Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/DUFwAlFS_6YF4FD0-a8WYVJWcIc.roa
File: DUFwAlFS_6YF4FD0-a8WYVJWcIc.roa (raw, json)
Hash identifier: jqqOWi5DIVCra2DBsKQXDWOY+QbkMNvdog5++i+FbuY=
Subject key identifier: 0D:41:70:02:51:52:FF:A6:05:E0:50:F4:F9:AF:16:61:52:56:70:87
Certificate issuer: /CN=1a93849bff337df8b8b0bd1ae252ee6119d8a61f
Certificate serial: 018CC9BC452E872F42EDE7DD28B57A3DCC0E
Authority key identifier: 1A:93:84:9B:FF:33:7D:F8:B8:B0:BD:1A:E2:52:EE:61:19:D8:A6:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/DUFwAlFS_6YF4FD0-a8WYVJWcIc.roa
Signing time: Tue 02 Jan 2024 10:33:27 +0000
ROA not before: Tue 02 Jan 2024 10:33:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 195.46.38.0/24 maxlen: 24
91.213.115.0/24 maxlen: 24
91.241.6.0/23 maxlen: 24
91.200.50.0/24 maxlen: 24
2001:678:264::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 17:53:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:45:2e:87:2f:42:ed:e7:dd:28:b5:7a:3d:cc:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a93849bff337df8b8b0bd1ae252ee6119d8a61f
Validity
Not Before: Jan 2 10:33:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0d4170025152ffa605e050f4f9af166152567087
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:87:74:fc:8b:4c:2a:ca:80:63:3c:45:06:b2:
ee:89:14:3f:b4:68:2d:47:28:10:a2:93:b1:3a:3c:
72:22:d7:07:02:d2:6e:3c:75:13:86:d8:80:0f:ff:
d8:59:35:aa:ec:9d:89:17:94:6b:32:d2:51:3d:c2:
47:18:0c:cc:9b:93:1e:7e:c8:27:7c:3e:e8:88:13:
26:41:29:7f:ff:ae:0b:e6:d4:07:e4:d3:10:9e:c9:
42:25:ed:40:b7:29:d7:32:0b:19:a6:a3:01:9a:1e:
f0:2b:b5:09:b3:c7:94:01:de:d3:00:b2:b0:e7:a4:
04:2f:bc:cc:ad:09:75:3d:b6:25:e1:7e:79:a7:9d:
fa:27:6c:bf:8c:f4:5f:4b:86:36:d6:1f:eb:5c:17:
33:8b:f1:32:16:b6:4b:16:34:f8:fa:c9:4d:eb:65:
bf:d8:86:62:a3:cb:c8:b0:f9:ce:be:d8:f1:9b:7b:
22:37:50:42:3a:73:64:60:f8:08:f0:c3:58:e9:41:
5c:0a:60:00:20:10:83:fe:cb:ef:31:68:41:9a:40:
78:69:28:a6:75:14:d5:45:61:cf:f7:36:20:fc:08:
16:be:1a:e3:48:d0:53:97:c5:a7:ff:d1:5c:8c:c3:
b6:12:ce:3b:64:10:7e:85:50:0b:b7:da:93:3e:69:
ac:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:41:70:02:51:52:FF:A6:05:E0:50:F4:F9:AF:16:61:52:56:70:87
X509v3 Authority Key Identifier:
keyid:1A:93:84:9B:FF:33:7D:F8:B8:B0:BD:1A:E2:52:EE:61:19:D8:A6:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/DUFwAlFS_6YF4FD0-a8WYVJWcIc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/GpOEm_8zffi4sL0a4lLuYRnYph8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.50.0/24
91.213.115.0/24
91.241.6.0/23
195.46.38.0/24
IPv6:
2001:678:264::/48
Signature Algorithm: sha256WithRSAEncryption
2f:c2:67:83:32:7a:30:ce:30:cf:48:f9:41:b5:ea:0d:0a:69:
b2:ed:65:61:1e:13:b2:e5:98:a7:a1:45:0d:d4:9a:1a:9d:e7:
c5:c1:d1:28:dc:8f:ad:36:92:de:69:b8:86:46:63:dc:c6:96:
75:11:39:84:48:bc:44:88:ae:10:c4:21:2e:a8:04:48:fc:f9:
79:7b:35:17:ec:ce:75:4e:88:70:aa:32:11:e9:65:4c:74:e9:
ef:02:d3:bd:cc:a8:15:cc:c1:5e:e8:3e:a3:52:2b:47:22:86:
79:a8:11:72:c9:a8:7a:af:7b:dd:75:cd:b1:86:44:e9:75:95:
e4:d5:17:7f:0a:2a:f0:e4:4f:b3:72:08:fc:01:65:60:0a:a5:
6c:f4:72:7f:7e:34:a3:7e:51:c0:53:56:02:f5:87:d3:b8:1f:
d1:a5:c4:cd:4e:e3:df:cb:60:7d:18:92:24:eb:bf:52:9e:20:
a4:c6:a2:b6:0c:d7:12:d0:05:93:14:b1:ef:f6:f1:fd:f7:ab:
0e:52:d5:6b:e6:75:49:6f:36:d3:1b:8c:27:4b:19:3a:af:36:
89:59:12:12:ee:97:18:2a:d8:d2:b4:dc:13:d3:ea:d6:96:6c:
6c:27:58:5b:27:22:5f:e2:bd:a5:59:de:7e:80:f9:8b:51:3f:
81:3f:72:4e
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzJvEUuhy9C7efdKLV6PcwOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTM4NDliZmYzMzdkZjhiOGIwYmQxYWUyNTJlZTYxMTlk
OGE2MWYwHhcNMjQwMTAyMTAzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDQxNzAwMjUxNTJmZmE2MDVlMDUwZjRmOWFmMTY2MTUyNTY3MDg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmId0/ItMKsqAYzxFBrLuiRQ/tGgt
RygQopOxOjxyItcHAtJuPHUThtiAD//YWTWq7J2JF5RrMtJRPcJHGAzMm5Mefsgn
fD7oiBMmQSl//64L5tQH5NMQnslCJe1AtynXMgsZpqMBmh7wK7UJs8eUAd7TALKw
56QEL7zMrQl1PbYl4X55p536J2y/jPRfS4Y21h/rXBczi/EyFrZLFjT4+slN62W/
2IZio8vIsPnOvtjxm3siN1BCOnNkYPgI8MNY6UFcCmAAIBCD/svvMWhBmkB4aSim
dRTVRWHP9zYg/AgWvhrjSNBTl8Wn/9FcjMO2Es47ZBB+hVALt9qTPmmsfwIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFA1BcAJRUv+mBeBQ9PmvFmFSVnCHMB8GA1UdIwQY
MBaAFBqThJv/M334uLC9GuJS7mEZ2KYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BPRW1fOHpmZmk0c0wwYTRsTHVZUm5ZcGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9kNDQ5N2EtMTFmMi00OWFjLWFlZjkt
NDNlNjdkNWQwYTg1LzEvRFVGd0FsRlNfNllGNEZEMC1hOFdZVkpXY0ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9kNDQ5N2EtMTFmMi00OWFjLWFlZjktNDNlNjdkNWQwYTg1
LzEvR3BPRW1fOHpmZmk0c0wwYTRsTHVZUm5ZcGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAeBAIAATAYAwQAW8gyAwQA
W9VzAwQBW/EGAwQAwy4mMA8EAgACMAkDBwAgAQZ4AmQwDQYJKoZIhvcNAQELBQAD
ggEBAC/CZ4MyejDOMM9I+UG16g0KabLtZWEeE7LlmKehRQ3Umhqd58XB0Sjcj602
kt5puIZGY9zGlnUROYRIvESIrhDEIS6oBEj8+Xl7NRfsznVOiHCqMhHpZUx06e8C
073MqBXMwV7oPqNSK0cihnmoEXLJqHqve911zbGGROl1leTVF38KKvDkT7NyCPwB
ZWAKpWz0cn9+NKN+UcBTVgL1h9O4H9GlxM1O49/LYH0YkiTrv1KeIKTGorYM1xLQ
BZMUse/28f33qw5S1WvmdUlvNtMbjCdLGTqvNolZEhLulxgq2NK03BPT6taWbGwn
WFsnIl/ivaVZ3n6A+YtRP4E/ck4=
-----END CERTIFICATE-----
Generated at Wed Apr 9 06:27:29 2025 by rpki-client