Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nD2RXKyShAw7rFcs6bSWQCZz0Mg.roa
File: nD2RXKyShAw7rFcs6bSWQCZz0Mg.roa (raw, json)
Hash identifier: Zql3D/JM6OQMJb5Xi79ArehdKDdYQ2OdzMnnSgz9msc=
Subject key identifier: 9C:3D:91:5C:AC:92:84:0C:3B:AC:57:2C:E9:B4:96:40:26:73:D0:C8
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01876A4CAE1A6F1FA161E95E1A1E449C9985
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nD2RXKyShAw7rFcs6bSWQCZz0Mg.roa
Signing time: Mon 10 Apr 2023 08:33:42 +0000
ROA not before: Mon 10 Apr 2023 08:33:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3507
IP address blocks: 93.114.192.0/24 maxlen: 24
193.23.130.0/24 maxlen: 24
45.156.158.0/24 maxlen: 24
89.34.127.0/24 maxlen: 24
89.33.84.0/24 maxlen: 24
93.115.109.0/24 maxlen: 24
188.240.232.0/24 maxlen: 24
188.241.110.0/24 maxlen: 24
188.241.214.0/24 maxlen: 24
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:6a:4c:ae:1a:6f:1f:a1:61:e9:5e:1a:1e:44:9c:99:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Apr 10 08:33:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9c3d915cac92840c3bac572ce9b496402673d0c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:1c:a1:24:68:4c:6d:2f:14:17:fc:5f:4d:3e:
ce:43:61:50:93:e0:1c:cb:3d:bf:76:cb:5b:56:9a:
64:ec:e5:66:d6:f6:dc:64:20:51:30:2f:d3:67:da:
55:a2:4e:88:3c:e0:24:e4:ed:8a:5b:21:72:5b:60:
fa:dd:37:1a:64:70:5a:7b:94:0b:5c:1f:f0:79:f5:
12:8c:cd:6e:b4:9b:28:e3:f3:38:c2:2c:33:8d:e6:
e9:7d:b1:ae:bc:93:d2:07:75:e7:b1:b1:c5:e0:b5:
b0:a6:64:ab:41:51:29:3b:fc:80:23:4e:13:d2:1e:
ca:ed:f9:22:c5:b5:4d:e2:95:eb:e5:36:a8:15:cd:
07:18:2e:ef:ed:c8:b3:8b:91:f0:d6:de:6c:07:04:
82:6c:78:0a:e6:76:29:a6:21:b2:8e:2a:be:8a:d2:
27:0a:62:16:91:84:51:2b:1e:f8:ab:d0:0c:6f:c5:
d7:47:c5:1e:ee:09:36:6e:2b:e7:4e:70:33:ca:68:
d0:bf:53:ab:38:cc:a4:88:a1:4a:06:d9:c1:b7:ad:
2f:2d:6f:85:b5:a4:7d:54:22:19:38:ae:f3:74:53:
86:9c:6c:9c:6d:38:81:a5:54:ca:64:85:6d:50:18:
e1:d3:13:1d:b4:bd:75:99:a8:9a:62:5b:bc:42:71:
93:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:3D:91:5C:AC:92:84:0C:3B:AC:57:2C:E9:B4:96:40:26:73:D0:C8
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/nD2RXKyShAw7rFcs6bSWQCZz0Mg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.158.0/24
89.33.84.0/24
89.34.127.0/24
93.114.192.0/24
93.115.109.0/24
188.240.232.0/24
188.241.110.0/24
188.241.214.0/24
193.23.130.0/24
Signature Algorithm: sha256WithRSAEncryption
3e:f4:04:9b:6b:d5:c5:c0:f7:90:cc:80:11:67:1a:b1:f3:47:
bf:44:f1:49:b9:96:f5:f4:3e:c0:4c:cc:8e:0d:3e:ab:ca:02:
71:d0:d7:aa:b2:50:d5:f7:b3:95:b6:7e:2e:52:ab:13:29:14:
21:03:2a:7c:59:b8:39:5c:34:e0:5a:29:a7:f4:fe:fa:54:71:
6e:09:d8:1e:f0:67:8d:9e:d4:49:92:0f:ae:82:16:19:f5:dc:
bf:93:ee:94:0f:c4:fc:27:55:fd:66:60:38:2c:c0:43:87:ae:
19:9f:b7:95:6d:39:04:bd:60:51:a8:46:33:df:6a:19:c9:60:
0d:84:c0:ad:89:92:8f:b8:8c:30:05:c1:62:a7:c6:45:2a:84:
eb:1a:4d:37:17:1b:1e:8a:3a:fd:a3:b0:27:bc:fe:6c:66:91:
8c:b4:70:a3:d0:86:4d:d4:6b:3d:b0:03:89:7a:f0:01:80:ab:
74:d5:7e:b6:ce:dd:6b:38:6a:f3:9e:7a:75:06:a1:a9:ea:84:
7c:f9:ae:e6:b5:38:8e:b7:3e:b2:4b:69:93:44:33:07:73:9a:
ca:5a:28:33:75:98:ea:7c:c5:31:12:30:47:f8:13:eb:2c:25:
ab:50:0c:a4:a3:a4:22:83:2b:07:c0:a0:26:fc:ff:c3:4b:e5:
1d:2e:5a:c4
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYdqTK4abx+hYeleGh5EnJmFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwNDEwMDgzMzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzNkOTE1Y2FjOTI4NDBjM2JhYzU3MmNlOWI0OTY0MDI2NzNkMGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApByhJGhMbS8UF/xfTT7OQ2FQk+Ac
yz2/dstbVppk7OVm1vbcZCBRMC/TZ9pVok6IPOAk5O2KWyFyW2D63TcaZHBae5QL
XB/wefUSjM1utJso4/M4wiwzjebpfbGuvJPSB3XnsbHF4LWwpmSrQVEpO/yAI04T
0h7K7fkixbVN4pXr5TaoFc0HGC7v7cizi5Hw1t5sBwSCbHgK5nYppiGyjiq+itIn
CmIWkYRRKx74q9AMb8XXR8Ue7gk2bivnTnAzymjQv1OrOMykiKFKBtnBt60vLW+F
taR9VCIZOK7zdFOGnGycbTiBpVTKZIVtUBjh0xMdtL11maiaYlu8QnGT0wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJw9kVyskoQMO6xXLOm0lkAmc9DIMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvbkQyUlhLeVNoQXc3ckZjczZiU1dRQ1p6ME1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALZyeAwQA
WSFUAwQAWSJ/AwQAXXLAAwQAXXNtAwQAvPDoAwQAvPFuAwQAvPHWAwQAwReCMA0G
CSqGSIb3DQEBCwUAA4IBAQA+9ASba9XFwPeQzIARZxqx80e/RPFJuZb19D7ATMyO
DT6rygJx0NeqslDV97OVtn4uUqsTKRQhAyp8Wbg5XDTgWimn9P76VHFuCdge8GeN
ntRJkg+ughYZ9dy/k+6UD8T8J1X9ZmA4LMBDh64Zn7eVbTkEvWBRqEYz32oZyWAN
hMCtiZKPuIwwBcFip8ZFKoTrGk03Fxseijr9o7AnvP5sZpGMtHCj0IZN1Gs9sAOJ
evABgKt01X62zt1rOGrznnp1BqGp6oR8+a7mtTiOtz6yS2mTRDMHc5rKWigzdZjq
fMUxEjBH+BPrLCWrUAyko6QigysHwKAm/P/DS+UdLlrE
-----END CERTIFICATE-----
Generated at Sat Jun 14 23:53:36 2025 by rpki-client