Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/708f76-56ef-433f-9eac-4a4a3b0408a6/1/m3yYaT-crvkasFnHS9hXwjRYX8M.roa
File: m3yYaT-crvkasFnHS9hXwjRYX8M.roa (raw, json)
Hash identifier: XCPA6PCZpMdu7Fc634qKWq+ATc8ml9C/CIlkC61LfGU=
Subject key identifier: 9B:7C:98:69:3F:9C:AE:F9:1A:B0:59:C7:4B:D8:57:C2:34:58:5F:C3
Certificate issuer: /CN=6ceae7a0288960a75af8ce80e7888543c7f77cd7
Certificate serial: 018CC94D1995BD9C68D86ECFF0E7A95C28D5
Authority key identifier: 6C:EA:E7:A0:28:89:60:A7:5A:F8:CE:80:E7:88:85:43:C7:F7:7C:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bOrnoCiJYKda-M6A54iFQ8f3fNc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/708f76-56ef-433f-9eac-4a4a3b0408a6/1/m3yYaT-crvkasFnHS9hXwjRYX8M.roa
Signing time: Tue 02 Jan 2024 08:32:02 +0000
ROA not before: Tue 02 Jan 2024 08:32:02 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31633
IP address blocks: 91.192.130.0/24 maxlen: 24
91.192.131.0/24 maxlen: 24
91.192.128.0/22 maxlen: 22
91.192.128.0/24 maxlen: 24
91.192.129.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 01:47:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4d:19:95:bd:9c:68:d8:6e:cf:f0:e7:a9:5c:28:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ceae7a0288960a75af8ce80e7888543c7f77cd7
Validity
Not Before: Jan 2 08:32:02 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9b7c98693f9caef91ab059c74bd857c234585fc3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:3f:3d:1e:d1:d9:29:3b:b5:73:31:b9:ed:7d:
b7:8b:da:0e:41:36:d4:1b:d8:91:8d:a4:43:d1:4d:
79:bf:15:66:aa:8c:c2:09:7c:c9:2d:9e:7c:25:a8:
7e:a8:e5:55:1d:be:a0:37:5b:83:58:1f:6c:c6:e8:
51:f3:c2:f5:94:04:89:08:8b:22:f9:97:4e:c7:a3:
25:3c:ea:b2:aa:bf:0f:73:cb:8d:b9:e7:8a:e0:1a:
3c:bc:24:e6:a5:7a:64:9f:86:18:0f:a6:28:9c:4a:
f9:09:9a:77:0c:e0:a5:28:d9:67:8b:41:3b:3d:db:
1d:45:4e:b4:0e:87:9e:2f:e5:58:30:ca:a4:09:14:
f5:b1:ec:73:4f:86:b5:2e:85:c5:e6:af:1f:04:72:
31:90:57:d1:48:7b:66:9e:e5:e9:5d:f8:97:3a:e1:
5b:22:20:b3:f0:e8:c7:5b:07:7f:b8:ab:5b:a3:b3:
11:da:4d:0c:8f:ef:e6:0c:8a:41:f2:df:57:6d:64:
03:a3:f1:a1:ed:56:63:b6:c4:f0:7d:7f:66:d4:d2:
46:9b:c3:a9:3f:d5:51:3b:30:75:a6:b9:ed:4c:75:
4f:37:99:34:0d:7e:7b:71:7c:1b:b0:5c:28:4b:6d:
06:d2:91:2d:5d:05:1c:aa:8a:87:ce:99:89:dd:53:
5d:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:7C:98:69:3F:9C:AE:F9:1A:B0:59:C7:4B:D8:57:C2:34:58:5F:C3
X509v3 Authority Key Identifier:
keyid:6C:EA:E7:A0:28:89:60:A7:5A:F8:CE:80:E7:88:85:43:C7:F7:7C:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOrnoCiJYKda-M6A54iFQ8f3fNc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/708f76-56ef-433f-9eac-4a4a3b0408a6/1/m3yYaT-crvkasFnHS9hXwjRYX8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/708f76-56ef-433f-9eac-4a4a3b0408a6/1/bOrnoCiJYKda-M6A54iFQ8f3fNc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.192.128.0/22
Signature Algorithm: sha256WithRSAEncryption
7d:b6:e0:f2:a3:e3:b5:2c:43:a5:a6:26:ad:2a:7e:2c:91:2f:
a2:c0:48:22:3c:c0:bf:c2:1f:19:f5:d8:7b:a9:0d:60:7c:32:
ef:34:ba:5d:7a:f9:5f:67:1c:47:8f:de:af:28:79:7c:73:3b:
c2:11:c8:cd:c2:a4:93:5c:42:8e:ef:6b:f1:ec:92:40:ab:16:
ab:f9:9a:71:06:4b:bc:6f:7d:3c:67:09:c9:d0:b1:7c:55:b9:
7b:5a:3a:ff:e5:69:33:15:11:3d:d0:ab:a0:7c:c0:12:76:a1:
3e:92:23:5f:3c:f3:ce:df:3e:8d:a4:c3:bd:67:c6:95:71:b8:
0c:31:95:ba:e9:62:33:88:1f:d8:61:c1:bb:1d:11:d1:a8:fe:
2d:14:5c:83:8c:84:cb:79:ab:d6:b5:48:4b:eb:6e:13:0e:3b:
97:f2:e0:b3:10:38:8f:e9:12:1c:80:fd:1b:40:84:34:13:19:
5e:b1:6b:84:55:ad:68:16:1f:fc:63:7b:f6:5e:f1:f0:49:95:
f1:23:9c:b4:5d:88:90:88:95:d4:bc:66:7a:bc:78:d4:b2:47:
6f:bb:9e:d8:09:2f:39:c4:16:5c:cb:9e:4f:e6:87:33:fd:e5:
7c:8a:84:50:76:8f:58:c6:6f:60:b7:4a:16:d4:71:aa:2f:d1:
62:21:1f:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTRmVvZxo2G7P8OepXCjVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZWFlN2EwMjg4OTYwYTc1YWY4Y2U4MGU3ODg4NTQzYzdm
NzdjZDcwHhcNMjQwMTAyMDgzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjdjOTg2OTNmOWNhZWY5MWFiMDU5Yzc0YmQ4NTdjMjM0NTg1ZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoD89HtHZKTu1czG57X23i9oOQTbU
G9iRjaRD0U15vxVmqozCCXzJLZ58Jah+qOVVHb6gN1uDWB9sxuhR88L1lASJCIsi
+ZdOx6MlPOqyqr8Pc8uNueeK4Bo8vCTmpXpkn4YYD6YonEr5CZp3DOClKNlni0E7
PdsdRU60DoeeL+VYMMqkCRT1sexzT4a1LoXF5q8fBHIxkFfRSHtmnuXpXfiXOuFb
IiCz8OjHWwd/uKtbo7MR2k0Mj+/mDIpB8t9XbWQDo/Gh7VZjtsTwfX9m1NJGm8Op
P9VROzB1prntTHVPN5k0DX57cXwbsFwoS20G0pEtXQUcqoqHzpmJ3VNd/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJt8mGk/nK75GrBZx0vYV8I0WF/DMB8GA1UdIwQY
MBaAFGzq56AoiWCnWvjOgOeIhUPH93zXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9ybm9DaUpZS2RhLU02QTU0aUZROGYzZk5jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS83MDhmNzYtNTZlZi00MzNmLTllYWMt
NGE0YTNiMDQwOGE2LzEvbTN5WWFULWNydmthc0ZuSFM5aFh3alJZWDhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS83MDhmNzYtNTZlZi00MzNmLTllYWMtNGE0YTNiMDQwOGE2
LzEvYk9ybm9DaUpZS2RhLU02QTU0aUZROGYzZk5jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8CAMA0G
CSqGSIb3DQEBCwUAA4IBAQB9tuDyo+O1LEOlpiatKn4skS+iwEgiPMC/wh8Z9dh7
qQ1gfDLvNLpdevlfZxxHj96vKHl8czvCEcjNwqSTXEKO72vx7JJAqxar+ZpxBku8
b308ZwnJ0LF8Vbl7Wjr/5WkzFRE90KugfMASdqE+kiNfPPPO3z6NpMO9Z8aVcbgM
MZW66WIziB/YYcG7HRHRqP4tFFyDjITLeavWtUhL624TDjuX8uCzEDiP6RIcgP0b
QIQ0ExlesWuEVa1oFh/8Y3v2XvHwSZXxI5y0XYiQiJXUvGZ6vHjUskdvu57YCS85
xBZcy55P5ocz/eV8ioRQdo9Yxm9gt0oW1HGqL9FiIR+n
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:52:11 2025 by rpki-client