Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/CFcGnFfXkGiI1a1CszlskMsH7oE.roa
File: CFcGnFfXkGiI1a1CszlskMsH7oE.roa (raw, json)
Hash identifier: +q+LrgbagtH6UtrKajMqPnlpsVGmDtwPLgBn1DPvgtY=
Subject key identifier: 08:57:06:9C:57:D7:90:68:88:D5:AD:42:B3:39:6C:90:CB:07:EE:81
Certificate issuer: /CN=ccbf95b47ab2b99c222bfe54521efd1ab67d267f
Certificate serial: 018D7E729776962E04287DC63B325CA0DFFB
Authority key identifier: CC:BF:95:B4:7A:B2:B9:9C:22:2B:FE:54:52:1E:FD:1A:B6:7D:26:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/CFcGnFfXkGiI1a1CszlskMsH7oE.roa
Signing time: Tue 06 Feb 2024 12:44:15 +0000
ROA not before: Tue 06 Feb 2024 12:44:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209838
IP address blocks: 213.170.200.0/23 maxlen: 24
213.170.202.0/23 maxlen: 24
2a03:d2c0::/32 maxlen: 48
Validation: Failed, certificate revoked on Wed 01 Jan 2025 15:48:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:7e:72:97:76:96:2e:04:28:7d:c6:3b:32:5c:a0:df:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccbf95b47ab2b99c222bfe54521efd1ab67d267f
Validity
Not Before: Feb 6 12:44:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0857069c57d7906888d5ad42b3396c90cb07ee81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:bb:2b:2f:a5:e0:8f:b6:e8:91:a2:2d:90:0b:
7a:77:9b:6a:74:bc:d1:f4:f4:d2:90:9d:2a:13:8c:
98:79:44:21:24:fb:c6:e6:50:0d:60:ac:1a:e1:9a:
b5:60:23:e0:38:27:22:0f:c1:b2:e1:fd:95:bc:c1:
43:3e:b5:13:02:6a:f4:78:83:fc:11:43:79:f9:5c:
0d:b3:de:30:85:ea:6f:b1:d0:f0:9a:97:51:0c:1e:
a4:9b:7e:5a:19:1e:da:68:b6:54:33:8d:95:43:14:
0e:f5:e7:87:a2:1c:c0:25:cf:3c:9f:23:b4:bc:7a:
df:f9:38:5e:eb:91:fc:4e:83:64:f0:92:47:13:d0:
96:76:c1:47:25:14:14:1b:a9:f9:7e:f2:c2:39:5c:
00:7c:c0:9b:9c:02:81:90:51:c2:69:21:dd:98:33:
d1:c3:b3:ff:0f:0b:41:55:0c:fc:bc:4a:c6:b0:93:
05:01:7c:a9:74:a1:f7:98:25:ab:b9:89:73:2a:48:
a7:1f:3f:a4:a1:2d:1d:47:e9:10:0e:17:72:15:fb:
79:64:05:a2:ea:be:d3:06:57:77:a9:3c:d0:dc:8a:
a4:9d:37:d3:d7:6f:00:16:61:2a:49:c0:6d:e7:d5:
0f:60:bb:dd:04:45:70:65:f5:72:fe:a5:70:ed:cc:
bb:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:57:06:9C:57:D7:90:68:88:D5:AD:42:B3:39:6C:90:CB:07:EE:81
X509v3 Authority Key Identifier:
keyid:CC:BF:95:B4:7A:B2:B9:9C:22:2B:FE:54:52:1E:FD:1A:B6:7D:26:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/CFcGnFfXkGiI1a1CszlskMsH7oE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/60/a29b95-ccb3-467b-ab7a-ac5b61493e01/1/zL-VtHqyuZwiK_5UUh79GrZ9Jn8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.170.200.0/22
IPv6:
2a03:d2c0::/32
Signature Algorithm: sha256WithRSAEncryption
0f:99:43:e5:23:59:07:61:b7:df:a1:2a:b9:17:d2:c2:c1:0b:
ac:21:a8:42:5a:9a:29:d9:e5:32:42:24:c0:ba:11:aa:3f:62:
b8:4f:68:5a:c0:41:c7:62:aa:9a:45:f5:70:d8:ac:0d:2b:a9:
9b:bb:b5:3a:dd:61:7e:93:fd:17:74:d3:dc:86:4b:19:e6:13:
b0:87:99:4f:cb:53:f6:d6:28:a7:de:e6:76:ee:95:a7:92:69:
fa:f4:04:c3:31:74:0d:b7:15:f2:22:c9:da:19:4c:f3:5c:32:
b3:eb:50:8e:88:dc:9b:5d:fa:67:2b:5c:4f:0a:c9:b5:1f:d0:
96:4f:ef:60:35:89:a9:56:36:47:69:01:b5:4d:80:c4:25:86:
df:8b:90:37:bd:88:9d:78:06:dc:43:e4:93:8f:4a:31:75:76:
c5:22:05:07:e2:7f:fe:01:ac:cf:40:89:1b:c0:93:ba:ee:05:
c4:85:dc:e7:a9:b5:07:08:9a:78:c5:7b:e5:e3:a4:c8:d6:81:
ed:55:96:13:34:29:50:d3:f7:20:4d:3f:12:e3:6a:2a:90:19:
12:db:9d:41:74:82:f2:a9:e3:03:e8:62:9e:71:21:4f:d0:44:
83:f6:9f:16:4f:ea:45:08:a3:02:81:c1:64:0d:dc:bc:a7:ac:
60:5b:03:93
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1+cpd2li4EKH3GOzJcoN/7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYmY5NWI0N2FiMmI5OWMyMjJiZmU1NDUyMWVmZDFhYjY3
ZDI2N2YwHhcNMjQwMjA2MTI0NDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU3MDY5YzU3ZDc5MDY4ODhkNWFkNDJiMzM5NmM5MGNiMDdlZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorsrL6Xgj7bokaItkAt6d5tqdLzR
9PTSkJ0qE4yYeUQhJPvG5lANYKwa4Zq1YCPgOCciD8Gy4f2VvMFDPrUTAmr0eIP8
EUN5+VwNs94whepvsdDwmpdRDB6km35aGR7aaLZUM42VQxQO9eeHohzAJc88nyO0
vHrf+The65H8ToNk8JJHE9CWdsFHJRQUG6n5fvLCOVwAfMCbnAKBkFHCaSHdmDPR
w7P/DwtBVQz8vErGsJMFAXypdKH3mCWruYlzKkinHz+koS0dR+kQDhdyFft5ZAWi
6r7TBld3qTzQ3IqknTfT128AFmEqScBt59UPYLvdBEVwZfVy/qVw7cy7VQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAhXBpxX15BoiNWtQrM5bJDLB+6BMB8GA1UdIwQY
MBaAFMy/lbR6srmcIiv+VFIe/Rq2fSZ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekwtVnRIcXl1WndpS181VVVoNzlHclo5Sm44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9hMjliOTUtY2NiMy00NjdiLWFiN2Et
YWM1YjYxNDkzZTAxLzEvQ0ZjR25GZlhrR2lJMWExQ3N6bHNrTXNIN29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9hMjliOTUtY2NiMy00NjdiLWFiN2EtYWM1YjYxNDkzZTAx
LzEvekwtVnRIcXl1WndpS181VVVoNzlHclo5Sm44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC1arIMA0E
AgACMAcDBQAqA9LAMA0GCSqGSIb3DQEBCwUAA4IBAQAPmUPlI1kHYbffoSq5F9LC
wQusIahCWpop2eUyQiTAuhGqP2K4T2hawEHHYqqaRfVw2KwNK6mbu7U63WF+k/0X
dNPchksZ5hOwh5lPy1P21iin3uZ27pWnkmn69ATDMXQNtxXyIsnaGUzzXDKz61CO
iNybXfpnK1xPCsm1H9CWT+9gNYmpVjZHaQG1TYDEJYbfi5A3vYideAbcQ+STj0ox
dXbFIgUH4n/+AazPQIkbwJO67gXEhdznqbUHCJp4xXvl46TI1oHtVZYTNClQ0/cg
TT8S42oqkBkS251BdILyqeMD6GKecSFP0ESD9p8WT+pFCKMCgcFkDdy8p6xgWwOT
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:12:41 2025 by rpki-client