Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/d19f2d-9659-48b1-b1e8-de13a552df63/1/nWQxxEPOZFeAFjLppt0o3qXo_Ns.roa
File: nWQxxEPOZFeAFjLppt0o3qXo_Ns.roa (raw, json)
Hash identifier: nacnrC5kZA7Mjb4/Dld70sH5gptGl+vO0LDDVur3uiQ=
Subject key identifier: 9D:64:31:C4:43:CE:64:57:80:16:32:E9:A6:DD:28:DE:A5:E8:FC:DB
Certificate issuer: /CN=5140b5cb5986084126f68d6032316d3b1b57696e
Certificate serial: 01853E22056F20FC6FEBF5D3AA09E1DDDF42
Authority key identifier: 51:40:B5:CB:59:86:08:41:26:F6:8D:60:32:31:6D:3B:1B:57:69:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UUC1y1mGCEEm9o1gMjFtOxtXaW4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5c/d19f2d-9659-48b1-b1e8-de13a552df63/1/nWQxxEPOZFeAFjLppt0o3qXo_Ns.roa
Signing time: Fri 23 Dec 2022 08:38:15 +0000
ROA not before: Fri 23 Dec 2022 08:38:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 199462
IP address blocks: 185.101.78.0/24 maxlen: 24
185.101.77.0/24 maxlen: 24
185.101.76.0/24 maxlen: 24
185.101.79.0/24 maxlen: 24
2a06:1b87:300::/48 maxlen: 48
2a06:1b87:500::/48 maxlen: 48
2a06:1b87:400::/48 maxlen: 48
2a06:1b87::/32 maxlen: 32
2001:67c:11bc::/48 maxlen: 48
2a06:1b80::/29 maxlen: 29
2a06:1b80::/32 maxlen: 32
2a06:1b86::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:3e:22:05:6f:20:fc:6f:eb:f5:d3:aa:09:e1:dd:df:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5140b5cb5986084126f68d6032316d3b1b57696e
Validity
Not Before: Dec 23 08:38:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9d6431c443ce6457801632e9a6dd28dea5e8fcdb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:b8:d5:3b:fe:b8:36:62:6e:b6:ca:a5:93:28:
85:b7:79:50:13:5c:36:1e:15:b4:54:a4:db:7b:da:
ec:e7:2d:cb:9e:03:e9:81:3f:30:c8:c3:15:b5:ef:
40:5a:4b:0e:ec:0a:33:30:57:c2:8d:2d:74:2b:ea:
32:c2:0c:7d:1d:e8:c6:14:bb:6c:d3:b3:64:dc:69:
af:23:c9:e4:e3:c9:03:2b:86:88:04:ae:8b:70:86:
6f:c4:f4:60:6b:02:1b:28:e5:42:ff:21:0e:90:46:
9f:c3:34:fd:4e:ef:91:28:d2:34:30:58:32:c9:1c:
d7:92:32:63:cd:c4:1d:c7:f3:b1:c7:9a:90:8d:4d:
ce:be:0a:7d:b7:5d:3c:8d:f9:58:c8:0c:a7:b3:f5:
1e:3c:74:a0:f4:5e:85:91:72:10:b6:a4:15:a0:fb:
be:0f:a5:ae:db:5c:a4:c7:01:56:a3:81:9e:34:79:
cd:e8:29:89:b6:ce:5e:cd:01:16:ac:c0:d8:28:e1:
14:ea:91:68:b1:34:46:91:f7:04:47:1c:f8:03:8c:
60:72:c9:77:45:a1:ac:1d:bc:57:00:b0:a5:cb:c7:
92:fa:14:1a:f1:b5:c5:94:ce:2a:4a:9f:7a:e3:2a:
32:ba:6d:7e:52:73:eb:27:f4:27:ee:5a:db:51:ea:
0d:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:64:31:C4:43:CE:64:57:80:16:32:E9:A6:DD:28:DE:A5:E8:FC:DB
X509v3 Authority Key Identifier:
keyid:51:40:B5:CB:59:86:08:41:26:F6:8D:60:32:31:6D:3B:1B:57:69:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UUC1y1mGCEEm9o1gMjFtOxtXaW4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/d19f2d-9659-48b1-b1e8-de13a552df63/1/nWQxxEPOZFeAFjLppt0o3qXo_Ns.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/d19f2d-9659-48b1-b1e8-de13a552df63/1/UUC1y1mGCEEm9o1gMjFtOxtXaW4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.101.76.0/22
IPv6:
2001:67c:11bc::/48
2a06:1b80::/29
Signature Algorithm: sha256WithRSAEncryption
20:29:91:b0:8b:33:ee:9a:1a:78:f2:f1:00:cb:68:6d:2f:0c:
91:79:dc:07:64:dc:24:ba:e0:83:c5:64:a0:60:cc:72:47:eb:
23:78:4a:b9:d3:82:7e:52:d5:28:32:67:38:dd:2e:91:eb:f4:
1d:b5:7c:a9:a0:45:54:1d:1d:04:5c:2e:cb:20:66:42:b6:0c:
ca:68:45:e1:a2:a5:85:40:4b:02:d2:dc:3e:1e:63:7a:7c:02:
7f:c7:9e:a6:d0:8c:e2:5c:87:08:f7:35:1a:56:e9:0e:d5:0b:
33:92:e9:24:e3:22:be:c3:15:ae:db:e4:c6:0a:41:ae:85:98:
f7:0a:40:1b:9b:56:1c:f9:67:c6:f4:2b:5e:d9:ce:50:eb:c5:
fd:99:1d:ea:da:89:30:cd:32:21:2f:bc:73:19:bb:e7:4e:b4:
a8:e1:dc:b4:a9:25:30:b2:fb:c7:5e:84:b2:5d:df:54:5c:56:
4e:5b:d4:60:b5:a6:cf:e7:9d:1d:3e:4a:fd:87:9b:cc:e6:04:
16:3b:26:3f:b8:60:12:f5:ea:d9:15:d3:5c:7c:ee:d4:09:db:
90:f6:43:79:7c:f2:f1:98:98:63:85:b0:39:c5:8d:55:01:17:
12:8e:58:9f:62:d2:b7:5b:06:1f:f1:7b:7b:95:1a:7e:d3:93:
f5:53:68:d6
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYU+IgVvIPxv6/XTqgnh3d9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNDBiNWNiNTk4NjA4NDEyNmY2OGQ2MDMyMzE2ZDNiMWI1
NzY5NmUwHhcNMjIxMjIzMDgzODE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDY0MzFjNDQzY2U2NDU3ODAxNjMyZTlhNmRkMjhkZWE1ZThmY2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLjVO/64NmJutsqlkyiFt3lQE1w2
HhW0VKTbe9rs5y3LngPpgT8wyMMVte9AWksO7AozMFfCjS10K+oywgx9HejGFLts
07Nk3GmvI8nk48kDK4aIBK6LcIZvxPRgawIbKOVC/yEOkEafwzT9Tu+RKNI0MFgy
yRzXkjJjzcQdx/Oxx5qQjU3Ovgp9t108jflYyAyns/UePHSg9F6FkXIQtqQVoPu+
D6Wu21ykxwFWo4GeNHnN6CmJts5ezQEWrMDYKOEU6pFosTRGkfcERxz4A4xgcsl3
RaGsHbxXALCly8eS+hQa8bXFlM4qSp964yoyum1+UnPrJ/Qn7lrbUeoN/QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFJ1kMcRDzmRXgBYy6abdKN6l6PzbMB8GA1UdIwQY
MBaAFFFAtctZhghBJvaNYDIxbTsbV2luMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVVDMXkxbUdDRUVtOW8xZ01qRnRPeHRYYVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9kMTlmMmQtOTY1OS00OGIxLWIxZTgt
ZGUxM2E1NTJkZjYzLzEvbldReHhFUE9aRmVBRmpMcHB0MG8zcVhvX05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9kMTlmMmQtOTY1OS00OGIxLWIxZTgtZGUxM2E1NTJkZjYz
LzEvVVVDMXkxbUdDRUVtOW8xZ01qRnRPeHRYYVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQCuWVMMBYE
AgACMBADBwAgAQZ8EbwDBQMqBhuAMA0GCSqGSIb3DQEBCwUAA4IBAQAgKZGwizPu
mhp48vEAy2htLwyRedwHZNwkuuCDxWSgYMxyR+sjeEq504J+UtUoMmc43S6R6/Qd
tXypoEVUHR0EXC7LIGZCtgzKaEXhoqWFQEsC0tw+HmN6fAJ/x56m0IziXIcI9zUa
VukO1Qszkukk4yK+wxWu2+TGCkGuhZj3CkAbm1Yc+WfG9Cte2c5Q68X9mR3q2okw
zTIhL7xzGbvnTrSo4dy0qSUwsvvHXoSyXd9UXFZOW9RgtabP550dPkr9h5vM5gQW
OyY/uGAS9erZFdNcfO7UCduQ9kN5fPLxmJhjhbA5xY1VARcSjlifYtK3WwYf8Xt7
lRp+05P1U2jW
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:22:39 2025 by rpki-client