Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Nt70HmByB42fJMvfQ6_lt6LGXiU.roa
File: Nt70HmByB42fJMvfQ6_lt6LGXiU.roa (raw, json)
Hash identifier: Mm8176apadGPLc5zaWFpIJb+8/XafvaqdLwuWnUCASI=
Subject key identifier: 36:DE:F4:1E:60:72:07:8D:9F:24:CB:DF:43:AF:E5:B7:A2:C6:5E:25
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 01917145C1EFD6E93655721616692E11E14D
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Nt70HmByB42fJMvfQ6_lt6LGXiU.roa
Signing time: Tue 20 Aug 2024 19:31:22 +0000
ROA not before: Tue 20 Aug 2024 19:31:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205463
IP address blocks: 2.56.108.0/24 maxlen: 24
2.56.109.0/24 maxlen: 24
45.81.113.0/24 maxlen: 24
45.81.115.0/24 maxlen: 24
45.88.139.0/24 maxlen: 24
45.132.181.0/24 maxlen: 24
45.151.3.0/24 maxlen: 24
85.209.120.0/24 maxlen: 24
194.15.52.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 28 Oct 2024 15:58:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:71:45:c1:ef:d6:e9:36:55:72:16:16:69:2e:11:e1:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Aug 20 19:31:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=36def41e6072078d9f24cbdf43afe5b7a2c65e25
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ac:5c:93:a4:e7:74:88:fa:64:83:22:b0:66:
ba:7f:47:46:fa:83:3f:f8:b5:22:ee:f5:c7:f0:35:
62:cd:f5:21:47:18:95:a6:f5:41:1b:06:26:20:66:
c2:2f:89:d9:58:2d:53:14:a1:f7:55:ab:d7:68:81:
0f:9f:49:5b:74:48:29:0f:2e:1f:ec:2f:c5:ff:b2:
87:ee:fd:a0:5a:46:86:aa:f3:fe:a8:03:bf:fb:3f:
5f:c7:d2:2f:cc:db:e2:b0:16:fc:b8:ec:b1:7e:a2:
68:f3:12:75:df:4d:48:65:ab:41:ed:9c:df:31:17:
7d:2f:d7:d5:5a:e9:7e:c7:7b:65:62:bc:31:6c:10:
88:18:e7:a6:9e:54:2a:cc:7e:63:5e:a7:86:c3:99:
92:8f:42:22:96:c6:7f:03:b5:9c:de:29:11:d5:63:
9a:1c:27:d5:1f:be:61:d7:38:4d:c4:13:a2:da:01:
cd:4b:ff:10:9c:c7:50:14:94:b6:df:de:a8:40:ea:
91:45:ed:8f:fb:63:21:64:31:f9:39:6b:15:f3:74:
c1:8e:23:58:cd:44:ef:9c:ed:21:5b:2f:1e:f0:69:
8b:1b:c2:ea:a5:ff:fe:e2:5c:ea:3f:24:9d:4c:c8:
51:32:51:55:da:b5:50:93:9a:9c:4f:d2:14:e4:86:
c1:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:DE:F4:1E:60:72:07:8D:9F:24:CB:DF:43:AF:E5:B7:A2:C6:5E:25
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Nt70HmByB42fJMvfQ6_lt6LGXiU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.108.0/23
45.81.113.0/24
45.81.115.0/24
45.88.139.0/24
45.132.181.0/24
45.151.3.0/24
85.209.120.0/24
194.15.52.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:40:c0:a0:da:53:fd:13:00:1e:43:b3:cf:6b:06:60:d8:fd:
5f:59:5b:a3:09:25:87:a2:b6:59:59:e8:38:ab:13:2f:21:21:
a6:ad:71:05:27:85:d7:5a:15:ca:76:08:1e:96:df:45:84:33:
b0:81:3d:11:d4:d7:3c:72:2f:70:a1:cb:67:b1:e7:4e:9b:e3:
c9:a2:bb:cd:1b:50:2e:fb:a1:c6:26:0b:52:1a:4a:f7:a4:05:
3f:21:4d:12:1b:ec:1d:c9:f4:fa:bd:7a:22:3a:c4:e4:53:5d:
a9:c8:21:e0:17:2d:95:94:fd:68:ed:b4:5e:61:bb:c8:b4:9b:
17:95:26:3a:8f:fd:61:39:fc:7b:a3:9a:3c:2a:54:05:6a:bf:
5e:72:55:4f:bc:58:e1:20:97:f9:47:72:e0:5e:16:1d:fb:d8:
64:68:36:f2:6b:70:de:88:65:59:dc:7b:66:44:3a:4e:23:28:
fc:6d:a5:6a:5b:ed:45:b6:ff:63:d1:ac:b6:93:95:c7:3c:b7:
cb:e9:40:0a:e9:73:81:94:c2:27:68:40:00:7c:56:a4:00:04:
b9:88:1a:ef:48:82:95:2b:5e:59:38:4f:37:90:d0:0e:46:20:
4d:ec:ee:bd:2c:82:3b:b7:f5:d0:fb:04:38:d3:19:b8:25:6b:
0b:55:04:42
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZFxRcHv1uk2VXIWFmkuEeFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwODIwMTkzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmRlZjQxZTYwNzIwNzhkOWYyNGNiZGY0M2FmZTViN2EyYzY1ZTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Kxck6TndIj6ZIMisGa6f0dG+oM/
+LUi7vXH8DVizfUhRxiVpvVBGwYmIGbCL4nZWC1TFKH3VavXaIEPn0lbdEgpDy4f
7C/F/7KH7v2gWkaGqvP+qAO/+z9fx9IvzNvisBb8uOyxfqJo8xJ1301IZatB7Zzf
MRd9L9fVWul+x3tlYrwxbBCIGOemnlQqzH5jXqeGw5mSj0IilsZ/A7Wc3ikR1WOa
HCfVH75h1zhNxBOi2gHNS/8QnMdQFJS2396oQOqRRe2P+2MhZDH5OWsV83TBjiNY
zUTvnO0hWy8e8GmLG8Lqpf/+4lzqPySdTMhRMlFV2rVQk5qcT9IU5IbBLQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDbe9B5gcgeNnyTL30Ov5beixl4lMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTnQ3MEhtQnlCNDJmSk12ZlE2X2x0NkxHWGlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBAjhsAwQA
LVFxAwQALVFzAwQALViLAwQALYS1AwQALZcDAwQAVdF4AwQAwg80MA0GCSqGSIb3
DQEBCwUAA4IBAQCrQMCg2lP9EwAeQ7PPawZg2P1fWVujCSWHorZZWeg4qxMvISGm
rXEFJ4XXWhXKdggelt9FhDOwgT0R1Nc8ci9woctnsedOm+PJorvNG1Au+6HGJgtS
Gkr3pAU/IU0SG+wdyfT6vXoiOsTkU12pyCHgFy2VlP1o7bReYbvItJsXlSY6j/1h
Ofx7o5o8KlQFar9eclVPvFjhIJf5R3LgXhYd+9hkaDbya3DeiGVZ3HtmRDpOIyj8
baVqW+1Ftv9j0ay2k5XHPLfL6UAK6XOBlMInaEAAfFakAAS5iBrvSIKVK15ZOE83
kNAORiBN7O69LII7t/XQ+wQ40xm4JWsLVQRC
-----END CERTIFICATE-----
Generated at Mon Oct 28 20:14:21 2024 by rpki-client on console-ams.rpki-client.org