Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/CXzhaginQm8wMXa5xQ8ZwG1naCM.roa
File: CXzhaginQm8wMXa5xQ8ZwG1naCM.roa (raw, json)
Hash identifier: EjINqhMlozpu5mlXsSbKPvUq3AcuVqdUt/ohLh+uhN4=
Subject key identifier: 09:7C:E1:6A:08:A7:42:6F:30:31:76:B9:C5:0F:19:C0:6D:67:68:23
Certificate issuer: /CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
Certificate serial: 018CC94D7BF62D2A25EE5D7E912C157DD2D7
Authority key identifier: 9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/CXzhaginQm8wMXa5xQ8ZwG1naCM.roa
Signing time: Tue 02 Jan 2024 08:32:27 +0000
ROA not before: Tue 02 Jan 2024 08:32:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39558
IP address blocks: 195.244.4.0/23 maxlen: 23
91.221.132.0/24 maxlen: 24
91.221.133.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 21:47:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4d:7b:f6:2d:2a:25:ee:5d:7e:91:2c:15:7d:d2:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
Validity
Not Before: Jan 2 08:32:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=097ce16a08a7426f303176b9c50f19c06d676823
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:18:05:41:75:61:b8:bc:2f:41:46:0b:7e:09:
14:fa:5b:8d:8b:21:1e:76:46:2c:3a:e3:ae:63:5e:
ab:25:bc:fc:7a:94:54:c4:97:b1:33:30:c9:25:de:
1b:8d:52:cf:55:1e:3b:43:cb:a2:f0:88:05:0a:9c:
f4:4a:ed:28:60:a1:a6:c6:0a:d8:9e:bb:73:de:8d:
16:b7:14:74:d2:12:b0:ee:79:08:3d:ec:8f:20:1b:
af:8d:d2:bf:54:8f:31:44:5c:d9:98:6b:41:b1:73:
1c:ce:15:5b:4a:0d:93:64:80:55:cf:ee:ad:c5:b6:
b8:d2:ed:a9:78:f4:d8:5a:65:66:af:54:59:b8:40:
d9:f2:73:89:63:1b:84:4c:b9:35:47:23:f5:28:24:
04:a8:65:ce:f7:01:f0:30:ce:fe:9e:86:0c:8f:cd:
a7:c3:85:42:44:0d:8c:fa:92:b1:03:00:87:ed:3c:
2e:b0:48:1c:85:14:5f:ff:49:b0:ef:f3:84:d1:7e:
0b:17:b5:89:e1:f2:15:03:81:b6:42:a3:34:f0:c7:
d0:fd:ef:1c:18:18:6d:e4:78:d1:b0:30:9e:eb:33:
47:19:23:71:84:fd:d7:5f:f0:99:d9:84:cb:65:c4:
73:19:18:b1:18:b9:83:f7:3f:03:7a:9d:f9:98:16:
4d:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:7C:E1:6A:08:A7:42:6F:30:31:76:B9:C5:0F:19:C0:6D:67:68:23
X509v3 Authority Key Identifier:
keyid:9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/CXzhaginQm8wMXa5xQ8ZwG1naCM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.221.132.0/23
195.244.4.0/23
Signature Algorithm: sha256WithRSAEncryption
02:93:32:a9:87:ee:5c:56:72:cc:0d:1f:6e:64:6d:89:fb:fc:
81:f4:1a:6f:c3:ec:6e:d0:b2:13:52:9c:20:27:42:3c:5c:35:
c8:23:fe:68:82:f3:41:04:a3:3e:14:e5:70:1e:6b:03:ef:ab:
56:3e:3f:9e:83:2c:06:8b:b2:0b:d1:4a:a7:9f:c8:29:95:a6:
35:08:8b:b1:fe:24:c6:56:ad:01:8b:a8:a4:4e:3b:7f:4c:df:
e4:95:5a:96:99:4e:3f:0c:45:45:e5:cf:71:3f:ff:4b:ef:93:
22:e4:42:6e:a5:60:e3:c9:af:d0:d7:a3:c4:a6:62:9e:7f:44:
19:e4:c1:7b:ca:fe:73:73:94:ce:30:23:d2:21:63:64:a7:7e:
39:e4:50:b0:6a:26:0a:34:a6:33:c4:62:75:fb:f3:f0:ac:7d:
0c:66:0e:c8:3b:7a:89:23:6a:53:5b:ae:fa:91:4b:e0:53:3f:
48:15:13:85:63:53:14:7c:0e:6e:fd:d2:ce:64:d8:c0:fc:90:
7f:16:f6:d3:e2:e4:ce:7b:e0:9b:1f:ef:93:cf:60:58:ab:6f:
45:e2:d1:e1:f0:2f:16:d7:f0:96:ea:5d:15:ad:63:95:89:25:
7e:9b:b0:b3:13:c6:19:6c:84:df:4e:0e:ba:33:8f:75:12:ef:
53:ed:88:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTXv2LSol7l1+kSwVfdLXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOGNkN2Q2YTQxMDU3NTBiZjg5NzVhN2QwYjk2Nzk0YzFl
ZmU2MjIwHhcNMjQwMTAyMDgzMjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTdjZTE2YTA4YTc0MjZmMzAzMTc2YjljNTBmMTljMDZkNjc2ODIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghgFQXVhuLwvQUYLfgkU+luNiyEe
dkYsOuOuY16rJbz8epRUxJexMzDJJd4bjVLPVR47Q8ui8IgFCpz0Su0oYKGmxgrY
nrtz3o0WtxR00hKw7nkIPeyPIBuvjdK/VI8xRFzZmGtBsXMczhVbSg2TZIBVz+6t
xba40u2pePTYWmVmr1RZuEDZ8nOJYxuETLk1RyP1KCQEqGXO9wHwMM7+noYMj82n
w4VCRA2M+pKxAwCH7TwusEgchRRf/0mw7/OE0X4LF7WJ4fIVA4G2QqM08MfQ/e8c
GBht5HjRsDCe6zNHGSNxhP3XX/CZ2YTLZcRzGRixGLmD9z8Dep35mBZNPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAl84WoIp0JvMDF2ucUPGcBtZ2gjMB8GA1UdIwQY
MBaAFJ6M19akEFdQv4l1p9C5Z5TB7+YiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2Qt
OGMyZGY1YTVjNmQ3LzEvQ1h6aGFnaW5RbTh3TVhhNXhROFp3RzFuYUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2QtOGMyZGY1YTVjNmQ3
LzEvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW92EAwQB
w/QEMA0GCSqGSIb3DQEBCwUAA4IBAQACkzKph+5cVnLMDR9uZG2J+/yB9Bpvw+xu
0LITUpwgJ0I8XDXII/5ogvNBBKM+FOVwHmsD76tWPj+egywGi7IL0Uqnn8gplaY1
CIux/iTGVq0Bi6ikTjt/TN/klVqWmU4/DEVF5c9xP/9L75Mi5EJupWDjya/Q16PE
pmKef0QZ5MF7yv5zc5TOMCPSIWNkp3455FCwaiYKNKYzxGJ1+/PwrH0MZg7IO3qJ
I2pTW676kUvgUz9IFROFY1MUfA5u/dLOZNjA/JB/FvbT4uTOe+CbH++Tz2BYq29F
4tHh8C8W1/CW6l0VrWOViSV+m7CzE8YZbITfTg66M491Eu9T7YiM
-----END CERTIFICATE-----
Generated at Tue Apr 22 02:10:43 2025 by rpki-client