Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/reBtZdmJIKZKv4BAjYo-DKy26AY.roa
File: reBtZdmJIKZKv4BAjYo-DKy26AY.roa (raw, json)
Hash identifier: NntgX0yhx3drlt4KXbL16+QEH/re6ZP6rs5sH0pkNuQ=
Subject key identifier: AD:E0:6D:65:D9:89:20:A6:4A:BF:80:40:8D:8A:3E:0C:AC:B6:E8:06
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0189BAB17200674FADD6B7161FC0FB336029
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/reBtZdmJIKZKv4BAjYo-DKy26AY.roa
Signing time: Thu 03 Aug 2023 09:18:58 +0000
ROA not before: Thu 03 Aug 2023 09:18:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 397563
IP address blocks: 89.213.177.0/24 maxlen: 24
89.213.183.0/24 maxlen: 24
109.176.214.0/24 maxlen: 24
89.213.148.0/24 maxlen: 24
89.213.149.0/24 maxlen: 24
89.213.44.0/24 maxlen: 24
89.213.42.0/24 maxlen: 24
89.213.45.0/24 maxlen: 24
89.213.160.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ba:b1:72:00:67:4f:ad:d6:b7:16:1f:c0:fb:33:60:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 3 09:18:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ade06d65d98920a64abf80408d8a3e0cacb6e806
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:4e:67:cd:fb:7f:a1:b8:75:c7:2f:2d:41:3b:
ed:0f:ae:7d:08:74:15:ce:8b:19:6b:73:23:84:6f:
1f:b6:01:c1:83:2d:6a:fa:8b:09:98:73:2e:85:f8:
66:73:6e:f4:13:bd:29:bb:1c:7f:16:35:f4:b9:73:
5e:30:d1:4e:e8:98:ae:2e:2b:c5:e4:94:13:40:bc:
41:f2:20:e5:9b:30:6b:dd:2a:c4:8d:a6:15:66:46:
4d:f2:af:79:d4:9a:04:98:03:5d:1c:7b:42:97:2f:
00:1e:e3:d9:a8:44:33:ea:ed:22:30:90:38:6e:23:
eb:01:c7:dc:91:89:45:7f:b4:83:9e:54:ff:7e:fa:
79:63:4d:7c:80:aa:2b:b9:fa:42:b3:a6:bd:31:bc:
4f:72:fb:a0:30:42:d4:5a:0a:bc:ed:6a:24:18:9f:
69:d9:7a:bc:6a:85:18:f7:a7:60:75:ac:c5:f9:7a:
70:d1:4f:94:75:a5:a7:29:4d:e4:8f:a1:0e:79:5a:
1f:7b:e0:73:e7:9d:2b:a7:96:c1:17:fc:2b:09:2b:
cb:b0:e8:df:6c:8b:50:b9:08:86:f5:67:d0:e5:18:
d2:0d:6f:10:29:07:39:b4:85:3a:d5:fd:3e:e5:a0:
c3:04:8c:0c:ec:26:39:ba:03:42:29:5d:ad:ef:80:
75:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:E0:6D:65:D9:89:20:A6:4A:BF:80:40:8D:8A:3E:0C:AC:B6:E8:06
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/reBtZdmJIKZKv4BAjYo-DKy26AY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.221.0/24
89.213.42.0/24
89.213.44.0/23
89.213.148.0/23
89.213.160.0/24
89.213.177.0/24
89.213.183.0/24
109.176.214.0/24
Signature Algorithm: sha256WithRSAEncryption
71:96:08:7f:b3:85:56:b0:e7:9b:c4:2d:0c:25:a1:8a:04:4d:
82:ed:10:68:11:14:02:6f:f1:12:39:c5:83:dc:1f:df:4d:2f:
80:02:7a:c1:29:4e:49:63:66:1e:80:7e:0c:17:58:67:d9:85:
c7:88:00:3c:1d:12:b1:77:e4:32:32:1e:62:cc:77:2c:31:67:
3a:07:a7:f3:02:3a:a5:59:23:d0:89:a2:8b:32:d3:ea:ba:0b:
36:b6:29:60:1f:ad:21:a8:04:ca:1f:9a:5c:8c:73:00:93:b0:
14:42:43:de:7f:0f:6e:95:f1:f9:63:0b:b3:1e:eb:84:0f:c9:
1b:b8:3a:62:a7:6a:15:6d:19:85:bb:79:92:08:c5:40:9d:27:
67:be:ad:de:8f:35:21:bb:91:bc:bd:87:7c:27:d7:74:d8:a1:
e3:a8:d1:85:0c:7b:81:65:9c:23:30:e9:91:05:4b:88:29:fb:
b0:c6:d2:06:99:9a:f7:e6:fe:77:30:ba:46:ec:d9:40:fc:85:
2a:e0:3e:95:90:dd:af:a2:53:7d:2c:2c:ad:e8:2b:54:d5:33:
cc:03:f2:42:b0:2f:c2:e8:82:2a:75:fb:04:ce:b7:d0:02:92:
1e:0e:de:b0:73:b3:88:3f:e6:61:d4:cd:29:37:9b:d4:91:81:
76:e2:9a:78
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYm6sXIAZ0+t1rcWH8D7M2ApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODAzMDkxODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGUwNmQ2NWQ5ODkyMGE2NGFiZjgwNDA4ZDhhM2UwY2FjYjZlODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyE5nzft/obh1xy8tQTvtD659CHQV
zosZa3MjhG8ftgHBgy1q+osJmHMuhfhmc270E70puxx/FjX0uXNeMNFO6JiuLivF
5JQTQLxB8iDlmzBr3SrEjaYVZkZN8q951JoEmANdHHtCly8AHuPZqEQz6u0iMJA4
biPrAcfckYlFf7SDnlT/fvp5Y018gKorufpCs6a9MbxPcvugMELUWgq87WokGJ9p
2Xq8aoUY96dgdazF+Xpw0U+UdaWnKU3kj6EOeVofe+Bz550rp5bBF/wrCSvLsOjf
bItQuQiG9WfQ5RjSDW8QKQc5tIU61f0+5aDDBIwM7CY5ugNCKV2t74B1yQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFK3gbWXZiSCmSr+AQI2KPgystugGMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcmVCdFpkbUpJS1pLdjRCQWpZby1ES3kyNkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUpndAwQA
WdUqAwQBWdUsAwQBWdWUAwQAWdWgAwQAWdWxAwQAWdW3AwQAbbDWMA0GCSqGSIb3
DQEBCwUAA4IBAQBxlgh/s4VWsOebxC0MJaGKBE2C7RBoERQCb/ESOcWD3B/fTS+A
AnrBKU5JY2YegH4MF1hn2YXHiAA8HRKxd+QyMh5izHcsMWc6B6fzAjqlWSPQiaKL
MtPqugs2tilgH60hqATKH5pcjHMAk7AUQkPefw9ulfH5YwuzHuuED8kbuDpip2oV
bRmFu3mSCMVAnSdnvq3ejzUhu5G8vYd8J9d02KHjqNGFDHuBZZwjMOmRBUuIKfuw
xtIGmZr35v53MLpG7NlA/IUq4D6VkN2volN9LCyt6CtU1TPMA/JCsC/C6IIqdfsE
zrfQApIeDt6wc7OIP+Zh1M0pN5vUkYF24pp4
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:24:24 2025 by rpki-client