Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/CxGOmTmrZ7Y-a4fbqEHnidNfauI.roa
File: CxGOmTmrZ7Y-a4fbqEHnidNfauI.roa (raw, json)
Hash identifier: BdxiOOT3JrwOmZE3OE4z4HZLUXpF0DkBIzVd34WFujA=
Subject key identifier: 0B:11:8E:99:39:AB:67:B6:3E:6B:87:DB:A8:41:E7:89:D3:5F:6A:E2
Certificate issuer: /CN=6e4067d77bfea99df25ce5e08a9213d1128014cf
Certificate serial: 018CC72733C2D282BBAA46A3A18CEE728FD1
Authority key identifier: 6E:40:67:D7:7B:FE:A9:9D:F2:5C:E5:E0:8A:92:13:D1:12:80:14:CF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bkBn13v-qZ3yXOXgipIT0RKAFM8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/CxGOmTmrZ7Y-a4fbqEHnidNfauI.roa
Signing time: Mon 01 Jan 2024 22:31:24 +0000
ROA not before: Mon 01 Jan 2024 22:31:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 56730
IP address blocks: 185.42.196.0/22 maxlen: 22
188.114.112.0/24 maxlen: 24
185.53.92.0/22 maxlen: 22
188.114.112.0/21 maxlen: 21
95.131.80.0/21 maxlen: 24
185.164.44.0/22 maxlen: 22
134.0.16.0/21 maxlen: 21
91.227.26.0/24 maxlen: 24
185.27.32.0/22 maxlen: 22
2a03:b980:200::/40 maxlen: 40
2a03:b980::/32 maxlen: 32
2a02:ef8::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 25 Jan 2024 10:50:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:33:c2:d2:82:bb:aa:46:a3:a1:8c:ee:72:8f:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6e4067d77bfea99df25ce5e08a9213d1128014cf
Validity
Not Before: Jan 1 22:31:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0b118e9939ab67b63e6b87dba841e789d35f6ae2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:8f:cf:5d:a1:b5:97:b3:fb:47:de:57:21:9c:
44:c2:5e:7b:1b:1a:e5:64:2d:31:51:15:9b:7c:d5:
31:50:e9:78:33:84:99:3b:c2:08:be:24:36:d0:83:
60:01:ab:a7:4c:71:31:cd:c7:3f:83:f6:87:49:23:
13:cc:88:fe:bf:00:70:76:d7:41:16:eb:a2:e7:08:
30:73:69:b1:2d:d4:ec:93:29:07:98:63:2e:75:36:
9a:57:eb:18:21:ea:b2:04:29:5b:ee:90:d5:08:f3:
1f:7b:7b:cb:63:3f:23:02:02:4a:31:5a:ec:c3:9b:
ad:11:6f:25:d8:bf:f3:7f:2c:31:2c:67:5d:e0:ba:
c4:36:33:e4:13:ec:dd:65:ea:51:fb:7f:f2:9d:f5:
f2:54:30:9e:32:ee:3b:72:00:ec:c2:59:d8:68:da:
a3:43:dc:56:e0:95:f2:5c:7b:45:2c:54:53:b6:86:
5b:2c:56:6c:77:a4:6d:9e:a8:97:8e:91:f0:99:30:
39:6f:c2:ac:9f:75:16:bb:3e:c2:6e:ae:3a:08:b8:
95:5d:83:fd:fb:72:26:c0:88:d5:ec:3f:b8:bd:0a:
95:e0:b5:5e:7c:f7:a3:ee:b4:b9:07:b1:84:10:04:
09:2c:93:bb:1d:b8:0f:92:5d:3c:22:f4:03:a3:4d:
8d:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:11:8E:99:39:AB:67:B6:3E:6B:87:DB:A8:41:E7:89:D3:5F:6A:E2
X509v3 Authority Key Identifier:
keyid:6E:40:67:D7:7B:FE:A9:9D:F2:5C:E5:E0:8A:92:13:D1:12:80:14:CF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bkBn13v-qZ3yXOXgipIT0RKAFM8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/CxGOmTmrZ7Y-a4fbqEHnidNfauI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/589eca-3f19-4e23-a3fb-3303f71622f9/1/bkBn13v-qZ3yXOXgipIT0RKAFM8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.227.26.0/24
95.131.80.0/21
134.0.16.0/21
185.27.32.0/22
185.42.196.0/22
185.53.92.0/22
185.164.44.0/22
188.114.112.0/21
IPv6:
2a02:ef8::/32
2a03:b980::/32
Signature Algorithm: sha256WithRSAEncryption
53:7a:18:70:25:27:18:4d:ec:a0:d5:b6:db:86:e3:7e:66:65:
44:98:6f:94:ab:b6:23:23:00:90:75:90:c7:82:04:5c:5b:fb:
ce:e8:13:f2:3b:c4:a9:49:63:26:e7:78:f3:a0:8c:d9:8e:56:
61:51:38:61:88:b5:6f:9a:2c:87:0b:40:8b:01:7f:d0:b3:52:
5a:1b:61:45:9e:3f:d7:36:7c:e8:c7:15:48:c2:53:b7:6b:96:
85:2b:11:d7:9e:f5:d1:2e:88:11:e2:2b:90:23:84:5b:d0:5c:
38:26:cd:74:98:be:fa:3e:d2:95:24:93:fd:92:5a:b3:dd:d2:
04:6d:bf:8d:92:98:0e:b5:f0:0a:af:80:77:49:aa:8b:c5:6c:
e6:f0:8e:8e:4a:fb:2b:ef:46:ec:0a:6e:6b:c2:03:d1:5b:6a:
c6:96:cf:6e:fa:ed:83:61:18:aa:cf:ea:e3:57:0d:71:82:53:
f0:47:75:e6:bd:e6:8c:99:f0:d9:cf:77:e5:ac:6b:2c:66:98:
b7:f9:c7:52:80:c0:0a:e8:82:a2:a4:8b:39:e4:a7:48:e9:c3:
e5:ee:e8:d0:18:da:b9:31:1c:36:32:78:6b:52:c8:de:21:35:
92:fd:c7:7b:4f:6f:81:17:e5:d8:4c:87:1f:29:3e:2a:cf:a7:
dd:c5:f0:83
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYzHJzPC0oK7qkajoYzuco/RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNDA2N2Q3N2JmZWE5OWRmMjVjZTVlMDhhOTIxM2QxMTI4
MDE0Y2YwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjExOGU5OTM5YWI2N2I2M2U2Yjg3ZGJhODQxZTc4OWQzNWY2YWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmY/PXaG1l7P7R95XIZxEwl57Gxrl
ZC0xURWbfNUxUOl4M4SZO8IIviQ20INgAaunTHExzcc/g/aHSSMTzIj+vwBwdtdB
Fuui5wgwc2mxLdTskykHmGMudTaaV+sYIeqyBClb7pDVCPMfe3vLYz8jAgJKMVrs
w5utEW8l2L/zfywxLGdd4LrENjPkE+zdZepR+3/ynfXyVDCeMu47cgDswlnYaNqj
Q9xW4JXyXHtFLFRTtoZbLFZsd6RtnqiXjpHwmTA5b8Ksn3UWuz7Cbq46CLiVXYP9
+3ImwIjV7D+4vQqV4LVefPej7rS5B7GEEAQJLJO7HbgPkl08IvQDo02NqwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFAsRjpk5q2e2PmuH26hB54nTX2riMB8GA1UdIwQY
MBaAFG5AZ9d7/qmd8lzl4IqSE9ESgBTPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmtCbjEzdi1xWjN5WE9YZ2lwSVQwUktBRk04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC81ODllY2EtM2YxOS00ZTIzLWEzZmIt
MzMwM2Y3MTYyMmY5LzEvQ3hHT21UbXJaN1ktYTRmYnFFSG5pZE5mYXVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC81ODllY2EtM2YxOS00ZTIzLWEzZmItMzMwM2Y3MTYyMmY5
LzEvYmtCbjEzdi1xWjN5WE9YZ2lwSVQwUktBRk04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQAW+MaAwQD
X4NQAwQDhgAQAwQCuRsgAwQCuSrEAwQCuTVcAwQCuaQsAwQDvHJwMBQEAgACMA4D
BQAqAg74AwUAKgO5gDANBgkqhkiG9w0BAQsFAAOCAQEAU3oYcCUnGE3soNW224bj
fmZlRJhvlKu2IyMAkHWQx4IEXFv7zugT8jvEqUljJud486CM2Y5WYVE4YYi1b5os
hwtAiwF/0LNSWhthRZ4/1zZ86McVSMJTt2uWhSsR15710S6IEeIrkCOEW9BcOCbN
dJi++j7SlSST/ZJas93SBG2/jZKYDrXwCq+Ad0mqi8Vs5vCOjkr7K+9G7Apua8ID
0VtqxpbPbvrtg2EYqs/q41cNcYJT8Ed15r3mjJnw2c935axrLGaYt/nHUoDACuiC
oqSLOeSnSOnD5e7o0BjauTEcNjJ4a1LI3iE1kv3He09vgRfl2EyHHyk+Ks+n3cXw
gw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:30:42 2025 by rpki-client