Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/dO_Q6acIdgzpjwn4inwd-8wY34s.roa
File: dO_Q6acIdgzpjwn4inwd-8wY34s.roa (raw, json)
Hash identifier: /0dv+irNMfJcfGIULXUYe3ibNik+uJ9i4Dx8ViP5ZHE=
Subject key identifier: 74:EF:D0:E9:A7:08:76:0C:E9:8F:09:F8:8A:7C:1D:FB:CC:18:DF:8B
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 01877BDA64A06950D3438146B2D8A31809CB
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/dO_Q6acIdgzpjwn4inwd-8wY34s.roa
Signing time: Thu 13 Apr 2023 18:22:02 +0000
ROA not before: Thu 13 Apr 2023 18:22:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25098
IP address blocks: 85.133.202.0/24 maxlen: 24
85.133.215.0/24 maxlen: 24
85.133.217.0/24 maxlen: 24
85.133.225.0/24 maxlen: 24
85.133.137.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.156.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7b:da:64:a0:69:50:d3:43:81:46:b2:d8:a3:18:09:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Apr 13 18:22:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=74efd0e9a708760ce98f09f88a7c1dfbcc18df8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:e4:79:71:88:1f:35:aa:b5:4f:93:23:04:4c:
6b:bf:4d:aa:4a:55:23:80:36:35:d8:13:4c:19:15:
a9:79:d2:60:cd:22:b7:2e:51:15:a6:03:98:0b:af:
8c:57:de:86:a4:b3:0b:53:29:24:3c:72:1d:ec:83:
fe:99:a4:c7:78:94:3b:55:e7:16:1b:8d:95:38:38:
e3:f9:8d:c4:7d:33:66:16:b8:21:4a:98:2e:84:2f:
76:63:db:ee:2d:b3:9a:9f:96:2f:e3:d7:cc:98:e7:
df:f5:45:40:e6:e9:0e:02:1e:11:f7:2d:f3:1f:94:
13:84:f0:84:c0:68:13:5d:62:5e:8e:86:6c:94:e2:
67:61:8d:de:3c:b2:e8:b8:66:a3:9f:4e:19:70:2e:
1f:12:de:13:80:90:f3:98:bd:8c:8f:32:a3:65:e6:
67:79:40:55:c7:be:62:68:99:53:e1:8b:08:82:dd:
68:0c:0a:d5:3d:99:6b:08:01:6d:62:d1:86:b4:64:
18:4d:a3:03:8b:36:0c:ba:1f:a8:92:c0:7f:4c:d7:
4a:c4:3a:26:83:05:a8:7c:01:ea:79:81:11:f2:6a:
57:67:b7:bf:3c:f0:28:d3:d0:74:5b:0e:36:d8:ef:
d2:b1:0d:00:2b:60:0a:d2:d5:5f:ed:cb:5c:16:f9:
99:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:EF:D0:E9:A7:08:76:0C:E9:8F:09:F8:8A:7C:1D:FB:CC:18:DF:8B
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/dO_Q6acIdgzpjwn4inwd-8wY34s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.136.0/23
85.133.156.0/24
85.133.164.0/23
85.133.202.0/24
85.133.215.0/24
85.133.217.0/24
85.133.225.0/24
Signature Algorithm: sha256WithRSAEncryption
60:6e:f3:9b:c0:79:fc:f5:be:c9:fa:8a:79:29:4c:4b:1d:85:
2b:ff:87:77:a4:43:53:75:ea:cc:a8:7d:86:08:56:6c:ca:81:
fa:4b:b2:17:ea:17:e3:d6:ee:9d:4c:b1:28:db:83:40:d2:d5:
cb:36:d1:d5:81:7e:54:bb:75:98:a6:0d:8f:12:0d:4b:d1:35:
13:8b:e8:3a:f0:29:c9:7a:2b:3d:2f:64:64:bd:d8:18:09:5e:
28:5f:c1:46:ee:59:c4:4e:d0:e6:ec:6b:58:f2:46:35:57:9a:
be:8e:88:4e:a0:aa:0e:75:08:a8:6a:aa:ff:87:ae:4b:9d:9d:
4d:8b:dc:89:c5:5a:40:71:6f:19:e6:8d:dd:2e:37:60:cf:90:
6b:6a:23:4e:c0:b9:a2:1c:f6:25:85:35:87:bc:b8:ac:d9:4b:
9a:85:f5:6b:f3:b3:23:d2:b7:12:77:31:e0:1e:30:dd:d0:95:
4b:d1:31:3d:52:82:d3:52:8e:76:fa:e1:8c:21:7f:57:30:4d:
bc:a9:a3:2d:c6:79:be:b6:5b:d7:ad:28:6d:83:c6:c6:bb:7d:
7d:1e:9f:e0:06:3b:32:63:4e:90:ae:d6:6d:b7:97:f5:65:96:
be:14:d4:0f:fe:a5:6e:ed:43:04:44:aa:72:e6:60:1e:27:f1:
c4:d3:74:d5
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYd72mSgaVDTQ4FGstijGAnLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjMwNDEzMTgyMjAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVmZDBlOWE3MDg3NjBjZTk4ZjA5Zjg4YTdjMWRmYmNjMThkZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+R5cYgfNaq1T5MjBExrv02qSlUj
gDY12BNMGRWpedJgzSK3LlEVpgOYC6+MV96GpLMLUykkPHId7IP+maTHeJQ7VecW
G42VODjj+Y3EfTNmFrghSpguhC92Y9vuLbOan5Yv49fMmOff9UVA5ukOAh4R9y3z
H5QThPCEwGgTXWJejoZslOJnYY3ePLLouGajn04ZcC4fEt4TgJDzmL2MjzKjZeZn
eUBVx75iaJlT4YsIgt1oDArVPZlrCAFtYtGGtGQYTaMDizYMuh+oksB/TNdKxDom
gwWofAHqeYER8mpXZ7e/PPAo09B0Ww422O/SsQ0AK2AK0tVf7ctcFvmZJQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFHTv0OmnCHYM6Y8J+Ip8HfvMGN+LMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvZE9fUTZhY0lkZ3pwanduNGlud2QtOHdZMzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBVYWIAwQA
VYWcAwQBVYWkAwQAVYXKAwQAVYXXAwQAVYXZAwQAVYXhMA0GCSqGSIb3DQEBCwUA
A4IBAQBgbvObwHn89b7J+op5KUxLHYUr/4d3pENTderMqH2GCFZsyoH6S7IX6hfj
1u6dTLEo24NA0tXLNtHVgX5Uu3WYpg2PEg1L0TUTi+g68CnJeis9L2RkvdgYCV4o
X8FG7lnETtDm7GtY8kY1V5q+johOoKoOdQioaqr/h65LnZ1Ni9yJxVpAcW8Z5o3d
Ljdgz5BraiNOwLmiHPYlhTWHvLis2UuahfVr87Mj0rcSdzHgHjDd0JVL0TE9UoLT
Uo52+uGMIX9XME28qaMtxnm+tlvXrShtg8bGu319Hp/gBjsyY06QrtZtt5f1ZZa+
FNQP/qVu7UMERKpy5mAeJ/HE03TV
-----END CERTIFICATE-----
Generated at Mon Jun 9 06:12:08 2025 by rpki-client