Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/c9N0ImQJgOLfy3XfRCR1Im9-ZqA.roa
File: c9N0ImQJgOLfy3XfRCR1Im9-ZqA.roa (raw, json)
Hash identifier: XObTwET99vm9v7plBq0cr1ngL2fnSMpXb1PmDQrx4W0=
Subject key identifier: 73:D3:74:22:64:09:80:E2:DF:CB:75:DF:44:24:75:22:6F:7E:66:A0
Certificate issuer: /CN=cc777a08a4564548b518ec3864b341e1fa5225ea
Certificate serial: 018CC9BB329F3879A340008211EFDD0B3971
Authority key identifier: CC:77:7A:08:A4:56:45:48:B5:18:EC:38:64:B3:41:E1:FA:52:25:EA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/c9N0ImQJgOLfy3XfRCR1Im9-ZqA.roa
Signing time: Tue 02 Jan 2024 10:32:17 +0000
ROA not before: Tue 02 Jan 2024 10:32:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202779
IP address blocks: 213.173.96.0/19 maxlen: 24
213.244.248.0/21 maxlen: 24
185.154.156.0/24 maxlen: 24
185.154.159.0/24 maxlen: 24
185.154.157.0/24 maxlen: 24
185.154.158.0/24 maxlen: 24
91.201.220.0/24 maxlen: 24
91.201.220.0/22 maxlen: 22
Validation: Failed, certificate revoked on Thu 31 Oct 2024 11:51:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bb:32:9f:38:79:a3:40:00:82:11:ef:dd:0b:39:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cc777a08a4564548b518ec3864b341e1fa5225ea
Validity
Not Before: Jan 2 10:32:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=73d37422640980e2dfcb75df442475226f7e66a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:5a:cf:ce:2f:21:d6:32:32:13:84:72:d0:53:
9c:aa:67:cc:a4:87:25:19:4f:39:ed:df:d6:ce:ca:
da:2e:33:97:54:81:bc:5f:6b:66:79:b3:a6:2c:85:
42:ac:94:1b:73:06:ab:53:c0:cd:64:ef:e9:97:ee:
5d:bf:60:d1:4c:97:b6:78:71:4a:ed:c0:59:60:3a:
48:0e:2f:4a:9b:27:0c:78:d8:91:dd:5c:fb:48:9d:
96:28:d6:65:9e:18:e8:56:87:89:c6:00:35:1e:da:
2a:ff:91:c2:a3:2d:ee:27:8f:47:0a:0a:3c:6f:ca:
01:69:1d:97:6a:90:de:c5:e0:31:19:07:ac:de:92:
31:a5:54:a7:5e:76:fe:93:00:7d:5c:ab:f9:47:1a:
95:60:92:c3:bf:8b:31:8c:f8:25:85:8d:bd:d2:f2:
2a:d5:56:ac:ec:2e:09:97:3f:38:2d:9f:41:1c:e0:
ea:9f:d6:15:f5:d5:b1:2f:07:3f:f2:70:85:c8:c5:
b4:9d:6b:41:16:3f:81:35:8f:a5:3c:b8:28:c8:dd:
0f:5e:7f:45:ce:f3:cc:b3:ec:d7:8d:d3:ae:e7:1b:
31:39:1c:33:a2:d7:fe:16:78:c5:c8:b6:06:8d:61:
2b:53:29:28:df:ba:c3:81:b6:e7:fc:2e:da:08:c4:
bd:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:D3:74:22:64:09:80:E2:DF:CB:75:DF:44:24:75:22:6F:7E:66:A0
X509v3 Authority Key Identifier:
keyid:CC:77:7A:08:A4:56:45:48:B5:18:EC:38:64:B3:41:E1:FA:52:25:EA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/c9N0ImQJgOLfy3XfRCR1Im9-ZqA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/48/a72a4b-0693-4d1b-9bfc-767b0cc80c08/1/zHd6CKRWRUi1GOw4ZLNB4fpSJeo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.201.220.0/22
185.154.156.0/22
213.173.96.0/19
213.244.248.0/21
Signature Algorithm: sha256WithRSAEncryption
7a:cb:f0:40:cc:4f:fa:49:8b:b3:a1:0c:a9:93:80:a8:94:7a:
a0:cb:6a:81:fe:ba:2b:22:86:07:54:73:8f:3e:6b:1d:ab:eb:
56:05:55:b1:ea:6a:32:d0:b4:ce:48:05:0c:3a:88:d4:76:2f:
f0:c2:01:2c:33:62:d9:65:0f:2f:2a:c9:a3:90:ec:2f:71:ae:
17:49:b2:76:31:fb:0d:04:bc:88:64:0b:13:8b:05:15:33:88:
20:a1:a7:7c:1a:1c:03:0c:e8:95:d3:ce:1a:30:d2:7e:ec:bc:
2d:3d:56:48:be:55:6a:75:fa:64:b1:21:b5:2b:60:1a:34:c8:
67:8e:ff:3b:39:27:6f:ce:5c:c6:6d:c1:f8:7f:dd:a2:04:79:
a6:b0:1d:3f:a2:72:7f:04:bd:f2:f9:a2:01:d1:1f:95:93:f2:
6d:59:5c:bf:75:7f:87:88:a6:2d:5c:e4:3f:aa:4d:90:39:f8:
b9:38:d4:80:eb:c1:01:d6:09:15:93:46:14:b3:8f:01:ff:da:
88:67:57:fb:5c:b5:4a:48:0a:9c:06:46:6f:5f:a4:b3:ba:ab:
17:11:dd:19:b5:69:53:df:b0:59:48:e5:02:32:23:8b:b6:a3:
c5:cd:0c:e3:9d:f7:1d:12:6b:78:2a:51:96:d4:cb:59:31:31:
3e:ff:3e:37
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzJuzKfOHmjQACCEe/dCzlxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNzc3YTA4YTQ1NjQ1NDhiNTE4ZWMzODY0YjM0MWUxZmE1
MjI1ZWEwHhcNMjQwMTAyMTAzMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2QzNzQyMjY0MDk4MGUyZGZjYjc1ZGY0NDI0NzUyMjZmN2U2NmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVrPzi8h1jIyE4Ry0FOcqmfMpIcl
GU857d/WzsraLjOXVIG8X2tmebOmLIVCrJQbcwarU8DNZO/pl+5dv2DRTJe2eHFK
7cBZYDpIDi9KmycMeNiR3Vz7SJ2WKNZlnhjoVoeJxgA1Htoq/5HCoy3uJ49HCgo8
b8oBaR2XapDexeAxGQes3pIxpVSnXnb+kwB9XKv5RxqVYJLDv4sxjPglhY290vIq
1Vas7C4Jlz84LZ9BHODqn9YV9dWxLwc/8nCFyMW0nWtBFj+BNY+lPLgoyN0PXn9F
zvPMs+zXjdOu5xsxORwzotf+FnjFyLYGjWErUyko37rDgbbn/C7aCMS99wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHPTdCJkCYDi38t130QkdSJvfmagMB8GA1UdIwQY
MBaAFMx3egikVkVItRjsOGSzQeH6UiXqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekhkNkNLUldSVWkxR093NFpMTkI0ZnBTSmVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9hNzJhNGItMDY5My00ZDFiLTliZmMt
NzY3YjBjYzgwYzA4LzEvYzlOMEltUUpnT0xmeTNYZlJDUjFJbTktWnFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9hNzJhNGItMDY5My00ZDFiLTliZmMtNzY3YjBjYzgwYzA4
LzEvekhkNkNLUldSVWkxR093NFpMTkI0ZnBTSmVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCW8ncAwQC
uZqcAwQF1a1gAwQD1fT4MA0GCSqGSIb3DQEBCwUAA4IBAQB6y/BAzE/6SYuzoQyp
k4ColHqgy2qB/rorIoYHVHOPPmsdq+tWBVWx6moy0LTOSAUMOojUdi/wwgEsM2LZ
ZQ8vKsmjkOwvca4XSbJ2MfsNBLyIZAsTiwUVM4ggoad8GhwDDOiV084aMNJ+7Lwt
PVZIvlVqdfpksSG1K2AaNMhnjv87OSdvzlzGbcH4f92iBHmmsB0/onJ/BL3y+aIB
0R+Vk/JtWVy/dX+HiKYtXOQ/qk2QOfi5ONSA68EB1gkVk0YUs48B/9qIZ1f7XLVK
SAqcBkZvX6SzuqsXEd0ZtWlT37BZSOUCMiOLtqPFzQzjnfcdEmt4KlGW1MtZMTE+
/z43
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:43:39 2025 by rpki-client