Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jj95H3zavE2Mb3xUYGxr8-cKo-k.roa
File: jj95H3zavE2Mb3xUYGxr8-cKo-k.roa (raw, json)
Hash identifier: +Tjc9LOTRoZ9P1nnzuEd0T4h9MNVjdtF0KVs+qtW0HE=
Subject key identifier: 8E:3F:79:1F:7C:DA:BC:4D:8C:6F:7C:54:60:6C:6B:F3:E7:0A:A3:E9
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018BD70D08E267DE75E94E66E034787A6251
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jj95H3zavE2Mb3xUYGxr8-cKo-k.roa
Signing time: Thu 16 Nov 2023 07:33:57 +0000
ROA not before: Thu 16 Nov 2023 07:33:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.213.180.0/22 maxlen: 24
185.49.126.0/23 maxlen: 24
82.153.136.0/22 maxlen: 22
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
109.176.245.0/24 maxlen: 24
109.176.246.0/24 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.148.0/22 maxlen: 24
109.176.248.0/24 maxlen: 24
89.213.156.0/22 maxlen: 24
213.152.42.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d7:0d:08:e2:67:de:75:e9:4e:66:e0:34:78:7a:62:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 16 07:33:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8e3f791f7cdabc4d8c6f7c54606c6bf3e70aa3e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:69:b3:34:55:08:4c:5d:fd:5f:cd:e1:39:a8:
70:26:34:6a:d8:7e:ac:9b:19:fd:b8:02:11:9f:99:
23:1f:07:0c:15:13:06:d3:e9:9b:5b:46:b0:95:f9:
06:24:50:c4:d1:9d:8b:fa:a1:f9:07:ad:76:48:07:
9f:0f:49:c2:11:68:19:c9:f6:1a:e0:f2:42:70:d8:
df:7a:2f:af:33:c4:ee:24:7c:d5:f1:a0:91:c6:13:
40:bf:59:16:7e:53:df:48:43:c3:94:d6:71:8e:43:
e3:d2:93:92:92:fe:e3:51:22:8e:73:4a:b2:2a:cc:
ce:e9:f3:10:4f:37:4e:a8:4c:23:ca:70:64:0f:6c:
24:4d:46:60:21:b6:8d:33:dc:d3:f9:a6:75:9d:b2:
85:5b:66:f1:ed:12:e8:0a:74:a6:7c:92:99:5f:12:
fc:0e:96:33:69:e9:e7:be:a7:0a:a9:9f:15:91:d7:
6f:f2:7b:f6:73:4b:ec:04:aa:91:e0:71:b1:3f:f4:
88:c9:98:8c:ae:e0:0e:93:1c:31:7b:c4:0b:64:98:
f2:01:66:89:d7:3a:3a:8c:ab:8a:57:04:a7:7e:09:
9f:56:19:69:92:84:65:f2:4a:12:20:a3:e7:a1:72:
e2:25:fd:6e:9a:1e:7e:f9:d9:d7:30:d5:5d:cd:15:
4a:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:3F:79:1F:7C:DA:BC:4D:8C:6F:7C:54:60:6C:6B:F3:E7:0A:A3:E9
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jj95H3zavE2Mb3xUYGxr8-cKo-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
81.168.123.0/24
82.153.136.0/22
89.213.148.0-89.213.159.255
89.213.180.0/22
109.176.245.0-109.176.246.255
109.176.248.0/24
185.49.126.0/23
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
88:fd:f3:84:e6:24:61:e5:4c:44:ae:b7:e4:b3:d6:cf:87:61:
ce:a3:d7:13:66:d8:aa:8d:d7:b4:b6:13:1c:b4:2b:c9:38:d5:
88:c5:9e:a0:0a:22:a7:b7:5a:0f:fa:a4:6a:92:20:ea:97:72:
7d:1e:85:4e:42:67:4e:f3:fb:1b:74:80:a8:b9:bf:e4:dd:df:
95:52:f7:4f:a3:25:a7:7a:42:bf:03:64:98:ac:5f:a7:cf:37:
7f:1c:88:8b:2e:ff:66:0f:96:07:25:11:1c:8d:47:0f:10:41:
33:fa:d6:ba:00:a3:4f:36:df:9a:d1:02:bc:a2:63:84:98:6b:
1e:b0:f4:f0:17:27:23:5a:6a:8c:d5:68:27:b8:a3:61:0b:0d:
89:ab:54:7b:89:14:b5:87:1e:d8:46:1d:43:a5:fd:69:4b:bb:
54:e4:ad:6f:5b:21:e9:14:40:e9:17:bc:f4:24:93:de:46:15:
be:be:e2:9f:3d:34:17:90:e1:c9:c2:42:c9:3f:bd:67:35:da:
68:a5:d7:a2:09:42:61:72:6c:3a:6c:db:d4:34:1f:ab:f2:20:
f6:75:8b:5a:c5:09:e4:ac:99:4c:19:4b:b4:6b:28:2e:a6:59:
01:f2:20:b3:0c:75:fd:c1:d2:b7:c0:f4:b6:b7:24:fe:18:4d:
14:73:80:c0
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYvXDQjiZ9516U5m4DR4emJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMTE2MDczMzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTNmNzkxZjdjZGFiYzRkOGM2ZjdjNTQ2MDZjNmJmM2U3MGFhM2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2mzNFUITF39X83hOahwJjRq2H6s
mxn9uAIRn5kjHwcMFRMG0+mbW0awlfkGJFDE0Z2L+qH5B612SAefD0nCEWgZyfYa
4PJCcNjfei+vM8TuJHzV8aCRxhNAv1kWflPfSEPDlNZxjkPj0pOSkv7jUSKOc0qy
KszO6fMQTzdOqEwjynBkD2wkTUZgIbaNM9zT+aZ1nbKFW2bx7RLoCnSmfJKZXxL8
DpYzaennvqcKqZ8Vkddv8nv2c0vsBKqR4HGxP/SIyZiMruAOkxwxe8QLZJjyAWaJ
1zo6jKuKVwSnfgmfVhlpkoRl8koSIKPnoXLiJf1umh5++dnXMNVdzRVKqwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFI4/eR982rxNjG98VGBsa/PnCqPpMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvamo5NUgzemF2RTJNYjN4VVlHeHI4LWNLby1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAATBGAwQAUah3AwQA
Uah7AwQCUpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1bQwDAMEAG2w9QMEAG2w9gMEAG2w
+AMEAbkxfgMEANWYKjANBgkqhkiG9w0BAQsFAAOCAQEAiP3zhOYkYeVMRK635LPW
z4dhzqPXE2bYqo3XtLYTHLQryTjViMWeoAoip7daD/qkapIg6pdyfR6FTkJnTvP7
G3SAqLm/5N3flVL3T6Mlp3pCvwNkmKxfp883fxyIiy7/Zg+WByURHI1HDxBBM/rW
ugCjTzbfmtECvKJjhJhrHrD08BcnI1pqjNVoJ7ijYQsNiatUe4kUtYce2EYdQ6X9
aUu7VOStb1sh6RRA6Re89CST3kYVvr7inz00F5DhycJCyT+9ZzXaaKXXoglCYXJs
Omzb1DQfq/Ig9nWLWsUJ5KyZTBlLtGsoLqZZAfIgswx1/cHSt8D0trck/hhNFHOA
wA==
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:06:58 2025 by rpki-client