Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/CYi5LSvq80DVa1RY4KQuxUsMvn8.roa
File: CYi5LSvq80DVa1RY4KQuxUsMvn8.roa (raw, json)
Hash identifier: YhYQUAzLPPGo+dqmsJv7P1FG4Yx0HllvgpRIM6Zi0EU=
Subject key identifier: 09:88:B9:2D:2B:EA:F3:40:D5:6B:54:58:E0:A4:2E:C5:4B:0C:BE:7F
Certificate issuer: /CN=43b92ec2b0e32cb7b2db13e3765298d6d2e585cd
Certificate serial: 018CC4253D26E434B4E42A844361DA2182AB
Authority key identifier: 43:B9:2E:C2:B0:E3:2C:B7:B2:DB:13:E3:76:52:98:D6:D2:E5:85:CD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q7kuwrDjLLey2xPjdlKY1tLlhc0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/CYi5LSvq80DVa1RY4KQuxUsMvn8.roa
Signing time: Mon 01 Jan 2024 08:30:23 +0000
ROA not before: Mon 01 Jan 2024 08:30:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 56441
IP address blocks: 91.231.125.0/24 maxlen: 24
91.224.118.0/24 maxlen: 24
91.224.119.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 09 Oct 2024 08:12:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:25:3d:26:e4:34:b4:e4:2a:84:43:61:da:21:82:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=43b92ec2b0e32cb7b2db13e3765298d6d2e585cd
Validity
Not Before: Jan 1 08:30:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0988b92d2beaf340d56b5458e0a42ec54b0cbe7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:84:8a:a6:c0:09:50:c6:30:e9:0f:76:aa:be:
37:2e:aa:0d:08:3d:b7:9e:08:70:57:3c:3a:4d:88:
7d:6e:24:4f:49:de:ec:57:e6:2f:3c:b4:3d:93:83:
e1:75:c0:09:5b:bb:13:02:5e:14:72:5b:bd:42:f8:
c5:45:6c:d5:db:b9:d0:82:5f:d1:46:67:e6:0f:28:
78:11:f4:85:a9:56:a7:4c:27:f0:7f:24:67:0e:98:
c4:e2:16:05:06:1b:1f:bf:d9:a9:62:46:d6:62:01:
86:d3:4a:12:31:97:e0:8d:34:8c:21:b9:c6:7f:82:
37:3c:74:aa:aa:2b:bb:df:d3:37:70:7c:bd:c0:91:
d8:0f:33:7a:44:82:7d:a1:47:ce:1f:94:82:bb:5d:
38:4f:69:c0:da:f5:c4:3b:4e:0d:1b:22:c6:73:64:
70:6b:97:9f:6c:03:e9:db:ae:aa:08:75:81:b2:54:
5c:fb:7c:97:54:f9:5d:dd:8b:e9:f1:ce:96:e6:b1:
87:8f:62:9d:68:e4:5c:c1:ba:89:11:36:d6:89:a0:
36:04:a5:62:ea:0f:77:bc:84:1f:b0:fd:24:db:13:
81:24:18:df:33:92:0f:55:ca:78:12:3d:47:eb:e3:
0f:df:1e:06:98:08:d6:47:71:22:d3:60:a4:cb:7a:
a6:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:88:B9:2D:2B:EA:F3:40:D5:6B:54:58:E0:A4:2E:C5:4B:0C:BE:7F
X509v3 Authority Key Identifier:
keyid:43:B9:2E:C2:B0:E3:2C:B7:B2:DB:13:E3:76:52:98:D6:D2:E5:85:CD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q7kuwrDjLLey2xPjdlKY1tLlhc0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/CYi5LSvq80DVa1RY4KQuxUsMvn8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/89286f-0e59-4626-a617-602151522a09/1/Q7kuwrDjLLey2xPjdlKY1tLlhc0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.224.118.0/23
91.231.125.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:c9:29:d8:38:7f:53:c9:3c:26:01:c9:d5:81:d7:8b:13:69:
72:f9:2e:3f:b7:12:ce:ba:14:68:a5:6d:36:7f:ff:58:96:d7:
c6:bf:b6:71:94:6e:fc:0a:1a:3f:b6:56:fa:a3:8c:4a:95:f9:
b5:12:6e:3d:55:71:91:ea:38:3e:6a:2f:f0:70:eb:ff:75:ae:
ef:f8:1c:65:d3:9e:d1:0d:c0:1a:06:a1:9a:2c:0f:93:39:6f:
01:9e:a2:ef:99:67:b4:31:c8:42:a1:da:80:bb:03:77:8c:e7:
3e:b4:8a:47:e4:cc:43:17:cf:9a:df:6a:69:38:fb:58:28:ba:
10:0a:d0:1d:72:9e:cb:b4:36:71:91:53:fe:32:56:18:38:37:
b0:5f:b9:5e:b4:6a:64:cb:b1:fd:79:7b:08:8f:71:2f:07:69:
38:e1:aa:78:5c:1c:6a:cb:61:56:19:d8:ad:c3:ad:71:68:40:
25:2b:c8:93:ba:7f:97:6c:c3:44:68:e6:07:28:00:a3:9a:c4:
7c:3a:8a:1c:4c:6a:03:1f:79:9f:c2:04:ef:c7:7d:e9:27:21:
cb:60:d6:25:3a:d2:3c:65:83:55:3e:04:00:75:64:a6:5a:70:
b9:ec:51:7a:18:08:d2:92:33:47:d6:f0:93:1b:bd:b9:0c:67:
d6:a2:9f:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJT0m5DS05CqEQ2HaIYKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYjkyZWMyYjBlMzJjYjdiMmRiMTNlMzc2NTI5OGQ2ZDJl
NTg1Y2QwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTg4YjkyZDJiZWFmMzQwZDU2YjU0NThlMGE0MmVjNTRiMGNiZTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoISKpsAJUMYw6Q92qr43LqoNCD23
nghwVzw6TYh9biRPSd7sV+YvPLQ9k4PhdcAJW7sTAl4Uclu9QvjFRWzV27nQgl/R
RmfmDyh4EfSFqVanTCfwfyRnDpjE4hYFBhsfv9mpYkbWYgGG00oSMZfgjTSMIbnG
f4I3PHSqqiu739M3cHy9wJHYDzN6RIJ9oUfOH5SCu104T2nA2vXEO04NGyLGc2Rw
a5efbAPp266qCHWBslRc+3yXVPld3Yvp8c6W5rGHj2KdaORcwbqJETbWiaA2BKVi
6g93vIQfsP0k2xOBJBjfM5IPVcp4Ej1H6+MP3x4GmAjWR3Ei02Cky3qmZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAmIuS0r6vNA1WtUWOCkLsVLDL5/MB8GA1UdIwQY
MBaAFEO5LsKw4yy3stsT43ZSmNbS5YXNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTdrdXdyRGpMTGV5MnhQamRsS1kxdExsaGMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84OTI4NmYtMGU1OS00NjI2LWE2MTct
NjAyMTUxNTIyYTA5LzEvQ1lpNUxTdnE4MERWYTFSWTRLUXV4VXNNdm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84OTI4NmYtMGU1OS00NjI2LWE2MTctNjAyMTUxNTIyYTA5
LzEvUTdrdXdyRGpMTGV5MnhQamRsS1kxdExsaGMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+B2AwQA
W+d9MA0GCSqGSIb3DQEBCwUAA4IBAQALySnYOH9TyTwmAcnVgdeLE2ly+S4/txLO
uhRopW02f/9YltfGv7ZxlG78Cho/tlb6o4xKlfm1Em49VXGR6jg+ai/wcOv/da7v
+Bxl057RDcAaBqGaLA+TOW8BnqLvmWe0MchCodqAuwN3jOc+tIpH5MxDF8+a32pp
OPtYKLoQCtAdcp7LtDZxkVP+MlYYODewX7letGpky7H9eXsIj3EvB2k44ap4XBxq
y2FWGditw61xaEAlK8iTun+XbMNEaOYHKACjmsR8OoocTGoDH3mfwgTvx33pJyHL
YNYlOtI8ZYNVPgQAdWSmWnC57FF6GAjSkjNH1vCTG725DGfWop/L
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:50:51 2025 by rpki-client