Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/3LrmH42-VC21AfLrMXMwpG11RiM.roa
File: 3LrmH42-VC21AfLrMXMwpG11RiM.roa (raw, json)
Hash identifier: Q5I1cgBwzAUI4cEA5PJvumA0/r2XSQhpWnyjYLbUH+o=
Subject key identifier: DC:BA:E6:1F:8D:BE:54:2D:B5:01:F2:EB:31:73:30:A4:6D:75:46:23
Certificate issuer: /CN=b194f0304eedd363c6622fd91c59b10871aa3044
Certificate serial: 0192A32B4CF79E04C101993359C702D9B7FB
Authority key identifier: B1:94:F0:30:4E:ED:D3:63:C6:62:2F:D9:1C:59:B1:08:71:AA:30:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sZTwME7t02PGYi_ZHFmxCHGqMEQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/3LrmH42-VC21AfLrMXMwpG11RiM.roa
Signing time: Sat 19 Oct 2024 05:06:16 +0000
ROA not before: Sat 19 Oct 2024 05:06:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 30870
IP address blocks: 87.101.8.0/21 maxlen: 21
171.25.179.0/24 maxlen: 24
185.40.56.0/22 maxlen: 24
185.108.116.0/22 maxlen: 24
194.30.160.0/24 maxlen: 24
2a01:4d60::/32 maxlen: 48
2a06:4a80::/29 maxlen: 40
Validation: Failed, certificate revoked on Wed 01 Jan 2025 13:47:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:a3:2b:4c:f7:9e:04:c1:01:99:33:59:c7:02:d9:b7:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b194f0304eedd363c6622fd91c59b10871aa3044
Validity
Not Before: Oct 19 05:06:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dcbae61f8dbe542db501f2eb317330a46d754623
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:45:8f:23:4f:d3:79:ee:0e:2f:99:45:33:31:
f7:55:e3:02:a5:d0:96:da:74:55:59:36:b5:ff:77:
2d:84:32:d4:e0:f3:19:ea:f2:64:fc:61:f5:ed:9d:
6e:d7:c4:e4:d7:c3:40:38:a7:44:4b:f1:98:e2:50:
25:b4:7d:5b:4e:45:b5:8d:03:fd:c3:51:90:a3:bf:
51:a1:57:15:60:16:e7:59:8d:ab:58:a6:79:cb:b6:
3a:74:73:b0:f9:0a:bf:ed:14:62:c5:cf:97:af:46:
29:09:d5:35:cc:f4:6a:b6:5b:34:bf:df:14:ac:52:
aa:a6:7b:97:f6:00:ee:e8:d9:87:a1:70:67:26:5e:
8a:37:ef:fe:ba:26:9d:8f:c5:b2:4e:a0:bc:09:c5:
81:fd:2d:63:f7:3c:78:72:93:7a:12:f2:1b:07:49:
f6:10:c4:bf:1c:e2:51:9c:d7:b6:58:ae:65:eb:a6:
9a:0c:d6:78:4b:b2:d5:42:ff:f7:d7:df:89:75:26:
e0:4b:8f:57:57:b7:3b:6c:62:4c:fa:89:6c:23:88:
62:60:ca:80:d4:d6:94:b1:18:1f:ca:35:49:14:7b:
ef:b5:a5:bb:08:d4:80:e8:47:80:53:b8:81:4e:03:
31:20:22:22:44:ed:09:c1:4c:19:51:37:d3:e4:8d:
75:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:BA:E6:1F:8D:BE:54:2D:B5:01:F2:EB:31:73:30:A4:6D:75:46:23
X509v3 Authority Key Identifier:
keyid:B1:94:F0:30:4E:ED:D3:63:C6:62:2F:D9:1C:59:B1:08:71:AA:30:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sZTwME7t02PGYi_ZHFmxCHGqMEQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/3LrmH42-VC21AfLrMXMwpG11RiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/df84a7-72c9-4a2f-8115-afbdbdad58a5/1/sZTwME7t02PGYi_ZHFmxCHGqMEQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.101.8.0/21
171.25.179.0/24
185.40.56.0/22
185.108.116.0/22
194.30.160.0/24
IPv6:
2a01:4d60::/32
2a06:4a80::/29
Signature Algorithm: sha256WithRSAEncryption
9b:4e:3d:df:e5:20:67:f3:20:53:38:4c:4c:7f:17:4f:75:d4:
f8:a4:03:20:fe:70:5b:d2:99:bf:4a:e5:16:94:26:ef:12:43:
e8:64:72:db:c1:71:fd:99:55:5d:38:05:8c:ad:67:39:99:ce:
c0:a5:07:24:df:bd:6a:97:59:ea:87:79:44:5e:2c:fc:5f:ee:
76:d0:a7:78:27:b1:eb:70:95:5e:69:b7:7b:be:fb:cc:8b:e0:
aa:7a:b5:1c:41:3d:9b:e0:1e:08:18:4d:3e:8e:fc:cd:58:e6:
61:c7:0a:89:6e:4d:b5:a0:99:48:82:61:bc:af:4d:00:4c:9d:
0f:88:13:a6:77:cf:27:59:74:2e:00:96:0e:4d:ca:23:07:74:
11:bd:fc:55:b7:74:f2:bc:07:81:e3:a4:87:59:48:1b:42:30:
e0:7e:6f:7f:5c:bf:3c:85:e0:c1:48:8f:59:64:8e:1e:43:dd:
c5:57:36:c2:63:d4:b9:ef:14:d7:13:82:4e:d4:e2:33:5e:81:
58:4e:07:2e:8b:97:f2:4c:24:92:77:ca:a8:37:e9:be:17:d7:
c8:19:e6:bc:1b:b7:25:c2:be:f4:28:b4:0b:72:ed:63:11:e2:
76:fe:45:0f:24:4a:83:06:17:49:eb:b8:1c:b5:a9:87:06:5b:
ac:11:f3:52
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZKjK0z3ngTBAZkzWccC2bf7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOTRmMDMwNGVlZGQzNjNjNjYyMmZkOTFjNTliMTA4NzFh
YTMwNDQwHhcNMjQxMDE5MDUwNjE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2JhZTYxZjhkYmU1NDJkYjUwMWYyZWIzMTczMzBhNDZkNzU0NjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEWPI0/Tee4OL5lFMzH3VeMCpdCW
2nRVWTa1/3cthDLU4PMZ6vJk/GH17Z1u18Tk18NAOKdES/GY4lAltH1bTkW1jQP9
w1GQo79RoVcVYBbnWY2rWKZ5y7Y6dHOw+Qq/7RRixc+Xr0YpCdU1zPRqtls0v98U
rFKqpnuX9gDu6NmHoXBnJl6KN+/+uiadj8WyTqC8CcWB/S1j9zx4cpN6EvIbB0n2
EMS/HOJRnNe2WK5l66aaDNZ4S7LVQv/319+JdSbgS49XV7c7bGJM+olsI4hiYMqA
1NaUsRgfyjVJFHvvtaW7CNSA6EeAU7iBTgMxICIiRO0JwUwZUTfT5I113wIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFNy65h+NvlQttQHy6zFzMKRtdUYjMB8GA1UdIwQY
MBaAFLGU8DBO7dNjxmIv2RxZsQhxqjBEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1pUd01FN3QwMlBHWWlfWkhGbXhDSEdxTUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9kZjg0YTctNzJjOS00YTJmLTgxMTUt
YWZiZGJkYWQ1OGE1LzEvM0xybUg0Mi1WQzIxQWZMck1YTXdwRzExUmlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9kZjg0YTctNzJjOS00YTJmLTgxMTUtYWZiZGJkYWQ1OGE1
LzEvc1pUd01FN3QwMlBHWWlfWkhGbXhDSEdxTUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAkBAIAATAeAwQDV2UIAwQA
qxmzAwQCuSg4AwQCuWx0AwQAwh6gMBQEAgACMA4DBQAqAU1gAwUDKgZKgDANBgkq
hkiG9w0BAQsFAAOCAQEAm0493+UgZ/MgUzhMTH8XT3XU+KQDIP5wW9KZv0rlFpQm
7xJD6GRy28Fx/ZlVXTgFjK1nOZnOwKUHJN+9apdZ6od5RF4s/F/udtCneCex63CV
Xmm3e777zIvgqnq1HEE9m+AeCBhNPo78zVjmYccKiW5NtaCZSIJhvK9NAEydD4gT
pnfPJ1l0LgCWDk3KIwd0Eb38Vbd08rwHgeOkh1lIG0Iw4H5vf1y/PIXgwUiPWWSO
HkPdxVc2wmPUue8U1xOCTtTiM16BWE4HLouX8kwkknfKqDfpvhfXyBnmvBu3JcK+
9Ci0C3LtYxHidv5FDyRKgwYXSeu4HLWphwZbrBHzUg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:15:42 2025 by rpki-client