Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LzXA-MBII18OKbIk9pfP4yuwaEs.roa
File: LzXA-MBII18OKbIk9pfP4yuwaEs.roa (raw, json)
Hash identifier: WQrmC9lpFZhZigexrpLMlhc1L98YlPvaOzQa8sezRek=
Subject key identifier: 2F:35:C0:F8:C0:48:23:5F:0E:29:B2:24:F6:97:CF:E3:2B:B0:68:4B
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 01943D61FB9D7899A0E17C47C54DCC80723F
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LzXA-MBII18OKbIk9pfP4yuwaEs.roa
Signing time: Mon 06 Jan 2025 20:50:19 +0000
ROA not before: Mon 06 Jan 2025 20:50:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 163.5.30.0/24 maxlen: 24
163.5.59.0/24 maxlen: 24
163.5.73.0/24 maxlen: 24
163.5.89.0/24 maxlen: 24
163.5.110.0/24 maxlen: 24
163.5.111.0/24 maxlen: 24
163.5.112.0/24 maxlen: 24
163.5.113.0/24 maxlen: 24
163.5.118.0/24 maxlen: 24
163.5.119.0/24 maxlen: 24
163.5.121.0/24 maxlen: 24
163.5.126.0/24 maxlen: 24
163.5.128.0/24 maxlen: 24
163.5.129.0/24 maxlen: 24
163.5.138.0/24 maxlen: 24
163.5.139.0/24 maxlen: 24
163.5.143.0/24 maxlen: 24
163.5.146.0/24 maxlen: 24
163.5.151.0/24 maxlen: 24
163.5.158.0/24 maxlen: 24
163.5.160.0/24 maxlen: 24
163.5.167.0/24 maxlen: 24
163.5.175.0/24 maxlen: 24
163.5.178.0/24 maxlen: 24
163.5.182.0/24 maxlen: 24
163.5.189.0/24 maxlen: 24
163.5.191.0/24 maxlen: 24
163.5.200.0/24 maxlen: 24
163.5.201.0/24 maxlen: 24
163.5.203.0/24 maxlen: 24
163.5.204.0/24 maxlen: 24
163.5.205.0/24 maxlen: 24
163.5.206.0/24 maxlen: 24
163.5.211.0/24 maxlen: 24
163.5.212.0/24 maxlen: 24
163.5.218.0/24 maxlen: 24
163.5.224.0/24 maxlen: 24
163.5.228.0/24 maxlen: 24
163.5.241.0/24 maxlen: 24
163.5.245.0/24 maxlen: 24
163.5.250.0/24 maxlen: 24
163.5.253.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 07 Jan 2025 13:53:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:3d:61:fb:9d:78:99:a0:e1:7c:47:c5:4d:cc:80:72:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Jan 6 20:50:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2f35c0f8c048235f0e29b224f697cfe32bb0684b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:aa:1e:11:31:84:ed:b9:92:02:3e:fd:bb:11:
bd:ae:10:1a:1f:9a:94:bb:01:65:4b:c5:51:6f:5d:
30:56:f1:13:2b:01:c8:81:1a:27:95:ad:27:db:fd:
5e:33:0e:b4:3a:d1:8b:b7:8a:6a:76:9f:3f:84:16:
9c:1d:42:be:0e:ec:4c:89:52:35:fd:54:d5:17:fc:
ac:46:20:1d:7c:9d:61:59:fe:3a:8e:9f:d4:7f:8e:
e5:3b:13:06:23:be:5d:2d:ca:b9:1b:fa:09:a8:ce:
a7:57:83:b1:ca:71:b7:8a:76:85:be:8b:7f:94:40:
f0:23:2d:4c:25:6d:39:0b:e0:76:39:23:52:65:04:
5d:92:26:1a:33:e6:af:9e:09:0d:66:d7:d7:0b:0b:
8a:08:a0:55:a4:79:cc:53:c3:87:ce:e2:89:54:f1:
5d:42:e9:fb:64:5d:22:e7:b1:3e:ce:78:c2:8e:38:
32:f4:e2:64:c6:97:dc:d6:7b:f9:d4:4d:1f:94:52:
62:c1:33:d6:e2:2b:db:89:b4:1b:05:1b:7d:0b:11:
dc:f3:1f:ed:2c:13:7c:f9:d8:fc:bf:93:e8:c1:74:
93:c4:2d:74:86:38:35:d0:16:9a:03:4f:aa:ef:2f:
a4:5a:9a:c3:60:31:d2:db:e9:39:94:be:ec:07:e7:
e2:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:35:C0:F8:C0:48:23:5F:0E:29:B2:24:F6:97:CF:E3:2B:B0:68:4B
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/LzXA-MBII18OKbIk9pfP4yuwaEs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.30.0/24
163.5.59.0/24
163.5.73.0/24
163.5.89.0/24
163.5.110.0-163.5.113.255
163.5.118.0/23
163.5.121.0/24
163.5.126.0/24
163.5.128.0/23
163.5.138.0/23
163.5.143.0/24
163.5.146.0/24
163.5.151.0/24
163.5.158.0/24
163.5.160.0/24
163.5.167.0/24
163.5.175.0/24
163.5.178.0/24
163.5.182.0/24
163.5.189.0/24
163.5.191.0/24
163.5.200.0/23
163.5.203.0-163.5.206.255
163.5.211.0-163.5.212.255
163.5.218.0/24
163.5.224.0/24
163.5.228.0/24
163.5.241.0/24
163.5.245.0/24
163.5.250.0/24
163.5.253.0/24
Signature Algorithm: sha256WithRSAEncryption
10:a1:5c:dc:fa:aa:6f:9e:3f:44:fb:f8:b8:10:d2:a9:61:18:
3b:14:a1:ec:ba:c5:f5:a5:13:01:ca:ed:05:4f:cf:64:fb:55:
4a:dc:a6:4b:fb:e8:b8:1c:30:e3:41:83:7e:18:2d:12:15:01:
77:2a:7b:02:07:2c:00:6b:4a:13:0e:8a:cb:b7:36:69:99:3f:
94:01:e7:e6:11:4e:bc:4b:bd:a4:00:8e:ac:ba:a5:92:e1:d4:
46:b6:7c:6c:93:13:da:85:0e:fc:8d:24:d4:af:93:1f:34:56:
44:a2:d1:85:27:e9:52:61:af:be:0a:76:c5:e4:0b:da:7f:86:
82:20:74:f5:c0:c5:92:0d:0b:ea:1b:fe:a5:c6:4b:7e:5c:66:
5e:20:be:fa:9c:d8:fb:68:36:8c:06:47:95:6c:37:2b:44:7e:
5c:f2:22:e3:d9:89:f6:3a:e9:b3:6e:fe:78:00:ff:2f:2b:c2:
00:2e:2a:3b:9d:c2:fc:9b:25:6c:e2:2d:a2:9f:c9:0c:25:ff:
f0:8b:56:05:70:a7:73:10:58:24:f8:be:a1:d7:2b:dc:25:36:
40:2f:2e:7f:df:10:fc:20:31:98:12:dd:52:6a:13:bb:8f:ac:
68:91:77:42:26:c8:26:b2:85:57:fc:c1:40:b5:d5:b3:d9:38:
6e:cf:56:76
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgISAZQ9YfudeJmg4XxHxU3MgHI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTA2MjA1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjM1YzBmOGMwNDgyMzVmMGUyOWIyMjRmNjk3Y2ZlMzJiYjA2ODRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqoeETGE7bmSAj79uxG9rhAaH5qU
uwFlS8VRb10wVvETKwHIgRonla0n2/1eMw60OtGLt4pqdp8/hBacHUK+DuxMiVI1
/VTVF/ysRiAdfJ1hWf46jp/Uf47lOxMGI75dLcq5G/oJqM6nV4OxynG3inaFvot/
lEDwIy1MJW05C+B2OSNSZQRdkiYaM+avngkNZtfXCwuKCKBVpHnMU8OHzuKJVPFd
Qun7ZF0i57E+znjCjjgy9OJkxpfc1nv51E0flFJiwTPW4ivbibQbBRt9CxHc8x/t
LBN8+dj8v5PowXSTxC10hjg10BaaA0+q7y+kWprDYDHS2+k5lL7sB+fiTQIDAQAB
o4IC2jCCAtYwHQYDVR0OBBYEFC81wPjASCNfDimyJPaXz+MrsGhLMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvTHpYQS1NQklJMThPS2JJazlwZlA0eXV3YUVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHvBggrBgEFBQcBBwEB/wSB3zCB3DCB2QQCAAEwgdIDBACj
BR4DBACjBTsDBACjBUkDBACjBVkwDAMEAaMFbgMEAaMFcAMEAaMFdgMEAKMFeQME
AKMFfgMEAaMFgAMEAaMFigMEAKMFjwMEAKMFkgMEAKMFlwMEAKMFngMEAKMFoAME
AKMFpwMEAKMFrwMEAKMFsgMEAKMFtgMEAKMFvQMEAKMFvwMEAaMFyDAMAwQAowXL
AwQAowXOMAwDBACjBdMDBACjBdQDBACjBdoDBACjBeADBACjBeQDBACjBfEDBACj
BfUDBACjBfoDBACjBf0wDQYJKoZIhvcNAQELBQADggEBABChXNz6qm+eP0T7+LgQ
0qlhGDsUoey6xfWlEwHK7QVPz2T7VUrcpkv76LgcMONBg34YLRIVAXcqewIHLABr
ShMOisu3NmmZP5QB5+YRTrxLvaQAjqy6pZLh1Ea2fGyTE9qFDvyNJNSvkx80VkSi
0YUn6VJhr74KdsXkC9p/hoIgdPXAxZINC+ob/qXGS35cZl4gvvqc2PtoNowGR5Vs
NytEflzyIuPZifY66bNu/ngA/y8rwgAuKjudwvybJWziLaKfyQwl//CLVgVwp3MQ
WCT4vqHXK9wlNkAvLn/fEPwgMZgS3VJqE7uPrGiRd0ImyCayhVf8wUC11bPZOG7P
VnY=
-----END CERTIFICATE-----
Generated at Sun Apr 6 14:02:00 2025 by rpki-client