Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/XCaQZLSKDBW3Q_apG2xixY6C0fk.roa
File: XCaQZLSKDBW3Q_apG2xixY6C0fk.roa (raw, json)
Hash identifier: pLKbOZLxzzF5UvlR/knqgUMzN+ivbt287slTCw9zbLY=
Subject key identifier: 5C:26:90:64:B4:8A:0C:15:B7:43:F6:A9:1B:6C:62:C5:8E:82:D1:F9
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 018FF3D84524BF3ADE60302A32B3D3270F75
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/XCaQZLSKDBW3Q_apG2xixY6C0fk.roa
Signing time: Fri 07 Jun 2024 17:56:28 +0000
ROA not before: Fri 07 Jun 2024 17:56:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 14618
IP address blocks: 89.249.192.0/21 maxlen: 21
185.21.253.0/24 maxlen: 24
212.42.208.0/20 maxlen: 24
Validation: Failed, certificate revoked on Sun 07 Jul 2024 00:32:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:f3:d8:45:24:bf:3a:de:60:30:2a:32:b3:d3:27:0f:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Jun 7 17:56:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5c269064b48a0c15b743f6a91b6c62c58e82d1f9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:b8:9a:5c:76:d1:49:21:3c:df:a1:da:80:f4:
40:be:4e:0b:c3:53:af:66:42:96:5e:2a:23:76:af:
dc:bc:8f:96:e5:a5:f9:66:ef:60:71:e7:51:34:e2:
08:e5:89:a6:c8:a8:09:9f:a7:2b:f8:cb:09:77:64:
00:ac:11:d3:93:78:7c:2b:de:96:df:5e:bc:24:03:
e5:65:10:c5:d9:d0:e9:a0:58:d2:f1:d0:20:0d:d6:
8c:e3:06:99:6f:53:12:19:af:17:2e:b4:87:3b:d2:
5b:fa:e2:60:ce:b3:8f:55:7d:a0:ef:ef:a2:1e:82:
c5:00:d6:ac:3a:52:8f:26:30:1f:ea:ca:7d:39:4b:
13:67:a1:63:f7:20:56:5d:16:5b:2c:46:09:d4:33:
e5:cb:0c:71:9a:a9:82:3e:d1:8c:ce:30:1c:15:8a:
0d:41:e0:7d:ba:e3:cf:86:d6:81:0f:f1:09:68:3d:
e0:4b:99:15:67:45:cd:e2:96:ee:e9:f2:c3:b7:bf:
74:db:52:5d:75:8a:46:d9:42:fa:f3:b2:d1:e6:24:
0d:d1:3c:0b:21:54:84:5f:c7:69:85:7c:cc:e3:d8:
75:b3:92:e3:a9:64:e4:36:1c:09:85:21:b3:59:42:
ad:b9:a9:77:11:77:f9:33:6d:74:ed:25:b8:46:5f:
f5:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:26:90:64:B4:8A:0C:15:B7:43:F6:A9:1B:6C:62:C5:8E:82:D1:F9
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/XCaQZLSKDBW3Q_apG2xixY6C0fk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0/21
185.21.253.0/24
212.42.208.0/20
Signature Algorithm: sha256WithRSAEncryption
dc:05:05:93:9b:76:18:35:60:e7:ca:6c:0a:ff:b8:8a:ed:7d:
78:4c:ea:c1:64:40:25:4c:18:58:aa:ac:bb:e9:c6:7e:d3:f1:
a1:5d:fa:3d:34:b7:ca:36:c7:55:42:81:cd:fe:81:0e:98:56:
66:77:98:e5:1b:fb:b3:c2:f5:fc:80:4a:82:96:5d:b5:09:d7:
45:3f:27:ad:9e:02:b3:2d:8d:fe:89:f4:f9:e6:fa:94:79:8f:
e9:62:34:98:31:3a:ed:b4:ae:8d:5f:0c:18:7f:6f:48:9c:03:
30:04:d9:a1:4b:68:39:9e:57:82:09:96:33:56:a8:eb:29:d9:
1f:8f:b5:21:99:90:eb:43:6e:08:51:06:d7:3f:88:09:5b:54:
f3:77:3b:a1:9c:46:26:a6:41:de:ca:47:15:2e:50:f0:a2:d7:
01:fe:a7:11:95:1c:f9:1a:d2:db:c7:37:f4:1e:75:8d:16:33:
00:64:fc:92:c4:dd:e5:e5:2b:45:1f:57:59:f5:ed:54:2d:7d:
c6:ac:92:4d:85:8d:9c:14:6c:71:d6:9a:41:84:88:5a:84:39:
2b:88:65:d9:66:98:28:97:12:2d:27:83:58:c4:29:51:55:a5:
70:ee:d5:53:2a:a2:d5:69:b6:8e:aa:fb:45:ee:70:f6:55:fc:
53:78:60:88
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/z2EUkvzreYDAqMrPTJw91MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwNjA3MTc1NjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzI2OTA2NGI0OGEwYzE1Yjc0M2Y2YTkxYjZjNjJjNThlODJkMWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbiaXHbRSSE836HagPRAvk4Lw1Ov
ZkKWXiojdq/cvI+W5aX5Zu9gcedRNOII5YmmyKgJn6cr+MsJd2QArBHTk3h8K96W
3168JAPlZRDF2dDpoFjS8dAgDdaM4waZb1MSGa8XLrSHO9Jb+uJgzrOPVX2g7++i
HoLFANasOlKPJjAf6sp9OUsTZ6Fj9yBWXRZbLEYJ1DPlywxxmqmCPtGMzjAcFYoN
QeB9uuPPhtaBD/EJaD3gS5kVZ0XN4pbu6fLDt79021JddYpG2UL687LR5iQN0TwL
IVSEX8dphXzM49h1s5LjqWTkNhwJhSGzWUKtual3EXf5M2107SW4Rl/1JQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFwmkGS0igwVt0P2qRtsYsWOgtH5MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvWENhUVpMU0tEQlczUV9hcEcyeGl4WTZDMGZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWfnAAwQA
uRX9AwQE1CrQMA0GCSqGSIb3DQEBCwUAA4IBAQDcBQWTm3YYNWDnymwK/7iK7X14
TOrBZEAlTBhYqqy76cZ+0/GhXfo9NLfKNsdVQoHN/oEOmFZmd5jlG/uzwvX8gEqC
ll21CddFPyetngKzLY3+ifT55vqUeY/pYjSYMTrttK6NXwwYf29InAMwBNmhS2g5
nleCCZYzVqjrKdkfj7UhmZDrQ24IUQbXP4gJW1TzdzuhnEYmpkHeykcVLlDwotcB
/qcRlRz5GtLbxzf0HnWNFjMAZPySxN3l5StFH1dZ9e1ULX3GrJJNhY2cFGxx1ppB
hIhahDkriGXZZpgolxItJ4NYxClRVaVw7tVTKqLVabaOqvtF7nD2VfxTeGCI
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:06:05 2025 by rpki-client