Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nxhTJkPjdf_J7kX6mcvgSDbckCA.roa
File: nxhTJkPjdf_J7kX6mcvgSDbckCA.roa (raw, json)
Hash identifier: rfEoJeDOe9DpyiAX06ndqs5VlyAgfuDh6GM3RiU/HzA=
Subject key identifier: 9F:18:53:26:43:E3:75:FF:C9:EE:45:FA:99:CB:E0:48:36:DC:90:20
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018756E6DAE11AE616F1094AD567AB8E33F3
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nxhTJkPjdf_J7kX6mcvgSDbckCA.roa
Signing time: Thu 06 Apr 2023 14:09:42 +0000
ROA not before: Thu 06 Apr 2023 14:09:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51659
IP address blocks: 195.133.5.0/24 maxlen: 24
195.133.8.0/24 maxlen: 24
195.58.37.0/24 maxlen: 24
195.58.48.0/23 maxlen: 23
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:56:e6:da:e1:1a:e6:16:f1:09:4a:d5:67:ab:8e:33:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Apr 6 14:09:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9f18532643e375ffc9ee45fa99cbe04836dc9020
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:2a:61:93:71:cb:5e:13:25:81:ab:6d:47:eb:
99:8e:f7:44:bf:37:48:f5:e5:6f:37:69:ee:e5:66:
19:1e:ad:a7:85:f9:97:0c:a8:54:2c:cf:87:e3:6e:
84:7a:19:54:81:d9:be:b3:1d:4c:5d:45:c3:64:4e:
9a:9f:21:ba:aa:93:25:85:3a:ba:00:e9:0d:b2:01:
22:ee:f8:cc:80:19:1e:b3:a6:d3:29:ab:e2:83:a0:
61:53:ec:0d:37:ce:d8:57:61:93:a3:ca:91:0e:bd:
c0:2c:95:e3:88:0e:ce:7d:89:46:52:dd:ea:72:94:
21:6f:53:c5:e1:24:85:02:cd:88:97:c8:96:48:7f:
78:f8:8a:99:e2:ff:57:58:3a:fc:78:e5:29:9f:ba:
0d:d1:15:0f:63:e1:d5:48:ab:1e:f9:83:95:69:3c:
4f:ac:76:e5:75:5a:07:68:21:95:ee:b7:a7:53:ae:
80:a3:7a:85:a3:ee:9b:1d:d0:95:90:cc:90:d8:c8:
23:c2:c6:6a:1d:d2:fe:eb:d3:19:3f:4e:6a:b4:00:
59:d9:8f:64:0b:9a:d5:1c:65:bd:59:db:69:15:ea:
89:af:3f:e2:b5:05:7b:8a:7a:51:78:59:c7:cd:3c:
11:62:5b:3a:c8:50:44:66:6a:94:34:b1:e7:54:ce:
93:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:18:53:26:43:E3:75:FF:C9:EE:45:FA:99:CB:E0:48:36:DC:90:20
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/nxhTJkPjdf_J7kX6mcvgSDbckCA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.58.37.0/24
195.58.48.0/23
195.133.5.0/24
195.133.8.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:16:5e:5a:0d:12:91:c0:ac:4b:39:00:77:2b:5e:2a:01:50:
73:30:ab:a2:55:fc:6a:bb:f6:57:14:0e:97:79:67:09:53:e2:
5d:b6:02:b1:2e:7b:d4:48:ee:6c:77:f9:49:8b:a2:76:15:e2:
b0:cb:0f:28:ec:b6:1e:78:1a:2c:47:dc:39:1d:63:32:61:3f:
19:3a:c2:65:98:88:66:4d:bd:ae:46:09:08:05:35:f0:77:64:
5a:32:f2:49:71:1d:5c:0b:fb:7e:cb:e6:b5:c9:0e:c6:f0:51:
ba:4a:c8:19:ed:ec:38:a2:e5:03:20:7d:38:e8:fc:f4:88:e1:
db:fd:20:3f:ff:84:1d:8c:e7:ce:78:e3:fc:4b:1f:43:a5:45:
99:2f:9c:7b:3e:12:8e:8c:ca:42:8e:78:2b:d1:46:40:1b:9e:
cf:ae:9c:a4:ab:31:de:c8:cb:7f:ea:82:d6:69:e9:22:d4:b2:
cf:bf:e4:bf:c5:3b:a8:4e:99:19:ed:06:24:f5:5e:09:b2:63:
c5:4b:9d:f6:f5:58:4e:45:87:11:30:eb:b1:86:b4:6c:6c:ea:
42:9e:0c:82:7d:ec:8c:85:c9:5f:4c:41:a1:20:b3:2f:a9:6e:
c5:8e:20:88:bb:9e:2d:5a:a2:76:32:1e:72:13:21:86:b4:48:
a8:48:d3:6d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYdW5trhGuYW8QlK1WerjjPzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDA2MTQwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjE4NTMyNjQzZTM3NWZmYzllZTQ1ZmE5OWNiZTA0ODM2ZGM5MDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSphk3HLXhMlgattR+uZjvdEvzdI
9eVvN2nu5WYZHq2nhfmXDKhULM+H426EehlUgdm+sx1MXUXDZE6anyG6qpMlhTq6
AOkNsgEi7vjMgBkes6bTKavig6BhU+wNN87YV2GTo8qRDr3ALJXjiA7OfYlGUt3q
cpQhb1PF4SSFAs2Il8iWSH94+IqZ4v9XWDr8eOUpn7oN0RUPY+HVSKse+YOVaTxP
rHbldVoHaCGV7renU66Ao3qFo+6bHdCVkMyQ2MgjwsZqHdL+69MZP05qtABZ2Y9k
C5rVHGW9WdtpFeqJrz/itQV7inpReFnHzTwRYls6yFBEZmqUNLHnVM6TswIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJ8YUyZD43X/ye5F+pnL4Eg23JAgMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbnhoVEprUGpkZl9KN2tYNm1jdmdTRGJja0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAwzolAwQB
wzowAwQAw4UFAwQAw4UIMA0GCSqGSIb3DQEBCwUAA4IBAQAcFl5aDRKRwKxLOQB3
K14qAVBzMKuiVfxqu/ZXFA6XeWcJU+JdtgKxLnvUSO5sd/lJi6J2FeKwyw8o7LYe
eBosR9w5HWMyYT8ZOsJlmIhmTb2uRgkIBTXwd2RaMvJJcR1cC/t+y+a1yQ7G8FG6
SsgZ7ew4ouUDIH046Pz0iOHb/SA//4QdjOfOeOP8Sx9DpUWZL5x7PhKOjMpCjngr
0UZAG57PrpykqzHeyMt/6oLWaeki1LLPv+S/xTuoTpkZ7QYk9V4JsmPFS5329VhO
RYcRMOuxhrRsbOpCngyCfeyMhclfTEGhILMvqW7FjiCIu54tWqJ2Mh5yEyGGtEio
SNNt
-----END CERTIFICATE-----
Generated at Sun Jun 8 14:22:51 2025 by rpki-client