Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dh41Cs1tSgpu4azeOpuy0Mc9tQc.roa
File: dh41Cs1tSgpu4azeOpuy0Mc9tQc.roa (raw, json)
Hash identifier: BI0Ge7zRPGH+2I41E1VZ1kmVUBEr60MtISdcVzrZePA=
Subject key identifier: 76:1E:35:0A:CD:6D:4A:0A:6E:E1:AC:DE:3A:9B:B2:D0:C7:3D:B5:07
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0184CCF2E4E732668EE33FD61FF602777A22
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dh41Cs1tSgpu4azeOpuy0Mc9tQc.roa
Signing time: Thu 01 Dec 2022 09:09:41 +0000
ROA not before: Thu 01 Dec 2022 09:09:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 81.5.191.0/24 maxlen: 24
82.153.245.0/24 maxlen: 24
82.153.64.0/24 maxlen: 24
82.153.72.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.120.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
81.168.126.0/24 maxlen: 24
82.153.1.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:cc:f2:e4:e7:32:66:8e:e3:3f:d6:1f:f6:02:77:7a:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 1 09:09:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=761e350acd6d4a0a6ee1acde3a9bb2d0c73db507
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:d1:11:f3:ed:eb:16:1c:a1:63:fa:41:0b:d1:
74:09:e7:06:95:91:36:29:61:71:fa:1d:79:58:08:
b6:a6:67:d2:bb:1a:f1:37:d6:e7:99:57:3f:4c:87:
59:70:15:60:aa:7d:5f:f2:29:2c:b5:20:f1:8b:73:
e6:6c:09:df:13:38:c2:18:4d:77:3b:7a:06:b3:27:
86:c9:2f:66:74:9d:4f:61:96:3e:fa:0d:b3:69:76:
e5:3b:fc:d2:8a:49:10:35:bd:a8:7b:fc:ba:69:4d:
1b:b9:31:1e:b2:ac:b5:8f:d4:7f:2d:64:5d:a2:85:
13:25:7a:26:cd:d7:9d:b6:16:8c:14:52:8f:8c:45:
c8:79:02:5e:26:32:aa:57:ce:f6:00:ba:de:30:79:
03:4c:fe:54:84:eb:ee:79:02:90:0c:2b:6f:d7:e7:
76:7a:c5:91:0e:b8:5e:fe:18:32:b5:5d:77:76:7c:
ba:af:9f:ed:c8:a4:75:c1:e1:f0:7a:dd:91:5c:ec:
1a:5f:72:bd:f3:4e:12:bb:b9:5a:66:11:7c:d4:5a:
1c:24:69:b1:f4:88:36:76:f3:98:93:b4:a1:f5:2d:
9c:54:fa:8e:5f:e0:33:41:47:34:4b:29:52:fa:e2:
81:0d:c2:5f:9e:23:3c:21:35:12:9c:6b:4e:76:24:
93:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:1E:35:0A:CD:6D:4A:0A:6E:E1:AC:DE:3A:9B:B2:D0:C7:3D:B5:07
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/dh41Cs1tSgpu4azeOpuy0Mc9tQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.191.0/24
81.168.119.0-81.168.120.255
81.168.123.0/24
81.168.126.0/24
82.153.1.0/24
82.153.64.0/24
82.153.72.0/24
82.153.245.0/24
Signature Algorithm: sha256WithRSAEncryption
9a:c1:2f:11:c6:87:a5:0d:cb:34:08:0e:b2:2e:b3:42:11:15:
d9:97:3f:8b:1d:11:59:13:b9:06:6d:2b:19:6c:8b:01:e0:dc:
e6:21:a1:62:22:7a:25:85:3a:5c:41:33:5b:ee:e6:26:a8:bd:
e5:85:a3:ef:25:be:3a:c1:fd:82:46:43:81:ff:ff:f2:48:8e:
81:56:88:12:45:d9:c7:0f:78:7a:1b:55:b4:83:76:a0:5e:f3:
28:f6:fc:f9:ce:db:cb:50:8d:7d:c7:dd:23:af:73:c6:5e:6f:
0a:4e:ea:d2:d3:22:8a:27:5f:85:62:14:05:a8:12:78:43:6a:
0c:dd:99:b2:74:27:24:d7:43:01:8f:6b:34:45:cf:60:b5:fb:
01:23:99:63:fa:8f:e3:2d:27:e8:95:20:32:f9:bd:ff:a5:f6:
6c:19:ab:9f:28:62:ee:8b:6c:b9:90:f1:e8:32:a6:7e:aa:5a:
d7:ab:38:40:2d:b5:a6:ee:e9:d0:0d:5b:28:e4:08:24:4c:f5:
1e:ad:f3:b0:89:33:b3:aa:b5:c5:c4:5f:a1:4c:a4:1a:f8:c1:
3d:c3:16:30:fe:e3:7e:52:99:ce:ca:a5:14:3e:4f:e3:95:67:
03:03:ab:cb:36:4c:f5:2e:bf:67:4c:cc:fc:f8:25:4b:c6:5b:
c9:41:7d:c0
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYTM8uTnMmaO4z/WH/YCd3oiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMjAxMDkwOTQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFlMzUwYWNkNmQ0YTBhNmVlMWFjZGUzYTliYjJkMGM3M2RiNTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNER8+3rFhyhY/pBC9F0CecGlZE2
KWFx+h15WAi2pmfSuxrxN9bnmVc/TIdZcBVgqn1f8ikstSDxi3PmbAnfEzjCGE13
O3oGsyeGyS9mdJ1PYZY++g2zaXblO/zSikkQNb2oe/y6aU0buTEesqy1j9R/LWRd
ooUTJXomzdedthaMFFKPjEXIeQJeJjKqV872ALreMHkDTP5UhOvueQKQDCtv1+d2
esWRDrhe/hgytV13dny6r5/tyKR1weHwet2RXOwaX3K9804Su7laZhF81FocJGmx
9Ig2dvOYk7Sh9S2cVPqOX+AzQUc0SylS+uKBDcJfniM8ITUSnGtOdiSTbQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFHYeNQrNbUoKbuGs3jqbstDHPbUHMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZGg0MUNzMXRTZ3B1NGF6ZU9wdXkwTWM5dFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUQW/MAwD
BABRqHcDBABRqHgDBABRqHsDBABRqH4DBABSmQEDBABSmUADBABSmUgDBABSmfUw
DQYJKoZIhvcNAQELBQADggEBAJrBLxHGh6UNyzQIDrIus0IRFdmXP4sdEVkTuQZt
KxlsiwHg3OYhoWIieiWFOlxBM1vu5iaoveWFo+8lvjrB/YJGQ4H///JIjoFWiBJF
2ccPeHobVbSDdqBe8yj2/PnO28tQjX3H3SOvc8ZebwpO6tLTIoonX4ViFAWoEnhD
agzdmbJ0JyTXQwGPazRFz2C1+wEjmWP6j+MtJ+iVIDL5vf+l9mwZq58oYu6LbLmQ
8egypn6qWterOEAttabu6dANWyjkCCRM9R6t87CJM7OqtcXEX6FMpBr4wT3DFjD+
435Smc7KpRQ+T+OVZwMDq8s2TPUuv2dMzPz4JUvGW8lBfcA=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:30:45 2025 by rpki-client