Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yBfZPoR7Vt3vQL29CTSPgyV-3aE.roa
File: yBfZPoR7Vt3vQL29CTSPgyV-3aE.roa (raw, json)
Hash identifier: F/hB+LtIy+1pcjMhR6IPcfSHlEI+8MVjNM8pWlHie/w=
Subject key identifier: C8:17:D9:3E:84:7B:56:DD:EF:40:BD:BD:09:34:8F:83:25:7E:DD:A1
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0189B052E086FFE2404F6D329984CE811792
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yBfZPoR7Vt3vQL29CTSPgyV-3aE.roa
Signing time: Tue 01 Aug 2023 08:59:28 +0000
ROA not before: Tue 01 Aug 2023 08:59:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200482
IP address blocks: 89.213.182.0/24 maxlen: 24
89.213.186.0/24 maxlen: 24
89.213.187.0/24 maxlen: 24
89.213.7.0/24 maxlen: 24
89.213.150.0/24 maxlen: 24
89.213.163.0/24 maxlen: 24
82.153.4.0/24 maxlen: 24
89.213.172.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:b0:52:e0:86:ff:e2:40:4f:6d:32:99:84:ce:81:17:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Aug 1 08:59:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c817d93e847b56ddef40bdbd09348f83257edda1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:9b:bb:e0:8b:ab:a8:3d:cb:1e:61:b6:43:3f:
36:d1:27:37:4d:ef:fe:ec:7b:8c:a9:84:bf:72:af:
02:a8:2c:82:56:a9:5c:9f:d0:98:7b:a7:b7:7d:00:
fd:91:19:d5:11:65:13:39:e3:21:d4:67:87:e7:f2:
19:7b:a3:cb:de:2f:64:08:21:1f:7a:99:7b:45:3b:
10:a8:28:6b:44:5a:11:e5:a8:bf:1e:f8:de:a9:68:
12:9e:a9:56:22:e4:0d:ab:2a:72:fd:c6:b6:20:fb:
4e:9f:4d:68:e5:61:24:80:07:87:91:1b:60:75:57:
c8:9d:85:b1:1a:a5:bd:f0:59:e2:00:58:26:6c:30:
4f:b8:37:5a:bb:ac:c0:5d:43:0f:9f:46:42:2e:73:
26:57:62:9e:66:44:01:06:50:cf:4a:12:1c:0a:0a:
36:d4:3e:f0:5b:93:68:24:68:ed:86:cf:bf:76:ad:
8a:c2:ad:d3:f2:d5:99:33:e3:8f:5d:be:20:d1:0b:
c0:36:bf:47:f1:61:ce:26:e9:15:66:ac:ec:f2:41:
ad:f5:17:53:2b:53:86:cd:80:88:f0:49:54:3a:e6:
a1:ee:a1:e1:83:77:8d:7d:53:f6:ee:2a:c4:ba:4d:
14:45:bd:3c:e9:7a:84:1f:a1:b8:42:2a:48:a8:cb:
e9:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:17:D9:3E:84:7B:56:DD:EF:40:BD:BD:09:34:8F:83:25:7E:DD:A1
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/yBfZPoR7Vt3vQL29CTSPgyV-3aE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.153.4.0/24
89.213.7.0/24
89.213.150.0/24
89.213.163.0/24
89.213.172.0/24
89.213.182.0/24
89.213.186.0/23
Signature Algorithm: sha256WithRSAEncryption
86:24:1e:b6:db:b2:90:41:cb:7d:79:89:43:5e:53:b4:f7:f0:
16:a8:52:51:51:4d:ff:20:6f:d0:f0:5f:d0:2e:d3:bb:29:9a:
29:09:c8:79:2b:84:4b:81:01:79:66:e1:0a:91:17:c4:c9:d7:
3e:8a:4f:66:83:4d:e7:fa:c6:7d:ac:01:8b:2d:36:84:89:ec:
b4:59:18:df:49:d9:33:47:4d:e1:58:85:d3:c4:8d:6f:d2:ef:
2b:b0:ce:5a:77:9a:50:9e:9b:6b:2c:dd:aa:65:dd:81:1b:ac:
67:ac:e2:a0:e8:0f:4a:c2:3f:33:cf:e7:74:ea:0a:a1:97:c1:
16:5d:f7:7b:d7:3d:86:b2:55:48:ab:30:41:76:d5:c9:4d:80:
7d:5c:5d:49:f3:cd:0d:b8:fb:de:f1:72:fd:64:ff:42:ee:52:
b7:30:52:e8:05:cd:f6:e0:0a:7d:b0:45:d4:17:b9:a9:e4:4e:
b8:bc:db:88:33:53:4f:79:5b:48:19:a8:58:12:f7:5c:c3:08:
97:c1:63:2a:10:2e:16:89:85:0e:be:67:b8:36:42:fe:eb:0a:
eb:17:11:45:9f:f8:8e:aa:d9:1e:dc:4c:22:90:41:15:52:df:
d8:65:e9:e2:43:13:f7:25:59:d5:ce:54:31:25:e6:1e:34:23:
05:ff:76:32
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYmwUuCG/+JAT20ymYTOgReSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwODAxMDg1OTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODE3ZDkzZTg0N2I1NmRkZWY0MGJkYmQwOTM0OGY4MzI1N2VkZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5u74IurqD3LHmG2Qz820Sc3Te/+
7HuMqYS/cq8CqCyCVqlcn9CYe6e3fQD9kRnVEWUTOeMh1GeH5/IZe6PL3i9kCCEf
epl7RTsQqChrRFoR5ai/HvjeqWgSnqlWIuQNqypy/ca2IPtOn01o5WEkgAeHkRtg
dVfInYWxGqW98FniAFgmbDBPuDdau6zAXUMPn0ZCLnMmV2KeZkQBBlDPShIcCgo2
1D7wW5NoJGjths+/dq2Kwq3T8tWZM+OPXb4g0QvANr9H8WHOJukVZqzs8kGt9RdT
K1OGzYCI8ElUOuah7qHhg3eNfVP27irEuk0URb086XqEH6G4QipIqMvp/wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMgX2T6Ee1bd70C9vQk0j4Mlft2hMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEveUJmWlBvUjdWdDN2UUwyOUNUU1BneVYtM2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAUpkEAwQA
WdUHAwQAWdWWAwQAWdWjAwQAWdWsAwQAWdW2AwQBWdW6MA0GCSqGSIb3DQEBCwUA
A4IBAQCGJB6227KQQct9eYlDXlO09/AWqFJRUU3/IG/Q8F/QLtO7KZopCch5K4RL
gQF5ZuEKkRfEydc+ik9mg03n+sZ9rAGLLTaEiey0WRjfSdkzR03hWIXTxI1v0u8r
sM5ad5pQnptrLN2qZd2BG6xnrOKg6A9Kwj8zz+d06gqhl8EWXfd71z2GslVIqzBB
dtXJTYB9XF1J880NuPve8XL9ZP9C7lK3MFLoBc324Ap9sEXUF7mp5E64vNuIM1NP
eVtIGahYEvdcwwiXwWMqEC4WiYUOvme4NkL+6wrrFxFFn/iOqtke3EwikEEVUt/Y
ZeniQxP3JVnVzlQxJeYeNCMF/3Yy
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:21:55 2025 by rpki-client