Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/kpk3W9Y3ymWOHkPOaIFUMoDM0uM.roa
File: kpk3W9Y3ymWOHkPOaIFUMoDM0uM.roa (raw, json)
Hash identifier: ruP+9IYfLbU9n6+Qe5RIpSvFQMeV/gb3Y4v6tAk34QM=
Subject key identifier: 92:99:37:5B:D6:37:CA:65:8E:1E:43:CE:68:81:54:32:80:CC:D2:E3
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 0191929FF6EFFAE9EFECC397FBC560DF766B
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/kpk3W9Y3ymWOHkPOaIFUMoDM0uM.roa
Signing time: Tue 27 Aug 2024 06:57:22 +0000
ROA not before: Tue 27 Aug 2024 06:57:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.206.0/23 maxlen: 24
89.249.207.0/24 maxlen: 24
212.42.192.0/20 maxlen: 24
Validation: Failed, certificate revoked on Tue 27 Aug 2024 10:45:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:92:9f:f6:ef:fa:e9:ef:ec:c3:97:fb:c5:60:df:76:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Aug 27 06:57:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9299375bd637ca658e1e43ce6881543280ccd2e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:94:e2:9c:8e:65:e9:08:2c:4a:5c:db:8f:f3:
9b:da:94:b0:78:ae:a8:fd:d4:86:a3:44:d0:01:10:
16:36:ba:01:c3:13:f4:9c:0e:48:c2:64:32:56:26:
69:94:e7:2f:37:df:39:95:3a:5c:da:23:8c:20:b0:
1c:e9:16:8d:1d:61:20:d8:77:fc:b3:be:23:06:d4:
c1:c8:f6:4e:15:33:bc:db:6a:f6:5e:03:a5:4e:c0:
e8:7e:4c:76:3a:8d:a9:01:e4:b9:a9:99:5a:63:b0:
b3:0b:0f:fc:97:1c:32:e6:c4:8b:3d:14:1a:83:45:
ba:5a:46:68:fc:5d:e2:34:1c:f3:28:ea:36:0d:36:
33:c3:53:13:4f:81:8a:59:d9:f0:45:dd:4f:40:b6:
7e:12:36:66:76:28:c0:55:95:59:f7:e2:6a:d3:8c:
d2:e5:25:e3:87:3b:95:8d:94:1c:ca:bd:5e:3e:8c:
fe:94:86:1a:9b:e3:47:15:e8:e7:88:52:2e:e4:3f:
3d:67:11:24:33:a8:0f:a5:be:a1:20:b3:bb:c3:5d:
f6:b6:e3:3c:b2:56:1e:01:ed:0d:08:9e:ad:65:f3:
13:f2:44:f7:45:97:ff:46:74:84:c2:e5:f1:64:8b:
d2:6e:e5:8a:b7:85:e7:ab:aa:08:a2:6b:e2:82:d8:
56:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:99:37:5B:D6:37:CA:65:8E:1E:43:CE:68:81:54:32:80:CC:D2:E3
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/kpk3W9Y3ymWOHkPOaIFUMoDM0uM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0/21
89.249.206.0/23
212.42.192.0/20
Signature Algorithm: sha256WithRSAEncryption
91:56:9e:84:fe:22:e7:74:30:3a:fe:cf:32:da:de:02:ab:19:
dc:84:74:fc:b1:c3:22:ae:48:9b:18:cd:ba:7e:93:92:02:fd:
8d:b7:af:a1:b6:9e:75:43:dc:e0:f7:89:a0:ba:ba:d1:d4:14:
06:64:b1:9d:f8:f1:0b:f4:2a:81:66:84:8e:77:b8:01:54:03:
88:f6:df:6f:ec:b4:df:b9:2b:88:9b:be:fa:85:7f:6b:ff:07:
2b:9c:7e:3e:df:9a:b3:5f:ce:15:3c:a9:4d:4b:b3:0f:9a:2b:
39:ea:ed:46:03:29:e3:cb:5a:ed:65:9e:04:7f:47:45:27:96:
0a:38:d3:25:0f:27:c3:f3:73:67:1d:46:23:67:00:8f:60:fb:
77:ec:04:85:55:14:2b:10:1b:fd:25:54:15:d3:3e:af:20:59:
77:1f:d4:5f:02:a9:2e:1d:21:d0:9d:bf:cd:20:eb:35:08:b5:
34:b7:ee:45:9c:d0:8f:c5:6a:a2:5a:30:b3:68:e4:51:6e:ad:
0a:a8:94:d0:4f:6a:d4:eb:11:fe:69:77:70:ff:dc:a6:43:68:
ae:f5:71:fd:76:72:db:4e:8d:9c:a3:27:17:cc:39:68:1b:27:
1e:78:5e:44:96:ec:7a:a4:e0:3f:16:8c:09:2c:7a:54:4e:48:
b3:52:1b:ca
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZGSn/bv+unv7MOX+8Vg33ZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQwODI3MDY1NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mjk5Mzc1YmQ2MzdjYTY1OGUxZTQzY2U2ODgxNTQzMjgwY2NkMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpTinI5l6QgsSlzbj/Ob2pSweK6o
/dSGo0TQARAWNroBwxP0nA5IwmQyViZplOcvN985lTpc2iOMILAc6RaNHWEg2Hf8
s74jBtTByPZOFTO822r2XgOlTsDofkx2Oo2pAeS5qZlaY7CzCw/8lxwy5sSLPRQa
g0W6WkZo/F3iNBzzKOo2DTYzw1MTT4GKWdnwRd1PQLZ+EjZmdijAVZVZ9+Jq04zS
5SXjhzuVjZQcyr1ePoz+lIYam+NHFejniFIu5D89ZxEkM6gPpb6hILO7w132tuM8
slYeAe0NCJ6tZfMT8kT3RZf/RnSEwuXxZIvSbuWKt4Xnq6oIomvigthWmQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJKZN1vWN8pljh5DzmiBVDKAzNLjMB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEva3BrM1c5WTN5bVdPSGtQT2FJRlVNb0RNMHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWfnAAwQB
WfnOAwQE1CrAMA0GCSqGSIb3DQEBCwUAA4IBAQCRVp6E/iLndDA6/s8y2t4Cqxnc
hHT8scMirkibGM26fpOSAv2Nt6+htp51Q9zg94mgurrR1BQGZLGd+PEL9CqBZoSO
d7gBVAOI9t9v7LTfuSuIm776hX9r/wcrnH4+35qzX84VPKlNS7MPmis56u1GAynj
y1rtZZ4Ef0dFJ5YKONMlDyfD83NnHUYjZwCPYPt37ASFVRQrEBv9JVQV0z6vIFl3
H9RfAqkuHSHQnb/NIOs1CLU0t+5FnNCPxWqiWjCzaORRbq0KqJTQT2rU6xH+aXdw
/9ymQ2iu9XH9dnLbTo2coycXzDloGyceeF5Elux6pOA/FowJLHpUTkizUhvK
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:03:39 2025 by rpki-client