Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/XYD3udRDbSQdfVrW0koQoPxjLfA.roa
File: XYD3udRDbSQdfVrW0koQoPxjLfA.roa (raw, json)
Hash identifier: P5r5mHp7c9eKdlX2lpDJMvOvoYOL8dCcvi+MmINIR1Y=
Subject key identifier: 5D:80:F7:B9:D4:43:6D:24:1D:7D:5A:D6:D2:4A:10:A0:FC:63:2D:F0
Certificate issuer: /CN=89af8769339703da3b0cb5e831023d3bf63f022e
Certificate serial: 018CC726B0CAEEB4CB920718DC7956B1793E
Authority key identifier: 89:AF:87:69:33:97:03:DA:3B:0C:B5:E8:31:02:3D:3B:F6:3F:02:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/XYD3udRDbSQdfVrW0koQoPxjLfA.roa
Signing time: Mon 01 Jan 2024 22:30:50 +0000
ROA not before: Mon 01 Jan 2024 22:30:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50661
IP address blocks: 192.166.32.0/22 maxlen: 22
109.197.96.0/21 maxlen: 22
109.207.144.0/20 maxlen: 21
185.167.32.0/22 maxlen: 23
195.191.180.0/23 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 05:47:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:26:b0:ca:ee:b4:cb:92:07:18:dc:79:56:b1:79:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89af8769339703da3b0cb5e831023d3bf63f022e
Validity
Not Before: Jan 1 22:30:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5d80f7b9d4436d241d7d5ad6d24a10a0fc632df0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:77:34:92:ab:98:d2:a4:d2:52:98:3e:7d:00:
af:73:8b:c7:af:a6:b9:3a:39:11:f7:1a:d2:d7:b1:
c9:eb:c5:b1:35:98:75:86:48:84:73:39:ed:91:20:
d6:78:99:85:82:35:9c:ba:18:23:0b:a6:26:45:83:
bf:6d:f6:36:23:85:3f:4f:d8:28:ff:72:e7:e3:53:
23:8d:fd:ea:a3:ea:f7:4f:fd:07:3e:b2:71:cf:39:
07:54:08:df:f6:44:26:8e:ca:23:d7:17:1c:79:1b:
b7:f7:42:c8:c4:f7:86:b7:19:f0:53:c6:17:08:6f:
b5:b3:cc:8a:27:c6:45:9b:e8:2a:f2:5f:b1:dd:8b:
78:9e:fc:c8:84:60:47:e2:02:54:c4:fe:12:4f:3a:
93:34:74:91:a6:94:b8:25:94:4e:42:e5:16:6c:df:
6a:4e:85:7e:6b:53:74:8d:df:49:bd:10:d6:af:09:
b2:d3:09:d7:3b:02:3f:fb:d4:3e:20:e9:f2:40:93:
28:01:f9:6b:b9:25:a1:fd:a2:04:08:40:27:27:f5:
df:6b:14:a6:11:a2:b4:99:66:79:9f:de:40:94:04:
2e:66:47:5b:5e:5a:31:30:9b:38:6e:7b:0d:f6:a4:
f7:32:b5:22:fe:42:6b:c5:4c:1a:fe:d2:0e:5e:42:
f4:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:80:F7:B9:D4:43:6D:24:1D:7D:5A:D6:D2:4A:10:A0:FC:63:2D:F0
X509v3 Authority Key Identifier:
keyid:89:AF:87:69:33:97:03:DA:3B:0C:B5:E8:31:02:3D:3B:F6:3F:02:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/XYD3udRDbSQdfVrW0koQoPxjLfA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/5e82d6-c611-40ad-958e-301e4654ddf6/1/ia-HaTOXA9o7DLXoMQI9O_Y_Ai4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.197.96.0/21
109.207.144.0/20
185.167.32.0/22
192.166.32.0/22
195.191.180.0/23
Signature Algorithm: sha256WithRSAEncryption
bb:63:77:39:1e:98:eb:90:52:08:5f:cd:17:0a:7d:71:2c:da:
18:f8:54:d4:4f:d7:1c:d0:0b:7d:54:86:c5:2a:d1:72:ab:8c:
89:2d:57:44:48:86:60:a8:99:5b:37:e3:6c:a0:5d:7f:1f:b8:
59:8f:b9:3b:f2:86:5d:db:b3:c1:df:d6:ab:76:39:e5:90:cd:
a6:84:68:53:f0:73:18:bb:69:48:e0:ff:09:f8:7b:29:42:47:
64:dc:08:6a:5a:ff:b5:fd:0f:00:b1:cf:ac:77:d2:e2:99:d6:
24:d9:c5:a9:b8:37:db:71:de:c1:38:b8:74:10:31:02:85:82:
6b:6b:ca:f7:d6:11:3f:49:ae:8a:25:94:83:d4:d3:d2:35:ed:
04:e5:00:d3:40:64:8d:22:58:a3:90:5e:cc:eb:86:d9:1d:93:
bc:81:d6:34:94:da:c8:ed:c1:f1:e8:2d:e9:d9:08:04:1f:b4:
0d:6d:8a:e6:5c:c9:bc:b6:52:bb:c5:e0:eb:bd:fd:64:66:ac:
9f:45:79:80:58:0f:cf:9b:b9:93:02:cf:12:ee:36:9e:6b:e3:
a1:e9:5c:5d:02:87:c8:45:3f:f6:c8:a0:88:8f:25:92:b5:1d:
bd:16:3d:f9:65:e2:06:3a:1b:86:ee:a8:43:19:b7:47:5f:67:
16:57:b6:17
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzHJrDK7rTLkgcY3HlWsXk+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YWY4NzY5MzM5NzAzZGEzYjBjYjVlODMxMDIzZDNiZjYz
ZjAyMmUwHhcNMjQwMTAxMjIzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDgwZjdiOWQ0NDM2ZDI0MWQ3ZDVhZDZkMjRhMTBhMGZjNjMyZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgnc0kquY0qTSUpg+fQCvc4vHr6a5
OjkR9xrS17HJ68WxNZh1hkiEczntkSDWeJmFgjWcuhgjC6YmRYO/bfY2I4U/T9go
/3Ln41Mjjf3qo+r3T/0HPrJxzzkHVAjf9kQmjsoj1xcceRu390LIxPeGtxnwU8YX
CG+1s8yKJ8ZFm+gq8l+x3Yt4nvzIhGBH4gJUxP4STzqTNHSRppS4JZROQuUWbN9q
ToV+a1N0jd9JvRDWrwmy0wnXOwI/+9Q+IOnyQJMoAflruSWh/aIECEAnJ/XfaxSm
EaK0mWZ5n95AlAQuZkdbXloxMJs4bnsN9qT3MrUi/kJrxUwa/tIOXkL0hwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFF2A97nUQ20kHX1a1tJKEKD8Yy3wMB8GA1UdIwQY
MBaAFImvh2kzlwPaOwy16DECPTv2PwIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWEtSGFUT1hBOW83RExYb01RSTlPX1lfQWk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC81ZTgyZDYtYzYxMS00MGFkLTk1OGUt
MzAxZTQ2NTRkZGY2LzEvWFlEM3VkUkRiU1FkZlZyVzBrb1FvUHhqTGZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC81ZTgyZDYtYzYxMS00MGFkLTk1OGUtMzAxZTQ2NTRkZGY2
LzEvaWEtSGFUT1hBOW83RExYb01RSTlPX1lfQWk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDbcVgAwQE
bc+QAwQCuacgAwQCwKYgAwQBw7+0MA0GCSqGSIb3DQEBCwUAA4IBAQC7Y3c5Hpjr
kFIIX80XCn1xLNoY+FTUT9cc0At9VIbFKtFyq4yJLVdESIZgqJlbN+NsoF1/H7hZ
j7k78oZd27PB39ardjnlkM2mhGhT8HMYu2lI4P8J+HspQkdk3AhqWv+1/Q8Asc+s
d9LimdYk2cWpuDfbcd7BOLh0EDEChYJra8r31hE/Sa6KJZSD1NPSNe0E5QDTQGSN
IlijkF7M64bZHZO8gdY0lNrI7cHx6C3p2QgEH7QNbYrmXMm8tlK7xeDrvf1kZqyf
RXmAWA/Pm7mTAs8S7jaea+Oh6VxdAofIRT/2yKCIjyWStR29Fj35ZeIGOhuG7qhD
GbdHX2cWV7YX
-----END CERTIFICATE-----
Generated at Sun Apr 20 20:06:27 2025 by rpki-client