Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jtLrIJzrkXWaizH0KBqCpbS4Ghk.roa
File: jtLrIJzrkXWaizH0KBqCpbS4Ghk.roa (raw, json)
Hash identifier: FxHOX+ohyfNlpvalVwe53lY0z1929Vs/gkNI0fmLiCQ=
Subject key identifier: 8E:D2:EB:20:9C:EB:91:75:9A:8B:31:F4:28:1A:82:A5:B4:B8:1A:19
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0189B04E49E0FA15A2FE4635167892F2A5A5
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jtLrIJzrkXWaizH0KBqCpbS4Ghk.roa
Signing time: Tue 01 Aug 2023 08:54:27 +0000
ROA not before: Tue 01 Aug 2023 08:54:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200482
IP address blocks: 89.213.176.0/24 maxlen: 24
89.213.173.0/24 maxlen: 24
89.213.182.0/24 maxlen: 24
89.213.186.0/24 maxlen: 24
89.213.187.0/24 maxlen: 24
89.213.7.0/24 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.150.0/24 maxlen: 24
89.213.163.0/24 maxlen: 24
82.153.4.0/24 maxlen: 24
89.213.172.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:b0:4e:49:e0:fa:15:a2:fe:46:35:16:78:92:f2:a5:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 1 08:54:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8ed2eb209ceb91759a8b31f4281a82a5b4b81a19
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:08:84:ff:f9:d9:95:11:94:6b:74:97:3e:d6:
91:16:83:9d:b6:51:ca:4e:2e:77:5f:25:64:ba:c3:
72:37:90:4c:87:8b:b2:67:c2:d0:e1:50:2a:f8:b2:
db:5c:7a:b6:fb:36:5f:58:6b:80:ba:81:2e:91:bb:
c1:d1:b2:de:76:b8:6c:c7:97:ff:5e:00:41:92:31:
01:14:81:24:d4:25:82:a8:f1:14:f2:6c:17:a4:5d:
00:be:72:0a:5e:26:8d:50:2a:e7:c0:ca:90:0d:4b:
c8:aa:80:e9:68:fe:6a:e4:a8:b2:94:21:3b:da:bc:
33:c0:fe:85:fd:4e:54:6e:6d:af:26:53:ba:c3:a4:
53:3f:98:97:f4:90:64:47:c3:16:31:f9:f2:f5:65:
53:b2:e4:c2:8a:8e:d0:3b:d8:61:1d:c9:7d:1c:c0:
9b:f0:2d:90:c3:b9:04:10:99:38:02:31:df:0a:59:
44:14:b6:56:5d:b8:58:56:b2:8e:95:74:22:8e:43:
56:9b:20:ea:21:5c:de:33:83:b3:67:94:23:5a:8e:
ac:61:14:5d:b1:d4:ec:1b:08:30:69:d7:84:50:22:
86:c8:96:e1:f2:43:aa:04:6a:a8:ec:eb:a5:7b:99:
d3:df:fe:f3:47:aa:58:7a:c4:c2:2e:ac:4a:0c:9e:
4e:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:D2:EB:20:9C:EB:91:75:9A:8B:31:F4:28:1A:82:A5:B4:B8:1A:19
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/jtLrIJzrkXWaizH0KBqCpbS4Ghk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.4.0/24
89.213.7.0/24
89.213.150.0/24
89.213.152.0/24
89.213.163.0/24
89.213.172.0/23
89.213.176.0/24
89.213.182.0/24
89.213.186.0/23
Signature Algorithm: sha256WithRSAEncryption
15:9e:53:1d:be:6b:91:29:b6:85:c4:fa:44:f8:11:b3:eb:1e:
c0:d3:ae:77:a0:b6:3b:4b:09:28:0c:0c:2f:7f:d7:b8:d2:13:
49:82:72:1b:ec:cb:4c:bf:fa:db:41:bf:28:68:c2:68:16:10:
89:6e:70:28:f7:7a:6e:01:59:3c:7a:2b:2f:09:8e:d7:3b:31:
3c:4b:21:7e:8b:66:46:be:fe:ed:43:26:0f:8b:94:00:ac:78:
c0:86:fd:f3:d9:d1:4d:5f:41:6f:41:ed:4e:3c:12:ce:e9:f5:
3b:e1:59:9e:9a:94:c7:2e:8c:11:cc:aa:a1:0c:18:15:e0:bf:
2b:e4:d9:c2:ce:4f:d0:fe:04:60:27:b5:74:51:b1:56:97:30:
67:c0:cd:d2:d3:b5:2c:76:01:e8:bd:29:f4:6b:d7:f5:a1:b2:
a0:d9:b7:21:14:ba:4e:29:c7:4c:9d:41:70:25:f8:3e:b2:46:
2e:e0:e2:c4:2a:01:6c:00:f0:ea:cc:c1:0b:87:9d:e4:fb:67:
5a:b3:f9:fc:c3:ca:45:49:36:65:fc:99:e3:0f:c7:e9:0f:52:
0a:0b:32:d9:26:15:8f:d9:82:ab:7c:ef:1c:d9:37:22:d3:56:
66:1e:cc:82:0a:e3:98:8b:5f:72:54:68:5e:7d:ac:d2:ee:14:
45:5a:71:08
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYmwTkng+hWi/kY1FniS8qWlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODAxMDg1NDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWQyZWIyMDljZWI5MTc1OWE4YjMxZjQyODFhODJhNWI0YjgxYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkQiE//nZlRGUa3SXPtaRFoOdtlHK
Ti53XyVkusNyN5BMh4uyZ8LQ4VAq+LLbXHq2+zZfWGuAuoEukbvB0bLedrhsx5f/
XgBBkjEBFIEk1CWCqPEU8mwXpF0AvnIKXiaNUCrnwMqQDUvIqoDpaP5q5KiylCE7
2rwzwP6F/U5Ubm2vJlO6w6RTP5iX9JBkR8MWMfny9WVTsuTCio7QO9hhHcl9HMCb
8C2Qw7kEEJk4AjHfCllEFLZWXbhYVrKOlXQijkNWmyDqIVzeM4OzZ5QjWo6sYRRd
sdTsGwgwadeEUCKGyJbh8kOqBGqo7Oule5nT3/7zR6pYesTCLqxKDJ5OPwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFI7S6yCc65F1mosx9CgagqW0uBoZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvanRMcklKenJrWFdhaXpIMEtCcUNwYlM0R2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAUpkEAwQA
WdUHAwQAWdWWAwQAWdWYAwQAWdWjAwQBWdWsAwQAWdWwAwQAWdW2AwQBWdW6MA0G
CSqGSIb3DQEBCwUAA4IBAQAVnlMdvmuRKbaFxPpE+BGz6x7A0653oLY7SwkoDAwv
f9e40hNJgnIb7MtMv/rbQb8oaMJoFhCJbnAo93puAVk8eisvCY7XOzE8SyF+i2ZG
vv7tQyYPi5QArHjAhv3z2dFNX0FvQe1OPBLO6fU74VmempTHLowRzKqhDBgV4L8r
5NnCzk/Q/gRgJ7V0UbFWlzBnwM3S07UsdgHovSn0a9f1obKg2bchFLpOKcdMnUFw
Jfg+skYu4OLEKgFsAPDqzMELh53k+2das/n8w8pFSTZl/JnjD8fpD1IKCzLZJhWP
2YKrfO8c2Tci01ZmHsyCCuOYi19yVGhefazS7hRFWnEI
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:30:20 2025 by rpki-client