Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3E1f2210BQzWJA6LmtdGy7Xtjak.roa
File: 3E1f2210BQzWJA6LmtdGy7Xtjak.roa (raw, json)
Hash identifier: +mDjTfeiQk9k/u+JMCw8Y8pmz1bxRwUAGkJt6toatb8=
Subject key identifier: DC:4D:5F:DB:6D:74:05:0C:D6:24:0E:8B:9A:D7:46:CB:B5:ED:8D:A9
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 0191E540B5F2AB364CE88E6573FE2AC46689
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3E1f2210BQzWJA6LmtdGy7Xtjak.roa
Signing time: Thu 12 Sep 2024 08:01:48 +0000
ROA not before: Thu 12 Sep 2024 08:01:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62206
IP address blocks: 2.56.109.0/24 maxlen: 24
5.181.84.0/24 maxlen: 24
5.181.87.0/24 maxlen: 24
45.9.29.0/24 maxlen: 24
45.13.189.0/24 maxlen: 24
45.13.190.0/24 maxlen: 24
45.81.115.0/24 maxlen: 24
45.88.136.0/24 maxlen: 24
45.88.138.0/24 maxlen: 24
45.94.171.0/24 maxlen: 24
45.132.180.0/24 maxlen: 24
45.132.181.0/24 maxlen: 24
45.132.182.0/23 maxlen: 24
45.144.212.0/24 maxlen: 24
45.151.3.0/24 maxlen: 24
77.83.37.0/24 maxlen: 24
146.19.125.0/24 maxlen: 24
185.43.248.0/24 maxlen: 24
185.43.249.0/24 maxlen: 24
185.43.251.0/24 maxlen: 24
185.200.62.0/24 maxlen: 24
185.200.63.0/24 maxlen: 24
193.30.240.0/24 maxlen: 24
193.30.242.0/24 maxlen: 24
193.30.243.0/24 maxlen: 24
193.57.43.0/24 maxlen: 24
194.242.96.0/24 maxlen: 24
194.242.98.0/24 maxlen: 24
194.242.99.0/24 maxlen: 24
195.177.93.0/24 maxlen: 24
195.177.94.0/24 maxlen: 24
195.211.188.0/22 maxlen: 24
195.211.190.0/24 maxlen: 24
2a01:7120::/32 maxlen: 32
2a01:7120:7::/48 maxlen: 48
2a07:9200::/29 maxlen: 29
2a07:9201::/32 maxlen: 32
2a07:9206::/32 maxlen: 32
2a07:9207::/32 maxlen: 32
2a09:340::/32 maxlen: 32
2a09:c440::/32 maxlen: 32
2a0c:5d40::/32 maxlen: 32
2a0c:a580::/29 maxlen: 29
2a0c:a580::/32 maxlen: 32
2a0c:a581::/32 maxlen: 32
2a0c:a584::/32 maxlen: 32
2a0c:a586::/32 maxlen: 32
2a10:dfc0::/29 maxlen: 29
2a10:dfc0::/32 maxlen: 32
2a10:fac0::/32 maxlen: 32
2a11:580::/29 maxlen: 29
2a11:580::/32 maxlen: 32
2a11:1600::/32 maxlen: 32
2a11:2a80::/32 maxlen: 32
2a11:3900::/32 maxlen: 32
2a11:d680::/32 maxlen: 32
2a12:9f00::/32 maxlen: 32
Validation: Failed, certificate revoked on Tue 17 Sep 2024 08:38:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:e5:40:b5:f2:ab:36:4c:e8:8e:65:73:fe:2a:c4:66:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Sep 12 08:01:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dc4d5fdb6d74050cd6240e8b9ad746cbb5ed8da9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:f4:1e:bc:28:15:f7:7b:21:91:93:2a:e9:56:
5a:99:9e:9b:94:1c:ee:8e:0e:99:6a:a6:58:cd:34:
3a:90:ac:86:3e:97:9a:ef:d8:5d:a7:5f:6b:69:a6:
19:5e:14:b9:82:09:e3:60:b4:30:2e:4d:d8:00:98:
d5:a4:1b:23:81:0e:0e:81:57:18:00:e4:0f:b6:12:
83:34:0d:b5:ae:f2:1a:f9:68:e2:dc:eb:20:eb:c8:
b2:bd:59:45:cb:aa:f0:ee:37:0b:f2:bc:17:a1:0d:
4e:5c:47:19:e0:2e:2d:1f:1a:ad:dc:a2:d5:ba:c6:
68:d6:55:78:27:ae:98:af:36:3b:d7:0a:ba:3c:41:
ea:c5:e3:94:e1:86:d9:f0:81:37:d5:f1:97:8b:13:
7b:7e:7a:2f:dd:c6:5f:24:b6:a5:dc:ba:f8:96:d8:
00:cc:f8:08:e9:94:ea:d4:86:84:d2:fa:f7:6c:39:
69:e0:a5:ed:7c:71:3c:10:18:01:0e:d0:53:0b:a6:
f1:9b:36:38:4e:d7:9f:4d:53:2e:c2:96:dc:f5:83:
8e:c0:cd:d4:cd:ae:37:b1:95:4d:71:1a:b2:84:3e:
33:b3:51:70:38:dd:4e:c1:d8:9e:27:21:66:b1:3c:
01:9f:44:1f:f7:fc:93:3a:ea:aa:e6:53:94:0d:5c:
66:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:4D:5F:DB:6D:74:05:0C:D6:24:0E:8B:9A:D7:46:CB:B5:ED:8D:A9
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/3E1f2210BQzWJA6LmtdGy7Xtjak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.109.0/24
5.181.84.0/24
5.181.87.0/24
45.9.29.0/24
45.13.189.0-45.13.190.255
45.81.115.0/24
45.88.136.0/24
45.88.138.0/24
45.94.171.0/24
45.132.180.0/22
45.144.212.0/24
45.151.3.0/24
77.83.37.0/24
146.19.125.0/24
185.43.248.0/23
185.43.251.0/24
185.200.62.0/23
193.30.240.0/24
193.30.242.0/23
193.57.43.0/24
194.242.96.0/24
194.242.98.0/23
195.177.93.0-195.177.94.255
195.211.188.0/22
IPv6:
2a01:7120::/32
2a07:9200::/29
2a09:340::/32
2a09:c440::/32
2a0c:5d40::/32
2a0c:a580::/29
2a10:dfc0::/29
2a10:fac0::/32
2a11:580::/29
2a11:1600::/32
2a11:2a80::/32
2a11:3900::/32
2a11:d680::/32
2a12:9f00::/32
Signature Algorithm: sha256WithRSAEncryption
78:3a:0c:13:ea:b8:72:f6:35:d0:5e:54:4c:dc:0a:1c:f0:34:
0d:a1:50:26:91:bd:ca:4e:23:47:74:b5:95:b5:18:ae:f9:81:
f7:44:b5:e7:22:7e:cb:5a:60:85:1a:fd:07:cc:0c:ab:5c:51:
ef:70:e6:0c:fd:fc:be:51:a7:82:8c:d9:55:e1:1a:0a:9d:02:
2a:52:3c:bb:ad:2c:5d:7a:9c:77:34:32:10:41:e8:a4:ca:8d:
5b:7d:88:e9:4d:71:d8:d8:d1:3b:a8:b4:7f:3f:2d:55:42:3c:
11:82:58:94:81:98:96:49:02:f5:c0:ca:e6:ff:f5:d7:71:d0:
93:ba:68:e6:e4:4a:c8:b4:0f:ce:81:89:53:bc:11:50:24:81:
9a:70:95:5b:2e:e5:cc:d0:9d:46:ff:81:e5:a3:63:8c:6c:ce:
1b:47:99:51:d1:b1:95:a8:be:fb:7c:08:a0:88:4b:a8:3f:e8:
b3:c7:08:fb:6a:2f:44:de:df:fb:5f:c2:51:a5:26:0a:d5:b6:
e6:b6:16:50:84:31:0c:ea:4d:fd:58:b7:7d:78:28:71:c9:e9:
e3:b1:63:ad:79:7b:19:5b:5d:d5:97:e4:07:c0:af:66:18:dd:
6f:f9:ac:30:53:19:32:18:10:1f:26:30:32:ef:32:6f:a4:b4:
c8:c5:3e:84
-----BEGIN CERTIFICATE-----
MIIGCTCCBPGgAwIBAgISAZHlQLXyqzZM6I5lc/4qxGaJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwOTEyMDgwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzRkNWZkYjZkNzQwNTBjZDYyNDBlOGI5YWQ3NDZjYmI1ZWQ4ZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvQevCgV93shkZMq6VZamZ6blBzu
jg6ZaqZYzTQ6kKyGPpea79hdp19raaYZXhS5ggnjYLQwLk3YAJjVpBsjgQ4OgVcY
AOQPthKDNA21rvIa+Wji3Osg68iyvVlFy6rw7jcL8rwXoQ1OXEcZ4C4tHxqt3KLV
usZo1lV4J66YrzY71wq6PEHqxeOU4YbZ8IE31fGXixN7fnov3cZfJLal3Lr4ltgA
zPgI6ZTq1IaE0vr3bDlp4KXtfHE8EBgBDtBTC6bxmzY4TtefTVMuwpbc9YOOwM3U
za43sZVNcRqyhD4zs1FwON1OwdieJyFmsTwBn0Qf9/yTOuqq5lOUDVxmcQIDAQAB
o4IDFTCCAxEwHQYDVR0OBBYEFNxNX9ttdAUM1iQOi5rXRsu17Y2pMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvM0UxZjIyMTBCUXpXSkE2TG10ZEd5N1h0amFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKQYIKwYBBQUHAQcBAf8EggEYMIIBFDCBpwQCAAEwgaAD
BAACOG0DBAAFtVQDBAAFtVcDBAAtCR0wDAMEAC0NvQMEAC0NvgMEAC1RcwMEAC1Y
iAMEAC1YigMEAC1eqwMEAi2EtAMEAC2Q1AMEAC2XAwMEAE1TJQMEAJITfQMEAbkr
+AMEALkr+wMEAbnIPgMEAMEe8AMEAcEe8gMEAME5KwMEAMLyYAMEAcLyYjAMAwQA
w7FdAwQAw7FeAwQCw9O8MGgEAgACMGIDBQAqAXEgAwUDKgeSAAMFACoJA0ADBQAq
CcRAAwUAKgxdQAMFAyoMpYADBQMqEN/AAwUAKhD6wAMFAyoRBYADBQAqERYAAwUA
KhEqgAMFACoROQADBQAqEdaAAwUAKhKfADANBgkqhkiG9w0BAQsFAAOCAQEAeDoM
E+q4cvY10F5UTNwKHPA0DaFQJpG9yk4jR3S1lbUYrvmB90S15yJ+y1pghRr9B8wM
q1xR73DmDP38vlGngozZVeEaCp0CKlI8u60sXXqcdzQyEEHopMqNW32I6U1x2NjR
O6i0fz8tVUI8EYJYlIGYlkkC9cDK5v/113HQk7po5uRKyLQPzoGJU7wRUCSBmnCV
Wy7lzNCdRv+B5aNjjGzOG0eZUdGxlai++3wIoIhLqD/os8cI+2ovRN7f+1/CUaUm
CtW25rYWUIQxDOpN/Vi3fXgoccnp47FjrXl7GVtd1ZfkB8CvZhjdb/msMFMZMhgQ
HyYwMu8yb6S0yMU+hA==
-----END CERTIFICATE-----
Generated at Tue Sep 17 10:55:43 2024 by rpki-client on console-ams.rpki-client.org