sazrOUoGKfyLk/BGoFY5w+vdf4WsRb0sNgmAF0
epei5BOG3sm2pEvAd2uFkgSKc0if/H3/fIlCjf2n3boI9buUnckIqP2j/gzl/oPi
twuARBHgbYh48RZVXkx8HhOK8EnphZBE2g9XE/huEMpSY0mYGD9yck+mN2NUR0YD
etFmUBJDGok26/zb5Zq3dz5TsS7ON4XclIKJvi4rjaR7phN+wvLZSDCFi92yWOy8
M8Rb
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:09:19 2025 by rpki-client