Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/89NpBwzqyBIY5-Sy81MenM4wLc8.roa
File: 89NpBwzqyBIY5-Sy81MenM4wLc8.roa (raw, json)
Hash identifier: R3mkaA7mN0A/2nldqZQxG0fTkQyXUA/6DePCXvWMNzg=
Subject key identifier: F3:D3:69:07:0C:EA:C8:12:18:E7:E4:B2:F3:53:1E:9C:CE:30:2D:CF
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 0A3621E8
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/89NpBwzqyBIY5-Sy81MenM4wLc8.roa
Signing time: Fri 04 Feb 2022 14:29:07 +0000
ROA not before: Fri 04 Feb 2022 14:29:07 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60025
IP address blocks: 85.133.194.0/24 maxlen: 24
85.133.217.0/24 maxlen: 24
85.133.238.0/24 maxlen: 24
85.133.236.0/24 maxlen: 24
85.133.234.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.137.0/24 maxlen: 24
85.133.253.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.169.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 171319784 (0xa3621e8)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Feb 4 14:29:07 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f3d369070ceac81218e7e4b2f3531e9cce302dcf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:45:db:76:ca:cf:7e:60:8f:0e:50:26:fc:d8:
75:f7:0e:28:d3:8e:b1:e1:b2:0d:c7:cd:3a:55:8b:
ca:81:ec:cb:42:ea:63:41:4e:43:9d:d8:f7:f1:a3:
10:9d:07:4d:a6:c8:cb:f4:ac:7b:5a:9c:91:c8:e0:
8b:50:8b:3b:26:a0:51:5e:b7:3c:e7:85:31:02:c3:
5a:f1:7c:24:76:73:20:d4:70:cf:01:d5:13:eb:1f:
b0:33:05:2b:ba:8e:b3:f4:5a:f5:37:ff:94:8c:54:
b8:4c:40:35:c7:24:0d:2d:73:9b:76:79:1c:2a:5d:
cf:f3:b8:a1:98:cc:e4:0a:1a:01:f1:cd:46:ff:d3:
74:d6:11:3a:a4:8f:ec:74:26:e6:63:ae:a4:0a:8a:
e9:8d:1c:63:c5:db:36:28:ab:db:91:0e:a2:b0:bd:
8c:de:16:b7:ee:6b:80:2e:9c:9f:82:0f:e7:c3:8f:
27:74:22:68:a3:ff:f1:2f:3e:bb:df:45:d9:02:ed:
49:80:dc:33:4e:5d:c8:b4:76:4d:4d:19:53:b4:f8:
11:6b:e8:4f:59:e5:74:ed:0d:34:25:d4:f5:7a:22:
4c:98:6a:df:f2:db:9a:ff:7b:ef:f7:4f:28:3c:dd:
f2:d4:ab:70:52:3b:9f:91:81:a5:bf:11:2f:ed:31:
27:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:D3:69:07:0C:EA:C8:12:18:E7:E4:B2:F3:53:1E:9C:CE:30:2D:CF
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/89NpBwzqyBIY5-Sy81MenM4wLc8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.136.0/23
85.133.164.0/23
85.133.169.0/24
85.133.194.0/24
85.133.217.0/24
85.133.234.0/24
85.133.236.0/24
85.133.238.0/24
85.133.253.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:3f:c9:73:62:e2:b0:7e:53:5b:5a:a7:7d:2d:b3:f4:3a:7f:
1e:d3:75:35:0d:a7:6b:0b:cb:43:49:c7:ca:a3:0c:ca:91:85:
63:c0:53:b6:22:dc:36:e3:5c:18:90:b0:e2:6c:f8:ad:e3:71:
26:2e:c0:37:f0:94:6e:6f:a5:59:e8:6a:6a:27:6c:79:5a:e1:
50:f6:d1:08:bf:63:92:35:a9:6e:64:96:cb:75:dd:0d:5d:c8:
18:32:17:d7:06:9d:cf:80:04:14:57:8e:49:9c:32:75:48:14:
18:69:dd:28:d1:19:4b:af:b4:5c:c8:27:7b:0c:93:0a:1c:2c:
7e:da:1e:05:e7:1d:cb:a4:c0:83:97:cf:56:22:ee:bb:51:ec:
41:71:0a:ca:e6:4f:94:af:f3:b4:bf:de:2f:46:de:45:5b:7f:
a2:6d:64:37:d0:21:dc:2f:8b:81:ee:4d:c7:c7:db:20:fc:de:
cf:7c:dd:19:f6:2c:dd:f1:68:2c:ac:7d:af:16:7f:32:af:50:
93:84:6a:1b:e3:45:7f:55:eb:51:ca:49:8d:22:2f:7a:b5:e2:
da:00:a2:33:9a:8c:b5:de:13:2f:ab:7b:28:5b:27:22:0a:d0:
ff:22:eb:28:da:e5:a2:be:f9:cf:b4:87:f7:db:7b:28:b1:ca:
ea:c6:b7:bb
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIECjYh6DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhj
ZDVlMzk2NThhM2VmNmYxM2NhMjFjYzExYTRlMzNlYmNkOTQ2NzAyMB4XDTIyMDIw
NDE0MjkwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjNkMzY5MDcwY2Vh
YzgxMjE4ZTdlNGIyZjM1MzFlOWNjZTMwMmRjZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO5F23bKz35gjw5QJvzYdfcOKNOOseGyDcfNOlWLyoHsy0Lq
Y0FOQ53Y9/GjEJ0HTabIy/Sse1qckcjgi1CLOyagUV63POeFMQLDWvF8JHZzINRw
zwHVE+sfsDMFK7qOs/Ra9Tf/lIxUuExANcckDS1zm3Z5HCpdz/O4oZjM5AoaAfHN
Rv/TdNYROqSP7HQm5mOupAqK6Y0cY8XbNiir25EOorC9jN4Wt+5rgC6cn4IP58OP
J3QiaKP/8S8+u99F2QLtSYDcM05dyLR2TU0ZU7T4EWvoT1nldO0NNCXU9XoiTJhq
3/Lbmv977/dPKDzd8tSrcFI7n5GBpb8RL+0xJykCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBTz02kHDOrIEhjn5LLzUx6czjAtzzAfBgNVHSMEGDAWgBTNXjllij728Tyi
HMEaTjPrzZRnAjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3pWNDVaWW8tOXZFOG9oekJHazR6NjgyVVp3SS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjAvZWY1MzZjLTAzZDMtNGFjNS1iMTI1LTVkMWZhNjZjMzYzYi8x
Lzg5TnBCd3pxeUJJWTUtU3k4MU1lbk00d0xjOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjAv
ZWY1MzZjLTAzZDMtNGFjNS1iMTI1LTVkMWZhNjZjMzYzYi8xL3pWNDVaWW8tOXZF
OG9oekJHazR6NjgyVVp3SS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAVWFiAMEAVWFpAMEAFWFqQMEAFWF
wgMEAFWF2QMEAFWF6gMEAFWF7AMEAFWF7gMEAFWF/TANBgkqhkiG9w0BAQsFAAOC
AQEAij/Jc2LisH5TW1qnfS2z9Dp/HtN1NQ2nawvLQ0nHyqMMypGFY8BTtiLcNuNc
GJCw4mz4reNxJi7AN/CUbm+lWehqaidseVrhUPbRCL9jkjWpbmSWy3XdDV3IGDIX
1wadz4AEFFeOSZwydUgUGGndKNEZS6+0XMgnewyTChwsftoeBecdy6TAg5fPViLu
u1HsQXEKyuZPlK/ztL/eL0beRVt/om1kN9Ah3C+Lge5Nx8fbIPzez3zdGfYs3fFo
LKx9rxZ/Mq9Qk4RqG+NFf1XrUcpJjSIverXi2gCiM5qMtd4TL6t7KFsnIgrQ/yLr
KNrlor75z7SH99t7KLHK6sa3uw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:05 2023 by rpki-client on console-ams.rpki-client.org