Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/7207a9-27f4-44ec-bf78-a207c7a19ed2/1/NRz3Q_xfcac7OkySyKH5AspdlHY.roa
File: NRz3Q_xfcac7OkySyKH5AspdlHY.roa (raw, json)
Hash identifier: mz7lBvfHRDdwLJ5aWoa+qXHMSrfELQN6ZieLoiJ3jN0=
Subject key identifier: 35:1C:F7:43:FC:5F:71:A7:3B:3A:4C:92:C8:A1:F9:02:CA:5D:94:76
Certificate issuer: /CN=612aef4c7bfe7e072f62d2dd505ab57e37ea385e
Certificate serial: 12A547C5
Authority key identifier: 61:2A:EF:4C:7B:FE:7E:07:2F:62:D2:DD:50:5A:B5:7E:37:EA:38:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YSrvTHv-fgcvYtLdUFq1fjfqOF4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f4/7207a9-27f4-44ec-bf78-a207c7a19ed2/1/NRz3Q_xfcac7OkySyKH5AspdlHY.roa
Signing time: Sat 01 Jan 2022 09:57:02 +0000
ROA not before: Sat 01 Jan 2022 09:57:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59494
IP address blocks: 185.145.140.0/22 maxlen: 22
185.145.140.0/23 maxlen: 23
185.145.142.0/23 maxlen: 23
193.187.80.0/23 maxlen: 23
2a07:4480::/32 maxlen: 32
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 312821701 (0x12a547c5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=612aef4c7bfe7e072f62d2dd505ab57e37ea385e
Validity
Not Before: Jan 1 09:57:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=351cf743fc5f71a73b3a4c92c8a1f902ca5d9476
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:a0:53:c7:01:73:0d:6e:3b:ef:75:37:ec:ef:
83:1b:11:95:29:c1:2f:22:14:45:86:8a:e4:aa:53:
ec:b2:c0:ee:3c:4d:92:7e:ba:08:0e:f9:3c:0a:18:
82:f0:83:e3:88:51:1a:5f:a1:ab:8e:21:52:d9:9c:
38:37:79:fa:8e:07:7d:1e:b9:07:de:30:09:ab:0f:
bc:e6:40:00:c5:ed:7e:4c:e0:24:78:0d:1c:4d:95:
8a:03:83:ad:c8:ad:38:c0:a3:d3:2b:6b:3e:d4:fb:
78:39:09:c7:c7:0c:23:5f:20:da:ad:de:37:58:8a:
49:58:df:26:bc:62:d8:bc:9a:3a:64:27:79:f3:1c:
48:85:6f:54:96:51:61:9e:29:3c:3a:db:fb:5b:ff:
fe:35:e6:63:14:3c:fb:de:76:a2:ba:35:b5:73:95:
54:7d:a7:5e:eb:12:d9:d9:cd:79:53:56:77:de:6d:
dc:d3:5b:86:37:ca:b1:d5:bd:e2:c9:18:a2:97:28:
15:60:2a:39:be:60:c6:99:40:60:ae:fc:d9:ab:d6:
74:b2:05:1e:4c:ee:d7:49:0c:9a:49:8d:85:77:e0:
7b:2a:79:cd:69:0e:1d:c2:e3:dc:17:fe:09:34:0d:
00:f8:dc:b8:f8:20:06:c6:d1:71:46:a6:ec:4b:8c:
07:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:1C:F7:43:FC:5F:71:A7:3B:3A:4C:92:C8:A1:F9:02:CA:5D:94:76
X509v3 Authority Key Identifier:
keyid:61:2A:EF:4C:7B:FE:7E:07:2F:62:D2:DD:50:5A:B5:7E:37:EA:38:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YSrvTHv-fgcvYtLdUFq1fjfqOF4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/7207a9-27f4-44ec-bf78-a207c7a19ed2/1/NRz3Q_xfcac7OkySyKH5AspdlHY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/7207a9-27f4-44ec-bf78-a207c7a19ed2/1/YSrvTHv-fgcvYtLdUFq1fjfqOF4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.145.140.0/22
193.187.80.0/23
IPv6:
2a07:4480::/32
Signature Algorithm: sha256WithRSAEncryption
2b:64:46:81:0b:a9:0d:25:00:99:ca:d3:40:3b:2e:44:22:ee:
1a:b2:fc:1b:5c:bb:92:a3:52:d3:82:38:a7:20:5b:76:b4:75:
d4:ed:44:88:59:0e:e5:e5:f7:2a:10:5b:42:fe:1b:ec:79:bc:
fa:3a:86:c9:ae:2d:0d:95:42:dc:c7:9c:36:8b:d7:2a:16:d7:
26:8f:64:d8:81:0a:19:4e:e0:1e:22:16:ad:fc:47:a7:3e:cf:
be:1a:94:9d:ea:8f:cd:71:71:39:75:55:f7:e1:94:ea:ff:4f:
78:5b:16:6b:91:fd:ea:15:e4:e7:00:26:ba:64:b6:7d:67:28:
dc:87:41:f7:b2:a2:58:74:9c:ac:73:70:72:a5:a3:53:06:38:
17:8b:38:72:f6:40:0d:70:fe:22:3e:8a:31:91:68:8e:c8:6c:
c8:2a:78:5f:a2:6f:ea:27:c2:33:30:c1:95:1d:e3:63:fa:fc:
85:87:63:30:f0:8c:eb:d6:8e:f6:c6:21:e5:de:53:ec:e8:04:
a4:2b:e8:d4:60:8e:0a:68:e0:34:d0:d5:d2:59:dc:e4:d6:f0:
da:cc:0c:a6:96:a4:83:63:31:6a:3f:c6:38:3f:5f:af:ab:c9:
a3:75:9c:1b:36:f5:79:3b:25:66:0b:c0:d8:d8:5f:8e:c8:af:
96:ba:de:b5
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEEqVHxTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
MTJhZWY0YzdiZmU3ZTA3MmY2MmQyZGQ1MDVhYjU3ZTM3ZWEzODVlMB4XDTIyMDEw
MTA5NTcwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzUxY2Y3NDNmYzVm
NzFhNzNiM2E0YzkyYzhhMWY5MDJjYTVkOTQ3NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKagU8cBcw1uO+91N+zvgxsRlSnBLyIURYaK5KpT7LLA7jxN
kn66CA75PAoYgvCD44hRGl+hq44hUtmcODd5+o4HfR65B94wCasPvOZAAMXtfkzg
JHgNHE2VigODrcitOMCj0ytrPtT7eDkJx8cMI18g2q3eN1iKSVjfJrxi2LyaOmQn
efMcSIVvVJZRYZ4pPDrb+1v//jXmYxQ8+952oro1tXOVVH2nXusS2dnNeVNWd95t
3NNbhjfKsdW94skYopcoFWAqOb5gxplAYK782avWdLIFHkzu10kMmkmNhXfgeyp5
zWkOHcLj3Bf+CTQNAPjcuPggBsbRcUam7EuMBykCAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQ1HPdD/F9xpzs6TJLIofkCyl2UdjAfBgNVHSMEGDAWgBRhKu9Me/5+By9i
0t1QWrV+N+o4XjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1lTcnZUSHYtZmdjdll0TGRVRnExZmpmcU9GNC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjQvNzIwN2E5LTI3ZjQtNDRlYy1iZjc4LWEyMDdjN2ExOWVkMi8x
L05SejNRX3hmY2FjN09reVN5S0g1QXNwZGxIWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjQv
NzIwN2E5LTI3ZjQtNDRlYy1iZjc4LWEyMDdjN2ExOWVkMi8xL1lTcnZUSHYtZmdj
dll0TGRVRnExZmpmcU9GNC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEArmRjAMEAcG7UDANBAIAAjAHAwUA
KgdEgDANBgkqhkiG9w0BAQsFAAOCAQEAK2RGgQupDSUAmcrTQDsuRCLuGrL8G1y7
kqNS04I4pyBbdrR11O1EiFkO5eX3KhBbQv4b7Hm8+jqGya4tDZVC3MecNovXKhbX
Jo9k2IEKGU7gHiIWrfxHpz7PvhqUneqPzXFxOXVV9+GU6v9PeFsWa5H96hXk5wAm
umS2fWco3IdB97KiWHScrHNwcqWjUwY4F4s4cvZADXD+Ij6KMZFojshsyCp4X6Jv
6ifCMzDBlR3jY/r8hYdjMPCM69aO9sYh5d5T7OgEpCvo1GCOCmjgNNDV0lnc5Nbw
2swMppakg2Mxaj/GOD9fr6vJo3WcGzb1eTslZgvA2NhfjsivlrretQ==
-----END CERTIFICATE-----
Generated at Sun Jun 8 00:23:18 2025 by rpki-client