Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/dd0189-7969-4fd5-9747-28bdabca70cb/1/GR1i6j4Y928McHPJtz-LkvV8WMA.roa
File: GR1i6j4Y928McHPJtz-LkvV8WMA.roa (raw, json)
Hash identifier: tGPubct828fL93Kk1dB7tKSciV7sVLVBn1gVSVgs16E=
Subject key identifier: 19:1D:62:EA:3E:18:F7:6F:0C:70:73:C9:B7:3F:8B:92:F5:7C:58:C0
Certificate issuer: /CN=3948869ce54b9d3b2f3e39aee2c9c8eb19cb5b0f
Certificate serial: 018CCF4EF79B224407FBB83CE69B680D098A
Authority key identifier: 39:48:86:9C:E5:4B:9D:3B:2F:3E:39:AE:E2:C9:C8:EB:19:CB:5B:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OUiGnOVLnTsvPjmu4snI6xnLWw8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/45/dd0189-7969-4fd5-9747-28bdabca70cb/1/GR1i6j4Y928McHPJtz-LkvV8WMA.roa
Signing time: Wed 03 Jan 2024 12:31:48 +0000
ROA not before: Wed 03 Jan 2024 12:31:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201503
IP address blocks: 185.72.210.0/24 maxlen: 24
185.72.209.0/24 maxlen: 24
185.72.208.0/24 maxlen: 24
185.72.208.0/22 maxlen: 22
82.163.120.0/22 maxlen: 22
82.163.132.0/22 maxlen: 22
2a05:3950::/31 maxlen: 31
2a05:3950:f000::/36 maxlen: 36
2a05:3950:8660::/48 maxlen: 48
2a05:3950:8000::/48 maxlen: 48
2a05:3950:9000::/48 maxlen: 48
Validation: Failed, certificate revoked on Wed 01 Jan 2025 21:47:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:cf:4e:f7:9b:22:44:07:fb:b8:3c:e6:9b:68:0d:09:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3948869ce54b9d3b2f3e39aee2c9c8eb19cb5b0f
Validity
Not Before: Jan 3 12:31:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=191d62ea3e18f76f0c7073c9b73f8b92f57c58c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:1b:ab:74:c6:69:88:65:87:d5:4e:ad:eb:c8:
68:a2:cf:5a:d2:00:8d:4a:a6:5f:db:06:ba:ca:ff:
5b:54:7b:fd:bc:0f:ec:96:69:65:5e:d5:bb:91:6f:
43:0e:32:6c:92:ab:aa:dc:8a:b0:41:5f:f3:31:8a:
31:fb:1b:25:66:c6:fe:b2:23:d7:7a:76:66:77:b9:
db:0c:20:0e:72:79:44:22:d8:8e:f8:70:d1:33:d8:
06:48:7b:42:3e:8a:01:70:63:87:73:09:dc:c0:d3:
93:01:6b:4f:78:7c:05:93:13:02:5a:11:54:6f:c0:
43:55:12:01:bb:a6:cb:36:8f:17:e9:f1:f2:d3:81:
9d:fb:ef:87:5f:80:d5:2e:0a:0f:dc:35:13:46:91:
8d:bb:d3:f1:9f:4e:12:41:9b:3b:b8:20:03:37:1c:
82:8f:b0:48:e7:ce:ae:bf:13:db:21:1d:48:ba:d6:
ea:69:15:91:5b:82:33:aa:e6:3c:af:35:d6:19:72:
db:62:ee:c9:04:d6:0a:27:8d:21:38:c5:6d:17:de:
86:87:70:dc:fe:c2:dc:78:c6:ae:a0:9a:2d:ba:05:
8f:e4:cf:1e:e1:1b:b6:da:4a:80:fb:f8:51:f1:6c:
9f:79:8e:e4:79:32:ee:fa:65:8f:30:ac:1c:7f:1b:
4d:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:1D:62:EA:3E:18:F7:6F:0C:70:73:C9:B7:3F:8B:92:F5:7C:58:C0
X509v3 Authority Key Identifier:
keyid:39:48:86:9C:E5:4B:9D:3B:2F:3E:39:AE:E2:C9:C8:EB:19:CB:5B:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OUiGnOVLnTsvPjmu4snI6xnLWw8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dd0189-7969-4fd5-9747-28bdabca70cb/1/GR1i6j4Y928McHPJtz-LkvV8WMA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/45/dd0189-7969-4fd5-9747-28bdabca70cb/1/OUiGnOVLnTsvPjmu4snI6xnLWw8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.163.120.0/22
82.163.132.0/22
185.72.208.0/22
IPv6:
2a05:3950::/31
Signature Algorithm: sha256WithRSAEncryption
0c:b7:7a:1a:c8:00:28:e7:41:84:c2:10:b4:7c:03:f8:d8:c4:
be:99:47:d8:b0:1b:fe:89:dc:4f:a5:95:69:1a:bc:0b:90:cf:
bd:da:9a:d3:75:2e:b3:27:67:aa:76:ad:5b:0d:fd:bb:66:e7:
21:51:fe:6b:6c:87:3f:9b:ee:ba:bf:96:76:0f:64:ce:55:8d:
f6:af:a8:66:54:39:45:f1:1c:64:3b:6c:eb:d8:64:9a:d0:cc:
da:6a:49:4f:e4:ba:c5:40:46:6a:02:10:a1:74:57:58:9b:58:
2d:e9:38:e7:13:78:37:be:d9:cb:0b:63:79:a0:3d:ab:90:8f:
23:b2:e7:06:8c:64:68:3c:a6:ed:b3:76:df:72:d2:ba:84:8b:
97:d1:99:76:bf:27:c1:19:7c:2a:f3:53:c9:49:99:d1:0b:71:
5b:ac:94:f4:15:77:37:a7:6d:0c:37:8e:9b:7d:f5:8a:6a:4d:
54:92:ab:a5:4b:2a:e5:62:68:f1:48:13:ae:3a:d6:ff:b9:d2:
97:b5:30:d2:4f:30:26:a5:60:5d:cd:5f:b7:61:4c:04:a0:91:
e7:23:7d:dc:e5:ec:e0:32:d9:bc:12:d7:19:e8:2f:0c:5b:cc:
37:c0:57:19:3f:b7:e2:ea:74:72:51:d2:87:fc:58:91:fc:86:
75:a0:7e:18
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzPTvebIkQH+7g85ptoDQmKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NDg4NjljZTU0YjlkM2IyZjNlMzlhZWUyYzljOGViMTlj
YjViMGYwHhcNMjQwMTAzMTIzMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTFkNjJlYTNlMThmNzZmMGM3MDczYzliNzNmOGI5MmY1N2M1OGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRurdMZpiGWH1U6t68hoos9a0gCN
SqZf2wa6yv9bVHv9vA/slmllXtW7kW9DDjJskquq3IqwQV/zMYox+xslZsb+siPX
enZmd7nbDCAOcnlEItiO+HDRM9gGSHtCPooBcGOHcwncwNOTAWtPeHwFkxMCWhFU
b8BDVRIBu6bLNo8X6fHy04Gd+++HX4DVLgoP3DUTRpGNu9Pxn04SQZs7uCADNxyC
j7BI586uvxPbIR1IutbqaRWRW4IzquY8rzXWGXLbYu7JBNYKJ40hOMVtF96Gh3Dc
/sLceMauoJotugWP5M8e4Ru22kqA+/hR8WyfeY7keTLu+mWPMKwcfxtNNwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBkdYuo+GPdvDHBzybc/i5L1fFjAMB8GA1UdIwQY
MBaAFDlIhpzlS507Lz45ruLJyOsZy1sPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1VpR25PVkxuVHN2UGptdTRzbkk2eG5MV3c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9kZDAxODktNzk2OS00ZmQ1LTk3NDct
MjhiZGFiY2E3MGNiLzEvR1IxaTZqNFk5MjhNY0hQSnR6LUxrdlY4V01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9kZDAxODktNzk2OS00ZmQ1LTk3NDctMjhiZGFiY2E3MGNi
LzEvT1VpR25PVkxuVHN2UGptdTRzbkk2eG5MV3c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCUqN4AwQC
UqOEAwQCuUjQMA0EAgACMAcDBQEqBTlQMA0GCSqGSIb3DQEBCwUAA4IBAQAMt3oa
yAAo50GEwhC0fAP42MS+mUfYsBv+idxPpZVpGrwLkM+92prTdS6zJ2eqdq1bDf27
ZuchUf5rbIc/m+66v5Z2D2TOVY32r6hmVDlF8RxkO2zr2GSa0MzaaklP5LrFQEZq
AhChdFdYm1gt6TjnE3g3vtnLC2N5oD2rkI8jsucGjGRoPKbts3bfctK6hIuX0Zl2
vyfBGXwq81PJSZnRC3FbrJT0FXc3p20MN46bffWKak1UkqulSyrlYmjxSBOuOtb/
udKXtTDSTzAmpWBdzV+3YUwEoJHnI33c5ezgMtm8EtcZ6C8MW8w3wFcZP7fi6nRy
UdKH/FiR/IZ1oH4Y
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:13:03 2025 by rpki-client