Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/6a99dc-9555-46cd-ab2d-14655c03c033/1/mLhJ6X-gdJEbJJ1JVHNyJSx72xQ.roa
File: mLhJ6X-gdJEbJJ1JVHNyJSx72xQ.roa (raw, json)
Hash identifier: xpOicak/IqQM/Ws5ni2Fc78ZwUA5+JoKExQtm5AyCVI=
Subject key identifier: 98:B8:49:E9:7F:A0:74:91:1B:24:9D:49:54:73:72:25:2C:7B:DB:14
Certificate issuer: /CN=70214e7eacb1d24e211e2f25fee4ad757e6c965d
Certificate serial: 018DC54889A8BC54773C657192D5882B695D
Authority key identifier: 70:21:4E:7E:AC:B1:D2:4E:21:1E:2F:25:FE:E4:AD:75:7E:6C:96:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cCFOfqyx0k4hHi8l_uStdX5sll0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/6a99dc-9555-46cd-ab2d-14655c03c033/1/mLhJ6X-gdJEbJJ1JVHNyJSx72xQ.roa
Signing time: Tue 20 Feb 2024 06:51:21 +0000
ROA not before: Tue 20 Feb 2024 06:51:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209599
IP address blocks: 213.139.248.0/24 maxlen: 24
213.139.249.0/24 maxlen: 24
213.139.250.0/24 maxlen: 24
213.139.251.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 07:49:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:c5:48:89:a8:bc:54:77:3c:65:71:92:d5:88:2b:69:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70214e7eacb1d24e211e2f25fee4ad757e6c965d
Validity
Not Before: Feb 20 06:51:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=98b849e97fa074911b249d49547372252c7bdb14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:c9:d7:72:af:99:8e:c1:2d:82:75:7b:f6:30:
cf:e6:49:19:46:10:f8:32:6b:53:dd:c9:5a:b3:be:
b6:05:82:9d:58:36:b1:de:ba:c1:35:a6:67:13:58:
3c:f3:b6:51:dc:b6:fe:ef:15:3e:55:9e:81:df:31:
54:31:33:98:87:cc:f3:60:a1:4b:7c:b5:83:40:6b:
68:95:a7:d7:c8:60:82:b9:70:15:99:d1:e4:30:e4:
35:9b:5f:d6:3d:ed:24:14:56:dc:15:e5:e7:5b:82:
2a:e9:cf:f7:e5:92:aa:60:5f:cc:9d:6c:eb:d9:3e:
9b:93:f9:54:1a:37:e8:18:e9:f0:04:f4:b4:ef:3a:
d1:fc:b2:65:b9:39:27:cf:65:c0:1b:72:40:75:12:
fa:82:1e:c4:ac:1a:49:75:cf:df:9b:bf:8d:fe:ff:
9b:0c:0f:ad:b8:bb:63:7c:f9:b2:9a:ac:ce:91:ab:
1b:ec:fc:6f:26:de:12:45:15:62:c0:f4:5e:4c:9a:
4e:07:40:76:21:a9:53:3e:53:ac:85:ea:df:ff:d0:
9b:64:3e:cd:78:84:64:89:a7:51:a5:cf:be:4d:0e:
00:36:d9:73:25:8d:35:7c:5d:a5:1a:ec:33:ab:90:
10:d4:e5:f2:35:f1:b1:95:02:dc:60:21:0c:0a:7f:
2c:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:B8:49:E9:7F:A0:74:91:1B:24:9D:49:54:73:72:25:2C:7B:DB:14
X509v3 Authority Key Identifier:
keyid:70:21:4E:7E:AC:B1:D2:4E:21:1E:2F:25:FE:E4:AD:75:7E:6C:96:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cCFOfqyx0k4hHi8l_uStdX5sll0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/6a99dc-9555-46cd-ab2d-14655c03c033/1/mLhJ6X-gdJEbJJ1JVHNyJSx72xQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/6a99dc-9555-46cd-ab2d-14655c03c033/1/cCFOfqyx0k4hHi8l_uStdX5sll0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.139.248.0/22
Signature Algorithm: sha256WithRSAEncryption
69:0d:5b:ab:e3:f7:70:39:2d:d2:30:d5:57:64:1e:76:06:18:
63:23:8a:a0:c4:f8:91:7a:c8:12:90:39:e5:bd:0c:f3:d6:1d:
a5:56:e1:cc:70:b9:83:90:25:c2:22:27:36:cf:47:f0:2d:56:
fe:16:74:be:d0:f4:0e:59:51:78:67:6a:94:bb:40:6f:ed:58:
36:f6:d3:84:63:11:67:8f:92:d6:05:64:fd:9e:c3:ac:17:7c:
ba:ce:c5:89:0d:8b:40:36:1c:2f:b7:dc:ce:40:36:39:39:65:
c7:da:0f:3e:34:f8:e7:27:ac:43:1a:25:65:57:84:0c:21:a2:
32:97:14:bc:bc:88:64:ad:24:ee:4c:71:df:a7:8a:ec:b2:e6:
a7:69:c1:65:e4:6c:6f:d6:e1:1c:4a:c4:50:4f:0e:69:ee:22:
51:1d:6a:88:e4:60:5d:0d:ac:0b:09:20:a8:77:4f:01:21:c2:
ba:22:51:f7:f6:e4:ae:cf:a4:e8:73:b7:ab:b1:48:96:af:c2:
d2:2a:04:c8:59:b0:d6:37:ef:ef:78:07:f7:06:8f:bb:6f:12:
f6:29:87:9c:cf:32:76:14:81:21:cb:64:dd:88:2a:14:a9:a9:
8c:df:5f:6d:75:e1:ab:89:0f:d2:48:01:97:ca:1c:55:f9:49:
17:92:a7:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3FSImovFR3PGVxktWIK2ldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMjE0ZTdlYWNiMWQyNGUyMTFlMmYyNWZlZTRhZDc1N2U2
Yzk2NWQwHhcNMjQwMjIwMDY1MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGI4NDllOTdmYTA3NDkxMWIyNDlkNDk1NDczNzIyNTJjN2JkYjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMnXcq+ZjsEtgnV79jDP5kkZRhD4
MmtT3clas762BYKdWDax3rrBNaZnE1g887ZR3Lb+7xU+VZ6B3zFUMTOYh8zzYKFL
fLWDQGtolafXyGCCuXAVmdHkMOQ1m1/WPe0kFFbcFeXnW4Iq6c/35ZKqYF/MnWzr
2T6bk/lUGjfoGOnwBPS07zrR/LJluTknz2XAG3JAdRL6gh7ErBpJdc/fm7+N/v+b
DA+tuLtjfPmymqzOkasb7PxvJt4SRRViwPReTJpOB0B2IalTPlOsherf/9CbZD7N
eIRkiadRpc++TQ4ANtlzJY01fF2lGuwzq5AQ1OXyNfGxlQLcYCEMCn8siQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJi4Sel/oHSRGySdSVRzciUse9sUMB8GA1UdIwQY
MBaAFHAhTn6ssdJOIR4vJf7krXV+bJZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0NGT2ZxeXgwazRoSGk4bF91U3RkWDVzbGwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC82YTk5ZGMtOTU1NS00NmNkLWFiMmQt
MTQ2NTVjMDNjMDMzLzEvbUxoSjZYLWdkSkViSkoxSlZITnlKU3g3MnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC82YTk5ZGMtOTU1NS00NmNkLWFiMmQtMTQ2NTVjMDNjMDMz
LzEvY0NGT2ZxeXgwazRoSGk4bF91U3RkWDVzbGwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1Yv4MA0G
CSqGSIb3DQEBCwUAA4IBAQBpDVur4/dwOS3SMNVXZB52BhhjI4qgxPiResgSkDnl
vQzz1h2lVuHMcLmDkCXCIic2z0fwLVb+FnS+0PQOWVF4Z2qUu0Bv7Vg29tOEYxFn
j5LWBWT9nsOsF3y6zsWJDYtANhwvt9zOQDY5OWXH2g8+NPjnJ6xDGiVlV4QMIaIy
lxS8vIhkrSTuTHHfp4rssuanacFl5Gxv1uEcSsRQTw5p7iJRHWqI5GBdDawLCSCo
d08BIcK6IlH39uSuz6Toc7ersUiWr8LSKgTIWbDWN+/veAf3Bo+7bxL2KYeczzJ2
FIEhy2TdiCoUqamM319tdeGriQ/SSAGXyhxV+UkXkqdd
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:09:37 2025 by rpki-client