Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/haT-mnnVVc5LlvnAIzKR-TuPXag.roa
File: haT-mnnVVc5LlvnAIzKR-TuPXag.roa (raw, json)
Hash identifier: in/vWed7fZyJP88cYhUYBzz1OUXWoiK32Z9QEd4HQdY=
Subject key identifier: 85:A4:FE:9A:79:D5:55:CE:4B:96:F9:C0:23:32:91:F9:3B:8F:5D:A8
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 01937DD76B1FA255A6101C30F68AD5CE7FAE
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/haT-mnnVVc5LlvnAIzKR-TuPXag.roa
Signing time: Sat 30 Nov 2024 16:11:29 +0000
ROA not before: Sat 30 Nov 2024 16:11:29 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.206.0/23 maxlen: 24
212.42.192.0/20 maxlen: 24
Validation: Failed, certificate revoked on Sun 01 Dec 2024 09:14:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:7d:d7:6b:1f:a2:55:a6:10:1c:30:f6:8a:d5:ce:7f:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Nov 30 16:11:29 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=85a4fe9a79d555ce4b96f9c0233291f93b8f5da8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:8e:56:10:eb:a2:0c:36:40:e5:59:57:0a:00:
f6:13:dc:a2:cc:67:1c:53:28:f1:fc:b5:f9:b0:cc:
d9:3c:d2:74:72:fe:14:f6:48:3a:53:a0:3b:fe:19:
04:ba:39:dc:7e:83:b6:0b:59:a2:53:7d:b2:67:b4:
a3:6b:26:13:99:80:02:8e:2a:41:01:88:57:20:d0:
27:0f:b5:8a:1d:a0:5a:28:78:28:b8:3d:e4:52:f3:
5a:b4:9c:d1:4d:47:71:32:12:e0:25:51:f2:3f:8d:
ad:bb:4b:ca:21:b1:c8:bd:55:85:a3:c3:1d:d4:8a:
e8:09:ad:e1:ed:2c:49:76:02:3f:2a:c0:ac:75:79:
c8:4a:b4:08:52:06:25:98:bb:9b:08:b8:b4:c2:40:
20:99:69:0c:c6:59:3c:2a:ee:fc:e8:47:e5:b7:89:
6d:87:0a:53:8a:27:6f:c9:9f:7c:dd:98:32:cb:b1:
fc:86:7a:53:e0:4e:86:9c:77:80:ea:12:ab:f5:e0:
05:cb:fa:df:d6:d5:9b:e7:90:2f:d7:0e:18:3c:8f:
5a:d1:99:39:e9:b8:96:e3:30:4e:aa:bd:6f:c0:e9:
04:5c:eb:ba:59:fb:25:e1:81:7b:b9:31:0f:3e:f1:
f0:e5:49:07:5d:c5:25:71:64:b2:99:5e:98:31:c7:
8d:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A4:FE:9A:79:D5:55:CE:4B:96:F9:C0:23:32:91:F9:3B:8F:5D:A8
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/haT-mnnVVc5LlvnAIzKR-TuPXag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0/21
89.249.206.0/23
212.42.192.0/20
Signature Algorithm: sha256WithRSAEncryption
ba:ab:df:36:5d:c8:9a:ad:40:26:d4:d9:ef:34:ce:f0:97:86:
a7:d7:be:a5:88:26:3a:c5:4c:bd:21:c1:b8:d3:e6:47:a2:8d:
c3:f3:5a:0d:31:fc:db:19:11:04:8b:cb:d6:70:bd:9b:48:c4:
2a:54:bf:51:a2:72:15:09:f4:f1:de:c4:3e:01:da:3c:94:de:
24:51:1b:7f:a1:a9:7f:8c:2d:91:ac:50:f4:8c:e0:56:45:05:
d8:17:8e:df:57:03:55:c0:11:ba:d7:df:8c:be:70:22:ff:8e:
6c:2a:81:96:0f:a8:56:b6:8f:97:44:b5:df:27:01:8b:fd:7d:
13:f1:48:d3:00:44:0a:7e:f8:32:84:dc:c9:9e:97:7e:a8:af:
33:16:65:c7:ea:18:5f:fb:5a:7a:7a:2b:0b:05:d2:89:0c:21:
4b:ff:67:8e:16:23:cb:bb:65:7f:93:51:2c:6f:1f:78:1e:90:
d1:1e:8f:27:2c:6d:25:c0:a1:2e:e5:17:6f:36:17:b5:ab:c2:
45:b5:d1:e6:ac:e2:90:27:bb:69:07:c7:93:26:8c:c0:6d:d4:
c7:e3:f2:b0:e3:5c:01:9b:fa:e7:d1:d5:14:c8:4c:d4:8d:a5:
7c:fe:3b:2b:89:af:ee:6d:c8:a5:23:33:81:77:50:1c:dd:83:
df:ab:5f:25
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZN912sfolWmEBww9orVzn+uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQxMTMwMTYxMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWE0ZmU5YTc5ZDU1NWNlNGI5NmY5YzAyMzMyOTFmOTNiOGY1ZGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Y5WEOuiDDZA5VlXCgD2E9yizGcc
Uyjx/LX5sMzZPNJ0cv4U9kg6U6A7/hkEujncfoO2C1miU32yZ7SjayYTmYACjipB
AYhXINAnD7WKHaBaKHgouD3kUvNatJzRTUdxMhLgJVHyP42tu0vKIbHIvVWFo8Md
1IroCa3h7SxJdgI/KsCsdXnISrQIUgYlmLubCLi0wkAgmWkMxlk8Ku786Eflt4lt
hwpTiidvyZ983Zgyy7H8hnpT4E6GnHeA6hKr9eAFy/rf1tWb55Av1w4YPI9a0Zk5
6biW4zBOqr1vwOkEXOu6Wfsl4YF7uTEPPvHw5UkHXcUlcWSymV6YMceN8QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIWk/pp51VXOS5b5wCMykfk7j12oMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvaGFULW1ublZWYzVMbHZuQUl6S1ItVHVQWGFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWfnAAwQB
WfnOAwQE1CrAMA0GCSqGSIb3DQEBCwUAA4IBAQC6q982XciarUAm1NnvNM7wl4an
176liCY6xUy9IcG40+ZHoo3D81oNMfzbGREEi8vWcL2bSMQqVL9RonIVCfTx3sQ+
Ado8lN4kURt/oal/jC2RrFD0jOBWRQXYF47fVwNVwBG619+MvnAi/45sKoGWD6hW
to+XRLXfJwGL/X0T8UjTAEQKfvgyhNzJnpd+qK8zFmXH6hhf+1p6eisLBdKJDCFL
/2eOFiPLu2V/k1Esbx94HpDRHo8nLG0lwKEu5RdvNhe1q8JFtdHmrOKQJ7tpB8eT
JozAbdTH4/Kw41wBm/rn0dUUyEzUjaV8/jsria/ubcilIzOBd1Ac3YPfq18l
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:56:06 2025 by rpki-client