Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/NU5BkqvGhzYyOGI6jawcdWDfTi0.roa
File: NU5BkqvGhzYyOGI6jawcdWDfTi0.roa (raw, json)
Hash identifier: XLRjWbyPUjnkXzI+7LTX3cKUITxmlz/BSktpC/yvlXM=
Subject key identifier: 35:4E:41:92:AB:C6:87:36:32:38:62:3A:8D:AC:1C:75:60:DF:4E:2D
Certificate issuer: /CN=d9f90449509ebf9e3b0f42c1cdc22e3ef4007426
Certificate serial: 01856C4158705CA38FBCE32179FBF9E2FD4B
Authority key identifier: D9:F9:04:49:50:9E:BF:9E:3B:0F:42:C1:CD:C2:2E:3E:F4:00:74:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2fkESVCev547D0LBzcIuPvQAdCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/NU5BkqvGhzYyOGI6jawcdWDfTi0.roa
Signing time: Sun 01 Jan 2023 07:34:59 +0000
ROA not before: Sun 01 Jan 2023 07:34:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206102
IP address blocks: 152.89.136.0/24 maxlen: 24
152.89.139.0/24 maxlen: 24
152.89.138.0/24 maxlen: 24
152.89.137.0/24 maxlen: 24
185.195.97.0/24 maxlen: 24
185.195.96.0/24 maxlen: 24
185.195.96.0/23 maxlen: 23
185.195.98.0/23 maxlen: 23
185.195.98.0/24 maxlen: 24
185.195.99.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:41:58:70:5c:a3:8f:bc:e3:21:79:fb:f9:e2:fd:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9f90449509ebf9e3b0f42c1cdc22e3ef4007426
Validity
Not Before: Jan 1 07:34:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=354e4192abc687363238623a8dac1c7560df4e2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:c6:0c:66:e1:3e:2f:f0:f8:30:76:97:39:77:
51:4a:bc:aa:b9:81:03:91:24:a8:59:c9:f0:29:e6:
13:6c:0c:de:6f:b3:da:be:a4:fc:87:22:97:3b:bd:
f9:82:18:cb:83:51:20:ec:2f:99:0e:ca:14:5c:85:
94:31:3f:31:4f:f3:97:1c:f2:61:a0:5c:9a:67:9f:
54:65:5c:5d:83:23:30:75:46:b1:9b:80:ee:4b:0f:
86:7d:0c:07:ae:de:59:dd:fc:78:cb:8c:87:67:36:
65:0f:cb:97:ad:ae:b2:af:9f:d5:74:33:db:93:03:
23:e6:c8:6a:69:59:81:c8:fc:a8:f3:25:18:ae:ef:
81:ef:53:2f:c3:ee:a0:dc:20:56:cd:d7:43:8b:92:
9c:57:58:64:7d:74:82:5b:3c:d7:1a:9b:6d:12:e8:
79:b1:ac:ee:01:c7:86:d1:d7:b4:d4:b1:bc:c8:b0:
cd:ec:e3:5e:62:cf:3a:ba:53:6b:55:f2:59:a8:8a:
7a:16:21:ca:f0:a0:5e:da:2d:6f:4c:3e:5e:a8:98:
46:19:db:70:93:31:46:ce:d3:59:fe:88:c0:38:1a:
b2:55:15:88:74:76:5f:bd:cc:ee:ce:cc:a3:ca:88:
8a:69:56:0a:51:8a:93:69:81:7e:26:76:f7:33:2f:
24:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:4E:41:92:AB:C6:87:36:32:38:62:3A:8D:AC:1C:75:60:DF:4E:2D
X509v3 Authority Key Identifier:
keyid:D9:F9:04:49:50:9E:BF:9E:3B:0F:42:C1:CD:C2:2E:3E:F4:00:74:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2fkESVCev547D0LBzcIuPvQAdCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/NU5BkqvGhzYyOGI6jawcdWDfTi0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/2fkESVCev547D0LBzcIuPvQAdCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.136.0/22
185.195.96.0/22
Signature Algorithm: sha256WithRSAEncryption
83:b5:1b:e1:d5:4d:ae:29:d8:f2:eb:1b:cd:7a:30:d7:f9:17:
9b:f1:32:46:3a:2d:70:f9:26:4a:8c:4c:69:cc:a3:71:71:e3:
c4:df:19:8c:39:57:77:a7:b0:81:d1:49:25:9d:eb:a9:6f:03:
6b:eb:b6:6d:8d:2e:79:91:88:b5:d4:10:df:bc:bb:a1:10:12:
37:36:e0:8d:44:6c:f2:d2:16:e4:b4:d8:5c:92:a9:ab:8f:ea:
28:b8:48:4e:8a:b3:73:5b:ff:92:d5:ac:27:4b:ad:1f:9f:56:
aa:51:b7:21:c4:2f:6d:f2:76:5b:dc:bc:97:75:60:9c:a7:c2:
c5:9a:1c:da:16:c1:fa:ac:66:2f:40:64:e3:cb:04:86:3a:6d:
4b:d1:8c:19:51:fe:4c:e9:a8:c1:3b:e1:c4:d5:cb:bb:30:6c:
87:df:2d:c3:83:1a:34:94:57:de:a9:5c:00:4b:1f:5c:9d:d3:
f9:17:26:9a:73:86:f0:db:f8:22:3f:c6:95:f2:bb:d5:fd:a1:
3b:ea:ee:bc:6e:89:58:68:e9:35:b5:c8:4b:78:49:89:77:e5:
b2:d5:ca:d7:9e:2e:eb:d9:47:a7:20:b2:25:34:f1:e5:4b:ec:
6d:18:09:e1:20:db:b6:a1:5a:70:75:19:a8:13:87:e1:2d:a8:
e3:bb:ed:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVsQVhwXKOPvOMhefv54v1LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZjkwNDQ5NTA5ZWJmOWUzYjBmNDJjMWNkYzIyZTNlZjQw
MDc0MjYwHhcNMjMwMTAxMDczNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTRlNDE5MmFiYzY4NzM2MzIzODYyM2E4ZGFjMWM3NTYwZGY0ZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcYMZuE+L/D4MHaXOXdRSryquYED
kSSoWcnwKeYTbAzeb7PavqT8hyKXO735ghjLg1Eg7C+ZDsoUXIWUMT8xT/OXHPJh
oFyaZ59UZVxdgyMwdUaxm4DuSw+GfQwHrt5Z3fx4y4yHZzZlD8uXra6yr5/VdDPb
kwMj5shqaVmByPyo8yUYru+B71Mvw+6g3CBWzddDi5KcV1hkfXSCWzzXGpttEuh5
sazuAceG0de01LG8yLDN7ONeYs86ulNrVfJZqIp6FiHK8KBe2i1vTD5eqJhGGdtw
kzFGztNZ/ojAOBqyVRWIdHZfvczuzsyjyoiKaVYKUYqTaYF+Jnb3My8kjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDVOQZKrxoc2MjhiOo2sHHVg304tMB8GA1UdIwQY
MBaAFNn5BElQnr+eOw9Cwc3CLj70AHQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmZrRVNWQ2V2NTQ3RDBMQnpjSXVQdlFBZENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My85YzVjZWYtZDRlNC00NGUxLWFiZjUt
YmI0ODgyOGM5ZjA1LzEvTlU1Qmtxdkdoell5T0dJNmphd2NkV0RmVGkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My85YzVjZWYtZDRlNC00NGUxLWFiZjUtYmI0ODgyOGM5ZjA1
LzEvMmZrRVNWQ2V2NTQ3RDBMQnpjSXVQdlFBZENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCmFmIAwQC
ucNgMA0GCSqGSIb3DQEBCwUAA4IBAQCDtRvh1U2uKdjy6xvNejDX+Reb8TJGOi1w
+SZKjExpzKNxcePE3xmMOVd3p7CB0UklneupbwNr67ZtjS55kYi11BDfvLuhEBI3
NuCNRGzy0hbktNhckqmrj+oouEhOirNzW/+S1awnS60fn1aqUbchxC9t8nZb3LyX
dWCcp8LFmhzaFsH6rGYvQGTjywSGOm1L0YwZUf5M6ajBO+HE1cu7MGyH3y3Dgxo0
lFfeqVwASx9cndP5Fyaac4bw2/giP8aV8rvV/aE76u68bolYaOk1tchLeEmJd+Wy
1crXni7r2UenILIlNPHlS+xtGAnhINu2oVpwdRmoE4fhLajju+36
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:50:03 2025 by rpki-client