Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/U0j7rs-LlelMNcMomtXm5EDyhWo.roa
File: U0j7rs-LlelMNcMomtXm5EDyhWo.roa (raw, json)
Hash identifier: eKIa33qi5LWWb8Ia7hQd3o5+woumXtVIkFieDWxiCwg=
Subject key identifier: 53:48:FB:AE:CF:8B:95:E9:4C:35:C3:28:9A:D5:E6:E4:40:F2:85:6A
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0190688F46FC7E3094C8C690434492EC8852
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/U0j7rs-LlelMNcMomtXm5EDyhWo.roa
Signing time: Sun 30 Jun 2024 09:52:18 +0000
ROA not before: Sun 30 Jun 2024 09:52:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 43.225.91.0/24 maxlen: 24
89.251.10.0/24 maxlen: 24
91.132.57.0/24 maxlen: 24
159.255.32.0/22 maxlen: 24
188.214.236.0/22 maxlen: 22
188.253.8.0/21 maxlen: 24
202.133.90.0/23 maxlen: 24
213.173.32.0/22 maxlen: 24
Validation: Failed, certificate revoked on Thu 08 Aug 2024 06:53:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:68:8f:46:fc:7e:30:94:c8:c6:90:43:44:92:ec:88:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jun 30 09:52:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5348fbaecf8b95e94c35c3289ad5e6e440f2856a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:b2:a8:95:4d:da:a8:15:48:7f:80:99:71:dc:
8a:5c:16:45:7a:51:78:3a:37:5e:99:ec:31:79:6b:
49:77:c6:5a:f4:84:56:b3:82:b7:86:f2:9d:d4:ab:
15:42:88:cb:fd:c8:b3:b4:2c:9b:15:09:33:a6:17:
63:63:fb:11:52:d4:42:e5:3a:70:35:e7:20:7f:8f:
4f:bf:a3:6f:cd:56:ad:03:f3:2b:20:73:25:6a:9a:
bd:c1:b4:53:4d:95:fd:87:b9:64:72:7b:71:13:36:
58:e0:37:eb:51:56:fe:8e:e1:b9:38:dd:8b:72:67:
76:55:22:cc:a0:52:42:13:d4:58:27:2c:75:5e:11:
85:01:f6:85:a9:ae:82:01:9c:8b:8d:91:51:55:8f:
ad:14:d4:88:ce:81:46:44:d9:c2:62:2d:9c:08:1b:
91:e4:98:ff:15:41:15:b0:17:42:48:29:a1:5a:8d:
3a:dc:fd:bd:1b:d0:5a:f4:0b:06:ad:0f:b1:07:1e:
26:95:3f:f1:8f:f8:8d:ee:41:70:ef:23:04:5a:2d:
6e:8d:56:a0:c0:a0:72:69:f8:58:5b:56:65:71:a6:
dd:3e:e0:e3:94:58:09:68:17:a2:a1:26:19:a5:6f:
2f:0e:da:5e:de:a1:43:55:57:57:84:51:cf:7d:5e:
2b:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:48:FB:AE:CF:8B:95:E9:4C:35:C3:28:9A:D5:E6:E4:40:F2:85:6A
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/U0j7rs-LlelMNcMomtXm5EDyhWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
43.225.91.0/24
89.251.10.0/24
91.132.57.0/24
159.255.32.0/22
188.214.236.0/22
188.253.8.0/21
202.133.90.0/23
213.173.32.0/22
Signature Algorithm: sha256WithRSAEncryption
23:b9:fc:f1:c0:27:4c:4a:d8:fa:37:1d:bd:8c:87:d3:a9:23:
b0:27:5c:84:40:93:7c:28:ea:87:48:ee:c9:d7:92:94:e8:3d:
f0:bc:c7:f9:d3:9b:c0:1c:d3:53:2e:70:50:3f:05:9b:ac:49:
f2:ad:5f:88:dd:e5:48:56:b8:87:0b:9a:b2:38:0e:a3:13:b1:
35:61:f7:87:ae:4d:b4:ce:5a:43:ee:7d:e1:55:e9:b5:c5:98:
70:d5:7a:4f:23:26:73:b6:58:11:18:5f:c6:0d:9d:f5:6b:26:
9c:7d:12:97:7d:e2:ef:ec:62:64:54:ec:03:8a:0d:07:64:0e:
86:f3:97:eb:00:b7:64:1d:41:97:f5:0d:79:ab:2d:e0:11:9b:
48:06:b0:6c:f0:85:8e:d6:13:1c:be:40:64:e5:c8:57:f1:d7:
d9:e7:db:7f:48:38:b5:d9:6c:8f:0f:55:0c:a3:63:7e:a1:58:
0e:40:b0:f2:01:b7:90:e4:b0:ec:ae:01:36:a1:a7:3d:f1:07:
de:37:f9:8a:cc:89:8c:97:d3:0d:3b:c2:c9:ef:29:ef:d3:58:
7f:73:ba:1d:d3:1b:4d:95:d5:89:db:82:14:37:77:26:5e:85:
a8:4c:5d:de:62:11:5a:99:15:26:51:10:ec:78:96:62:f3:78:
d6:4f:e4:f7
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZBoj0b8fjCUyMaQQ0SS7IhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwNjMwMDk1MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ4ZmJhZWNmOGI5NWU5NGMzNWMzMjg5YWQ1ZTZlNDQwZjI4NTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrKolU3aqBVIf4CZcdyKXBZFelF4
OjdemewxeWtJd8Za9IRWs4K3hvKd1KsVQojL/ciztCybFQkzphdjY/sRUtRC5Tpw
Necgf49Pv6NvzVatA/MrIHMlapq9wbRTTZX9h7lkcntxEzZY4DfrUVb+juG5ON2L
cmd2VSLMoFJCE9RYJyx1XhGFAfaFqa6CAZyLjZFRVY+tFNSIzoFGRNnCYi2cCBuR
5Jj/FUEVsBdCSCmhWo063P29G9Ba9AsGrQ+xBx4mlT/xj/iN7kFw7yMEWi1ujVag
wKByafhYW1ZlcabdPuDjlFgJaBeioSYZpW8vDtpe3qFDVVdXhFHPfV4rrwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFNI+67Pi5XpTDXDKJrV5uRA8oVqMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvVTBqN3JzLUxsZWxNTmNNb210WG01RUR5aFdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAK+FbAwQA
WfsKAwQAW4Q5AwQCn/8gAwQCvNbsAwQDvP0IAwQByoVaAwQC1a0gMA0GCSqGSIb3
DQEBCwUAA4IBAQAjufzxwCdMStj6Nx29jIfTqSOwJ1yEQJN8KOqHSO7J15KU6D3w
vMf505vAHNNTLnBQPwWbrEnyrV+I3eVIVriHC5qyOA6jE7E1YfeHrk20zlpD7n3h
Vem1xZhw1XpPIyZztlgRGF/GDZ31ayacfRKXfeLv7GJkVOwDig0HZA6G85frALdk
HUGX9Q15qy3gEZtIBrBs8IWO1hMcvkBk5chX8dfZ59t/SDi12WyPD1UMo2N+oVgO
QLDyAbeQ5LDsrgE2oac98QfeN/mKzImMl9MNO8LJ7ynv01h/c7od0xtNldWJ24IU
N3cmXoWoTF3eYhFamRUmURDseJZi83jWT+T3
-----END CERTIFICATE-----
Generated at Thu Aug 8 10:10:11 2024 by rpki-client on console-ams.rpki-client.org