Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/mZNZEc1R9CeglAi9L_rq8CPGI_A.roa
File: mZNZEc1R9CeglAi9L_rq8CPGI_A.roa (raw, json)
Hash identifier: Gqsp/GSe2AiO2/TvRSmGRvyWgnm4ZkigMegPuvipI6o=
Subject key identifier: 99:93:59:11:CD:51:F4:27:A0:94:08:BD:2F:FA:EA:F0:23:C6:23:F0
Certificate issuer: /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial: 018D7A9319BD600F3402B19318259D6E50D0
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/mZNZEc1R9CeglAi9L_rq8CPGI_A.roa
Signing time: Mon 05 Feb 2024 18:41:17 +0000
ROA not before: Mon 05 Feb 2024 18:41:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202656
IP address blocks: 45.129.1.0/24 maxlen: 24
45.138.7.0/24 maxlen: 24
45.138.212.0/24 maxlen: 24
45.138.215.0/24 maxlen: 24
45.149.130.0/24 maxlen: 24
45.149.131.0/24 maxlen: 24
45.152.118.0/24 maxlen: 24
45.152.119.0/24 maxlen: 24
91.206.69.0/24 maxlen: 24
91.237.104.0/24 maxlen: 24
91.237.105.0/24 maxlen: 24
194.107.200.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 07 Feb 2024 18:11:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:7a:93:19:bd:60:0f:34:02:b1:93:18:25:9d:6e:50:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Validity
Not Before: Feb 5 18:41:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=99935911cd51f427a09408bd2ffaeaf023c623f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:4b:cc:19:89:e7:3f:8b:c7:f5:91:58:4a:b0:
87:de:2c:d6:ef:b3:96:7d:b2:84:ad:9e:7c:06:ab:
60:58:76:65:5d:e5:0a:32:da:b5:19:a5:a2:3f:5e:
07:37:9b:4f:fb:b0:55:20:81:91:92:1e:c4:96:54:
6c:24:d2:27:1d:b1:36:fd:f0:24:96:c4:ba:57:8e:
bf:11:54:8c:28:e1:bf:c5:c5:6b:c9:8b:f5:97:87:
37:ab:9b:d8:da:f2:9e:a4:66:4a:d4:25:1f:31:dd:
4f:22:ec:0b:ed:ff:71:0e:79:41:d2:24:58:62:f5:
22:11:f8:ae:2e:04:65:91:0d:52:f6:50:82:15:8f:
ba:4e:27:83:f2:b7:13:f9:22:d6:0c:e0:ef:31:e6:
ab:26:74:09:b7:25:29:ec:e5:6a:ae:6b:ba:e8:26:
09:9d:2b:2d:ee:19:7a:02:7b:3e:2f:d3:7f:5d:ca:
08:ef:01:5f:40:1f:b6:1b:0c:5c:66:1c:b4:ce:bb:
6d:fe:5d:14:17:43:a1:67:d8:67:44:3c:cc:44:72:
c3:48:49:36:27:0b:cf:52:76:00:b8:35:3c:fe:d3:
4a:fc:7e:02:f1:3b:35:5c:63:1c:11:57:68:5f:7f:
89:82:6b:22:66:81:b1:c1:54:a1:7b:c8:c0:52:d2:
f3:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:93:59:11:CD:51:F4:27:A0:94:08:BD:2F:FA:EA:F0:23:C6:23:F0
X509v3 Authority Key Identifier:
keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/mZNZEc1R9CeglAi9L_rq8CPGI_A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.1.0/24
45.138.7.0/24
45.138.212.0/24
45.138.215.0/24
45.149.130.0/23
45.152.118.0/23
91.206.69.0/24
91.237.104.0/23
194.107.200.0/24
Signature Algorithm: sha256WithRSAEncryption
08:a7:23:11:f7:a4:2d:8a:32:74:e6:59:be:23:a5:b5:49:e1:
b3:fa:1d:6f:ce:b8:a1:32:ee:18:e6:aa:68:2c:29:aa:9a:ce:
9f:53:b0:6b:ce:db:69:14:0d:0b:b6:38:cd:9e:fb:eb:60:e6:
86:36:e0:c1:f9:f7:94:ca:c9:e5:56:f0:d6:ea:12:14:12:0d:
fe:de:27:a1:20:97:eb:41:6c:85:f9:10:b7:8c:68:87:b1:f0:
39:98:e9:3b:af:75:09:51:3d:4e:77:77:45:3c:22:89:a5:af:
36:6e:4b:4f:c4:5b:01:63:ba:97:9e:60:fa:89:0a:df:82:0e:
09:85:42:66:be:84:2a:4a:47:5f:0b:b4:9e:38:32:8b:23:c2:
53:ae:e7:f1:48:43:0c:cd:5c:36:f0:87:66:59:c9:18:31:3e:
19:1e:22:48:2d:3b:94:e5:f5:47:0b:5e:89:f7:94:3f:93:95:
15:d9:cf:b1:1c:6a:38:dd:dc:83:4d:bf:fb:fa:52:c9:2d:fd:
b1:fa:c5:38:e7:c8:69:ee:c4:d9:0b:f9:5c:b7:e5:f8:76:5e:
ba:46:5b:17:0d:7e:35:0e:ff:b8:af:0e:0e:79:32:2f:32:4e:
3b:51:dd:f8:21:5d:1e:64:a9:d5:4b:77:87:41:f1:4f:cc:11:
7b:0a:ce:5a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY16kxm9YA80ArGTGCWdblDQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjA1MTg0MTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTkzNTkxMWNkNTFmNDI3YTA5NDA4YmQyZmZhZWFmMDIzYzYyM2YwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0vMGYnnP4vH9ZFYSrCH3izW77OW
fbKErZ58BqtgWHZlXeUKMtq1GaWiP14HN5tP+7BVIIGRkh7EllRsJNInHbE2/fAk
lsS6V46/EVSMKOG/xcVryYv1l4c3q5vY2vKepGZK1CUfMd1PIuwL7f9xDnlB0iRY
YvUiEfiuLgRlkQ1S9lCCFY+6TieD8rcT+SLWDODvMearJnQJtyUp7OVqrmu66CYJ
nSst7hl6Ans+L9N/XcoI7wFfQB+2GwxcZhy0zrtt/l0UF0OhZ9hnRDzMRHLDSEk2
JwvPUnYAuDU8/tNK/H4C8Ts1XGMcEVdoX3+JgmsiZoGxwVShe8jAUtLzYQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJmTWRHNUfQnoJQIvS/66vAjxiPwMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvbVpOWkVjMVI5Q2VnbEFpOUxfcnE4Q1BHSV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALYEBAwQA
LYoHAwQALYrUAwQALYrXAwQBLZWCAwQBLZh2AwQAW85FAwQBW+1oAwQAwmvIMA0G
CSqGSIb3DQEBCwUAA4IBAQAIpyMR96QtijJ05lm+I6W1SeGz+h1vzrihMu4Y5qpo
LCmqms6fU7BrzttpFA0LtjjNnvvrYOaGNuDB+feUysnlVvDW6hIUEg3+3iehIJfr
QWyF+RC3jGiHsfA5mOk7r3UJUT1Od3dFPCKJpa82bktPxFsBY7qXnmD6iQrfgg4J
hUJmvoQqSkdfC7SeODKLI8JTrufxSEMMzVw28IdmWckYMT4ZHiJILTuU5fVHC16J
95Q/k5UV2c+xHGo43dyDTb/7+lLJLf2x+sU458hp7sTZC/lct+X4dl66RlsXDX41
Dv+4rw4OeTIvMk47Ud34IV0eZKnVS3eHQfFPzBF7Cs5a
-----END CERTIFICATE-----
Generated at Wed Feb 7 23:23:05 2024 by rpki-client on console-ams.rpki-client.org