Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/NLDuRZrz-5EGQtXUY44CM4FcEGI.roa
File: NLDuRZrz-5EGQtXUY44CM4FcEGI.roa (raw, json)
Hash identifier: qgWav/sJfFroQCeLTeACRSGHPcDjpL+fZiwfmGXc6eo=
Subject key identifier: 34:B0:EE:45:9A:F3:FB:91:06:42:D5:D4:63:8E:02:33:81:5C:10:62
Certificate issuer: /CN=c755702467770ed69b367b77bbe640bc6db4153e
Certificate serial: 01896E1BDCF617D9909DCC8E781049D2B906
Authority key identifier: C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/NLDuRZrz-5EGQtXUY44CM4FcEGI.roa
Signing time: Wed 19 Jul 2023 12:24:26 +0000
ROA not before: Wed 19 Jul 2023 12:24:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201935
IP address blocks: 84.254.137.0/24 maxlen: 24
84.254.144.0/24 maxlen: 24
84.254.144.0/23 maxlen: 24
84.254.145.0/24 maxlen: 24
84.254.146.0/24 maxlen: 24
95.210.111.0/24 maxlen: 24
95.210.132.0/24 maxlen: 24
95.210.132.0/23 maxlen: 24
95.210.133.0/24 maxlen: 24
176.227.131.0/24 maxlen: 24
84.254.130.0/24 maxlen: 24
84.254.131.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:6e:1b:dc:f6:17:d9:90:9d:cc:8e:78:10:49:d2:b9:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c755702467770ed69b367b77bbe640bc6db4153e
Validity
Not Before: Jul 19 12:24:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=34b0ee459af3fb910642d5d4638e0233815c1062
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:ed:bf:76:d4:fc:57:a8:98:3b:cd:d7:fc:f1:
53:08:66:75:39:4c:d6:7f:4c:3c:de:e2:78:f7:ca:
a5:ce:c8:81:1c:4a:12:0f:a4:b5:cc:fb:b1:30:e2:
33:1e:81:02:49:19:35:2e:c5:b6:d5:be:22:12:51:
cf:90:01:16:dd:92:46:5b:4e:e6:e9:d4:0a:08:9e:
bf:e0:75:8b:35:6d:8f:31:66:d7:a0:9a:9f:d2:73:
01:55:6a:86:08:44:eb:9f:34:cd:08:34:5f:fa:5d:
b2:b6:ff:39:98:ad:c3:5f:4f:1d:03:c5:b2:f6:4e:
68:8f:67:98:11:69:e9:ab:cc:a4:90:1d:d6:99:4d:
f5:24:e6:09:40:83:39:77:36:bd:00:81:48:09:da:
89:5e:01:74:1e:d1:c9:22:46:20:3a:53:7f:30:ab:
12:1f:55:25:52:e4:ce:b3:01:26:28:fc:09:27:17:
99:f6:fe:8c:90:36:f6:57:91:0f:42:8d:27:4d:b0:
64:b2:60:ee:17:bb:a6:b6:ef:53:2f:1f:32:93:85:
7f:57:ee:cf:d5:95:cd:fe:2d:f7:dc:10:8e:a8:50:
ff:23:39:46:8f:bf:85:34:16:94:c8:74:57:c1:e7:
b6:4c:a5:30:2b:22:a6:2d:d4:47:35:98:d2:31:7f:
cc:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:B0:EE:45:9A:F3:FB:91:06:42:D5:D4:63:8E:02:33:81:5C:10:62
X509v3 Authority Key Identifier:
keyid:C7:55:70:24:67:77:0E:D6:9B:36:7B:77:BB:E6:40:BC:6D:B4:15:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VwJGd3DtabNnt3u-ZAvG20FT4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/NLDuRZrz-5EGQtXUY44CM4FcEGI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/243f91-8747-4981-9cbf-1d373499924e/1/x1VwJGd3DtabNnt3u-ZAvG20FT4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.254.130.0/23
84.254.137.0/24
84.254.144.0-84.254.146.255
95.210.111.0/24
95.210.132.0/23
176.227.131.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:d4:a5:eb:de:85:8d:b8:bf:8a:67:02:e7:68:61:d3:be:5f:
22:d6:1c:4d:50:77:66:8a:24:3c:b7:ce:36:25:3b:2e:7c:8f:
22:4a:94:b0:37:21:7f:e5:46:06:3a:8b:a9:1b:d0:a7:8d:b0:
35:92:11:60:24:4d:c5:65:5f:cf:98:80:24:c4:51:0e:b3:9b:
82:c5:c9:0d:90:43:44:34:e6:0b:db:fe:64:bb:e3:dc:5c:38:
6b:bc:53:3c:ad:c8:7d:7e:e5:79:9d:1b:97:73:39:61:2e:9c:
2f:97:69:48:01:12:b4:2f:44:e9:95:bf:79:5a:61:39:1f:fd:
57:03:43:82:cf:34:a0:73:ae:84:bf:aa:78:92:9c:b1:d7:12:
4a:33:85:dd:89:d5:0d:d2:9c:3e:5d:01:59:98:f6:10:27:9e:
a2:a0:3d:0b:2c:2f:b6:e8:18:71:35:5a:d5:eb:df:7e:76:70:
9c:9f:e3:ac:3a:ce:5b:27:43:8e:31:d5:a9:f6:53:a9:c1:35:
7b:ef:87:f6:de:37:28:5d:03:c7:17:b2:40:04:f6:0d:c0:ad:
cb:cb:2f:dd:57:b2:14:82:59:49:bc:15:51:1a:55:58:8c:0d:
73:14:05:13:a1:1e:6b:fd:e9:ff:9d:12:78:c5:14:49:7c:06:
c1:6e:c7:f5
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYluG9z2F9mQncyOeBBJ0rkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU3MDI0Njc3NzBlZDY5YjM2N2I3N2JiZTY0MGJjNmRi
NDE1M2UwHhcNMjMwNzE5MTIyNDI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGIwZWU0NTlhZjNmYjkxMDY0MmQ1ZDQ2MzhlMDIzMzgxNWMxMDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe2/dtT8V6iYO83X/PFTCGZ1OUzW
f0w83uJ498qlzsiBHEoSD6S1zPuxMOIzHoECSRk1LsW21b4iElHPkAEW3ZJGW07m
6dQKCJ6/4HWLNW2PMWbXoJqf0nMBVWqGCETrnzTNCDRf+l2ytv85mK3DX08dA8Wy
9k5oj2eYEWnpq8ykkB3WmU31JOYJQIM5dza9AIFICdqJXgF0HtHJIkYgOlN/MKsS
H1UlUuTOswEmKPwJJxeZ9v6MkDb2V5EPQo0nTbBksmDuF7umtu9TLx8yk4V/V+7P
1ZXN/i333BCOqFD/IzlGj7+FNBaUyHRXwee2TKUwKyKmLdRHNZjSMX/MQQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFDSw7kWa8/uRBkLV1GOOAjOBXBBiMB8GA1UdIwQY
MBaAFMdVcCRndw7WmzZ7d7vmQLxttBU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYt
MWQzNzM0OTk5MjRlLzEvTkxEdVJacnotNUVHUXRYVVk0NENNNEZjRUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yNDNmOTEtODc0Ny00OTgxLTljYmYtMWQzNzM0OTk5MjRl
LzEveDFWd0pHZDNEdGFiTm50M3UtWkF2RzIwRlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBVP6CAwQA
VP6JMAwDBARU/pADBABU/pIDBABf0m8DBAFf0oQDBACw44MwDQYJKoZIhvcNAQEL
BQADggEBADzUpevehY24v4pnAudoYdO+XyLWHE1Qd2aKJDy3zjYlOy58jyJKlLA3
IX/lRgY6i6kb0KeNsDWSEWAkTcVlX8+YgCTEUQ6zm4LFyQ2QQ0Q05gvb/mS749xc
OGu8UzytyH1+5XmdG5dzOWEunC+XaUgBErQvROmVv3laYTkf/VcDQ4LPNKBzroS/
qniSnLHXEkozhd2J1Q3SnD5dAVmY9hAnnqKgPQssL7boGHE1WtXr3352cJyf46w6
zlsnQ44x1an2U6nBNXvvh/beNyhdA8cXskAE9g3ArcvLL91XshSCWUm8FVEaVViM
DXMUBROhHmv96f+dEnjFFEl8BsFux/U=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:25:19 2025 by rpki-client