Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/z8g7B328sKtcYXygKpuSWE2cczw.roa
File: z8g7B328sKtcYXygKpuSWE2cczw.roa (raw, json)
Hash identifier: 0HTPBAh8+KMGibXLFQT5pY1aIm4zQC9rOFyZ9bfA3AE=
Subject key identifier: CF:C8:3B:07:7D:BC:B0:AB:5C:61:7C:A0:2A:9B:92:58:4D:9C:73:3C
Certificate issuer: /CN=0d722e4513a39678d8ab23b2d649775340518cb9
Certificate serial: 0193540A6E8D4E9BA54E32E28D89CAA33DD3
Authority key identifier: 0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/z8g7B328sKtcYXygKpuSWE2cczw.roa
Signing time: Fri 22 Nov 2024 13:23:09 +0000
ROA not before: Fri 22 Nov 2024 13:23:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 89.249.192.0/21 maxlen: 24
89.249.206.0/23 maxlen: 24
212.42.192.0/20 maxlen: 24
Validation: Failed, certificate revoked on Wed 27 Nov 2024 05:28:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:54:0a:6e:8d:4e:9b:a5:4e:32:e2:8d:89:ca:a3:3d:d3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d722e4513a39678d8ab23b2d649775340518cb9
Validity
Not Before: Nov 22 13:23:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cfc83b077dbcb0ab5c617ca02a9b92584d9c733c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:2b:16:cf:e3:85:d4:0e:a0:4a:ac:db:ef:56:
b0:5d:dc:43:8a:a8:dc:8d:55:a7:70:a6:49:97:f1:
32:99:2c:7b:84:df:d6:f2:79:9c:3a:03:16:fd:ed:
9b:08:68:ae:cf:ab:b9:da:23:7c:2f:7a:b2:db:4c:
ca:aa:83:72:45:1c:14:2c:49:8d:fe:4c:1c:01:57:
79:1f:68:4a:a9:6c:e8:c8:91:fd:c4:d4:c3:5a:4a:
89:fc:6f:f0:b8:66:2b:67:49:d2:95:1f:31:cf:4b:
97:e7:5b:26:14:2b:3d:57:b6:90:81:e5:95:d2:4f:
57:c5:b5:58:6e:b7:3a:a5:3f:4d:6d:42:0e:2a:2c:
a8:71:35:15:75:bd:56:31:ad:a9:ee:de:31:e6:c2:
0d:25:c2:82:d1:31:25:fd:4c:9b:f4:86:10:d1:01:
58:13:f3:07:89:bc:ed:65:84:63:04:3f:61:74:3b:
67:97:64:8b:97:21:9c:d4:f4:a6:43:fc:1c:bd:d0:
8a:94:40:8f:03:d0:0d:30:7e:bf:54:11:08:5a:77:
a6:87:45:25:ca:26:9f:37:23:2c:3d:25:3d:b1:4d:
52:57:8f:af:39:85:20:44:2c:81:5e:c6:9d:f5:43:
ad:a4:ef:11:0a:32:d8:ec:02:a8:28:a6:c9:5c:7e:
fb:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:C8:3B:07:7D:BC:B0:AB:5C:61:7C:A0:2A:9B:92:58:4D:9C:73:3C
X509v3 Authority Key Identifier:
keyid:0D:72:2E:45:13:A3:96:78:D8:AB:23:B2:D6:49:77:53:40:51:8C:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DXIuRROjlnjYqyOy1kl3U0BRjLk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/z8g7B328sKtcYXygKpuSWE2cczw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/1c084c-982d-4098-af42-3425b125eaa7/1/DXIuRROjlnjYqyOy1kl3U0BRjLk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.249.192.0/21
89.249.206.0/23
212.42.192.0/20
Signature Algorithm: sha256WithRSAEncryption
60:0a:ce:a1:9f:e8:dc:64:65:04:c2:51:2a:de:dd:f9:bb:ea:
7f:ab:5a:9e:88:50:1e:ed:f1:08:9c:9e:d4:d7:48:21:2d:12:
56:7c:f9:8a:06:d9:ff:d6:ae:ee:94:a4:f7:b4:59:b2:b8:cf:
7d:c8:f8:f7:8d:d5:4b:f8:4b:29:4c:d7:f8:b6:5f:9d:c8:26:
46:68:9a:3d:45:20:21:41:bf:b0:a9:b1:14:95:49:41:f2:46:
a8:7d:99:f9:1c:c2:99:00:3b:7f:70:09:a7:1a:f7:63:c9:4b:
2b:a2:49:50:f3:91:a7:1e:de:1e:88:e8:6e:6e:a1:b3:84:64:
c6:f3:dd:b1:66:c7:9e:94:f5:d8:42:3b:ed:b7:8b:c9:24:d9:
5a:6b:fc:10:85:4c:14:96:41:95:e2:22:be:26:e0:21:9d:bc:
d7:66:d2:7d:82:69:d5:bc:4c:3e:35:bb:e1:f7:ff:0a:a9:21:
b8:cb:bd:e7:18:4c:38:61:ac:8b:9b:87:c7:55:d0:41:cb:32:
ed:89:a0:3a:14:3b:c9:88:5c:6e:10:83:f1:af:06:75:6c:2e:
8e:67:de:d3:34:3b:7d:7c:bf:5c:a1:b6:d1:f6:23:f0:da:aa:
92:8d:5c:be:8c:45:53:3f:33:c4:09:a0:ad:f0:4b:cd:d3:ed:
8a:9c:f1:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZNUCm6NTpulTjLijYnKoz3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkNzIyZTQ1MTNhMzk2NzhkOGFiMjNiMmQ2NDk3NzUzNDA1
MThjYjkwHhcNMjQxMTIyMTMyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmM4M2IwNzdkYmNiMGFiNWM2MTdjYTAyYTliOTI1ODRkOWM3MzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCsWz+OF1A6gSqzb71awXdxDiqjc
jVWncKZJl/EymSx7hN/W8nmcOgMW/e2bCGiuz6u52iN8L3qy20zKqoNyRRwULEmN
/kwcAVd5H2hKqWzoyJH9xNTDWkqJ/G/wuGYrZ0nSlR8xz0uX51smFCs9V7aQgeWV
0k9XxbVYbrc6pT9NbUIOKiyocTUVdb1WMa2p7t4x5sINJcKC0TEl/Uyb9IYQ0QFY
E/MHibztZYRjBD9hdDtnl2SLlyGc1PSmQ/wcvdCKlECPA9ANMH6/VBEIWnemh0Ul
yiafNyMsPSU9sU1SV4+vOYUgRCyBXsad9UOtpO8RCjLY7AKoKKbJXH77NQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM/IOwd9vLCrXGF8oCqbklhNnHM8MB8GA1UdIwQY
MBaAFA1yLkUTo5Z42KsjstZJd1NAUYy5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDIt
MzQyNWIxMjVlYWE3LzEvejhnN0IzMjhzS3RjWVh5Z0twdVNXRTJjY3p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8xYzA4NGMtOTgyZC00MDk4LWFmNDItMzQyNWIxMjVlYWE3
LzEvRFhJdVJST2psbmpZcXlPeTFrbDNVMEJSakxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDWfnAAwQB
WfnOAwQE1CrAMA0GCSqGSIb3DQEBCwUAA4IBAQBgCs6hn+jcZGUEwlEq3t35u+p/
q1qeiFAe7fEInJ7U10ghLRJWfPmKBtn/1q7ulKT3tFmyuM99yPj3jdVL+EspTNf4
tl+dyCZGaJo9RSAhQb+wqbEUlUlB8kaofZn5HMKZADt/cAmnGvdjyUsroklQ85Gn
Ht4eiOhubqGzhGTG892xZseelPXYQjvtt4vJJNlaa/wQhUwUlkGV4iK+JuAhnbzX
ZtJ9gmnVvEw+Nbvh9/8KqSG4y73nGEw4YayLm4fHVdBByzLtiaA6FDvJiFxuEIPx
rwZ1bC6OZ97TNDt9fL9cobbR9iPw2qqSjVy+jEVTPzPECaCt8EvN0+2KnPGl
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:08:57 2025 by rpki-client