Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/XQ3Ft5HC2OGzKCsCJP2xJHApX0M.roa
File: XQ3Ft5HC2OGzKCsCJP2xJHApX0M.roa (raw, json)
Hash identifier: K4qH3VobbtHiKa3h5mWL6jDo7njBTMX697L8j6kSoBg=
Subject key identifier: 5D:0D:C5:B7:91:C2:D8:E1:B3:28:2B:02:24:FD:B1:24:70:29:5F:43
Certificate issuer: /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial: 01942747323348CC7EDFB5E6B049643BADF2
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/XQ3Ft5HC2OGzKCsCJP2xJHApX0M.roa
Signing time: Thu 02 Jan 2025 13:49:24 +0000
ROA not before: Thu 02 Jan 2025 13:49:24 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211237
IP address blocks: 109.236.49.0/24 maxlen: 24
109.236.50.0/24 maxlen: 24
193.160.141.0/24 maxlen: 24
193.160.143.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 10 Feb 2025 20:26:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:47:32:33:48:cc:7e:df:b5:e6:b0:49:64:3b:ad:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Validity
Not Before: Jan 2 13:49:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5d0dc5b791c2d8e1b3282b0224fdb12470295f43
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:d8:50:37:55:56:78:31:3e:41:ba:72:62:11:
73:96:fc:d4:a9:c3:9f:9b:cc:a2:d4:0e:bb:23:0d:
20:29:54:dd:95:c1:09:b9:dd:15:27:e6:e7:15:a3:
e0:88:36:d0:c4:94:79:3d:fb:52:29:f2:0c:be:a1:
07:81:dc:b7:9d:5e:a7:92:02:d2:47:90:b4:f6:95:
f4:93:dc:2f:4f:6c:be:23:b4:81:a3:fd:a1:ef:b3:
32:cd:a3:be:c2:a6:e8:1b:b9:72:a6:2d:06:7c:09:
40:fb:f1:86:a0:6a:e2:11:91:ac:0f:88:c3:e7:a2:
f0:29:4b:45:fd:47:d0:3d:21:eb:60:e4:ab:e5:5d:
3d:fe:38:eb:fd:b1:09:3a:88:09:f1:ad:d2:71:c9:
8a:0c:a1:87:63:07:ef:c5:b7:98:3e:e4:8c:15:52:
f3:30:93:72:b9:77:84:ef:a1:41:5f:9d:2d:16:61:
8a:32:be:41:d3:47:f3:47:98:c0:fe:a6:0b:e0:27:
df:14:4f:7a:23:0d:66:7a:4b:ed:b7:5b:cd:c7:9c:
e9:63:4c:05:83:38:fc:a1:2f:a0:69:9b:85:6d:6f:
67:7e:b9:af:52:88:58:ea:9e:46:7c:7e:16:19:bb:
87:d0:9d:74:f1:f6:d8:f5:24:7b:db:a2:c2:80:86:
53:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:0D:C5:B7:91:C2:D8:E1:B3:28:2B:02:24:FD:B1:24:70:29:5F:43
X509v3 Authority Key Identifier:
keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/XQ3Ft5HC2OGzKCsCJP2xJHApX0M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.236.49.0-109.236.50.255
193.160.141.0/24
193.160.143.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:7b:15:2a:ec:ce:c2:0a:54:42:f8:f4:9f:c3:a3:20:69:79:
8c:9e:1c:f8:7b:78:f2:cc:a2:58:f4:c9:c3:5b:7e:e2:cd:7b:
83:2b:3c:7f:b0:db:2d:9a:c7:f1:2f:ab:8c:2f:5c:35:5e:1d:
c7:14:ed:5a:cb:0d:48:c0:d9:a3:41:7c:ff:cc:97:ee:30:5a:
ad:81:79:af:00:fb:82:b0:0c:5d:9f:8e:dd:1d:6f:2a:69:3e:
24:d6:0d:89:1d:9c:31:46:67:00:4a:9d:e7:76:3b:28:f3:b0:
a4:16:ad:ae:f1:f4:1c:32:b0:c3:4b:8c:63:6d:8e:8d:d8:24:
b5:2f:a4:8b:dd:9f:ed:97:0f:ed:b2:a9:b3:44:32:fe:f5:fc:
de:2f:04:90:1f:e7:2a:97:c5:01:3a:ab:37:1b:f1:50:06:ec:
2b:c3:fb:c5:cc:dc:84:3d:43:d4:ca:66:d9:cd:09:cf:0c:f4:
2a:d8:0e:4c:a2:f8:e2:c4:c9:d4:7f:2c:80:48:b4:39:e9:66:
43:28:00:c4:12:42:f7:7f:4c:4a:0e:fa:0a:a5:df:ef:a8:31:
89:36:83:f9:02:2a:5a:f8:55:0c:39:e4:c1:46:71:4b:b9:dc:
f4:a2:e5:56:6d:ff:66:de:da:18:9e:6f:93:74:fc:b6:0a:a6:
39:3c:04:2e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQnRzIzSMx+37XmsElkO63yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMTAyMTM0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDBkYzViNzkxYzJkOGUxYjMyODJiMDIyNGZkYjEyNDcwMjk1ZjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArthQN1VWeDE+QbpyYhFzlvzUqcOf
m8yi1A67Iw0gKVTdlcEJud0VJ+bnFaPgiDbQxJR5PftSKfIMvqEHgdy3nV6nkgLS
R5C09pX0k9wvT2y+I7SBo/2h77MyzaO+wqboG7lypi0GfAlA+/GGoGriEZGsD4jD
56LwKUtF/UfQPSHrYOSr5V09/jjr/bEJOogJ8a3SccmKDKGHYwfvxbeYPuSMFVLz
MJNyuXeE76FBX50tFmGKMr5B00fzR5jA/qYL4CffFE96Iw1mekvtt1vNx5zpY0wF
gzj8oS+gaZuFbW9nfrmvUohY6p5GfH4WGbuH0J108fbY9SR726LCgIZTjwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFF0NxbeRwtjhsygrAiT9sSRwKV9DMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvWFEzRnQ1SEMyT0d6S0NzQ0pQMnhKSEFwWDBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBABt7DED
BABt7DIDBADBoI0DBADBoI8wDQYJKoZIhvcNAQELBQADggEBAE57FSrszsIKVEL4
9J/DoyBpeYyeHPh7ePLMolj0ycNbfuLNe4MrPH+w2y2ax/Evq4wvXDVeHccU7VrL
DUjA2aNBfP/Ml+4wWq2Bea8A+4KwDF2fjt0dbyppPiTWDYkdnDFGZwBKned2Oyjz
sKQWra7x9BwysMNLjGNtjo3YJLUvpIvdn+2XD+2yqbNEMv71/N4vBJAf5yqXxQE6
qzcb8VAG7CvD+8XM3IQ9Q9TKZtnNCc8M9CrYDkyi+OLEydR/LIBItDnpZkMoAMQS
Qvd/TEoO+gql3++oMYk2g/kCKlr4VQw55MFGcUu53PSi5VZt/2be2hieb5N0/LYK
pjk8BC4=
-----END CERTIFICATE-----
Generated at Sun Apr 6 04:37:51 2025 by rpki-client