Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xjRboQJGkNvCowdEK_HrnXa9HzM.roa
File: xjRboQJGkNvCowdEK_HrnXa9HzM.roa (raw, json)
Hash identifier: 6P0fMg5AM87lvszPEwB0kjEcc4ODTa50ME2GsFY8nis=
Subject key identifier: C6:34:5B:A1:02:46:90:DB:C2:A3:07:44:2B:F1:EB:9D:76:BD:1F:33
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0184BD79E2A4B9EEB058C735264AE468584C
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xjRboQJGkNvCowdEK_HrnXa9HzM.roa
Signing time: Mon 28 Nov 2022 09:03:12 +0000
ROA not before: Mon 28 Nov 2022 09:03:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 81.5.191.0/24 maxlen: 24
82.153.245.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:bd:79:e2:a4:b9:ee:b0:58:c7:35:26:4a:e4:68:58:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Nov 28 09:03:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c6345ba1024690dbc2a307442bf1eb9d76bd1f33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:50:e1:c6:a1:00:3e:b4:38:e8:8d:b9:9b:d6:
81:27:56:c0:45:38:ee:a2:02:58:6c:c4:cd:49:d2:
cc:41:f0:77:09:67:56:33:42:3b:c0:89:fa:00:7c:
d0:81:52:74:e5:bb:c3:f6:40:eb:c9:3c:fa:67:05:
14:bd:63:2c:3d:c8:19:91:de:b3:e9:b7:b4:a5:0e:
91:66:4d:13:d2:40:9a:ae:8e:2b:b1:50:68:7e:3e:
d6:26:8a:5c:09:70:ad:a4:56:25:25:aa:fa:51:1a:
09:9c:3d:b0:2e:8a:84:dc:e3:96:9c:5d:1d:01:a2:
37:0f:7c:03:ad:1d:67:d2:53:60:84:6d:57:09:5b:
c6:8a:98:fe:9c:7c:17:6e:92:5c:47:e1:d3:62:df:
e5:4b:52:dd:c0:a6:79:81:25:8b:97:27:bb:be:8e:
4e:25:5b:76:38:87:bd:f8:fc:3e:71:db:f8:4e:22:
5e:88:28:e4:a5:cb:81:36:e1:25:19:99:c0:55:cc:
61:1e:f9:98:8b:3c:96:51:43:6b:68:92:2d:f6:21:
78:af:c0:36:15:c2:c8:ad:da:72:16:a2:12:ef:84:
17:00:5b:a9:09:3c:12:80:da:58:32:e3:f0:32:81:
fa:26:c8:c4:68:69:2b:eb:9a:48:b3:95:a3:3c:47:
9e:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:34:5B:A1:02:46:90:DB:C2:A3:07:44:2B:F1:EB:9D:76:BD:1F:33
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/xjRboQJGkNvCowdEK_HrnXa9HzM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.191.0/24
81.168.119.0/24
81.168.123.0/24
82.153.245.0/24
Signature Algorithm: sha256WithRSAEncryption
93:81:69:6d:b1:2f:3f:d5:22:05:c9:87:be:46:01:96:22:f6:
67:3a:d7:ab:9a:25:6e:43:8a:58:07:bd:18:7b:31:23:fb:11:
5c:bf:48:2b:1a:91:27:3c:75:2d:e8:6f:f3:d9:64:ac:17:8f:
2b:f2:b8:22:11:56:f1:8e:8c:f8:54:a8:e5:90:83:47:e2:cc:
02:58:d6:ad:43:c1:75:f1:0d:7e:54:2a:42:e1:2c:5d:b8:3a:
92:72:90:7e:e3:01:c4:37:63:07:e5:0f:d6:d4:65:69:e9:7f:
a5:2b:88:36:55:02:54:8a:3a:d2:26:aa:e1:8f:a6:b2:bb:2f:
33:92:b3:b7:95:a1:35:b6:9f:2b:ec:03:7e:b8:af:5f:3e:26:
b3:b9:51:ae:95:76:dc:de:28:05:b5:44:c4:6f:7b:dc:af:56:
96:72:99:32:0f:fe:bd:f3:c5:23:f8:5a:a6:04:b9:90:10:dd:
67:50:2b:ec:72:08:79:50:05:03:5a:5e:29:01:2c:f1:5d:65:
50:06:2d:a5:b2:6c:4b:f4:df:31:7f:01:71:af:bc:2d:e4:b5:
4d:23:13:d3:22:f3:63:27:c0:c5:fc:25:81:11:0c:76:09:cc:
9a:8b:a5:ae:c6:fa:7f:7d:aa:b9:bc:f3:c4:46:f6:9a:ad:f5:
fe:ac:4f:39
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYS9eeKkue6wWMc1JkrkaFhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjIxMTI4MDkwMzEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjM0NWJhMTAyNDY5MGRiYzJhMzA3NDQyYmYxZWI5ZDc2YmQxZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1DhxqEAPrQ46I25m9aBJ1bARTju
ogJYbMTNSdLMQfB3CWdWM0I7wIn6AHzQgVJ05bvD9kDryTz6ZwUUvWMsPcgZkd6z
6be0pQ6RZk0T0kCaro4rsVBofj7WJopcCXCtpFYlJar6URoJnD2wLoqE3OOWnF0d
AaI3D3wDrR1n0lNghG1XCVvGipj+nHwXbpJcR+HTYt/lS1LdwKZ5gSWLlye7vo5O
JVt2OIe9+Pw+cdv4TiJeiCjkpcuBNuElGZnAVcxhHvmYizyWUUNraJIt9iF4r8A2
FcLIrdpyFqIS74QXAFupCTwSgNpYMuPwMoH6JsjEaGkr65pIs5WjPEeetQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMY0W6ECRpDbwqMHRCvx6512vR8zMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveGpSYm9RSkdrTnZDb3dkRUtfSHJuWGE5SHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUQW/AwQA
Uah3AwQAUah7AwQAUpn1MA0GCSqGSIb3DQEBCwUAA4IBAQCTgWltsS8/1SIFyYe+
RgGWIvZnOtermiVuQ4pYB70YezEj+xFcv0grGpEnPHUt6G/z2WSsF48r8rgiEVbx
joz4VKjlkINH4swCWNatQ8F18Q1+VCpC4SxduDqScpB+4wHEN2MH5Q/W1GVp6X+l
K4g2VQJUijrSJqrhj6ayuy8zkrO3laE1tp8r7AN+uK9fPiazuVGulXbc3igFtUTE
b3vcr1aWcpkyD/6988Uj+FqmBLmQEN1nUCvscgh5UAUDWl4pASzxXWVQBi2lsmxL
9N8xfwFxr7wt5LVNIxPTIvNjJ8DF/CWBEQx2Ccyai6Wuxvp/faq5vPPERvaarfX+
rE85
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:26:09 2025 by rpki-client