Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Hkx9Y2nM44QgASSBkWB4XKXlwGQ.roa
File: Hkx9Y2nM44QgASSBkWB4XKXlwGQ.roa (raw, json)
Hash identifier: NRsPRlEq4xHjsspv3CSVWbg8O/1dn2FWmy7AFyXOfPw=
Subject key identifier: 1E:4C:7D:63:69:CC:E3:84:20:01:24:81:91:60:78:5C:A5:E5:C0:64
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 0193833BBAD1019C4AF30B98C3A120DF1DD1
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Hkx9Y2nM44QgASSBkWB4XKXlwGQ.roa
Signing time: Sun 01 Dec 2024 17:19:09 +0000
ROA not before: Sun 01 Dec 2024 17:19:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.206.0/23 maxlen: 24
212.42.192.0/20 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 22:13:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:83:3b:ba:d1:01:9c:4a:f3:0b:98:c3:a1:20:df:1d:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Dec 1 17:19:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1e4c7d6369cce384200124819160785ca5e5c064
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:aa:f7:d4:75:95:c4:0a:26:62:c3:ca:45:9a:
20:7a:59:98:e4:7e:57:84:1f:02:7e:b5:9e:7d:bf:
22:82:18:f7:48:ee:a9:ab:39:d3:bc:b4:b8:dc:af:
7b:0b:80:fb:c4:1d:4c:2b:a3:ba:3c:14:13:04:e7:
24:e3:43:61:a6:58:00:06:91:14:90:8f:5f:ba:8b:
7d:ac:23:2b:82:a3:5a:2c:7e:fe:85:2c:fa:04:64:
86:a4:7e:42:32:d8:9c:9e:9b:72:dc:2e:7b:c2:8f:
15:ac:a8:e8:cd:b2:20:df:af:65:43:bb:f9:4f:98:
e8:94:78:4d:29:a9:5b:ec:b6:8e:5e:d5:9c:f5:41:
bc:45:33:f2:9f:50:56:e0:5a:c0:f6:42:2d:af:40:
5f:b6:2e:95:ac:c6:4f:26:da:e7:cf:05:ae:5d:4f:
4a:c8:2f:c7:85:6e:04:62:b1:88:c5:8f:0b:59:2c:
1a:77:1e:53:24:9d:f3:a9:79:c2:8d:bd:b5:fa:33:
24:4f:4b:fd:f7:63:a3:9c:ba:89:14:e4:42:ac:e7:
8b:4b:9d:a7:ef:2a:e3:3c:99:b8:2b:b9:8c:28:b1:
03:4e:83:9f:02:b3:5d:79:f9:2e:09:54:b2:b9:b0:
c0:ff:b9:5d:c8:9a:38:78:6f:fb:af:d5:36:29:d3:
1f:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:4C:7D:63:69:CC:E3:84:20:01:24:81:91:60:78:5C:A5:E5:C0:64
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/Hkx9Y2nM44QgASSBkWB4XKXlwGQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0/21
89.249.206.0/23
212.42.192.0/20
Signature Algorithm: sha256WithRSAEncryption
31:cb:fc:21:c4:11:64:2e:cf:c8:57:aa:fe:fa:62:9a:fd:74:
83:fc:d3:4e:30:f9:c0:c8:cd:02:31:5c:2e:2e:f8:bd:54:8b:
2c:85:81:d7:e5:83:1c:19:ad:1f:bd:ad:43:6a:e3:24:52:39:
25:ba:69:b0:7a:b5:35:e1:8b:9c:a9:54:58:83:98:ea:c7:70:
26:cc:18:dd:87:ba:e9:02:c8:08:11:da:3a:c7:5d:00:40:78:
c4:52:be:3b:68:ba:6c:2e:94:6d:46:53:8b:d9:4f:30:57:90:
84:75:36:fa:ab:52:5b:fd:0e:30:94:06:6b:69:ea:88:75:a2:
1e:e5:51:5d:c8:c7:e1:d3:6b:22:02:d0:a6:ec:66:62:c4:4c:
94:f7:a5:b1:c2:22:22:4a:79:82:30:55:84:f1:14:f6:74:31:
af:58:ae:f6:b6:db:a9:f9:14:cb:01:b0:80:16:d9:0b:8a:ec:
54:4a:9e:87:48:d1:25:e0:1e:1f:72:18:4d:20:be:9d:40:b3:
b2:38:55:28:e2:ae:30:11:3e:67:5d:a7:31:2c:c6:54:fc:57:
7d:0b:3f:c0:18:d3:d5:10:49:c0:60:2f:9c:f6:0d:b4:97:e7:
8d:24:ec:07:db:45:3c:37:6a:28:2a:30:7e:53:71:31:c2:0c:
fb:7a:8b:7e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZODO7rRAZxK8wuYw6Eg3x3RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQxMjAxMTcxOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTRjN2Q2MzY5Y2NlMzg0MjAwMTI0ODE5MTYwNzg1Y2E1ZTVjMDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqr31HWVxAomYsPKRZogelmY5H5X
hB8CfrWefb8ighj3SO6pqznTvLS43K97C4D7xB1MK6O6PBQTBOck40NhplgABpEU
kI9fuot9rCMrgqNaLH7+hSz6BGSGpH5CMticnpty3C57wo8VrKjozbIg369lQ7v5
T5jolHhNKalb7LaOXtWc9UG8RTPyn1BW4FrA9kItr0Bfti6VrMZPJtrnzwWuXU9K
yC/HhW4EYrGIxY8LWSwadx5TJJ3zqXnCjb21+jMkT0v992OjnLqJFORCrOeLS52n
7yrjPJm4K7mMKLEDToOfArNdefkuCVSyubDA/7ldyJo4eG/7r9U2KdMf4wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB5MfWNpzOOEIAEkgZFgeFyl5cBkMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvSGt4OVkybk00NFFnQVNTQmtXQjRYS1hsd0dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWfnAAwQB
WfnOAwQE1CrAMA0GCSqGSIb3DQEBCwUAA4IBAQAxy/whxBFkLs/IV6r++mKa/XSD
/NNOMPnAyM0CMVwuLvi9VIsshYHX5YMcGa0fva1DauMkUjklummwerU14YucqVRY
g5jqx3AmzBjdh7rpAsgIEdo6x10AQHjEUr47aLpsLpRtRlOL2U8wV5CEdTb6q1Jb
/Q4wlAZraeqIdaIe5VFdyMfh02siAtCm7GZixEyU96WxwiIiSnmCMFWE8RT2dDGv
WK72ttup+RTLAbCAFtkLiuxUSp6HSNEl4B4fchhNIL6dQLOyOFUo4q4wET5nXacx
LMZU/Fd9Cz/AGNPVEEnAYC+c9g20l+eNJOwH20U8N2ooKjB+U3Exwgz7eot+
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:58:19 2025 by rpki-client