Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/RZarG1-aTSQJrqd86SNGDob--dU.roa
File: RZarG1-aTSQJrqd86SNGDob--dU.roa (raw, json)
Hash identifier: Er0nczwW5bRS/fac4FgKIfVN69fGr3xr870W44TvKy8=
Subject key identifier: 45:96:AB:1B:5F:9A:4D:24:09:AE:A7:7C:E9:23:46:0E:86:FE:F9:D5
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 019232FD87D180B7D8F75B2A1214E71F2FAF
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/RZarG1-aTSQJrqd86SNGDob--dU.roa
Signing time: Fri 27 Sep 2024 10:18:48 +0000
ROA not before: Fri 27 Sep 2024 10:18:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 19905
IP address blocks: 2.96.0.0/13 maxlen: 24
62.3.192.0/18 maxlen: 24
62.24.128.0/17 maxlen: 24
62.241.160.0/19 maxlen: 24
78.144.0.0/13 maxlen: 24
79.77.0.0/16 maxlen: 24
79.78.0.0/15 maxlen: 24
80.40.0.0/13 maxlen: 24
81.1.64.0/18 maxlen: 24
81.6.192.0/18 maxlen: 24
81.86.0.0/16 maxlen: 24
81.170.0.0/17 maxlen: 24
81.178.0.0/15 maxlen: 24
82.133.0.0/17 maxlen: 24
83.67.0.0/16 maxlen: 24
84.43.0.0/17 maxlen: 24
87.242.128.0/17 maxlen: 24
89.168.128.0/17 maxlen: 24
89.240.0.0/14 maxlen: 24
91.146.112.0/21 maxlen: 24
92.8.0.0/13 maxlen: 24
92.16.0.0/12 maxlen: 24
145.255.240.0/21 maxlen: 24
185.24.12.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
185.173.116.0/22 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
185.175.144.0/22 maxlen: 24
193.218.99.0/24 maxlen: 24
194.106.32.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
195.112.0.0/18 maxlen: 24
195.137.0.0/17 maxlen: 24
195.149.0.0/18 maxlen: 24
212.1.128.0/19 maxlen: 24
212.67.96.0/19 maxlen: 24
212.74.96.0/19 maxlen: 24
212.139.0.0/16 maxlen: 24
212.159.128.0/18 maxlen: 24
213.78.0.0/16 maxlen: 24
213.208.64.0/18 maxlen: 24
217.8.0.0/19 maxlen: 24
217.68.128.0/20 maxlen: 24
Validation: Failed, certificate revoked on Thu 12 Dec 2024 12:39:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:32:fd:87:d1:80:b7:d8:f7:5b:2a:12:14:e7:1f:2f:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Sep 27 10:18:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4596ab1b5f9a4d2409aea77ce923460e86fef9d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:c7:a8:3b:40:70:64:c0:ec:a9:95:92:b9:d5:
31:7a:0b:5f:58:0d:62:38:83:a3:b6:0c:d4:03:f0:
aa:38:4b:6b:e0:d1:e1:94:a3:c5:b1:b4:87:02:b8:
ea:b7:47:ad:9a:69:b1:57:a1:0c:03:d9:3a:89:28:
28:4d:7f:4c:36:e5:c1:ed:d9:44:b2:d2:d2:c2:88:
79:03:ad:bd:58:24:41:50:56:9a:98:99:f1:14:c9:
26:51:7e:6b:76:09:5f:93:14:31:96:a6:d3:47:d6:
27:de:eb:de:bb:af:71:2a:47:f2:ed:74:e2:e3:50:
b6:94:3f:9c:a6:6b:2f:1e:25:7c:a7:1d:58:d6:dd:
5e:c9:74:70:e4:e1:0f:63:16:bc:99:14:c3:83:70:
93:72:be:78:e8:0d:13:02:f0:79:1b:c2:7e:4b:67:
ac:f1:7a:a7:e0:aa:59:24:fc:18:c7:aa:d6:f5:37:
9e:7b:c7:f2:71:4e:1b:04:3e:8e:3b:ba:d7:d6:d9:
71:d8:84:66:9e:37:74:d0:c2:0c:50:7b:fc:f2:ec:
a0:85:0a:bf:fd:03:60:b1:ed:53:8d:81:43:d8:40:
40:e6:c3:2a:3e:7a:9c:04:5f:54:a5:06:56:51:ba:
52:41:2f:be:ad:e9:7c:09:62:9f:ac:39:97:8f:a4:
7d:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:96:AB:1B:5F:9A:4D:24:09:AE:A7:7C:E9:23:46:0E:86:FE:F9:D5
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/RZarG1-aTSQJrqd86SNGDob--dU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.77.0.0-79.79.255.255
80.40.0.0/13
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.43.0.0/17
87.242.128.0/17
89.168.128.0/17
89.240.0.0/14
91.146.112.0/21
92.8.0.0-92.31.255.255
145.255.240.0/21
185.24.12.0/22
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
a2:38:3d:ab:16:fb:45:e6:11:92:3b:4f:81:40:55:96:34:4f:
21:1e:a5:5b:e4:33:12:0b:f1:cd:0f:73:8e:f6:4f:62:e9:cb:
64:1a:42:84:19:7a:9e:b3:4a:fc:0c:0f:ac:58:c2:78:09:3c:
3d:21:d9:93:a5:07:5c:c4:00:a0:48:09:3a:8e:1f:e4:18:1c:
46:ce:c3:d1:b9:3d:36:ce:16:d6:db:cf:c5:8a:62:b4:a1:87:
0c:38:4b:d5:71:d1:18:47:5e:33:dc:d9:52:19:eb:3a:10:54:
da:0e:71:80:4d:ab:09:3f:6c:98:0a:63:62:2c:8f:99:84:1a:
68:1a:8d:56:a8:52:37:5e:9d:67:66:f4:e4:4e:12:cd:a5:8c:
49:b5:d3:2b:d3:63:2c:bc:48:fc:1d:17:8a:fd:17:55:ad:22:
13:e2:8e:8b:fd:24:0d:64:57:5e:fa:7b:3b:d2:88:b1:ef:81:
bc:b4:f8:08:25:6e:02:46:d6:c6:be:13:79:d9:2a:f0:78:04:
ae:89:ca:1f:88:ed:8c:3f:5b:27:88:dc:da:aa:e0:3c:cf:85:
48:55:0c:8f:dd:ee:6e:4f:fe:df:17:b3:73:d5:85:8a:8c:d1:
03:d7:86:ed:92:2f:4b:0d:13:bc:2a:bb:e0:cd:12:c0:d2:bc:
aa:bd:bb:c7
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISAZIy/YfRgLfY91sqEhTnHy+vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjQwOTI3MTAxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTk2YWIxYjVmOWE0ZDI0MDlhZWE3N2NlOTIzNDYwZTg2ZmVmOWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzseoO0BwZMDsqZWSudUxegtfWA1i
OIOjtgzUA/CqOEtr4NHhlKPFsbSHArjqt0etmmmxV6EMA9k6iSgoTX9MNuXB7dlE
stLSwoh5A629WCRBUFaamJnxFMkmUX5rdglfkxQxlqbTR9Yn3uveu69xKkfy7XTi
41C2lD+cpmsvHiV8px1Y1t1eyXRw5OEPYxa8mRTDg3CTcr546A0TAvB5G8J+S2es
8Xqn4KpZJPwYx6rW9Teee8fycU4bBD6OO7rX1tlx2IRmnjd00MIMUHv88uyghQq/
/QNgse1TjYFD2EBA5sMqPnqcBF9UpQZWUbpSQS++rel8CWKfrDmXj6R9VQIDAQAB
o4IDDjCCAwowHQYDVR0OBBYEFEWWqxtfmk0kCa6nfOkjRg6G/vnVMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvUlphckcxLWFUU1FKcnFkODZTTkdEb2ItLWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIgYIKwYBBQUHAQcBAf8EggERMIIBDTCCAQkEAgABMIIB
AQMDAwJgAwQGPgPAAwQHPhiAAwQFPvGgAwMDTpAwCgMDAE9NAwMET0ADAwNQKAME
BlEBQAMEBlEGwAMDAFFWAwQHUaoAAwMBUbIDBAdShQADAwBTQwMEB1QrAAMEB1fy
gAMEB1mogAMDAlnwAwQDW5JwMAoDAwNcCAMDBVwAAwQDkf/wAwQCuRgMAwQCuXDU
MAwDBAK5rXQDBAK5rXgDBAK5rzADBAK5r5ADBADB2mMDBAXCaiADBAXC9+ADBAbD
cAADBAfDiQADBAbDlQADBAXUAYADBAXUQ2ADBAXUSmADAwDUiwMEBtSfgAMDANVO
AwQG1dBAAwQF2QgAAwQE2USAMA0GCSqGSIb3DQEBCwUAA4IBAQCiOD2rFvtF5hGS
O0+BQFWWNE8hHqVb5DMSC/HND3OO9k9i6ctkGkKEGXqes0r8DA+sWMJ4CTw9IdmT
pQdcxACgSAk6jh/kGBxGzsPRuT02zhbW28/FimK0oYcMOEvVcdEYR14z3NlSGes6
EFTaDnGATasJP2yYCmNiLI+ZhBpoGo1WqFI3Xp1nZvTkThLNpYxJtdMr02MsvEj8
HReK/RdVrSIT4o6L/SQNZFde+ns70oix74G8tPgIJW4CRtbGvhN52SrweASuicof
iO2MP1sniNzaquA8z4VIVQyP3e5uT/7fF7Nz1YWKjNED14btki9LDRO8KrvgzRLA
0ryqvbvH
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:31:53 2025 by rpki-client