Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/34e53f-6759-4cf5-9801-5d630e203fd5/1/nwo_KactKhyP2DINr0miZ5vm9XY.roa
File: nwo_KactKhyP2DINr0miZ5vm9XY.roa (raw, json)
Hash identifier: pOB0q09H1iLaXcoBSuiK4+3CLaCKvIE/I7cnV7vvdjA=
Subject key identifier: 9F:0A:3F:29:A7:2D:2A:1C:8F:D8:32:0D:AF:49:A2:67:9B:E6:F5:76
Certificate issuer: /CN=91a1173a70e41f4593547669ada22f0d7f68f354
Certificate serial: 01856FE71391A8654C35002EAEDA3BA15A00
Authority key identifier: 91:A1:17:3A:70:E4:1F:45:93:54:76:69:AD:A2:2F:0D:7F:68:F3:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kaEXOnDkH0WTVHZpraIvDX9o81Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/34e53f-6759-4cf5-9801-5d630e203fd5/1/nwo_KactKhyP2DINr0miZ5vm9XY.roa
Signing time: Mon 02 Jan 2023 00:34:52 +0000
ROA not before: Mon 02 Jan 2023 00:34:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209509
IP address blocks: 152.89.176.0/22 maxlen: 24
152.89.176.0/24 maxlen: 24
152.89.177.0/24 maxlen: 24
152.89.179.0/24 maxlen: 24
152.89.178.0/24 maxlen: 24
2a09:3345::/32 maxlen: 32
2a09:3341::/32 maxlen: 32
2a09:3344::/32 maxlen: 32
2a09:3342::/32 maxlen: 32
2a09:3343::/32 maxlen: 32
2a09:3347::/32 maxlen: 32
2a09:3340::/29 maxlen: 32
2a09:3340::/32 maxlen: 32
2a09:3346::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:e7:13:91:a8:65:4c:35:00:2e:ae:da:3b:a1:5a:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=91a1173a70e41f4593547669ada22f0d7f68f354
Validity
Not Before: Jan 2 00:34:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9f0a3f29a72d2a1c8fd8320daf49a2679be6f576
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:5f:3d:86:ac:63:8c:2f:aa:f4:8e:9f:e5:35:
b6:49:92:ce:81:67:a9:16:32:31:b3:d0:a5:1e:09:
b7:ce:ff:d1:65:77:73:cf:8e:52:e4:58:77:52:74:
e3:c1:d0:b1:40:1f:51:82:e4:aa:05:b7:08:ea:9d:
3d:ef:19:13:45:a4:d0:27:86:14:e4:2b:1f:27:e0:
da:a4:7b:25:fb:12:06:d8:48:2e:80:94:66:97:ff:
52:f7:35:5d:c3:53:39:74:e7:d6:4d:56:1d:9f:0c:
e8:70:33:49:98:a2:6f:b7:c0:de:5a:b9:1a:c4:a7:
82:85:47:b6:18:64:11:1d:fd:dc:4a:f1:8c:22:d2:
b8:01:83:6b:28:47:ef:42:09:d5:0e:da:f7:c3:34:
35:16:11:49:4d:2b:cb:ad:91:10:57:9e:43:f4:6f:
33:b9:b9:f8:23:e9:4f:05:33:f9:9f:51:fb:4a:0e:
c5:c1:f5:44:79:1a:c9:47:03:b4:82:6a:2d:51:db:
12:e1:38:9e:a4:e5:78:8f:74:28:27:81:24:06:71:
bb:ff:fc:26:15:c8:68:86:44:14:9f:45:47:1b:08:
bb:b2:b4:30:4d:e7:de:65:b1:53:5a:04:9c:a3:d1:
1e:65:62:46:b5:39:07:5d:89:eb:5a:21:ba:84:7f:
e5:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:0A:3F:29:A7:2D:2A:1C:8F:D8:32:0D:AF:49:A2:67:9B:E6:F5:76
X509v3 Authority Key Identifier:
keyid:91:A1:17:3A:70:E4:1F:45:93:54:76:69:AD:A2:2F:0D:7F:68:F3:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kaEXOnDkH0WTVHZpraIvDX9o81Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/34e53f-6759-4cf5-9801-5d630e203fd5/1/nwo_KactKhyP2DINr0miZ5vm9XY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/34e53f-6759-4cf5-9801-5d630e203fd5/1/kaEXOnDkH0WTVHZpraIvDX9o81Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.176.0/22
IPv6:
2a09:3340::/29
Signature Algorithm: sha256WithRSAEncryption
80:1b:8d:e3:56:51:f4:15:58:fe:4e:3f:1a:b7:47:d9:e8:fc:
05:b2:79:78:16:39:cc:e1:82:32:38:be:7e:0a:98:30:1e:ee:
8d:57:e6:2f:90:a9:c2:d3:8a:35:b8:e8:25:74:7d:f6:d5:e9:
dc:f9:2d:e7:0a:4f:b4:b6:cd:77:9b:61:23:20:66:3a:48:ec:
f4:16:47:81:d0:ec:51:3d:d1:e7:1f:15:42:ea:ab:aa:87:4c:
62:34:38:91:9e:f2:8f:75:6d:96:0b:2f:7f:aa:01:a2:06:35:
c7:33:29:63:c6:79:d9:ee:12:dc:97:bd:ca:d4:b7:58:c8:55:
ce:72:41:9f:af:41:51:3e:2a:da:e7:d6:22:78:62:b6:9f:6d:
25:3e:39:34:31:cf:90:49:56:ca:b4:43:95:ea:c5:73:4e:ad:
7f:cd:15:cd:7d:fd:aa:fb:c2:be:e7:a8:77:fe:3f:df:6d:45:
18:47:1a:b9:27:a3:9b:3f:26:12:eb:1b:ea:ec:65:60:41:9c:
f1:1a:83:ae:9d:62:39:29:48:a2:04:da:7e:df:a3:8c:a1:e9:
a0:7e:6e:4d:06:7b:40:5c:96:d0:d9:02:4c:41:92:ff:dc:59:
88:41:5d:02:08:e2:c0:13:16:41:6f:bd:92:ec:a7:74:84:29:
4b:96:e1:f4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVv5xORqGVMNQAurto7oVoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYTExNzNhNzBlNDFmNDU5MzU0NzY2OWFkYTIyZjBkN2Y2
OGYzNTQwHhcNMjMwMTAyMDAzNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjBhM2YyOWE3MmQyYTFjOGZkODMyMGRhZjQ5YTI2NzliZTZmNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwV89hqxjjC+q9I6f5TW2SZLOgWep
FjIxs9ClHgm3zv/RZXdzz45S5Fh3UnTjwdCxQB9RguSqBbcI6p097xkTRaTQJ4YU
5CsfJ+DapHsl+xIG2EgugJRml/9S9zVdw1M5dOfWTVYdnwzocDNJmKJvt8DeWrka
xKeChUe2GGQRHf3cSvGMItK4AYNrKEfvQgnVDtr3wzQ1FhFJTSvLrZEQV55D9G8z
ubn4I+lPBTP5n1H7Sg7FwfVEeRrJRwO0gmotUdsS4TiepOV4j3QoJ4EkBnG7//wm
FchohkQUn0VHGwi7srQwTefeZbFTWgSco9EeZWJGtTkHXYnrWiG6hH/lXQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ8KPymnLSocj9gyDa9Jomeb5vV2MB8GA1UdIwQY
MBaAFJGhFzpw5B9Fk1R2aa2iLw1/aPNUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2FFWE9uRGtIMFdUVkhacHJhSXZEWDlvODFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8zNGU1M2YtNjc1OS00Y2Y1LTk4MDEt
NWQ2MzBlMjAzZmQ1LzEvbndvX0thY3RLaHlQMkRJTnIwbWlaNXZtOVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8zNGU1M2YtNjc1OS00Y2Y1LTk4MDEtNWQ2MzBlMjAzZmQ1
LzEva2FFWE9uRGtIMFdUVkhacHJhSXZEWDlvODFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCmFmwMA0E
AgACMAcDBQMqCTNAMA0GCSqGSIb3DQEBCwUAA4IBAQCAG43jVlH0FVj+Tj8at0fZ
6PwFsnl4FjnM4YIyOL5+CpgwHu6NV+YvkKnC04o1uOgldH321enc+S3nCk+0ts13
m2EjIGY6SOz0FkeB0OxRPdHnHxVC6quqh0xiNDiRnvKPdW2WCy9/qgGiBjXHMylj
xnnZ7hLcl73K1LdYyFXOckGfr0FRPira59YieGK2n20lPjk0Mc+QSVbKtEOV6sVz
Tq1/zRXNff2q+8K+56h3/j/fbUUYRxq5J6ObPyYS6xvq7GVgQZzxGoOunWI5KUii
BNp+36OMoemgfm5NBntAXJbQ2QJMQZL/3FmIQV0CCOLAExZBb72S7Kd0hClLluH0
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:31:24 2025 by rpki-client