Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/9Fzrff8rQzlc_kfYPTjiJGr411c.roa
File: 9Fzrff8rQzlc_kfYPTjiJGr411c.roa (raw, json)
Hash identifier: cSm7NAy9EIaesNFITegxE+csMc4LIaWYNLyENf/35Vk=
Subject key identifier: F4:5C:EB:7D:FF:2B:43:39:5C:FE:47:D8:3D:38:E2:24:6A:F8:D7:57
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 01948485782374F27EE3CABE6A42856BC6C2
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/9Fzrff8rQzlc_kfYPTjiJGr411c.roa
Signing time: Mon 20 Jan 2025 16:22:07 +0000
ROA not before: Mon 20 Jan 2025 16:22:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 6762
IP address blocks: 2.16.19.0/24 maxlen: 24
2.16.70.0/23 maxlen: 23
2.16.146.0/23 maxlen: 23
2.16.220.0/22 maxlen: 22
2.18.0.0/22 maxlen: 22
2.18.31.0/24 maxlen: 24
2.19.16.0/20 maxlen: 20
2.20.4.0/22 maxlen: 22
2.20.47.0/24 maxlen: 24
2.20.109.0/24 maxlen: 24
2.20.112.0/22 maxlen: 22
2.20.252.0/24 maxlen: 24
2.21.2.0/24 maxlen: 24
2.21.14.0/24 maxlen: 24
2.21.100.0/22 maxlen: 22
2.22.216.0/22 maxlen: 22
2.22.234.0/24 maxlen: 24
88.221.28.0/22 maxlen: 22
88.221.100.0/22 maxlen: 22
92.122.68.0/22 maxlen: 22
92.122.225.0/24 maxlen: 24
92.122.248.0/22 maxlen: 22
92.123.48.0/24 maxlen: 24
92.123.106.0/24 maxlen: 24
92.123.208.0/22 maxlen: 22
95.100.136.0/22 maxlen: 22
95.101.35.0/24 maxlen: 24
95.101.68.0/22 maxlen: 22
95.101.78.0/24 maxlen: 24
95.101.114.0/24 maxlen: 24
95.101.156.0/22 maxlen: 22
2a02:26f0:b00::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 27 Jan 2025 15:21:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:84:85:78:23:74:f2:7e:e3:ca:be:6a:42:85:6b:c6:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Jan 20 16:22:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f45ceb7dff2b43395cfe47d83d38e2246af8d757
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:b1:fe:97:c5:c8:76:df:31:e6:84:85:1f:50:
2a:1d:62:b5:a3:b2:6d:1f:f3:b7:85:5f:60:c2:e6:
df:61:96:66:a8:7f:b4:da:fc:59:b4:0e:98:32:5e:
c6:56:ab:e1:bc:cb:de:cf:43:ef:d0:57:41:d8:4a:
82:db:b8:6d:1b:b5:3c:f7:fa:8c:95:73:6f:8b:5f:
48:9f:02:1f:e3:06:a4:5f:f8:17:d9:55:80:31:1f:
8d:4b:1d:0f:3e:ec:78:6a:97:55:23:09:75:9d:cb:
50:db:fb:a1:89:05:8b:ec:28:e1:9d:6c:02:02:8c:
b4:59:57:91:ff:8c:0a:b1:f5:67:ec:dd:3a:c7:e7:
f6:01:31:c5:60:2b:87:8a:52:50:65:64:4b:9f:26:
ad:3e:59:f7:9a:51:1b:40:46:ae:cc:05:f8:c4:4e:
2a:a2:bf:4b:c2:d4:0b:19:5b:79:f9:5c:5e:fe:86:
f1:d2:3f:5a:09:22:aa:5b:b5:15:4b:4f:27:24:99:
07:57:d5:2a:f8:a4:c7:eb:96:cd:09:95:34:ca:8b:
7f:71:77:fd:42:4b:22:a7:2b:ff:5c:9e:49:c2:20:
7b:cc:6c:4a:09:3c:60:3f:ad:47:4e:3a:61:f0:86:
7d:6f:76:e9:17:82:4b:78:3b:b1:1c:6f:49:20:42:
7f:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:5C:EB:7D:FF:2B:43:39:5C:FE:47:D8:3D:38:E2:24:6A:F8:D7:57
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/9Fzrff8rQzlc_kfYPTjiJGr411c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.16.19.0/24
2.16.70.0/23
2.16.146.0/23
2.16.220.0/22
2.18.0.0/22
2.18.31.0/24
2.19.16.0/20
2.20.4.0/22
2.20.47.0/24
2.20.109.0/24
2.20.112.0/22
2.20.252.0/24
2.21.2.0/24
2.21.14.0/24
2.21.100.0/22
2.22.216.0/22
2.22.234.0/24
88.221.28.0/22
88.221.100.0/22
92.122.68.0/22
92.122.225.0/24
92.122.248.0/22
92.123.48.0/24
92.123.106.0/24
92.123.208.0/22
95.100.136.0/22
95.101.35.0/24
95.101.68.0/22
95.101.78.0/24
95.101.114.0/24
95.101.156.0/22
IPv6:
2a02:26f0:b00::/48
Signature Algorithm: sha256WithRSAEncryption
69:13:35:39:3e:a4:ef:59:51:a4:7d:9e:71:85:7d:bc:38:81:
48:de:82:02:30:8e:bf:a2:ae:0b:c4:cd:14:10:d8:e8:4d:fd:
da:19:85:b4:e7:36:3e:a3:90:b9:72:b1:1e:ee:28:a2:bc:aa:
f8:d5:7e:64:77:8a:7b:be:c3:b1:e2:7f:39:64:12:b8:67:62:
10:16:15:f0:67:88:f6:4d:1d:c2:75:90:5f:89:0c:f0:c2:ff:
5e:68:f4:60:a2:d8:08:de:72:6e:e1:0d:f7:d5:ad:d0:24:1b:
45:a8:82:07:17:69:68:50:1d:90:17:02:4f:e9:62:60:d4:53:
62:dc:87:96:8c:c6:21:fa:a1:7d:8a:84:97:57:d1:df:9a:4f:
66:cf:ac:d8:43:a2:3b:7a:08:8a:9c:3e:44:0c:e5:30:5f:c9:
ad:17:31:03:32:c2:3f:b8:34:d3:6f:88:da:6d:5a:10:34:39:
e6:ed:58:cd:f3:dc:3c:67:27:52:13:49:58:dc:6d:3e:11:62:
a8:97:7f:ed:1c:d3:59:33:fc:ca:da:85:7b:30:0c:a3:29:c9:
f1:32:df:72:b2:f6:a3:53:b7:4b:bc:28:70:33:14:98:25:d0:
81:74:cc:f1:de:bf:14:0c:35:d4:31:78:7a:fe:1e:d2:78:04:
a4:e1:1a:7e
-----BEGIN CERTIFICATE-----
MIIFxzCCBK+gAwIBAgISAZSEhXgjdPJ+48q+akKFa8bCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjUwMTIwMTYyMjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDVjZWI3ZGZmMmI0MzM5NWNmZTQ3ZDgzZDM4ZTIyNDZhZjhkNzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4rH+l8XIdt8x5oSFH1AqHWK1o7Jt
H/O3hV9gwubfYZZmqH+02vxZtA6YMl7GVqvhvMvez0Pv0FdB2EqC27htG7U89/qM
lXNvi19InwIf4wakX/gX2VWAMR+NSx0PPux4apdVIwl1nctQ2/uhiQWL7CjhnWwC
Aoy0WVeR/4wKsfVn7N06x+f2ATHFYCuHilJQZWRLnyatPln3mlEbQEauzAX4xE4q
or9LwtQLGVt5+Vxe/obx0j9aCSKqW7UVS08nJJkHV9Uq+KTH65bNCZU0yot/cXf9
Qksipyv/XJ5JwiB7zGxKCTxgP61HTjph8IZ9b3bpF4JLeDuxHG9JIEJ/XQIDAQAB
o4IC0zCCAs8wHQYDVR0OBBYEFPRc633/K0M5XP5H2D044iRq+NdXMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvOUZ6cmZmOHJRemxjX2tmWVBUamlKR3I0MTFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHoBggrBgEFBQcBBwEB/wSB2DCB1TCBwQQCAAEwgboDBAAC
EBMDBAECEEYDBAECEJIDBAICENwDBAICEgADBAACEh8DBAQCExADBAICFAQDBAAC
FC8DBAACFG0DBAICFHADBAACFPwDBAACFQIDBAACFQ4DBAICFWQDBAICFtgDBAAC
FuoDBAJY3RwDBAJY3WQDBAJcekQDBABceuEDBAJcevgDBABcezADBABce2oDBAJc
e9ADBAJfZIgDBABfZSMDBAJfZUQDBABfZU4DBABfZXIDBAJfZZwwDwQCAAIwCQMH
ACoCJvALADANBgkqhkiG9w0BAQsFAAOCAQEAaRM1OT6k71lRpH2ecYV9vDiBSN6C
AjCOv6KuC8TNFBDY6E392hmFtOc2PqOQuXKxHu4ooryq+NV+ZHeKe77DseJ/OWQS
uGdiEBYV8GeI9k0dwnWQX4kM8ML/Xmj0YKLYCN5ybuEN99Wt0CQbRaiCBxdpaFAd
kBcCT+liYNRTYtyHlozGIfqhfYqEl1fR35pPZs+s2EOiO3oIipw+RAzlMF/JrRcx
AzLCP7g002+I2m1aEDQ55u1YzfPcPGcnUhNJWNxtPhFiqJd/7RzTWTP8ytqFezAM
oynJ8TLfcrL2o1O3S7wocDMUmCXQgXTM8d6/FAw11DF4ev4e0ngEpOEafg==
-----END CERTIFICATE-----
Generated at Wed Apr 9 09:21:52 2025 by rpki-client