Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/NYNZjUJxTjwrPsAq6k1fpQZEm2o.roa
File: NYNZjUJxTjwrPsAq6k1fpQZEm2o.roa (raw, json)
Hash identifier: 20JJ4A8s21lhJQ0KlarEQGrzIb/tVASG+eLvW8bu2wQ=
Subject key identifier: 35:83:59:8D:42:71:4E:3C:2B:3E:C0:2A:EA:4D:5F:A5:06:44:9B:6A
Certificate issuer: /CN=e53ad9b432bb83d141c480dee78bc35ff47cb72c
Certificate serial: 01856ED4BB5BC7A14134C6A27C7D6BCD6990
Authority key identifier: E5:3A:D9:B4:32:BB:83:D1:41:C4:80:DE:E7:8B:C3:5F:F4:7C:B7:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5TrZtDK7g9FBxIDe54vDX_R8tyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/NYNZjUJxTjwrPsAq6k1fpQZEm2o.roa
Signing time: Sun 01 Jan 2023 19:35:13 +0000
ROA not before: Sun 01 Jan 2023 19:35:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 680
IP address blocks: 192.35.63.0/24 maxlen: 24
192.35.64.0/24 maxlen: 24
192.35.66.0/23 maxlen: 23
192.35.68.0/22 maxlen: 22
129.217.0.0/16 maxlen: 16
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:d4:bb:5b:c7:a1:41:34:c6:a2:7c:7d:6b:cd:69:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e53ad9b432bb83d141c480dee78bc35ff47cb72c
Validity
Not Before: Jan 1 19:35:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3583598d42714e3c2b3ec02aea4d5fa506449b6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:8d:aa:e9:b0:3d:1e:c3:31:e9:03:15:c0:8e:
b2:bf:d7:32:9d:fa:42:91:ba:2b:7c:36:3a:95:c2:
47:85:51:6d:b2:66:a0:5c:09:e6:c6:a3:1b:3e:ae:
e2:2e:24:18:07:88:43:df:48:27:6c:d0:da:5d:b9:
ee:21:69:87:60:f2:9a:72:b2:de:37:ba:d1:7f:67:
69:e9:f4:8f:10:7d:f1:4d:cd:a9:4f:4d:e6:fb:37:
25:df:a0:2c:14:bc:0a:5f:22:55:5c:fb:12:f6:71:
8b:39:ae:03:47:8f:7f:af:b5:a2:7f:12:85:6c:e0:
28:27:2a:d5:1c:60:5a:0e:f2:3b:f2:a0:43:3b:79:
d6:ba:27:ed:af:58:e9:7b:09:cc:f8:f9:1e:06:81:
ac:32:4d:07:fd:45:84:60:e6:36:2a:13:8c:5f:13:
4a:08:41:05:ba:8f:00:1c:49:89:fc:d9:9c:45:b3:
4c:cd:72:1d:94:97:27:9a:39:61:1b:c1:8b:e4:81:
7f:0c:65:bb:f8:31:42:a1:6a:8c:8a:06:03:73:03:
96:bc:0d:8d:b4:da:21:8d:81:62:f5:9e:74:e9:3e:
70:f0:74:b8:1e:7c:a2:fa:ed:bf:1a:fe:5a:7c:f7:
9b:80:63:08:2e:2c:de:5c:9c:87:4e:2b:8a:5a:65:
2d:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:83:59:8D:42:71:4E:3C:2B:3E:C0:2A:EA:4D:5F:A5:06:44:9B:6A
X509v3 Authority Key Identifier:
keyid:E5:3A:D9:B4:32:BB:83:D1:41:C4:80:DE:E7:8B:C3:5F:F4:7C:B7:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5TrZtDK7g9FBxIDe54vDX_R8tyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/NYNZjUJxTjwrPsAq6k1fpQZEm2o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/e8bd0b-f36d-45f5-b985-09bb5287531b/1/5TrZtDK7g9FBxIDe54vDX_R8tyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
129.217.0.0/16
192.35.63.0-192.35.64.255
192.35.66.0-192.35.71.255
Signature Algorithm: sha256WithRSAEncryption
ba:7a:d2:ec:e1:e1:5d:18:83:57:cc:ce:01:68:1b:1e:38:55:
ed:d9:16:4b:ed:20:13:3a:69:b9:a4:81:0f:a6:fa:05:f4:2d:
aa:dc:fc:90:3a:ee:9b:7c:39:12:84:80:2b:19:4c:a5:fb:f5:
c1:12:95:10:7b:aa:97:b3:e6:01:40:9d:1a:9d:7d:8a:83:6b:
93:19:00:a0:6d:22:40:f8:3a:0d:16:ab:09:1e:11:f2:40:66:
e5:b5:97:3e:a0:ad:0f:33:b5:98:33:8e:19:5e:ac:43:41:6f:
1b:87:77:ec:9d:bc:aa:97:fa:42:f8:67:6f:96:86:c5:04:50:
1c:e6:d3:72:9f:cf:e1:b3:77:48:d5:87:73:56:29:ee:07:4d:
a0:2c:45:fb:ab:1c:e1:7b:2f:2f:1d:89:fe:e7:e0:b3:fd:d3:
0e:ab:6e:fb:b2:cd:18:02:08:3b:00:af:2b:8e:c8:19:dd:ea:
fb:4b:88:32:f2:07:9c:48:be:d4:7f:54:f4:ff:95:4c:eb:eb:
8e:95:2c:7a:82:e9:8b:78:e7:14:81:8d:8f:ff:79:ed:47:c2:
5c:cb:1f:92:5e:30:fb:97:28:4b:e1:00:f0:9a:41:16:fe:02:
e1:cd:70:93:b5:83:6e:b8:ec:0c:ce:82:5d:64:b9:30:08:55:
0c:cb:f5:a4
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVu1Ltbx6FBNMaifH1rzWmQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1M2FkOWI0MzJiYjgzZDE0MWM0ODBkZWU3OGJjMzVmZjQ3
Y2I3MmMwHhcNMjMwMTAxMTkzNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTgzNTk4ZDQyNzE0ZTNjMmIzZWMwMmFlYTRkNWZhNTA2NDQ5YjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuo2q6bA9HsMx6QMVwI6yv9cynfpC
kborfDY6lcJHhVFtsmagXAnmxqMbPq7iLiQYB4hD30gnbNDaXbnuIWmHYPKacrLe
N7rRf2dp6fSPEH3xTc2pT03m+zcl36AsFLwKXyJVXPsS9nGLOa4DR49/r7WifxKF
bOAoJyrVHGBaDvI78qBDO3nWuiftr1jpewnM+PkeBoGsMk0H/UWEYOY2KhOMXxNK
CEEFuo8AHEmJ/NmcRbNMzXIdlJcnmjlhG8GL5IF/DGW7+DFCoWqMigYDcwOWvA2N
tNohjYFi9Z506T5w8HS4Hnyi+u2/Gv5afPebgGMILizeXJyHTiuKWmUtRwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDWDWY1CcU48Kz7AKupNX6UGRJtqMB8GA1UdIwQY
MBaAFOU62bQyu4PRQcSA3ueLw1/0fLcsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVRyWnRESzdnOUZCeElEZTU0dkRYX1I4dHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC9lOGJkMGItZjM2ZC00NWY1LWI5ODUt
MDliYjUyODc1MzFiLzEvTllOWmpVSnhUandyUHNBcTZrMWZwUVpFbTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC9lOGJkMGItZjM2ZC00NWY1LWI5ODUtMDliYjUyODc1MzFi
LzEvNVRyWnRESzdnOUZCeElEZTU0dkRYX1I4dHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAnBAIAATAhAwMAgdkwDAME
AMAjPwMEAMAjQDAMAwQBwCNCAwQDwCNAMA0GCSqGSIb3DQEBCwUAA4IBAQC6etLs
4eFdGINXzM4BaBseOFXt2RZL7SATOmm5pIEPpvoF9C2q3PyQOu6bfDkShIArGUyl
+/XBEpUQe6qXs+YBQJ0anX2Kg2uTGQCgbSJA+DoNFqsJHhHyQGbltZc+oK0PM7WY
M44ZXqxDQW8bh3fsnbyql/pC+GdvlobFBFAc5tNyn8/hs3dI1YdzVinuB02gLEX7
qxzhey8vHYn+5+Cz/dMOq277ss0YAgg7AK8rjsgZ3er7S4gy8gecSL7Uf1T0/5VM
6+uOlSx6gumLeOcUgY2P/3ntR8Jcyx+SXjD7lyhL4QDwmkEW/gLhzXCTtYNuuOwM
zoJdZLkwCFUMy/Wk
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:03:25 2025 by rpki-client