Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/NxctrOpCsKOvzvBc0l_MNT0cro8.roa
File: NxctrOpCsKOvzvBc0l_MNT0cro8.roa (raw, json)
Hash identifier: u2kYv38obU1SOf6fWoUpm5ukEmlepDVFduF/0Du9dSg=
Subject key identifier: 37:17:2D:AC:EA:42:B0:A3:AF:CE:F0:5C:D2:5F:CC:35:3D:1C:AE:8F
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 019107BC4535A553BCB44939B31892BEFC6D
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/NxctrOpCsKOvzvBc0l_MNT0cro8.roa
Signing time: Wed 31 Jul 2024 07:41:04 +0000
ROA not before: Wed 31 Jul 2024 07:41:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39074
IP address blocks: 85.133.128.0/17 maxlen: 24
85.133.128.0/22 maxlen: 22
85.133.128.0/24 maxlen: 24
85.133.129.0/24 maxlen: 24
85.133.130.0/24 maxlen: 24
85.133.131.0/24 maxlen: 24
85.133.132.0/24 maxlen: 24
85.133.133.0/24 maxlen: 24
85.133.134.0/24 maxlen: 24
85.133.135.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.138.0/24 maxlen: 24
85.133.139.0/24 maxlen: 24
85.133.140.0/22 maxlen: 22
85.133.140.0/24 maxlen: 24
85.133.141.0/24 maxlen: 24
85.133.142.0/24 maxlen: 24
85.133.143.0/24 maxlen: 24
85.133.144.0/22 maxlen: 22
85.133.144.0/24 maxlen: 24
85.133.145.0/24 maxlen: 24
85.133.147.0/24 maxlen: 24
85.133.148.0/22 maxlen: 22
85.133.148.0/24 maxlen: 24
85.133.149.0/24 maxlen: 24
85.133.150.0/24 maxlen: 24
85.133.152.0/22 maxlen: 22
85.133.152.0/24 maxlen: 24
85.133.154.0/24 maxlen: 24
85.133.155.0/24 maxlen: 24
85.133.157.0/24 maxlen: 24
85.133.158.0/24 maxlen: 24
85.133.159.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.168.0/22 maxlen: 24
85.133.172.0/22 maxlen: 24
85.133.172.0/24 maxlen: 24
85.133.174.0/24 maxlen: 24
85.133.176.0/22 maxlen: 24
85.133.180.0/22 maxlen: 24
85.133.184.0/22 maxlen: 24
85.133.188.0/22 maxlen: 22
85.133.189.0/24 maxlen: 24
85.133.192.0/22 maxlen: 22
85.133.196.0/22 maxlen: 22
85.133.196.0/24 maxlen: 24
85.133.197.0/24 maxlen: 24
85.133.205.0/24 maxlen: 24
85.133.207.0/24 maxlen: 24
85.133.208.0/24 maxlen: 24
85.133.209.0/24 maxlen: 24
85.133.210.0/23 maxlen: 24
85.133.211.0/24 maxlen: 24
85.133.212.0/22 maxlen: 22
85.133.212.0/24 maxlen: 24
85.133.213.0/24 maxlen: 24
85.133.215.0/24 maxlen: 24
85.133.217.0/24 maxlen: 24
85.133.218.0/24 maxlen: 24
85.133.219.0/24 maxlen: 24
85.133.220.0/22 maxlen: 22
85.133.220.0/24 maxlen: 24
85.133.223.0/24 maxlen: 24
85.133.224.0/22 maxlen: 22
85.133.224.0/23 maxlen: 24
85.133.226.0/24 maxlen: 24
85.133.229.0/24 maxlen: 24
85.133.230.0/24 maxlen: 24
85.133.231.0/24 maxlen: 24
85.133.232.0/22 maxlen: 22
85.133.232.0/24 maxlen: 24
85.133.235.0/24 maxlen: 24
85.133.239.0/24 maxlen: 24
85.133.244.0/24 maxlen: 24
85.133.245.0/24 maxlen: 24
85.133.246.0/24 maxlen: 24
85.133.248.0/23 maxlen: 24
85.133.249.0/24 maxlen: 24
85.133.251.0/24 maxlen: 24
85.133.252.0/22 maxlen: 22
85.133.254.0/24 maxlen: 24
85.133.255.0/24 maxlen: 24
185.41.1.0/24 maxlen: 24
185.41.2.0/24 maxlen: 24
185.41.3.0/24 maxlen: 24
2a04:87c0::/29 maxlen: 29
Validation: Failed, certificate revoked on Sat 03 Aug 2024 17:48:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:07:bc:45:35:a5:53:bc:b4:49:39:b3:18:92:be:fc:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Jul 31 07:41:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=37172dacea42b0a3afcef05cd25fcc353d1cae8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:db:74:33:04:f4:d2:19:ca:0f:c7:8f:91:ff:
36:1a:f5:4c:c3:ae:9a:d1:81:84:2f:ec:a2:cb:e5:
94:25:92:76:ca:ee:57:c8:f8:4b:58:ac:36:6d:36:
33:44:8a:22:ea:84:36:ea:72:4c:bf:4b:0c:32:af:
d0:5a:f8:e7:c5:4e:29:b3:81:2a:92:f7:60:8d:ba:
d1:56:17:60:71:34:01:76:2f:f5:24:9b:40:a6:6a:
5f:3f:2b:10:1e:4d:1a:ac:f4:b0:85:54:46:7c:88:
58:04:f8:ef:34:61:be:15:78:a0:4c:b1:ed:66:60:
55:d0:74:c8:52:71:5e:eb:7d:eb:98:92:dd:c6:b0:
49:4b:c5:05:37:19:d8:29:50:96:dc:9d:6b:5f:1e:
97:aa:fb:85:92:dd:2b:21:f7:3e:00:d5:9c:8f:c1:
df:1a:05:62:17:83:1e:7b:33:b6:bd:8c:66:f1:97:
2e:7c:74:af:85:07:51:ba:e9:66:83:42:ac:56:d6:
93:d8:ce:08:d3:9c:a5:7c:e5:5f:48:bd:0b:f6:84:
d6:7a:2f:e1:77:cc:ca:7a:7e:29:e0:b1:cb:f2:4e:
29:28:ae:7e:16:de:41:91:e5:e9:42:32:20:8d:73:
1b:cc:9a:cc:8e:2a:61:e1:6e:ae:b2:51:48:7b:8c:
22:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:17:2D:AC:EA:42:B0:A3:AF:CE:F0:5C:D2:5F:CC:35:3D:1C:AE:8F
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/NxctrOpCsKOvzvBc0l_MNT0cro8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.128.0/17
185.41.1.0-185.41.3.255
IPv6:
2a04:87c0::/29
Signature Algorithm: sha256WithRSAEncryption
87:0b:ec:76:d3:54:41:11:f0:ff:70:c5:01:53:db:dc:8d:04:
b9:2f:a3:e4:37:49:28:ec:6b:de:93:e5:d1:53:5d:c7:9f:48:
0c:38:03:d2:a6:7c:b8:7e:2b:27:ac:25:1b:c1:8c:a1:c9:04:
09:2f:26:cb:44:6c:82:23:70:a3:d5:d1:1c:43:ca:bf:9f:39:
d5:5b:91:94:e6:7d:4d:86:6c:98:90:0f:f8:c6:01:c1:33:9e:
28:b0:dd:c4:8c:dd:bd:7a:43:fe:85:fa:ff:94:11:cc:75:03:
15:ca:6f:a5:79:fc:25:db:f5:2e:5e:aa:de:cf:59:0a:1a:22:
c8:25:10:69:59:d6:30:ee:43:3a:c9:be:b7:4b:3e:9e:55:ac:
ef:f1:0d:c0:ef:29:20:1b:d2:5c:51:09:b8:96:50:20:e3:bd:
8a:51:5c:f1:b4:0b:c3:a0:b4:5e:5b:69:de:a1:bb:68:46:98:
af:e7:7b:a0:0b:cd:a8:3d:71:b9:5e:08:81:c3:82:a7:60:54:
58:dc:e2:d6:fd:9e:c9:bd:a8:9a:61:e7:0c:9f:f4:e7:38:bd:
9f:c1:ca:e6:6c:96:07:e4:3c:4c:3e:04:ce:fe:6e:42:7a:6e:
0e:e0:53:f1:24:41:c0:d8:87:31:9a:52:2e:a7:5b:5a:65:27:
f1:16:52:52
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZEHvEU1pVO8tEk5sxiSvvxtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwNzMxMDc0MTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzE3MmRhY2VhNDJiMGEzYWZjZWYwNWNkMjVmY2MzNTNkMWNhZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tt0MwT00hnKD8ePkf82GvVMw66a
0YGEL+yiy+WUJZJ2yu5XyPhLWKw2bTYzRIoi6oQ26nJMv0sMMq/QWvjnxU4ps4Eq
kvdgjbrRVhdgcTQBdi/1JJtApmpfPysQHk0arPSwhVRGfIhYBPjvNGG+FXigTLHt
ZmBV0HTIUnFe633rmJLdxrBJS8UFNxnYKVCW3J1rXx6XqvuFkt0rIfc+ANWcj8Hf
GgViF4MeezO2vYxm8ZcufHSvhQdRuulmg0KsVtaT2M4I05ylfOVfSL0L9oTWei/h
d8zKen4p4LHL8k4pKK5+Ft5BkeXpQjIgjXMbzJrMjiph4W6uslFIe4wiRwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFDcXLazqQrCjr87wXNJfzDU9HK6PMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvTnhjdHJPcENzS092enZCYzBsX01OVDBjcm84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQHVYWAMAwD
BAC5KQEDBAK5KQAwDQQCAAIwBwMFAyoEh8AwDQYJKoZIhvcNAQELBQADggEBAIcL
7HbTVEER8P9wxQFT29yNBLkvo+Q3SSjsa96T5dFTXcefSAw4A9KmfLh+KyesJRvB
jKHJBAkvJstEbIIjcKPV0RxDyr+fOdVbkZTmfU2GbJiQD/jGAcEzniiw3cSM3b16
Q/6F+v+UEcx1AxXKb6V5/CXb9S5eqt7PWQoaIsglEGlZ1jDuQzrJvrdLPp5VrO/x
DcDvKSAb0lxRCbiWUCDjvYpRXPG0C8OgtF5bad6hu2hGmK/ne6ALzag9cbleCIHD
gqdgVFjc4tb9nsm9qJph5wyf9Oc4vZ/ByuZslgfkPEw+BM7+bkJ6bg7gU/EkQcDY
hzGaUi6nW1plJ/EWUlI=
-----END CERTIFICATE-----
Generated at Sat Aug 3 18:59:18 2024 by rpki-client on console-fra.rpki-client.org