Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/188d75-2bf2-48f1-91f7-c48ca27a9c01/1/pacupbQuLL3QCqrRavOE6krOlhk.roa
File: pacupbQuLL3QCqrRavOE6krOlhk.roa (raw, json)
Hash identifier: jGaMgMrGTM/f68fZUdp4XuuiNzgERV1TDM11xNdwWNc=
Subject key identifier: A5:A7:2E:A5:B4:2E:2C:BD:D0:0A:AA:D1:6A:F3:84:EA:4A:CE:96:19
Certificate issuer: /CN=98f9e0c20acdc8faa7441a0843ff8a01f3d9dbc5
Certificate serial: 018CC56E03ADFC25C5403B378B38AA951FB9
Authority key identifier: 98:F9:E0:C2:0A:CD:C8:FA:A7:44:1A:08:43:FF:8A:01:F3:D9:DB:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mPngwgrNyPqnRBoIQ_-KAfPZ28U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/24/188d75-2bf2-48f1-91f7-c48ca27a9c01/1/pacupbQuLL3QCqrRavOE6krOlhk.roa
Signing time: Mon 01 Jan 2024 14:29:30 +0000
ROA not before: Mon 01 Jan 2024 14:29:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43037
IP address blocks: 185.66.188.0/22 maxlen: 22
77.75.72.0/21 maxlen: 21
77.75.72.0/23 maxlen: 23
77.75.78.0/23 maxlen: 23
77.75.75.0/24 maxlen: 24
77.75.76.0/23 maxlen: 23
77.75.74.0/24 maxlen: 24
2a02:598:a::/48 maxlen: 48
2a02:598::/32 maxlen: 32
2a02:598:b::/48 maxlen: 48
2a02:598:4444::/48 maxlen: 48
2a02:598:2::/48 maxlen: 48
2a02:598:3333::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 15:51:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:03:ad:fc:25:c5:40:3b:37:8b:38:aa:95:1f:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=98f9e0c20acdc8faa7441a0843ff8a01f3d9dbc5
Validity
Not Before: Jan 1 14:29:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a5a72ea5b42e2cbdd00aaad16af384ea4ace9619
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:7d:3a:83:1f:99:de:1e:76:98:a9:94:e3:0a:
00:51:78:d6:79:a1:ee:04:89:3b:51:e5:79:d4:97:
9c:f5:5a:3c:f6:72:b0:ec:fd:4a:ad:0a:a2:9e:e9:
3e:44:4e:63:0b:95:cf:41:01:6c:77:80:6e:df:3f:
01:f1:88:f5:90:02:dd:c5:be:4d:50:6e:85:19:b3:
96:4c:39:11:ea:18:e6:d4:a9:2b:a0:02:05:74:e9:
4e:de:59:92:d1:82:ea:86:b1:be:9a:06:73:bd:4d:
e8:c8:51:66:8c:dc:ad:db:72:6e:08:f5:d2:e3:52:
5e:f7:9a:04:0b:83:b7:fe:58:01:2e:97:8a:a2:48:
95:8f:9b:b9:33:10:30:af:f7:fc:bc:50:4a:57:87:
4e:af:7d:72:69:10:af:82:b0:80:69:b6:b8:db:70:
99:11:a2:ac:36:60:7d:3b:6a:3f:2d:d9:f4:27:a8:
60:25:1c:17:2e:4f:4d:38:c4:67:3b:83:b0:f2:15:
7a:a6:14:c0:6c:a1:e7:86:e6:d7:77:65:8d:32:3c:
1a:1e:a2:4b:53:7e:d9:b6:bc:b6:04:2b:ce:34:4b:
18:e2:32:ad:31:b1:44:82:22:4f:c6:8f:e9:18:65:
76:1c:bc:60:af:78:b3:74:81:3b:f1:06:43:f8:d7:
74:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:A7:2E:A5:B4:2E:2C:BD:D0:0A:AA:D1:6A:F3:84:EA:4A:CE:96:19
X509v3 Authority Key Identifier:
keyid:98:F9:E0:C2:0A:CD:C8:FA:A7:44:1A:08:43:FF:8A:01:F3:D9:DB:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mPngwgrNyPqnRBoIQ_-KAfPZ28U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/188d75-2bf2-48f1-91f7-c48ca27a9c01/1/pacupbQuLL3QCqrRavOE6krOlhk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/24/188d75-2bf2-48f1-91f7-c48ca27a9c01/1/mPngwgrNyPqnRBoIQ_-KAfPZ28U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.75.72.0/21
185.66.188.0/22
IPv6:
2a02:598::/32
Signature Algorithm: sha256WithRSAEncryption
25:02:ee:d6:fe:88:65:e6:d1:1c:16:af:d4:12:26:fb:58:e3:
41:7a:7e:55:5d:87:03:e9:9a:dd:f1:bd:d8:13:2b:ee:f8:41:
4c:4d:35:fe:9d:09:57:0c:08:6d:d2:52:97:4f:d5:85:1b:b1:
3f:47:22:13:ac:1c:2c:89:78:f5:63:16:4f:74:d6:eb:29:2c:
f0:56:79:4e:9b:41:e0:21:87:ce:b3:8c:88:4c:a3:d4:a8:ed:
fc:58:55:9c:e2:ff:4f:5e:8f:95:6f:a7:86:bf:9e:2d:39:05:
88:68:a1:ff:59:7a:ab:bb:ee:88:2d:a6:66:50:04:79:cf:ce:
8c:38:d8:04:ed:ed:06:47:37:9f:70:e8:6e:cf:33:34:27:c7:
73:e7:e7:2f:cf:b0:0f:7c:92:66:14:bb:a8:21:1b:72:04:2d:
dd:97:ff:38:ec:1f:e5:4b:8e:7f:0a:ef:5f:8a:db:a5:f7:1e:
8e:71:9b:d7:a9:48:76:1a:f0:62:4b:79:06:b5:ba:7d:23:ef:
ea:b3:93:d8:3c:eb:a0:db:cb:04:9e:9e:ee:bb:f3:33:c4:c7:
9f:cf:2d:08:29:8a:70:79:10:24:ac:68:b7:a9:90:d6:32:02:
31:6c:af:e5:12:7e:46:28:e4:f0:2d:cf:f0:6c:7f:54:4f:30:
87:b8:7a:1a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbgOt/CXFQDs3iziqlR+5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZjllMGMyMGFjZGM4ZmFhNzQ0MWEwODQzZmY4YTAxZjNk
OWRiYzUwHhcNMjQwMTAxMTQyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWE3MmVhNWI0MmUyY2JkZDAwYWFhZDE2YWYzODRlYTRhY2U5NjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoX06gx+Z3h52mKmU4woAUXjWeaHu
BIk7UeV51Jec9Vo89nKw7P1KrQqinuk+RE5jC5XPQQFsd4Bu3z8B8Yj1kALdxb5N
UG6FGbOWTDkR6hjm1KkroAIFdOlO3lmS0YLqhrG+mgZzvU3oyFFmjNyt23JuCPXS
41Je95oEC4O3/lgBLpeKokiVj5u5MxAwr/f8vFBKV4dOr31yaRCvgrCAaba423CZ
EaKsNmB9O2o/Ldn0J6hgJRwXLk9NOMRnO4Ow8hV6phTAbKHnhubXd2WNMjwaHqJL
U37Ztry2BCvONEsY4jKtMbFEgiJPxo/pGGV2HLxgr3izdIE78QZD+Nd0lQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKWnLqW0Liy90Aqq0WrzhOpKzpYZMB8GA1UdIwQY
MBaAFJj54MIKzcj6p0QaCEP/igHz2dvFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVBuZ3dnck55UHFuUkJvSVFfLUtBZlBaMjhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xODhkNzUtMmJmMi00OGYxLTkxZjct
YzQ4Y2EyN2E5YzAxLzEvcGFjdXBiUXVMTDNRQ3FyUmF2T0U2a3JPbGhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xODhkNzUtMmJmMi00OGYxLTkxZjctYzQ4Y2EyN2E5YzAx
LzEvbVBuZ3dnck55UHFuUkJvSVFfLUtBZlBaMjhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDTUtIAwQC
uUK8MA0EAgACMAcDBQAqAgWYMA0GCSqGSIb3DQEBCwUAA4IBAQAlAu7W/ohl5tEc
Fq/UEib7WONBen5VXYcD6Zrd8b3YEyvu+EFMTTX+nQlXDAht0lKXT9WFG7E/RyIT
rBwsiXj1YxZPdNbrKSzwVnlOm0HgIYfOs4yITKPUqO38WFWc4v9PXo+Vb6eGv54t
OQWIaKH/WXqru+6ILaZmUAR5z86MONgE7e0GRzefcOhuzzM0J8dz5+cvz7APfJJm
FLuoIRtyBC3dl/847B/lS45/Cu9fitul9x6OcZvXqUh2GvBiS3kGtbp9I+/qs5PY
POug28sEnp7uu/MzxMefzy0IKYpweRAkrGi3qZDWMgIxbK/lEn5GKOTwLc/wbH9U
TzCHuHoa
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:46 2025 by rpki-client