Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/5KDLwqUk3Z_G9pqaTF-mKAxFd9Q.roa
File: 5KDLwqUk3Z_G9pqaTF-mKAxFd9Q.roa (raw, json)
Hash identifier: Q/sp5/Vo9D3kM/60c7Q1QSWnk+xylQiCE4EuS3yCGfI=
Subject key identifier: E4:A0:CB:C2:A5:24:DD:9F:C6:F6:9A:9A:4C:5F:A6:28:0C:45:77:D4
Certificate issuer: /CN=b7733e9de9485b44671c8e511da221e4153c711b
Certificate serial: 018D4B613A5994EAF66E8EAECA34F5026B8B
Authority key identifier: B7:73:3E:9D:E9:48:5B:44:67:1C:8E:51:1D:A2:21:E4:15:3C:71:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/t3M-nelIW0RnHI5RHaIh5BU8cRs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/5KDLwqUk3Z_G9pqaTF-mKAxFd9Q.roa
Signing time: Sat 27 Jan 2024 14:44:39 +0000
ROA not before: Sat 27 Jan 2024 14:44:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209828
IP address blocks: 91.241.48.0/24 maxlen: 24
91.241.49.0/24 maxlen: 24
91.241.50.0/24 maxlen: 24
91.241.51.0/24 maxlen: 24
194.5.236.0/24 maxlen: 24
194.5.237.0/24 maxlen: 24
2a00:7544::/32 maxlen: 32
2a0c:8dc0::/29 maxlen: 32
2a0c:8dc0::/30 maxlen: 30
2a0c:8dc4::/32 maxlen: 32
2a0c:8dc5::/32 maxlen: 32
2a0c:8dc6::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 05 Apr 2024 23:22:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:4b:61:3a:59:94:ea:f6:6e:8e:ae:ca:34:f5:02:6b:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b7733e9de9485b44671c8e511da221e4153c711b
Validity
Not Before: Jan 27 14:44:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e4a0cbc2a524dd9fc6f69a9a4c5fa6280c4577d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:64:52:37:34:96:1f:42:8e:00:1c:3b:dc:a3:
90:be:88:1d:e2:9f:b5:90:a8:23:2b:5a:e7:05:20:
28:8d:a2:fb:27:2e:03:5a:b6:eb:76:58:b4:ea:e9:
59:84:69:c0:5f:14:c5:c6:78:13:d8:fe:a9:02:de:
03:40:9a:cc:da:f1:50:5c:8d:06:9d:2a:ad:05:bd:
bb:8a:56:ff:9b:ed:ac:58:d1:a3:c3:f6:dd:f8:98:
ae:db:62:7b:18:d5:7e:9a:3c:21:ba:4a:2c:10:3d:
ec:d7:1c:82:c1:cc:c4:9e:66:15:1e:8f:c8:00:5d:
cf:9c:c2:4f:88:32:21:8b:f7:8c:24:b7:5b:01:74:
da:5c:87:bf:3e:79:d0:69:b3:3e:af:16:7c:47:74:
83:0d:ff:80:b3:b6:0b:fc:5e:7d:f1:64:fd:27:2b:
70:8b:6e:d7:a1:8f:79:94:d2:a0:81:58:ff:e3:46:
98:d7:7b:7e:32:3e:25:ff:48:0b:13:4c:70:66:c2:
d9:9e:46:87:98:3b:37:0c:f7:10:49:13:a2:a6:8b:
24:da:84:36:f7:b9:9d:51:d1:d0:ff:5e:b3:2d:88:
83:75:32:51:cb:53:d2:36:33:35:8a:8a:4e:dd:d4:
83:d8:01:32:04:25:99:72:9c:93:c5:40:ef:a5:63:
74:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E4:A0:CB:C2:A5:24:DD:9F:C6:F6:9A:9A:4C:5F:A6:28:0C:45:77:D4
X509v3 Authority Key Identifier:
keyid:B7:73:3E:9D:E9:48:5B:44:67:1C:8E:51:1D:A2:21:E4:15:3C:71:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t3M-nelIW0RnHI5RHaIh5BU8cRs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/5KDLwqUk3Z_G9pqaTF-mKAxFd9Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/61/17e450-8818-4a27-9f35-518cd14713eb/1/t3M-nelIW0RnHI5RHaIh5BU8cRs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.241.48.0/22
194.5.236.0/23
IPv6:
2a00:7544::/32
2a0c:8dc0::/29
Signature Algorithm: sha256WithRSAEncryption
2a:10:49:08:21:03:2d:76:1d:44:b4:71:44:11:70:5c:f5:e2:
3f:f8:67:bc:2d:a5:2e:22:7c:74:a5:76:e4:07:bf:a7:2e:da:
3a:71:e2:3b:c8:fc:9e:aa:58:87:d2:53:44:97:79:09:77:b1:
84:75:f7:8f:fd:b0:6b:00:99:ab:d1:a5:26:58:42:cb:28:fd:
52:5f:23:f6:36:34:f5:0a:18:a2:be:4f:09:ad:b3:4e:a4:59:
70:b5:6f:41:13:50:2b:19:3d:b7:65:fd:f6:60:9a:a7:67:5b:
d8:e7:fa:f2:fd:61:8d:99:32:e1:58:75:7a:05:39:aa:7b:2a:
2c:34:3e:6a:d9:33:e7:0c:f4:6c:b3:b3:b3:8f:64:96:c4:6a:
e5:fa:76:1b:84:f8:f8:8d:9a:d3:5a:11:f0:d5:9d:9a:6f:42:
3a:fc:4f:03:04:9b:94:9b:44:32:e8:e1:d1:e4:cc:30:82:ad:
01:72:78:63:86:5d:d3:30:8e:7a:80:e1:ab:fb:10:71:7e:2a:
c2:87:aa:a0:5b:d0:d7:49:ee:6f:c2:7b:6d:f8:e8:72:39:18:
26:16:5f:32:34:3d:44:7b:31:2f:2e:b3:05:5c:c7:db:7b:75:
8e:3f:86:36:48:b7:b4:04:e7:cd:aa:63:b1:06:01:67:bb:82:
09:8b:d7:be
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAY1LYTpZlOr2bo6uyjT1AmuLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NzMzZTlkZTk0ODViNDQ2NzFjOGU1MTFkYTIyMWU0MTUz
YzcxMWIwHhcNMjQwMTI3MTQ0NDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGEwY2JjMmE1MjRkZDlmYzZmNjlhOWE0YzVmYTYyODBjNDU3N2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm2RSNzSWH0KOABw73KOQvogd4p+1
kKgjK1rnBSAojaL7Jy4DWrbrdli06ulZhGnAXxTFxngT2P6pAt4DQJrM2vFQXI0G
nSqtBb27ilb/m+2sWNGjw/bd+Jiu22J7GNV+mjwhukosED3s1xyCwczEnmYVHo/I
AF3PnMJPiDIhi/eMJLdbAXTaXIe/PnnQabM+rxZ8R3SDDf+As7YL/F598WT9Jytw
i27XoY95lNKggVj/40aY13t+Mj4l/0gLE0xwZsLZnkaHmDs3DPcQSROiposk2oQ2
97mdUdHQ/16zLYiDdTJRy1PSNjM1iopO3dSD2AEyBCWZcpyTxUDvpWN0XwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFOSgy8KlJN2fxvaamkxfpigMRXfUMB8GA1UdIwQY
MBaAFLdzPp3pSFtEZxyOUR2iIeQVPHEbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDNNLW5lbElXMFJuSEk1UkhhSWg1QlU4Y1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8xN2U0NTAtODgxOC00YTI3LTlmMzUt
NTE4Y2QxNDcxM2ViLzEvNUtETHdxVWszWl9HOXBxYVRGLW1LQXhGZDlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8xN2U0NTAtODgxOC00YTI3LTlmMzUtNTE4Y2QxNDcxM2Vi
LzEvdDNNLW5lbElXMFJuSEk1UkhhSWg1QlU4Y1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCW/EwAwQB
wgXsMBQEAgACMA4DBQAqAHVEAwUDKgyNwDANBgkqhkiG9w0BAQsFAAOCAQEAKhBJ
CCEDLXYdRLRxRBFwXPXiP/hnvC2lLiJ8dKV25Ae/py7aOnHiO8j8nqpYh9JTRJd5
CXexhHX3j/2wawCZq9GlJlhCyyj9Ul8j9jY09QoYor5PCa2zTqRZcLVvQRNQKxk9
t2X99mCap2db2Of68v1hjZky4Vh1egU5qnsqLDQ+atkz5wz0bLOzs49klsRq5fp2
G4T4+I2a01oR8NWdmm9COvxPAwSblJtEMujh0eTMMIKtAXJ4Y4Zd0zCOeoDhq/sQ
cX4qwoeqoFvQ10nub8J7bfjocjkYJhZfMjQ9RHsxLy6zBVzH23t1jj+GNki3tATn
zapjsQYBZ7uCCYvXvg==
-----END CERTIFICATE-----
Generated at Sat Apr 19 19:21:11 2025 by rpki-client