Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/r9mNh-bIwU826mx75p3KIHxZ5uU.roa
File: r9mNh-bIwU826mx75p3KIHxZ5uU.roa (raw, json)
Hash identifier: p85P3RUrECVx6LkmX35miFiZqXqn0o+IESQU9v0LLV8=
Subject key identifier: AF:D9:8D:87:E6:C8:C1:4F:36:EA:6C:7B:E6:9D:CA:20:7C:59:E6:E5
Certificate issuer: /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial: 019445561F9833417E9819E3C2E6A4714D59
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/r9mNh-bIwU826mx75p3KIHxZ5uU.roa
Signing time: Wed 08 Jan 2025 09:54:19 +0000
ROA not before: Wed 08 Jan 2025 09:54:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29802
IP address blocks: 89.21.86.0/24 maxlen: 24
89.251.24.0/24 maxlen: 24
109.122.43.0/24 maxlen: 24
109.122.45.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 27 Feb 2025 19:36:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:45:56:1f:98:33:41:7e:98:19:e3:c2:e6:a4:71:4d:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Validity
Not Before: Jan 8 09:54:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=afd98d87e6c8c14f36ea6c7be69dca207c59e6e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:56:03:aa:9f:08:24:b9:d3:b2:b4:cd:b9:71:
98:c3:42:a9:05:00:6c:76:89:10:cd:c1:39:f1:93:
e1:0c:e7:48:9f:c1:b9:70:1b:03:b4:45:f3:e1:f4:
24:bb:9a:d5:2d:27:f9:ec:c0:5a:ac:71:56:52:27:
36:58:50:b8:f3:c1:bf:0e:2b:46:6d:06:f6:43:be:
ca:dc:0f:90:53:0d:60:59:34:25:a6:e5:a2:f0:30:
f7:8b:f5:b3:26:da:e3:a5:73:a4:74:a8:e0:f7:a2:
14:7a:c4:a0:5f:c4:f4:f2:bc:17:f8:d0:d3:59:75:
60:4e:96:f6:81:62:3c:88:33:0b:f1:e6:3e:51:9e:
34:cc:7c:04:50:0a:1e:ab:24:1a:e1:45:7f:9e:b6:
b3:d4:4b:a8:d4:7c:52:f2:19:12:08:61:96:5c:b9:
5b:98:44:4b:0c:66:0b:18:fc:4a:e1:d5:97:b4:5e:
e2:7f:08:f0:3a:f4:cf:92:63:57:eb:0c:5a:3d:02:
4d:83:2d:7a:f4:78:29:97:e3:38:2a:78:0f:97:79:
4f:53:d0:d8:46:9a:3f:18:4c:a7:e2:58:03:73:39:
c1:e3:53:13:19:fa:1e:69:6a:ee:19:7e:fa:63:68:
d4:ca:e1:c2:1a:3d:8d:86:d7:14:35:a0:72:e5:88:
0e:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:D9:8D:87:E6:C8:C1:4F:36:EA:6C:7B:E6:9D:CA:20:7C:59:E6:E5
X509v3 Authority Key Identifier:
keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/r9mNh-bIwU826mx75p3KIHxZ5uU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.21.86.0/24
89.251.24.0/24
109.122.43.0/24
109.122.45.0/24
Signature Algorithm: sha256WithRSAEncryption
01:c0:d0:aa:20:12:95:34:09:39:e9:f2:55:ec:f6:61:0c:4f:
29:e3:67:05:2b:37:0e:72:66:1a:f4:a6:4b:9d:ec:e0:8a:43:
53:d4:b8:44:a3:06:42:df:06:c4:d3:91:10:96:a5:c4:f2:49:
80:4a:bf:37:24:5b:c0:93:5d:81:09:07:1a:63:7d:da:4e:02:
50:6c:82:30:7d:a8:3a:9b:81:6f:b3:d3:5f:9f:64:0b:97:29:
71:bf:9b:4c:04:30:d5:e3:05:19:51:4b:c8:96:78:43:7e:96:
58:68:46:5c:08:a0:65:a1:f6:d3:07:43:4b:ce:2f:ce:26:da:
d2:de:8c:f9:29:df:30:78:35:48:88:04:ed:ab:30:f7:ad:83:
8b:3f:e2:12:a1:63:09:8f:a0:93:c7:25:e9:e2:38:77:7f:90:
9e:c9:84:61:35:cc:7b:07:93:38:5c:94:52:52:70:3d:5c:9c:
c9:b1:d9:d5:5a:9f:e3:97:60:2d:f8:79:50:03:9c:89:6b:d4:
ac:35:53:75:3e:37:3f:20:b6:27:f0:72:91:e1:32:4e:df:22:
e0:df:6f:ca:7b:0b:d6:73:e3:6a:0c:9a:29:b0:03:8b:a2:52:
46:70:0c:67:7b:b9:61:91:a1:7e:a1:ad:4b:9e:31:de:f8:05:
4b:38:d6:2e
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZRFVh+YM0F+mBnjwuakcU1ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTA4MDk1NDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmQ5OGQ4N2U2YzhjMTRmMzZlYTZjN2JlNjlkY2EyMDdjNTllNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4FYDqp8IJLnTsrTNuXGYw0KpBQBs
dokQzcE58ZPhDOdIn8G5cBsDtEXz4fQku5rVLSf57MBarHFWUic2WFC488G/DitG
bQb2Q77K3A+QUw1gWTQlpuWi8DD3i/WzJtrjpXOkdKjg96IUesSgX8T08rwX+NDT
WXVgTpb2gWI8iDML8eY+UZ40zHwEUAoeqyQa4UV/nraz1Euo1HxS8hkSCGGWXLlb
mERLDGYLGPxK4dWXtF7ifwjwOvTPkmNX6wxaPQJNgy169Hgpl+M4KngPl3lPU9DY
Rpo/GEyn4lgDcznB41MTGfoeaWruGX76Y2jUyuHCGj2NhtcUNaBy5YgO/QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFK/ZjYfmyMFPNupse+adyiB8WeblMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvcjltTmgtYkl3VTgyNm14NzVwM0tJSHhaNXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWRVWAwQA
WfsYAwQAbXorAwQAbXotMA0GCSqGSIb3DQEBCwUAA4IBAQABwNCqIBKVNAk56fJV
7PZhDE8p42cFKzcOcmYa9KZLnezgikNT1LhEowZC3wbE05EQlqXE8kmASr83JFvA
k12BCQcaY33aTgJQbIIwfag6m4Fvs9Nfn2QLlylxv5tMBDDV4wUZUUvIlnhDfpZY
aEZcCKBlofbTB0NLzi/OJtrS3oz5Kd8weDVIiATtqzD3rYOLP+ISoWMJj6CTxyXp
4jh3f5CeyYRhNcx7B5M4XJRSUnA9XJzJsdnVWp/jl2At+HlQA5yJa9SsNVN1Pjc/
ILYn8HKR4TJO3yLg32/KewvWc+NqDJopsAOLolJGcAxne7lhkaF+oa1LnjHe+AVL
ONYu
-----END CERTIFICATE-----
Generated at Thu Apr 17 21:59:29 2025 by rpki-client