Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xW7ym08ypq-SIRnv2LzbcLubZrg.roa
File: xW7ym08ypq-SIRnv2LzbcLubZrg.roa (raw, json)
Hash identifier: a8pltWy1kQoL7czAC5IPuhn4CmlPl6YlUQhA8/iXCDY=
Subject key identifier: C5:6E:F2:9B:4F:32:A6:AF:92:21:19:EF:D8:BC:DB:70:BB:9B:66:B8
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0189D4A1C2F10C1BCA16C26907C340469B3E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xW7ym08ypq-SIRnv2LzbcLubZrg.roa
Signing time: Tue 08 Aug 2023 10:11:58 +0000
ROA not before: Tue 08 Aug 2023 10:11:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 81.168.41.0/24 maxlen: 24
82.153.137.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.140.0/24 maxlen: 24
109.176.214.0/24 maxlen: 24
109.176.215.0/24 maxlen: 24
109.176.216.0/24 maxlen: 24
109.176.217.0/24 maxlen: 24
109.176.218.0/24 maxlen: 24
109.176.219.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
109.176.221.0/24 maxlen: 24
109.176.222.0/24 maxlen: 24
109.176.223.0/24 maxlen: 24
109.176.220.0/24 maxlen: 24
82.153.78.0/24 maxlen: 24
109.176.240.0/24 maxlen: 24
109.176.242.0/24 maxlen: 24
109.176.243.0/24 maxlen: 24
109.176.245.0/24 maxlen: 24
109.176.246.0/24 maxlen: 24
109.176.249.0/24 maxlen: 24
109.176.250.0/24 maxlen: 24
109.176.248.0/24 maxlen: 24
82.153.227.0/24 maxlen: 24
185.49.125.0/24 maxlen: 24
82.153.240.0/24 maxlen: 24
185.49.126.0/23 maxlen: 24
82.153.249.0/24 maxlen: 24
81.5.156.0/24 maxlen: 24
82.153.221.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
82.153.225.0/24 maxlen: 24
82.152.111.0/24 maxlen: 24
89.213.41.0/24 maxlen: 24
89.213.42.0/24 maxlen: 24
89.213.44.0/24 maxlen: 24
89.213.47.0/24 maxlen: 24
89.213.46.0/24 maxlen: 24
89.213.173.0/24 maxlen: 24
89.213.174.0/24 maxlen: 24
89.213.175.0/24 maxlen: 24
89.213.179.0/24 maxlen: 24
89.213.176.0/24 maxlen: 24
89.213.177.0/24 maxlen: 24
89.213.180.0/24 maxlen: 24
89.213.181.0/24 maxlen: 24
89.213.182.0/24 maxlen: 24
89.213.186.0/24 maxlen: 24
89.213.184.0/24 maxlen: 24
89.213.185.0/24 maxlen: 24
89.213.187.0/24 maxlen: 24
89.213.188.0/24 maxlen: 24
89.213.189.0/24 maxlen: 24
109.176.211.0/24 maxlen: 24
109.176.212.0/24 maxlen: 24
109.176.213.0/24 maxlen: 24
89.213.139.0/24 maxlen: 24
89.213.136.0/24 maxlen: 24
89.213.141.0/24 maxlen: 24
89.213.140.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.151.0/24 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.148.0/24 maxlen: 24
89.213.149.0/24 maxlen: 24
89.213.150.0/24 maxlen: 24
82.152.253.0/24 maxlen: 24
82.152.252.0/24 maxlen: 24
89.213.154.0/24 maxlen: 24
89.213.158.0/24 maxlen: 24
89.213.155.0/24 maxlen: 24
89.213.157.0/24 maxlen: 24
82.152.255.0/24 maxlen: 24
82.153.1.0/24 maxlen: 24
89.213.160.0/24 maxlen: 24
89.213.162.0/24 maxlen: 24
89.213.163.0/24 maxlen: 24
89.213.164.0/24 maxlen: 24
89.213.169.0/24 maxlen: 24
89.213.168.0/24 maxlen: 24
81.168.116.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
89.213.5.0/24 maxlen: 24
213.152.42.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d4:a1:c2:f1:0c:1b:ca:16:c2:69:07:c3:40:46:9b:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 8 10:11:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c56ef29b4f32a6af922119efd8bcdb70bb9b66b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:2e:60:d9:c3:7a:5d:2b:dc:9a:c4:d8:a0:72:
4d:ec:51:30:0d:66:14:96:10:10:4d:f7:49:ec:ff:
52:8c:3f:c5:5c:69:6f:ea:45:26:47:23:b1:db:a3:
30:54:66:66:f3:b9:e4:a1:4b:2d:bc:66:87:79:a2:
5f:80:8b:f5:68:f5:fb:33:d9:23:18:60:ef:b0:ab:
4c:64:06:39:c5:f3:57:c4:a9:57:4d:65:01:e3:7e:
e8:ef:7e:a9:a8:3c:e5:d0:b5:87:84:bd:89:14:76:
ce:1e:14:26:b0:f2:6c:a2:59:c2:48:8c:b3:ed:b7:
81:07:5e:11:aa:ab:db:74:ef:6d:96:70:37:5f:13:
41:61:b2:ee:07:b1:56:2b:b1:03:1a:70:45:db:af:
3c:c8:2b:23:ff:f2:56:e5:98:0c:cf:53:58:20:92:
b3:32:0e:80:57:2c:1a:72:ea:85:cd:34:2e:cc:48:
bf:c6:7f:1c:01:1b:0c:b3:de:c8:8a:6a:1b:d6:6d:
92:44:4c:9b:f4:b1:e0:72:75:c8:d2:5c:b8:c5:32:
73:c2:79:bb:fb:7a:90:0b:7c:cf:1b:06:ca:b6:30:
9e:8c:02:c7:8c:6e:bb:ad:69:01:84:7a:c1:0f:58:
b6:86:14:44:10:8e:10:75:70:71:96:70:3b:ef:ed:
c3:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:6E:F2:9B:4F:32:A6:AF:92:21:19:EF:D8:BC:DB:70:BB:9B:66:B8
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xW7ym08ypq-SIRnv2LzbcLubZrg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.156.0/24
81.168.41.0/24
81.168.116.0/24
81.168.119.0/24
81.168.123.0/24
82.152.111.0/24
82.152.252.0/23
82.152.255.0/24
82.153.1.0/24
82.153.73.0/24
82.153.78.0/24
82.153.136.0-82.153.140.255
82.153.221.0/24
82.153.223.0/24
82.153.225.0/24
82.153.227.0/24
82.153.240.0/24
82.153.249.0/24
89.213.5.0/24
89.213.41.0-89.213.42.255
89.213.44.0/24
89.213.46.0/23
89.213.136.0/24
89.213.139.0-89.213.141.255
89.213.146.0/24
89.213.148.0-89.213.152.255
89.213.154.0/23
89.213.157.0-89.213.158.255
89.213.160.0/24
89.213.162.0-89.213.164.255
89.213.168.0/23
89.213.173.0-89.213.177.255
89.213.179.0-89.213.182.255
89.213.184.0-89.213.189.255
109.176.211.0-109.176.223.255
109.176.240.0/24
109.176.242.0/23
109.176.245.0-109.176.246.255
109.176.248.0-109.176.250.255
185.49.125.0-185.49.127.255
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
51:14:25:b0:05:b6:c2:4b:77:00:c1:9d:68:ab:00:40:dc:8c:
8e:17:f4:71:12:57:25:a8:30:2c:09:b2:f0:00:8a:9f:70:66:
9a:85:2d:eb:e5:d6:3d:a5:ac:4a:58:4c:2f:b6:5b:bb:17:c6:
36:4c:c3:6d:b0:3e:16:4d:39:2e:40:7d:72:d4:de:5b:a2:cc:
2b:c2:36:75:59:df:1d:6e:97:7c:62:37:76:7d:de:37:cb:35:
d4:f1:93:80:78:d0:32:e6:d1:cb:b4:62:df:b3:80:c0:cf:ab:
33:69:9b:a9:95:a6:96:5d:43:63:9d:51:c9:52:9e:c4:00:c3:
b9:89:3a:f4:81:2b:dc:69:c2:58:27:7d:d6:db:69:87:33:41:
53:9b:7e:9b:74:6f:b4:e5:6e:c2:6f:44:bb:43:6a:f3:16:ce:
f6:2b:30:fa:9d:9d:cc:2c:dd:53:e7:49:2a:68:42:81:5f:d2:
b2:c7:71:22:57:e7:0b:71:6f:40:b0:0d:58:6b:d4:99:7d:ad:
01:65:65:38:9b:c1:b2:86:b9:7c:5a:1d:b8:87:7f:1d:dc:d9:
39:a6:60:51:f1:63:93:0d:d3:f1:1b:50:48:e9:00:b5:c4:31:
9d:58:68:62:93:f4:b3:9b:46:4c:cf:25:11:96:6a:fd:bb:5c:
bc:e6:47:50
-----BEGIN CERTIFICATE-----
MIIGXzCCBUegAwIBAgISAYnUocLxDBvKFsJpB8NARps+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODA4MTAxMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTZlZjI5YjRmMzJhNmFmOTIyMTE5ZWZkOGJjZGI3MGJiOWI2NmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArS5g2cN6XSvcmsTYoHJN7FEwDWYU
lhAQTfdJ7P9SjD/FXGlv6kUmRyOx26MwVGZm87nkoUstvGaHeaJfgIv1aPX7M9kj
GGDvsKtMZAY5xfNXxKlXTWUB437o736pqDzl0LWHhL2JFHbOHhQmsPJsolnCSIyz
7beBB14RqqvbdO9tlnA3XxNBYbLuB7FWK7EDGnBF2688yCsj//JW5ZgMz1NYIJKz
Mg6AVywacuqFzTQuzEi/xn8cARsMs97Iimob1m2SREyb9LHgcnXI0ly4xTJzwnm7
+3qQC3zPGwbKtjCejALHjG67rWkBhHrBD1i2hhREEI4QdXBxlnA77+3DvwIDAQAB
o4IDazCCA2cwHQYDVR0OBBYEFMVu8ptPMqavkiEZ79i823C7m2a4MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveFc3eW0wOHlwcS1TSVJudjJMemJjTHViWnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBfwYIKwYBBQUHAQcBAf8EggFuMIIBajCCAWYEAgABMIIB
XgMEAFEFnAMEAFGoKQMEAFGodAMEAFGodwMEAFGoewMEAFKYbwMEAVKY/AMEAFKY
/wMEAFKZAQMEAFKZSQMEAFKZTjAMAwQDUpmIAwQAUpmMAwQAUpndAwQAUpnfAwQA
UpnhAwQAUpnjAwQAUpnwAwQAUpn5AwQAWdUFMAwDBABZ1SkDBABZ1SoDBABZ1SwD
BAFZ1S4DBABZ1YgwDAMEAFnViwMEAVnVjAMEAFnVkjAMAwQCWdWUAwQAWdWYAwQB
WdWaMAwDBABZ1Z0DBABZ1Z4DBABZ1aAwDAMEAVnVogMEAFnVpAMEAVnVqDAMAwQA
WdWtAwQBWdWwMAwDBABZ1bMDBABZ1bYwDAMEA1nVuAMEAVnVvDAMAwQAbbDTAwQF
bbDAAwQAbbDwAwQBbbDyMAwDBABtsPUDBABtsPYwDAMEA22w+AMEAG2w+jAMAwQA
uTF9AwQHuTEAAwQA1ZgqMA0GCSqGSIb3DQEBCwUAA4IBAQBRFCWwBbbCS3cAwZ1o
qwBA3IyOF/RxElclqDAsCbLwAIqfcGaahS3r5dY9paxKWEwvtlu7F8Y2TMNtsD4W
TTkuQH1y1N5boswrwjZ1Wd8dbpd8Yjd2fd43yzXU8ZOAeNAy5tHLtGLfs4DAz6sz
aZuplaaWXUNjnVHJUp7EAMO5iTr0gSvcacJYJ33W22mHM0FTm36bdG+05W7Cb0S7
Q2rzFs72KzD6nZ3MLN1T50kqaEKBX9Kyx3EiV+cLcW9AsA1Ya9SZfa0BZWU4m8Gy
hrl8Wh24h38d3Nk5pmBR8WOTDdPxG1BI6QC1xDGdWGhik/Szm0ZMzyURlmr9u1y8
5kdQ
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:18:40 2025 by rpki-client