Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/MfAUk16L7xGeBACaKFwVMbSpsz4.roa
File: MfAUk16L7xGeBACaKFwVMbSpsz4.roa (raw, json)
Hash identifier: bZsn3vXD+RY3PUbkxSex04QjmdIlTIPEEu8EEpzfs3o=
Subject key identifier: 31:F0:14:93:5E:8B:EF:11:9E:04:00:9A:28:5C:15:31:B4:A9:B3:3E
Certificate issuer: /CN=7a350d024af01f8eaf125717caa03aafad184e1d
Certificate serial: 01917EAEFC72504482F7E018A204C322A2EF
Authority key identifier: 7A:35:0D:02:4A:F0:1F:8E:AF:12:57:17:CA:A0:3A:AF:AD:18:4E:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ejUNAkrwH46vElcXyqA6r60YTh0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/MfAUk16L7xGeBACaKFwVMbSpsz4.roa
Signing time: Fri 23 Aug 2024 10:01:22 +0000
ROA not before: Fri 23 Aug 2024 10:01:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60706
IP address blocks: 109.104.252.0/22 maxlen: 22
109.104.252.0/23 maxlen: 23
109.104.252.0/24 maxlen: 24
109.104.253.0/24 maxlen: 24
109.104.254.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 11:47:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:7e:ae:fc:72:50:44:82:f7:e0:18:a2:04:c3:22:a2:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7a350d024af01f8eaf125717caa03aafad184e1d
Validity
Not Before: Aug 23 10:01:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=31f014935e8bef119e04009a285c1531b4a9b33e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:ff:8f:9b:e6:6c:66:c8:1e:29:9a:ed:95:2c:
6a:cc:b1:d5:03:23:21:94:3b:e1:69:f5:33:72:99:
dc:a1:94:a0:bc:b0:83:26:fd:f9:f0:62:a1:30:89:
50:ae:cf:7a:0b:de:59:ad:8a:30:1b:e2:38:15:d2:
ed:e2:1f:6d:e6:62:47:89:43:96:e7:3a:a2:de:5e:
c8:f5:3c:4f:a2:97:b6:5f:28:58:9a:f9:4a:1e:6b:
62:8c:e9:30:30:53:e5:07:84:56:f8:c5:30:de:6f:
01:5f:68:95:1d:e3:46:2f:80:4d:7d:78:fa:b2:a7:
48:07:2d:ad:d7:1f:0b:fe:78:b1:77:0c:97:00:d1:
ca:1a:0d:0d:b8:8e:5c:50:3d:4b:e2:14:83:de:4f:
71:35:97:8a:69:ed:c3:72:fc:23:7a:47:b4:c6:c2:
c5:82:fa:8e:a9:2c:8e:3f:ce:05:d2:73:91:c6:c0:
0d:fd:36:2d:b0:da:ac:df:92:a7:3d:ac:78:4a:7c:
18:9d:8d:e7:24:74:7a:fb:20:44:02:7d:f0:62:f6:
6d:59:3f:3b:0e:ad:c5:36:38:70:44:93:cb:da:69:
26:de:83:f8:5d:a6:87:c3:f8:3c:00:2a:e5:e7:fe:
db:d4:5a:de:a4:c6:92:1f:c9:77:2a:24:43:92:02:
08:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:F0:14:93:5E:8B:EF:11:9E:04:00:9A:28:5C:15:31:B4:A9:B3:3E
X509v3 Authority Key Identifier:
keyid:7A:35:0D:02:4A:F0:1F:8E:AF:12:57:17:CA:A0:3A:AF:AD:18:4E:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ejUNAkrwH46vElcXyqA6r60YTh0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/MfAUk16L7xGeBACaKFwVMbSpsz4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/7966ae-9c88-43e9-b899-d003e56fe753/1/ejUNAkrwH46vElcXyqA6r60YTh0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.104.252.0/22
Signature Algorithm: sha256WithRSAEncryption
8e:6c:3b:4f:7f:ae:8e:bb:78:ff:f8:83:42:c3:eb:4b:24:9d:
4c:c5:28:52:e3:d8:4c:dd:aa:51:1e:e0:bb:ad:0e:bc:2d:89:
71:97:8a:4d:d7:4f:b6:17:89:95:6d:df:04:9e:f9:d0:2d:0a:
23:71:26:ee:6e:84:35:9d:cd:2c:b7:34:a3:f6:6b:08:1d:25:
ef:66:86:0c:13:fe:ea:0a:45:96:39:cc:f7:01:9d:53:9e:cd:
2b:ac:b4:34:bf:94:23:11:79:79:07:64:b3:65:4c:49:dd:b8:
87:b1:1e:ca:fe:6b:e9:32:30:c8:e1:3c:e3:4c:5c:5e:26:11:
a1:48:f3:cc:ad:b0:0f:7f:54:c4:46:39:0c:04:af:f9:4d:91:
e7:7b:26:52:f6:1c:51:47:82:b4:8f:3e:75:a3:08:72:de:a9:
87:a4:54:ff:86:de:e0:b4:05:0f:ee:5d:53:3c:3b:5d:7b:39:
1d:03:cc:4d:3b:d1:4c:39:69:c8:0a:30:79:ca:a9:ad:3c:fa:
f2:3f:e0:b0:3d:53:ef:75:56:2d:f9:49:1b:7c:47:cb:47:0f:
aa:c3:39:cb:74:99:76:97:21:12:4d:10:4a:5d:08:61:33:cf:
37:b9:e2:29:b2:66:5a:44:5b:ac:61:a5:47:93:4b:ff:7b:db:
73:7f:61:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF+rvxyUESC9+AYogTDIqLvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhMzUwZDAyNGFmMDFmOGVhZjEyNTcxN2NhYTAzYWFmYWQx
ODRlMWQwHhcNMjQwODIzMTAwMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWYwMTQ5MzVlOGJlZjExOWUwNDAwOWEyODVjMTUzMWI0YTliMzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsf+Pm+ZsZsgeKZrtlSxqzLHVAyMh
lDvhafUzcpncoZSgvLCDJv358GKhMIlQrs96C95ZrYowG+I4FdLt4h9t5mJHiUOW
5zqi3l7I9TxPope2XyhYmvlKHmtijOkwMFPlB4RW+MUw3m8BX2iVHeNGL4BNfXj6
sqdIBy2t1x8L/nixdwyXANHKGg0NuI5cUD1L4hSD3k9xNZeKae3Dcvwjeke0xsLF
gvqOqSyOP84F0nORxsAN/TYtsNqs35KnPax4SnwYnY3nJHR6+yBEAn3wYvZtWT87
Dq3FNjhwRJPL2mkm3oP4XaaHw/g8ACrl5/7b1FrepMaSH8l3KiRDkgII3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDHwFJNei+8RngQAmihcFTG0qbM+MB8GA1UdIwQY
MBaAFHo1DQJK8B+OrxJXF8qgOq+tGE4dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWpVTkFrcndINDZ2RWxjWHlxQTZyNjBZVGgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi83OTY2YWUtOWM4OC00M2U5LWI4OTkt
ZDAwM2U1NmZlNzUzLzEvTWZBVWsxNkw3eEdlQkFDYUtGd1ZNYlNwc3o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi83OTY2YWUtOWM4OC00M2U5LWI4OTktZDAwM2U1NmZlNzUz
LzEvZWpVTkFrcndINDZ2RWxjWHlxQTZyNjBZVGgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbWj8MA0G
CSqGSIb3DQEBCwUAA4IBAQCObDtPf66Ou3j/+INCw+tLJJ1MxShS49hM3apRHuC7
rQ68LYlxl4pN10+2F4mVbd8EnvnQLQojcSbuboQ1nc0stzSj9msIHSXvZoYME/7q
CkWWOcz3AZ1Tns0rrLQ0v5QjEXl5B2SzZUxJ3biHsR7K/mvpMjDI4TzjTFxeJhGh
SPPMrbAPf1TERjkMBK/5TZHneyZS9hxRR4K0jz51owhy3qmHpFT/ht7gtAUP7l1T
PDtdezkdA8xNO9FMOWnICjB5yqmtPPryP+CwPVPvdVYt+UkbfEfLRw+qwznLdJl2
lyESTRBKXQhhM883ueIpsmZaRFusYaVHk0v/e9tzf2E1
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:11 2025 by rpki-client