Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/Bn9XLuhaP6gdWZ4pWMwoE2fmU7g.roa
File: Bn9XLuhaP6gdWZ4pWMwoE2fmU7g.roa (raw, json)
Hash identifier: ITFvaSHvmLUFYuHV3iSvjEM4TLZoNGx974hcHz4fNrE=
Subject key identifier: 06:7F:57:2E:E8:5A:3F:A8:1D:59:9E:29:58:CC:28:13:67:E6:53:B8
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 018CC86FC3B37E78C13F054C8A0AA0E8CC65
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/Bn9XLuhaP6gdWZ4pWMwoE2fmU7g.roa
Signing time: Tue 02 Jan 2024 04:30:16 +0000
ROA not before: Tue 02 Jan 2024 04:30:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204229
IP address blocks: 91.238.40.0/23 maxlen: 23
91.245.188.0/22 maxlen: 22
64.43.73.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 05:49:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:c3:b3:7e:78:c1:3f:05:4c:8a:0a:a0:e8:cc:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Jan 2 04:30:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=067f572ee85a3fa81d599e2958cc281367e653b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:53:f7:cf:42:de:26:26:a8:d6:42:aa:98:d4:
a1:5c:0b:d5:0d:07:08:02:25:24:59:d6:74:b7:ac:
f5:de:ae:bc:8a:ab:c8:15:5d:70:ff:88:7d:f7:61:
a4:90:af:d3:72:27:9d:96:f5:59:66:e5:ba:61:f0:
3b:60:d1:d0:ac:9f:1a:53:b6:8f:aa:9b:11:f2:1c:
b1:fb:fe:23:7b:de:35:01:de:e6:80:60:a9:4d:81:
e3:a8:f3:66:45:de:cf:2e:a5:3b:8b:2e:cc:e5:0a:
57:cb:8e:12:a8:b9:6c:de:5f:4e:b6:22:cc:f3:c5:
d5:71:3f:89:d8:fc:13:be:8b:f0:94:4c:06:db:91:
04:32:85:6b:b0:29:90:a4:8a:19:bf:de:ed:cd:b4:
5a:2c:39:89:c2:a1:d4:7c:a6:e2:f4:e9:91:bd:02:
62:f6:51:96:8e:ca:9a:da:01:01:58:5e:b3:f9:f3:
bf:47:41:bf:f4:17:c8:a8:c4:6f:7b:b9:ca:b0:28:
35:f6:10:23:52:09:54:99:50:8b:6d:44:13:c9:4d:
aa:9e:30:60:cf:93:09:c0:8d:32:69:d8:fe:2f:7f:
ed:0c:d5:fb:aa:3c:95:22:9b:9c:45:71:2e:18:f1:
29:e0:59:93:7f:bd:a3:70:3e:3a:ba:8d:37:80:3f:
bc:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:7F:57:2E:E8:5A:3F:A8:1D:59:9E:29:58:CC:28:13:67:E6:53:B8
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/Bn9XLuhaP6gdWZ4pWMwoE2fmU7g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.43.73.0/24
91.238.40.0/23
91.245.188.0/22
Signature Algorithm: sha256WithRSAEncryption
7a:9e:1d:d9:bf:4d:15:be:49:cb:78:6f:b6:f9:e3:99:37:5b:
2d:02:0a:97:da:07:ee:e3:15:b5:de:a4:7a:6d:49:fd:48:c0:
3a:f3:6b:01:fc:24:7a:30:b9:3a:2f:d2:8a:08:dc:c3:d4:a2:
28:94:19:8c:d5:ba:5d:51:b9:cd:89:21:9f:e7:39:b2:11:a8:
27:6f:d8:51:36:9c:47:1a:96:56:70:d8:e0:f7:0b:52:35:55:
2c:94:80:0f:21:27:30:d7:c8:34:e9:68:87:77:0d:c6:e2:e0:
14:f7:52:c2:d3:fe:d2:a7:1c:91:26:3c:6b:ea:e6:26:7d:4b:
ca:98:89:50:73:d7:14:26:04:c9:89:79:d1:49:2c:0d:9e:9e:
6b:1d:90:f0:fa:bf:9b:fa:92:2a:3b:80:05:ab:b5:43:8b:ae:
22:c2:bf:d3:73:71:a0:43:25:9e:a8:61:c3:98:bd:af:3e:85:
5b:72:0b:e7:67:cb:16:4f:59:9b:f0:ee:46:6c:82:de:82:0d:
17:f0:d7:8b:3c:a0:00:6f:94:75:bd:e3:f2:91:08:44:00:04:
70:ff:3d:37:c7:72:9e:5e:f3:c3:1d:86:a4:8e:10:cf:1c:c4:
a7:c3:e8:4d:28:c4:8b:9b:97:11:93:2d:43:30:f0:44:1b:c8:
cf:58:b2:cd
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIb8OzfnjBPwVMigqg6MxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjQwMTAyMDQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjdmNTcyZWU4NWEzZmE4MWQ1OTllMjk1OGNjMjgxMzY3ZTY1M2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1P3z0LeJiao1kKqmNShXAvVDQcI
AiUkWdZ0t6z13q68iqvIFV1w/4h992GkkK/TciedlvVZZuW6YfA7YNHQrJ8aU7aP
qpsR8hyx+/4je941Ad7mgGCpTYHjqPNmRd7PLqU7iy7M5QpXy44SqLls3l9OtiLM
88XVcT+J2PwTvovwlEwG25EEMoVrsCmQpIoZv97tzbRaLDmJwqHUfKbi9OmRvQJi
9lGWjsqa2gEBWF6z+fO/R0G/9BfIqMRve7nKsCg19hAjUglUmVCLbUQTyU2qnjBg
z5MJwI0yadj+L3/tDNX7qjyVIpucRXEuGPEp4FmTf72jcD46uo03gD+8AQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAZ/Vy7oWj+oHVmeKVjMKBNn5lO4MB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvQm45WEx1aGFQNmdkV1o0cFdNd29FMmZtVTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAQCtJAwQB
W+4oAwQCW/W8MA0GCSqGSIb3DQEBCwUAA4IBAQB6nh3Zv00VvknLeG+2+eOZN1st
AgqX2gfu4xW13qR6bUn9SMA682sB/CR6MLk6L9KKCNzD1KIolBmM1bpdUbnNiSGf
5zmyEagnb9hRNpxHGpZWcNjg9wtSNVUslIAPIScw18g06WiHdw3G4uAU91LC0/7S
pxyRJjxr6uYmfUvKmIlQc9cUJgTJiXnRSSwNnp5rHZDw+r+b+pIqO4AFq7VDi64i
wr/Tc3GgQyWeqGHDmL2vPoVbcgvnZ8sWT1mb8O5GbILegg0X8NeLPKAAb5R1vePy
kQhEAARw/z03x3KeXvPDHYakjhDPHMSnw+hNKMSLm5cRky1DMPBEG8jPWLLN
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:23:16 2025 by rpki-client