Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/PnBQOHxA5jfbApVbj0sbXyZV5gc.roa
File: PnBQOHxA5jfbApVbj0sbXyZV5gc.roa (raw, json)
Hash identifier: RDVBQrT2PzhemKJT2GysokRkoq6wo7aq3RiBybM0h9M=
Subject key identifier: 3E:70:50:38:7C:40:E6:37:DB:02:95:5B:8F:4B:1B:5F:26:55:E6:07
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 0194BCC5CA85E8101661E3C8B04A9220EC50
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/PnBQOHxA5jfbApVbj0sbXyZV5gc.roa
Signing time: Fri 31 Jan 2025 14:31:06 +0000
ROA not before: Fri 31 Jan 2025 14:31:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211567
IP address blocks: 109.236.48.0/24 maxlen: 24
185.88.173.0/24 maxlen: 24
185.250.210.0/24 maxlen: 24
194.62.52.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 10 Feb 2025 20:25:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:bc:c5:ca:85:e8:10:16:61:e3:c8:b0:4a:92:20:ec:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jan 31 14:31:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3e7050387c40e637db02955b8f4b1b5f2655e607
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:24:4c:4a:bf:12:4b:5f:38:48:3d:25:63:b8:
ef:ca:20:53:f7:d3:78:26:4a:84:07:59:cc:34:86:
44:b7:94:f9:d7:d6:08:e3:35:62:95:54:6f:ff:4f:
6c:38:76:b3:98:64:f8:79:2f:79:5c:5d:c5:61:d7:
a3:1d:13:a3:65:ee:df:cd:b1:b0:6d:5d:12:0a:f7:
4c:50:54:fa:e9:7a:46:ff:eb:3f:32:e6:77:f2:a0:
62:d9:0a:74:ea:ad:b4:91:d8:d6:d0:82:6b:8c:36:
86:38:19:66:20:23:a5:1e:9e:ea:86:0f:d9:06:db:
53:c3:99:db:b4:8d:c7:76:fc:7d:bf:87:c3:0e:dd:
ea:ff:f0:69:21:2f:be:fc:30:67:51:b5:34:d4:09:
05:5e:ae:cb:71:a0:68:63:75:c9:fe:9b:48:59:0d:
8d:52:39:59:00:87:fb:34:4e:6e:a4:74:ae:6f:4f:
66:7c:76:af:4a:11:e3:5f:da:9d:1d:d6:f5:61:18:
69:94:d8:a7:23:af:aa:01:36:c7:cf:50:2c:7e:6c:
d4:13:1a:34:2c:28:72:a2:88:18:a4:be:50:01:5f:
fe:04:54:ef:81:f5:9b:9a:b7:11:d4:f4:7f:72:ac:
d7:a2:8a:04:d9:77:cd:cd:47:34:85:ea:c4:5d:40:
bf:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:70:50:38:7C:40:E6:37:DB:02:95:5B:8F:4B:1B:5F:26:55:E6:07
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/PnBQOHxA5jfbApVbj0sbXyZV5gc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.48.0/24
185.88.173.0/24
185.250.210.0/24
194.62.52.0/24
Signature Algorithm: sha256WithRSAEncryption
86:ab:b8:96:2b:47:9b:22:8f:05:10:70:c0:e2:fa:7f:b5:58:
60:13:56:f1:2e:10:fe:48:26:b6:e7:0d:a1:88:58:17:11:af:
c5:8b:7b:03:05:a6:77:35:95:e6:80:cf:e0:05:bc:55:4b:45:
c1:b9:d3:8c:c3:9d:1e:a4:08:07:70:5c:3b:ff:25:28:69:6f:
24:f2:75:12:5e:45:7c:71:9a:16:18:08:fc:bc:49:50:8c:5c:
d0:3f:ab:fa:48:fb:32:4e:68:47:8a:38:10:f8:34:98:72:9e:
cb:64:0b:ce:25:d9:f6:a7:14:3d:9c:66:ae:c6:2f:1f:58:50:
2d:49:51:d8:c5:70:f2:ba:d2:d8:4d:6d:41:28:59:33:4a:84:
ce:12:e0:cc:ba:6f:2d:df:11:2b:35:f1:a7:58:d2:f0:34:0a:
f4:34:b5:e5:2d:22:a0:49:71:ad:06:4e:23:7d:3e:70:5f:6f:
d9:0e:b2:35:1d:69:44:45:1c:f3:36:c2:ed:17:fc:61:a1:37:
04:46:2d:e8:9a:3b:c1:21:a3:50:ea:d9:87:69:fa:29:2f:02:
e2:d3:f0:24:16:5c:39:64:83:c9:05:8d:e2:b1:2b:a3:06:c0:
79:dc:5e:58:30:ad:99:9c:61:bb:29:95:63:51:84:6c:96:91:
db:eb:49:dd
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZS8xcqF6BAWYePIsEqSIOxQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMTMxMTQzMTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTcwNTAzODdjNDBlNjM3ZGIwMjk1NWI4ZjRiMWI1ZjI2NTVlNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSRMSr8SS184SD0lY7jvyiBT99N4
JkqEB1nMNIZEt5T519YI4zVilVRv/09sOHazmGT4eS95XF3FYdejHROjZe7fzbGw
bV0SCvdMUFT66XpG/+s/MuZ38qBi2Qp06q20kdjW0IJrjDaGOBlmICOlHp7qhg/Z
BttTw5nbtI3Hdvx9v4fDDt3q//BpIS++/DBnUbU01AkFXq7LcaBoY3XJ/ptIWQ2N
UjlZAIf7NE5upHSub09mfHavShHjX9qdHdb1YRhplNinI6+qATbHz1AsfmzUExo0
LChyoogYpL5QAV/+BFTvgfWbmrcR1PR/cqzXoooE2XfNzUc0herEXUC/iwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFD5wUDh8QOY32wKVW49LG18mVeYHMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvUG5CUU9IeEE1amZiQXBWYmowc2JYeVpWNWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAbewwAwQA
uVitAwQAufrSAwQAwj40MA0GCSqGSIb3DQEBCwUAA4IBAQCGq7iWK0ebIo8FEHDA
4vp/tVhgE1bxLhD+SCa25w2hiFgXEa/Fi3sDBaZ3NZXmgM/gBbxVS0XBudOMw50e
pAgHcFw7/yUoaW8k8nUSXkV8cZoWGAj8vElQjFzQP6v6SPsyTmhHijgQ+DSYcp7L
ZAvOJdn2pxQ9nGauxi8fWFAtSVHYxXDyutLYTW1BKFkzSoTOEuDMum8t3xErNfGn
WNLwNAr0NLXlLSKgSXGtBk4jfT5wX2/ZDrI1HWlERRzzNsLtF/xhoTcERi3omjvB
IaNQ6tmHafopLwLi0/AkFlw5ZIPJBY3isSujBsB53F5YMK2ZnGG7KZVjUYRslpHb
60nd
-----END CERTIFICATE-----
Generated at Thu Apr 10 13:57:07 2025 by rpki-client