Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v-bhxipDFwYLzu0iSmnTcXNxBxc.roa
File: v-bhxipDFwYLzu0iSmnTcXNxBxc.roa (raw, json)
Hash identifier: OHHoIpp8tYCh8VToqqAESJbszHsGjNq5CtfmPfhsCpA=
Subject key identifier: BF:E6:E1:C6:2A:43:17:06:0B:CE:ED:22:4A:69:D3:71:73:71:07:17
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018AFEA3C34501CA62C3084FAD9D690ECF0C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v-bhxipDFwYLzu0iSmnTcXNxBxc.roa
Signing time: Thu 05 Oct 2023 07:00:59 +0000
ROA not before: Thu 05 Oct 2023 07:00:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.213.176.0/22 maxlen: 24
89.213.180.0/22 maxlen: 24
185.49.126.0/23 maxlen: 24
82.153.136.0/22 maxlen: 22
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
109.176.240.0/24 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.148.0/22 maxlen: 24
213.152.42.0/24 maxlen: 24
89.213.167.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fe:a3:c3:45:01:ca:62:c3:08:4f:ad:9d:69:0e:cf:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Oct 5 07:00:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bfe6e1c62a4317060bceed224a69d37173710717
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:bb:c9:66:a0:70:ae:6c:82:2e:72:e6:19:7a:
f7:94:72:f3:d8:47:05:b0:f2:a4:37:f9:41:a9:6b:
81:cf:62:47:16:47:d2:9c:38:42:c4:24:42:dd:48:
47:39:1c:c4:95:5d:5c:96:13:32:fd:74:5a:ac:d5:
2a:f9:e8:ce:b2:eb:0b:e1:77:82:16:6c:4e:48:77:
57:ed:fe:0a:af:6f:95:00:f9:35:77:66:27:72:33:
d8:42:eb:47:d6:41:91:3f:12:9e:4d:f3:f1:ae:6f:
4d:17:40:3f:d0:be:0f:9d:fd:4b:33:d4:47:fe:33:
a0:bf:9d:6a:d3:64:b0:de:dd:70:2e:ca:9f:61:27:
47:ed:9b:0d:0b:61:bf:fe:5a:76:13:4e:4f:46:a5:
c8:e4:05:47:03:00:75:17:0c:44:d3:a1:f8:f0:fd:
1b:29:f5:86:b2:3c:73:1f:38:9d:0b:c2:aa:bc:e9:
b6:de:ff:67:e2:d4:f0:75:f5:4e:9d:6c:d3:ab:95:
10:45:04:56:4e:ae:d5:4f:23:a0:c0:25:34:44:b4:
0a:d0:53:29:e8:99:e8:1c:ce:ab:65:b7:a1:e7:df:
25:4f:c7:35:74:99:ff:f3:97:e4:da:b4:f7:ff:05:
28:ae:71:a6:8f:6e:b7:27:51:0e:dc:21:ff:88:d2:
d4:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BF:E6:E1:C6:2A:43:17:06:0B:CE:ED:22:4A:69:D3:71:73:71:07:17
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/v-bhxipDFwYLzu0iSmnTcXNxBxc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
81.168.123.0/24
82.153.136.0/22
89.213.148.0-89.213.155.255
89.213.167.0/24
89.213.176.0/21
109.176.240.0/24
185.49.126.0/23
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
19:bf:ad:00:8b:7c:93:fd:a9:4b:87:69:6d:76:fb:e6:07:17:
0c:b0:fd:7e:82:3f:a1:76:84:71:d9:38:fd:49:b2:c9:75:a2:
bd:74:23:cf:18:fe:76:28:f5:50:0d:36:41:d5:8f:35:83:6f:
f3:23:fb:32:24:07:8d:67:1e:c9:a0:99:14:26:60:f7:37:ea:
77:aa:2c:cf:ed:c1:6e:a2:c7:9f:45:d6:aa:62:20:f2:20:df:
fc:45:20:81:93:94:df:74:19:f1:38:00:91:db:33:98:0d:20:
db:37:5f:6f:6d:da:e5:2e:de:f4:75:a7:d0:df:92:1d:35:9f:
06:11:b4:c1:07:ad:7c:b1:4b:8f:46:3d:06:4f:d9:c8:6c:a2:
b8:f5:e7:18:4d:62:f0:fb:6a:bc:52:07:23:bd:37:64:03:8a:
7f:06:72:1a:bd:61:16:25:42:e0:1c:3d:e0:06:ff:30:58:4a:
e7:56:9f:36:4a:91:60:1e:ff:3e:58:ca:20:8e:03:fd:1d:d0:
1e:82:8f:59:a4:4e:e6:79:33:57:54:88:42:8d:34:24:a9:7b:
30:59:65:27:da:97:05:d9:03:da:d1:50:3f:55:dd:ca:d5:8e:
50:d1:5c:ad:c2:ee:57:90:8c:2b:7c:60:84:fe:ae:8c:ab:8d:
10:4f:f8:6a
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYr+o8NFAcpiwwhPrZ1pDs8MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMDA1MDcwMDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZmU2ZTFjNjJhNDMxNzA2MGJjZWVkMjI0YTY5ZDM3MTczNzEwNzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobvJZqBwrmyCLnLmGXr3lHLz2EcF
sPKkN/lBqWuBz2JHFkfSnDhCxCRC3UhHORzElV1clhMy/XRarNUq+ejOsusL4XeC
FmxOSHdX7f4Kr2+VAPk1d2YncjPYQutH1kGRPxKeTfPxrm9NF0A/0L4Pnf1LM9RH
/jOgv51q02Sw3t1wLsqfYSdH7ZsNC2G//lp2E05PRqXI5AVHAwB1FwxE06H48P0b
KfWGsjxzHzidC8KqvOm23v9n4tTwdfVOnWzTq5UQRQRWTq7VTyOgwCU0RLQK0FMp
6JnoHM6rZbeh598lT8c1dJn/85fk2rT3/wUornGmj263J1EO3CH/iNLUqQIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFL/m4cYqQxcGC87tIkpp03FzcQcXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvdi1iaHhpcERGd1lMenUwaVNtblRjWE54QnhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAUah3AwQA
Uah7AwQCUpmIMAwDBAJZ1ZQDBAJZ1ZgDBABZ1acDBANZ1bADBABtsPADBAG5MX4D
BADVmCowDQYJKoZIhvcNAQELBQADggEBABm/rQCLfJP9qUuHaW12++YHFwyw/X6C
P6F2hHHZOP1Jssl1or10I88Y/nYo9VANNkHVjzWDb/Mj+zIkB41nHsmgmRQmYPc3
6neqLM/twW6ix59F1qpiIPIg3/xFIIGTlN90GfE4AJHbM5gNINs3X29t2uUu3vR1
p9Dfkh01nwYRtMEHrXyxS49GPQZP2chsorj15xhNYvD7arxSByO9N2QDin8Gchq9
YRYlQuAcPeAG/zBYSudWnzZKkWAe/z5YyiCOA/0d0B6Cj1mkTuZ5M1dUiEKNNCSp
ezBZZSfalwXZA9rRUD9V3crVjlDRXK3C7leQjCt8YIT+royrjRBP+Go=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:10:23 2025 by rpki-client