Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9NRz-CbrlS-Y9D03XDiDGDLs7Uk.roa
File: 9NRz-CbrlS-Y9D03XDiDGDLs7Uk.roa (raw, json)
Hash identifier: Uwb0zJFBjzcwaAWwg6IUqvr70jQdoYsfcphZdO72FvY=
Subject key identifier: F4:D4:73:F8:26:EB:95:2F:98:F4:3D:37:5C:38:83:18:32:EC:ED:49
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0187571677DA0E012DA53C10DF3828299745
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9NRz-CbrlS-Y9D03XDiDGDLs7Uk.roa
Signing time: Thu 06 Apr 2023 15:01:42 +0000
ROA not before: Thu 06 Apr 2023 15:01:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49392
IP address blocks: 194.87.118.0/23 maxlen: 24
195.133.10.0/23 maxlen: 23
194.135.32.0/24 maxlen: 24
195.133.6.0/23 maxlen: 23
194.87.40.0/24 maxlen: 24
195.133.26.0/23 maxlen: 24
195.133.52.0/23 maxlen: 23
195.133.59.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:57:16:77:da:0e:01:2d:a5:3c:10:df:38:28:29:97:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Apr 6 15:01:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f4d473f826eb952f98f43d375c38831832eced49
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:b2:c5:12:58:53:55:d7:6a:6b:ae:ea:83:42:
74:2b:5f:7a:68:2a:c4:73:4a:5f:25:4c:2f:a6:e0:
9c:cc:17:92:11:20:9b:6f:b1:bb:f0:b0:ec:83:3c:
bc:30:6a:7c:9d:a0:bb:df:2d:5b:c0:38:fd:e4:ec:
16:ef:44:e4:86:e8:2f:88:16:d6:e1:23:54:b2:48:
66:ea:69:75:dd:05:2f:86:85:54:0e:74:7e:53:dc:
e1:7c:bb:3e:ed:28:e2:92:3c:4a:98:b5:d9:bd:19:
0c:92:fc:3c:a3:ab:b4:79:77:91:5c:fe:a4:f0:0b:
74:06:8f:a5:06:77:f8:bd:ec:51:59:78:d7:9c:c7:
f2:a6:0b:4d:73:25:f1:30:18:d5:74:a7:d1:a9:0e:
5e:4e:ff:95:d9:f1:1b:00:3e:95:32:a4:41:48:09:
7b:e0:9b:ad:d1:25:00:d3:9e:2a:ff:9c:9b:94:35:
12:84:08:cf:f6:7f:8a:3d:79:b5:20:0b:c2:46:3f:
61:1b:f4:77:9c:e9:44:48:49:d1:0c:0d:5f:f6:c6:
bb:a4:2e:52:20:14:23:20:c2:de:76:34:6e:2d:ba:
3c:ce:71:db:48:8b:90:c5:d6:92:6f:47:ff:db:86:
e5:87:b0:0a:44:c1:69:de:2f:83:15:e2:f7:69:d6:
79:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:D4:73:F8:26:EB:95:2F:98:F4:3D:37:5C:38:83:18:32:EC:ED:49
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/9NRz-CbrlS-Y9D03XDiDGDLs7Uk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.40.0/24
194.87.118.0/23
194.135.32.0/24
195.133.6.0/23
195.133.10.0/23
195.133.26.0/23
195.133.52.0/23
195.133.59.0/24
Signature Algorithm: sha256WithRSAEncryption
77:54:ad:d2:19:4e:30:da:f3:8a:29:7a:a9:cf:6a:4d:ac:75:
cc:83:7d:5d:1a:a8:e6:ad:71:66:3b:89:d2:21:44:d0:f0:4d:
37:05:1b:65:40:26:89:ec:d7:0d:f2:1c:f5:c4:59:51:b6:3e:
00:48:fa:9b:e6:7b:7e:5a:60:78:e8:1b:4f:d4:bb:e4:cb:92:
9d:88:20:07:b3:e1:a2:3b:60:45:d2:59:32:b2:13:55:1b:6b:
ae:69:09:d4:18:f3:14:45:82:a6:b0:28:4c:4f:4d:d8:5f:93:
44:84:e6:40:29:ef:c7:e8:9a:ba:d2:ef:e2:d0:87:2a:99:f0:
b9:6e:e9:c8:10:50:74:b1:93:60:1d:2c:44:fd:71:ca:25:0e:
b9:85:de:5b:9b:19:a9:84:69:19:fb:0c:f2:a5:61:71:d2:e2:
b3:94:52:26:80:7e:53:10:94:c9:59:1d:3e:1a:28:05:9d:cc:
43:1a:ca:cc:27:df:8e:44:48:50:e9:4a:d6:39:d9:dc:44:7c:
03:43:c2:ca:ab:ef:32:66:40:7a:78:eb:c1:7d:6a:a8:45:88:
cd:5f:2c:ff:af:8d:6f:0f:f7:77:78:21:57:13:8e:99:c9:74:
76:eb:05:dc:21:bb:10:02:96:56:92:0e:3b:96:22:31:a4:06:
f9:12:7c:9d
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYdXFnfaDgEtpTwQ3zgoKZdFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDA2MTUwMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGQ0NzNmODI2ZWI5NTJmOThmNDNkMzc1YzM4ODMxODMyZWNlZDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7LFElhTVddqa67qg0J0K196aCrE
c0pfJUwvpuCczBeSESCbb7G78LDsgzy8MGp8naC73y1bwDj95OwW70TkhugviBbW
4SNUskhm6ml13QUvhoVUDnR+U9zhfLs+7SjikjxKmLXZvRkMkvw8o6u0eXeRXP6k
8At0Bo+lBnf4vexRWXjXnMfypgtNcyXxMBjVdKfRqQ5eTv+V2fEbAD6VMqRBSAl7
4Jut0SUA054q/5yblDUShAjP9n+KPXm1IAvCRj9hG/R3nOlESEnRDA1f9sa7pC5S
IBQjIMLedjRuLbo8znHbSIuQxdaSb0f/24blh7AKRMFp3i+DFeL3adZ5IQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFPTUc/gm65UvmPQ9N1w4gxgy7O1JMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvOU5Sei1DYnJsUy1ZOUQwM1hEaURHRExzN1VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAwlcoAwQB
wld2AwQAwocgAwQBw4UGAwQBw4UKAwQBw4UaAwQBw4U0AwQAw4U7MA0GCSqGSIb3
DQEBCwUAA4IBAQB3VK3SGU4w2vOKKXqpz2pNrHXMg31dGqjmrXFmO4nSIUTQ8E03
BRtlQCaJ7NcN8hz1xFlRtj4ASPqb5nt+WmB46BtP1Lvky5KdiCAHs+GiO2BF0lky
shNVG2uuaQnUGPMURYKmsChMT03YX5NEhOZAKe/H6Jq60u/i0IcqmfC5bunIEFB0
sZNgHSxE/XHKJQ65hd5bmxmphGkZ+wzypWFx0uKzlFImgH5TEJTJWR0+GigFncxD
GsrMJ9+OREhQ6UrWOdncRHwDQ8LKq+8yZkB6eOvBfWqoRYjNXyz/r41vD/d3eCFX
E46ZyXR26wXcIbsQApZWkg47liIxpAb5Enyd
-----END CERTIFICATE-----
Generated at Tue Jun 17 23:13:26 2025 by rpki-client