Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NZLBhHvFQr7tpbAKzSk1bRZmSNw.roa
File: NZLBhHvFQr7tpbAKzSk1bRZmSNw.roa (raw, json)
Hash identifier: ttnDcnyDDpJtyyYg7m+j+fYYI2gQGVCgewhj+tvv8DI=
Subject key identifier: 35:92:C1:84:7B:C5:42:BE:ED:A5:B0:0A:CD:29:35:6D:16:66:48:DC
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018BADF0711BA221F34BB2FCF45AC2E562C4
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NZLBhHvFQr7tpbAKzSk1bRZmSNw.roa
Signing time: Wed 08 Nov 2023 07:58:17 +0000
ROA not before: Wed 08 Nov 2023 07:58:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197992
IP address blocks: 194.33.32.0/24 maxlen: 24
2a0f:7f00::/29 maxlen: 29
2a13:2cc0::/29 maxlen: 29
2a12:d6c0::/29 maxlen: 29
2a06:dfc0::/29 maxlen: 29
2a13:2b40::/29 maxlen: 29
2a13:d300::/29 maxlen: 29
2a13:200::/29 maxlen: 29
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ad:f0:71:1b:a2:21:f3:4b:b2:fc:f4:5a:c2:e5:62:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Nov 8 07:58:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3592c1847bc542beeda5b00acd29356d166648dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:8f:cc:75:fe:b7:7e:1d:df:d2:00:f8:fc:36:
5f:ca:4b:3d:2e:96:3e:08:ed:4b:94:12:54:19:d4:
68:1c:d7:d9:f3:0a:ce:4b:09:49:b2:54:a2:05:82:
be:81:80:c2:fa:3c:e4:e7:49:7c:97:ae:92:30:d1:
28:f7:ee:39:28:ab:79:18:a7:e3:b7:f0:04:bf:b6:
09:b7:0a:16:97:9e:27:26:75:ef:e7:b4:e4:53:7d:
39:88:7c:92:bc:bf:5a:b2:36:fd:2c:bc:92:f1:ee:
e2:41:e9:d8:42:05:70:df:3a:37:c1:28:06:54:d9:
3a:9a:7d:aa:65:d6:1f:fd:4d:51:24:59:01:f0:34:
fe:5a:16:51:ce:01:15:d6:fd:fe:c7:09:34:1f:4f:
6a:4e:02:b3:cd:1a:85:61:93:22:c1:5f:9a:d8:de:
28:1b:98:95:bf:f4:03:2c:5b:b3:fe:a7:75:a7:78:
ee:28:87:53:65:7e:04:4d:a6:70:c8:74:e9:36:ab:
4f:fe:ef:05:e6:55:2a:2f:54:b7:51:88:df:f8:1f:
e2:28:dc:2c:71:61:c6:23:ce:8d:eb:06:11:0b:2c:
23:59:c1:48:56:12:9b:c2:ef:41:9b:d0:9c:84:b2:
97:9e:af:6d:9f:5a:ac:4a:4a:6d:1d:a5:ef:b4:a5:
06:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:92:C1:84:7B:C5:42:BE:ED:A5:B0:0A:CD:29:35:6D:16:66:48:DC
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NZLBhHvFQr7tpbAKzSk1bRZmSNw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.33.32.0/24
IPv6:
2a06:dfc0::/29
2a0f:7f00::/29
2a12:d6c0::/29
2a13:200::/29
2a13:2b40::/29
2a13:2cc0::/29
2a13:d300::/29
Signature Algorithm: sha256WithRSAEncryption
44:6f:d2:72:44:6c:02:f2:8d:f2:8a:62:fe:b6:19:3b:14:0c:
d6:0f:9d:4f:33:f8:35:07:d8:0c:14:53:eb:c7:90:75:30:e3:
b5:7d:e2:0f:14:eb:19:cf:8e:dc:0e:a1:93:51:d0:4b:cb:03:
c7:10:37:fc:25:4b:84:6e:4a:59:d1:85:95:7e:bd:f7:5a:f6:
b7:18:12:12:60:dc:b5:69:b4:3d:7f:a6:cb:90:5e:56:a4:69:
ca:fd:73:48:cb:05:78:69:c8:4a:c2:37:36:ca:14:01:a0:c5:
fb:13:e9:04:38:90:77:a5:6a:31:39:ad:27:24:d4:93:a7:e3:
44:da:dc:50:93:82:cd:7e:cf:eb:58:ac:e3:ff:43:ce:58:29:
1b:5b:00:fe:9a:05:65:43:ab:62:db:43:43:59:65:d9:24:78:
a8:56:68:ca:63:5e:e1:3e:0f:ea:83:f1:c4:f1:b8:07:fc:3e:
e1:73:ab:fd:39:16:4c:08:d6:47:b6:b7:e1:2e:78:87:e2:9e:
7a:ff:4c:47:b5:bf:88:dc:55:6b:1f:b0:47:a7:8f:cc:a3:2d:
f4:ae:13:bf:c3:0f:97:58:08:e4:5f:e2:8b:ec:b4:b6:6d:d5:
47:ec:b3:41:0a:43:48:2e:82:e9:3f:2d:f6:15:8e:4d:67:a8:
33:c0:76:eb
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYut8HEboiHzS7L89FrC5WLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjMxMTA4MDc1ODE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTkyYzE4NDdiYzU0MmJlZWRhNWIwMGFjZDI5MzU2ZDE2NjY0OGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsI/Mdf63fh3f0gD4/DZfyks9LpY+
CO1LlBJUGdRoHNfZ8wrOSwlJslSiBYK+gYDC+jzk50l8l66SMNEo9+45KKt5GKfj
t/AEv7YJtwoWl54nJnXv57TkU305iHySvL9asjb9LLyS8e7iQenYQgVw3zo3wSgG
VNk6mn2qZdYf/U1RJFkB8DT+WhZRzgEV1v3+xwk0H09qTgKzzRqFYZMiwV+a2N4o
G5iVv/QDLFuz/qd1p3juKIdTZX4ETaZwyHTpNqtP/u8F5lUqL1S3UYjf+B/iKNws
cWHGI86N6wYRCywjWcFIVhKbwu9Bm9CchLKXnq9tn1qsSkptHaXvtKUGOQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFDWSwYR7xUK+7aWwCs0pNW0WZkjcMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTlpMQmhIdkZRcjd0cGJBS3pTazFiUlptU053LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzAMBAIAATAGAwQAwiEgMDcE
AgACMDEDBQMqBt/AAwUDKg9/AAMFAyoS1sADBQMqEwIAAwUDKhMrQAMFAyoTLMAD
BQMqE9MAMA0GCSqGSIb3DQEBCwUAA4IBAQBEb9JyRGwC8o3yimL+thk7FAzWD51P
M/g1B9gMFFPrx5B1MOO1feIPFOsZz47cDqGTUdBLywPHEDf8JUuEbkpZ0YWVfr33
Wva3GBISYNy1abQ9f6bLkF5WpGnK/XNIywV4achKwjc2yhQBoMX7E+kEOJB3pWox
Oa0nJNSTp+NE2txQk4LNfs/rWKzj/0POWCkbWwD+mgVlQ6ti20NDWWXZJHioVmjK
Y17hPg/qg/HE8bgH/D7hc6v9ORZMCNZHtrfhLniH4p56/0xHtb+I3FVrH7BHp4/M
oy30rhO/ww+XWAjkX+KL7LS2bdVH7LNBCkNILoLpPy32FY5NZ6gzwHbr
-----END CERTIFICATE-----
Generated at Mon Apr 21 17:02:57 2025 by rpki-client