Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/991CEwzgfRCXruVNXCsALcSAA5c.roa
File: 991CEwzgfRCXruVNXCsALcSAA5c.roa (raw, json)
Hash identifier: G2cvIg1x96fzvgfgOsvUGmmAeOQLfHSDz9GptGlP7rQ=
Subject key identifier: F7:DD:42:13:0C:E0:7D:10:97:AE:E5:4D:5C:2B:00:2D:C4:80:03:97
Certificate issuer: /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial: 0195040A5C8ED53A75AFCC154887BD5863D2
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/991CEwzgfRCXruVNXCsALcSAA5c.roa
Signing time: Fri 14 Feb 2025 10:39:02 +0000
ROA not before: Fri 14 Feb 2025 10:39:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 86.110.33.0/24 maxlen: 24
86.110.36.0/24 maxlen: 24
86.110.53.0/24 maxlen: 24
86.110.54.0/24 maxlen: 24
86.110.58.0/24 maxlen: 24
86.110.59.0/24 maxlen: 24
86.110.63.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 26 Feb 2025 19:12:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:04:0a:5c:8e:d5:3a:75:af:cc:15:48:87:bd:58:63:d2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Validity
Not Before: Feb 14 10:39:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f7dd42130ce07d1097aee54d5c2b002dc4800397
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:45:bc:75:15:13:01:f3:cb:e0:e5:b5:07:40:
eb:3b:42:7f:87:59:58:17:80:74:ad:4d:86:0f:a4:
4c:46:07:3f:94:05:a7:4d:31:ed:62:d2:f5:46:5f:
5d:82:3c:67:7f:c4:82:83:aa:37:1f:0a:ee:ce:e3:
76:de:8e:3e:ea:43:f2:ec:4b:90:29:0d:7b:9b:85:
fe:0e:f2:18:45:f9:b4:e7:c7:79:46:13:65:0d:ae:
8a:b0:5e:21:9a:ab:57:90:f8:cc:ac:c7:3b:76:cb:
00:50:df:53:cb:e5:3c:ad:77:e4:74:7f:9b:73:e7:
34:c1:a5:53:47:bb:07:8b:5a:b5:fe:23:41:f7:80:
4c:4b:96:c9:e0:fe:ef:aa:27:35:b7:f9:32:19:48:
76:16:97:2a:5f:13:73:dd:4e:5b:9e:b7:bc:e6:13:
72:af:5f:1f:68:97:6f:42:96:91:b5:56:be:31:5f:
be:88:37:8a:18:d8:44:a3:c5:3d:b7:ee:e1:a5:dc:
84:31:0e:4c:9b:47:ff:92:09:38:ed:a2:9f:28:8c:
ac:4f:a7:c5:2c:98:74:08:69:96:c4:12:64:e8:47:
9e:86:90:94:a1:b1:ae:93:f7:04:71:f7:53:f5:f4:
13:c5:83:16:09:11:ed:93:eb:19:a4:83:39:e2:eb:
23:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F7:DD:42:13:0C:E0:7D:10:97:AE:E5:4D:5C:2B:00:2D:C4:80:03:97
X509v3 Authority Key Identifier:
keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/991CEwzgfRCXruVNXCsALcSAA5c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.110.33.0/24
86.110.36.0/24
86.110.53.0-86.110.54.255
86.110.58.0/23
86.110.63.0/24
Signature Algorithm: sha256WithRSAEncryption
57:be:d2:84:e4:5a:78:79:57:df:f0:bd:ae:5a:ed:58:e3:4a:
23:ab:86:54:67:f2:f8:fe:4f:7a:40:8e:2c:13:8a:04:ca:94:
62:cc:15:37:da:0f:1b:48:ad:61:a0:75:ce:f0:2c:1a:c9:46:
55:56:9d:f7:e9:19:88:d4:ae:22:13:43:e7:9f:35:0b:d0:c6:
89:22:a5:fe:7c:ed:6d:51:56:4e:55:3e:48:53:b7:3d:91:fe:
89:63:12:63:11:59:02:8f:36:a1:70:53:2f:8d:0d:aa:52:c0:
c2:e1:2d:9b:c4:8b:48:18:44:3b:37:3d:cd:45:78:44:3f:2e:
d5:5f:31:0f:81:9c:50:8a:bf:01:42:ec:d4:83:85:38:46:9a:
5a:5a:8c:2a:53:db:6c:c3:f3:0c:e9:d3:b8:6e:8f:66:6f:4a:
f0:48:b2:44:30:a9:e1:bc:7f:70:5d:19:54:8f:30:ee:f3:57:
99:99:4b:5b:ed:49:d7:1e:ac:c3:3c:bb:9b:ff:f5:c7:e4:76:
e2:ff:40:34:e6:2c:99:a3:70:45:7c:66:3f:c4:0f:f6:0c:b6:
7b:17:94:7c:5f:1c:dd:74:f6:3d:73:c5:10:0e:79:fa:3a:02:
01:5d:fa:b6:f6:f8:b5:14:5d:88:74:24:ca:8f:db:ee:da:fd:
80:32:ad:2f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAZUEClyO1Tp1r8wVSIe9WGPSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwMjE0MTAzOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2RkNDIxMzBjZTA3ZDEwOTdhZWU1NGQ1YzJiMDAyZGM0ODAwMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0W8dRUTAfPL4OW1B0DrO0J/h1lY
F4B0rU2GD6RMRgc/lAWnTTHtYtL1Rl9dgjxnf8SCg6o3HwruzuN23o4+6kPy7EuQ
KQ17m4X+DvIYRfm058d5RhNlDa6KsF4hmqtXkPjMrMc7dssAUN9Ty+U8rXfkdH+b
c+c0waVTR7sHi1q1/iNB94BMS5bJ4P7vqic1t/kyGUh2FpcqXxNz3U5bnre85hNy
r18faJdvQpaRtVa+MV++iDeKGNhEo8U9t+7hpdyEMQ5Mm0f/kgk47aKfKIysT6fF
LJh0CGmWxBJk6EeehpCUobGuk/cEcfdT9fQTxYMWCRHtk+sZpIM54usj3QIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFPfdQhMM4H0Ql67lTVwrAC3EgAOXMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvOTkxQ0V3emdmUkNYcnVWTlhDc0FMY1NBQTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAVm4hAwQA
Vm4kMAwDBABWbjUDBABWbjYDBAFWbjoDBABWbj8wDQYJKoZIhvcNAQELBQADggEB
AFe+0oTkWnh5V9/wva5a7VjjSiOrhlRn8vj+T3pAjiwTigTKlGLMFTfaDxtIrWGg
dc7wLBrJRlVWnffpGYjUriITQ+efNQvQxokipf587W1RVk5VPkhTtz2R/oljEmMR
WQKPNqFwUy+NDapSwMLhLZvEi0gYRDs3Pc1FeEQ/LtVfMQ+BnFCKvwFC7NSDhThG
mlpajCpT22zD8wzp07huj2ZvSvBIskQwqeG8f3BdGVSPMO7zV5mZS1vtSdcerMM8
u5v/9cfkduL/QDTmLJmjcEV8Zj/ED/YMtnsXlHxfHN109j1zxRAOefo6AgFd+rb2
+LUUXYh0JMqP2+7a/YAyrS8=
-----END CERTIFICATE-----
Generated at Sat Apr 5 17:52:57 2025 by rpki-client