Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/SpnbNzyWXuC0FLsSi-6eW4K3yhM.roa
File: SpnbNzyWXuC0FLsSi-6eW4K3yhM.roa (raw, json)
Hash identifier: 50FYfIIUkiTxSzgI4Ex5V8157w3liXJpSnhzHvRn5qI=
Subject key identifier: 4A:99:DB:37:3C:96:5E:E0:B4:14:BB:12:8B:EE:9E:5B:82:B7:CA:13
Certificate issuer: /CN=68cfe1aacb278c13231b310e45ee576932fe9b4e
Certificate serial: 0191918D4EACE13C24322CDF62FE76FAEAEA
Authority key identifier: 68:CF:E1:AA:CB:27:8C:13:23:1B:31:0E:45:EE:57:69:32:FE:9B:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aM_hqssnjBMjGzEORe5XaTL-m04.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/SpnbNzyWXuC0FLsSi-6eW4K3yhM.roa
Signing time: Tue 27 Aug 2024 01:57:22 +0000
ROA not before: Tue 27 Aug 2024 01:57:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12840
IP address blocks: 212.109.96.0/20 maxlen: 20
212.109.96.0/24 maxlen: 24
212.109.98.0/24 maxlen: 24
212.109.100.0/24 maxlen: 24
212.109.102.0/24 maxlen: 24
212.109.103.0/24 maxlen: 24
212.109.107.0/24 maxlen: 24
212.109.112.0/22 maxlen: 22
212.109.112.0/24 maxlen: 24
212.109.113.0/24 maxlen: 24
212.109.114.0/24 maxlen: 24
212.109.115.0/24 maxlen: 24
212.109.120.0/23 maxlen: 23
212.109.123.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 09:50:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:91:8d:4e:ac:e1:3c:24:32:2c:df:62:fe:76:fa:ea:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68cfe1aacb278c13231b310e45ee576932fe9b4e
Validity
Not Before: Aug 27 01:57:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4a99db373c965ee0b414bb128bee9e5b82b7ca13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:85:c9:49:d5:11:61:95:65:6f:65:fc:0d:05:
ad:55:d4:c2:63:3c:b6:6a:86:11:1a:37:e3:b8:c0:
a0:ea:e4:5e:ae:56:7a:f0:d3:aa:31:eb:8d:51:cf:
9e:99:da:5a:8c:89:63:77:1e:64:82:5e:fa:93:35:
59:df:b9:58:cd:30:44:75:7d:70:9b:1f:65:6b:8d:
f6:d3:ef:15:a0:d4:6b:e8:94:f9:99:29:43:5f:93:
69:2c:9d:e4:a1:43:8f:20:b7:18:32:3a:8b:0d:2c:
70:f0:4e:5f:81:1d:37:d3:19:35:29:76:49:47:ed:
89:fd:80:62:cc:d4:65:06:22:42:0d:ec:31:7b:9f:
fb:2e:0a:42:ca:ad:fd:7d:4f:1f:96:8a:b0:4f:23:
97:ae:de:4e:4d:25:be:39:04:68:65:2a:28:7b:ca:
e8:98:4b:2d:af:6d:98:58:e0:15:c2:fb:72:9b:45:
ad:96:08:b0:c4:b9:5c:0f:f7:19:97:25:9e:d7:79:
b0:96:cb:38:68:60:33:bb:8b:2a:d0:4d:c8:7e:58:
b6:99:51:7d:60:3c:a6:20:6c:40:e4:4f:82:29:6c:
f6:bf:4c:b0:f8:19:52:3f:83:aa:49:c0:e0:ad:77:
f3:ae:74:84:d2:b7:85:c8:cb:95:94:39:58:4c:47:
d0:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:99:DB:37:3C:96:5E:E0:B4:14:BB:12:8B:EE:9E:5B:82:B7:CA:13
X509v3 Authority Key Identifier:
keyid:68:CF:E1:AA:CB:27:8C:13:23:1B:31:0E:45:EE:57:69:32:FE:9B:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aM_hqssnjBMjGzEORe5XaTL-m04.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/SpnbNzyWXuC0FLsSi-6eW4K3yhM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/be9e88-512f-4b06-b196-89c2f666e905/1/aM_hqssnjBMjGzEORe5XaTL-m04.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.109.96.0-212.109.115.255
212.109.120.0/23
212.109.123.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:5e:91:97:77:a7:56:2a:b0:41:4d:d7:7d:07:b8:9d:a9:97:
d1:b7:72:4f:0c:c2:71:78:9e:07:e6:5a:cf:46:7d:d8:53:32:
56:b4:d0:72:82:19:6d:f1:d2:84:d4:97:6c:37:9d:27:ef:28:
b9:3a:b8:20:35:b0:f9:96:4d:39:a9:11:1c:84:dc:cb:78:fc:
af:78:3b:34:9d:15:64:ae:f8:c1:dd:6a:58:78:8b:eb:29:cd:
63:ce:81:30:d8:b5:94:61:e3:ac:e8:b0:7f:74:91:b6:a3:af:
94:79:0d:1c:ca:29:32:2c:fa:c9:2e:0a:c5:7b:ee:9f:06:2a:
3d:5b:7f:c0:22:3a:9a:d6:2b:d6:0b:ff:c3:77:03:12:05:82:
01:cc:8c:4d:0c:3f:5d:82:1c:6b:1a:ba:b4:87:e7:37:8f:66:
cb:de:4a:6b:37:b0:ce:78:64:9d:a0:9a:c3:96:c9:df:c9:0e:
df:39:be:de:e7:a6:92:eb:aa:01:4b:56:4e:56:a8:ed:11:d1:
6f:cb:20:da:75:f8:c0:03:83:18:72:fa:11:0c:33:93:78:a8:
d5:95:2f:bc:24:aa:12:3f:07:84:3a:be:39:ab:c9:b0:97:8a:
e7:23:3a:36:25:0f:c9:79:3d:65:4b:96:56:88:1d:fc:c3:55:
ec:0f:fc:ca
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZGRjU6s4TwkMizfYv52+urqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2ZlMWFhY2IyNzhjMTMyMzFiMzEwZTQ1ZWU1NzY5MzJm
ZTliNGUwHhcNMjQwODI3MDE1NzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTk5ZGIzNzNjOTY1ZWUwYjQxNGJiMTI4YmVlOWU1YjgyYjdjYTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54XJSdURYZVlb2X8DQWtVdTCYzy2
aoYRGjfjuMCg6uRerlZ68NOqMeuNUc+emdpajIljdx5kgl76kzVZ37lYzTBEdX1w
mx9la4320+8VoNRr6JT5mSlDX5NpLJ3koUOPILcYMjqLDSxw8E5fgR030xk1KXZJ
R+2J/YBizNRlBiJCDewxe5/7LgpCyq39fU8floqwTyOXrt5OTSW+OQRoZSooe8ro
mEstr22YWOAVwvtym0WtlgiwxLlcD/cZlyWe13mwlss4aGAzu4sq0E3Ifli2mVF9
YDymIGxA5E+CKWz2v0yw+BlSP4OqScDgrXfzrnSE0reFyMuVlDlYTEfQJwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFEqZ2zc8ll7gtBS7EovunluCt8oTMB8GA1UdIwQY
MBaAFGjP4arLJ4wTIxsxDkXuV2ky/ptOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1faHFzc25qQk1qR3pFT1JlNVhhVEwtbTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iZTllODgtNTEyZi00YjA2LWIxOTYt
ODljMmY2NjZlOTA1LzEvU3BuYk56eVdYdUMwRkxzU2ktNmVXNEszeWhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9iZTllODgtNTEyZi00YjA2LWIxOTYtODljMmY2NjZlOTA1
LzEvYU1faHFzc25qQk1qR3pFT1JlNVhhVEwtbTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAXUbWAD
BALUbXADBAHUbXgDBADUbXswDQYJKoZIhvcNAQELBQADggEBADxekZd3p1YqsEFN
130HuJ2pl9G3ck8MwnF4ngfmWs9GfdhTMla00HKCGW3x0oTUl2w3nSfvKLk6uCA1
sPmWTTmpERyE3Mt4/K94OzSdFWSu+MHdalh4i+spzWPOgTDYtZRh46zosH90kbaj
r5R5DRzKKTIs+skuCsV77p8GKj1bf8AiOprWK9YL/8N3AxIFggHMjE0MP12CHGsa
urSH5zePZsveSms3sM54ZJ2gmsOWyd/JDt85vt7nppLrqgFLVk5WqO0R0W/LINp1
+MADgxhy+hEMM5N4qNWVL7wkqhI/B4Q6vjmrybCXiucjOjYlD8l5PWVLllaIHfzD
VewP/Mo=
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:21:19 2025 by rpki-client