Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/NjfzjM7GAoeS6NxY_ODPP9rCUfg.roa
File: NjfzjM7GAoeS6NxY_ODPP9rCUfg.roa (raw, json)
Hash identifier: LYJybCUTLCqcrpIqczgxVuJlh2HgFGAeBj9TlG1/keo=
Subject key identifier: 36:37:F3:8C:CE:C6:02:87:92:E8:DC:58:FC:E0:CF:3F:DA:C2:51:F8
Certificate issuer: /CN=26a5aa918cbfeb3e12997f33890feb258907b343
Certificate serial: 018570152962AC97971A46DECFE149541916
Authority key identifier: 26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/NjfzjM7GAoeS6NxY_ODPP9rCUfg.roa
Signing time: Mon 02 Jan 2023 01:25:13 +0000
ROA not before: Mon 02 Jan 2023 01:25:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29522
IP address blocks: 185.140.120.0/22 maxlen: 22
195.149.224.0/21 maxlen: 21
185.11.100.0/22 maxlen: 24
94.152.0.0/16 maxlen: 24
94.152.254.0/24 maxlen: 24
94.152.255.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:15:29:62:ac:97:97:1a:46:de:cf:e1:49:54:19:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=26a5aa918cbfeb3e12997f33890feb258907b343
Validity
Not Before: Jan 2 01:25:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3637f38ccec6028792e8dc58fce0cf3fdac251f8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:5b:7a:20:1a:f0:f8:f0:56:b0:6f:da:52:2d:
9e:55:1e:83:2b:f8:13:ee:c4:d5:71:32:07:a9:a8:
0a:3e:b6:a8:2c:50:45:77:14:91:3e:ec:bc:56:36:
79:f6:b9:af:e1:e0:47:ed:62:99:5d:8f:5a:50:25:
5b:86:fc:58:82:71:12:f0:ca:de:f8:14:ba:49:95:
73:44:5e:97:34:f3:3b:34:49:b4:29:dd:23:74:6d:
66:6d:9d:5e:f7:ee:32:7a:4a:8a:91:aa:b6:ae:2b:
3b:fd:2a:ab:dd:15:9e:4d:38:56:15:df:cb:0d:10:
29:9a:35:5e:77:3e:6a:74:d9:d4:34:9d:51:0c:64:
85:53:63:7b:62:6f:61:3c:e2:9b:3c:34:99:97:09:
35:ea:24:13:87:54:0b:9c:a3:e8:9e:85:c4:8f:ce:
80:58:47:af:ae:11:1f:d9:b3:ad:7c:ef:90:c5:73:
6a:18:1c:b7:bf:cc:25:a5:a4:3f:b3:ef:c8:0f:c9:
db:82:cd:09:9f:89:9c:c3:1d:0e:c0:17:f7:61:51:
9d:12:f5:ef:8e:47:84:b9:17:90:49:67:67:55:8c:
49:b0:5a:d6:c5:36:ef:f8:6f:64:fe:9e:e2:b2:67:
57:0c:72:f7:f5:8a:6a:70:d8:6e:04:32:db:ae:2f:
33:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:37:F3:8C:CE:C6:02:87:92:E8:DC:58:FC:E0:CF:3F:DA:C2:51:F8
X509v3 Authority Key Identifier:
keyid:26:A5:AA:91:8C:BF:EB:3E:12:99:7F:33:89:0F:EB:25:89:07:B3:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/NjfzjM7GAoeS6NxY_ODPP9rCUfg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/1433ea-1080-46e5-b612-297e282d66a8/1/JqWqkYy_6z4SmX8ziQ_rJYkHs0M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.152.0.0/16
185.11.100.0/22
185.140.120.0/22
195.149.224.0/21
Signature Algorithm: sha256WithRSAEncryption
9e:5a:a8:72:0d:56:5c:42:cf:55:00:e9:2a:9b:09:68:eb:96:
9d:2d:a3:1c:92:4e:a1:a5:d4:fa:4c:53:2f:81:64:e3:77:8d:
c1:b0:bc:a3:52:f1:e4:e2:31:3d:ae:0b:42:0b:4d:c0:9f:c7:
65:8a:6c:68:3b:1c:d2:a9:ac:47:d5:76:e3:f1:19:07:75:06:
a2:a7:98:7b:f3:ae:89:2b:d7:69:6b:eb:fb:5f:0e:46:f2:40:
94:c9:1f:4c:65:9a:25:f5:f5:dc:5f:5e:51:0f:78:4f:ff:b4:
b1:86:3c:97:dc:78:11:f1:b9:1d:54:05:fb:16:c6:b4:b3:4f:
30:35:e1:47:e1:5b:31:c0:ad:ef:17:0b:1d:a4:de:24:05:87:
3d:de:44:c1:e8:e5:5f:90:85:b4:32:f9:aa:cb:9c:9c:dd:15:
d1:d7:62:82:52:28:84:df:f2:12:10:3d:b5:1f:e5:75:86:d4:
96:03:2a:29:a0:5b:e5:53:2f:fd:fd:96:1b:6b:31:a8:b7:3d:
01:9c:d3:40:f1:c5:68:11:e5:49:1d:e7:a0:75:b8:d4:b1:7b:
17:b2:7d:4e:66:5e:b4:51:12:2e:69:ba:e8:c8:e9:03:21:ed:
68:14:ff:97:cf:69:4e:b0:89:b8:e8:1b:11:aa:1c:56:58:13:
b9:06:d7:55
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYVwFSlirJeXGkbez+FJVBkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YTVhYTkxOGNiZmViM2UxMjk5N2YzMzg5MGZlYjI1ODkw
N2IzNDMwHhcNMjMwMTAyMDEyNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM3ZjM4Y2NlYzYwMjg3OTJlOGRjNThmY2UwY2YzZmRhYzI1MWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1t6IBrw+PBWsG/aUi2eVR6DK/gT
7sTVcTIHqagKPraoLFBFdxSRPuy8VjZ59rmv4eBH7WKZXY9aUCVbhvxYgnES8Mre
+BS6SZVzRF6XNPM7NEm0Kd0jdG1mbZ1e9+4yekqKkaq2ris7/Sqr3RWeTThWFd/L
DRApmjVedz5qdNnUNJ1RDGSFU2N7Ym9hPOKbPDSZlwk16iQTh1QLnKPonoXEj86A
WEevrhEf2bOtfO+QxXNqGBy3v8wlpaQ/s+/ID8nbgs0Jn4mcwx0OwBf3YVGdEvXv
jkeEuReQSWdnVYxJsFrWxTbv+G9k/p7ismdXDHL39YpqcNhuBDLbri8zFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDY384zOxgKHkujcWPzgzz/awlH4MB8GA1UdIwQY
MBaAFCalqpGMv+s+Epl/M4kP6yWJB7NDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTIt
Mjk3ZTI4MmQ2NmE4LzEvTmpmempNN0dBb2VTNk54WV9PRFBQOXJDVWZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8xNDMzZWEtMTA4MC00NmU1LWI2MTItMjk3ZTI4MmQ2NmE4
LzEvSnFXcWtZeV82ejRTbVg4emlRX3JKWWtIczBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAATAXAwMAXpgDBAK5
C2QDBAK5jHgDBAPDleAwDQYJKoZIhvcNAQELBQADggEBAJ5aqHINVlxCz1UA6Sqb
CWjrlp0toxySTqGl1PpMUy+BZON3jcGwvKNS8eTiMT2uC0ILTcCfx2WKbGg7HNKp
rEfVduPxGQd1BqKnmHvzrokr12lr6/tfDkbyQJTJH0xlmiX19dxfXlEPeE//tLGG
PJfceBHxuR1UBfsWxrSzTzA14UfhWzHAre8XCx2k3iQFhz3eRMHo5V+QhbQy+arL
nJzdFdHXYoJSKITf8hIQPbUf5XWG1JYDKimgW+VTL/39lhtrMai3PQGc00DxxWgR
5Ukd56B1uNSxexeyfU5mXrRREi5puujI6QMh7WgU/5fPaU6wibjoGxGqHFZYE7kG
11U=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:41:52 2025 by rpki-client