Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2HuBW9qD9ofwWp-guDmnLsQRu38.roa
File: 2HuBW9qD9ofwWp-guDmnLsQRu38.roa (raw, json)
Hash identifier: kEp9XZlT1sBZ5muEyK1aYuWslO7nu+ejq1tFlUB8AKc=
Subject key identifier: D8:7B:81:5B:DA:83:F6:87:F0:5A:9F:A0:B8:39:A7:2E:C4:11:BB:7F
Certificate issuer: /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial: 019368D8F8BFB3B82FDA712FC4472511ED12
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2HuBW9qD9ofwWp-guDmnLsQRu38.roa
Signing time: Tue 26 Nov 2024 14:21:10 +0000
ROA not before: Tue 26 Nov 2024 14:21:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.135.182.0/24 maxlen: 24
45.135.183.0/24 maxlen: 24
89.34.106.0/24 maxlen: 24
89.34.219.0/24 maxlen: 24
93.114.183.0/24 maxlen: 24
185.198.235.0/24 maxlen: 24
185.254.67.0/24 maxlen: 24
188.64.142.0/24 maxlen: 24
195.88.89.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 29 Nov 2024 04:30:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:68:d8:f8:bf:b3:b8:2f:da:71:2f:c4:47:25:11:ed:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Validity
Not Before: Nov 26 14:21:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d87b815bda83f687f05a9fa0b839a72ec411bb7f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:04:d3:56:35:26:29:03:f9:c7:f6:20:64:8e:
ba:ed:55:27:b7:b9:2f:d4:ef:1b:1c:93:e8:21:71:
65:e7:9c:64:35:70:63:73:c8:6e:ce:74:b9:84:94:
56:8f:a9:d5:92:c3:7e:ad:8c:da:f1:75:a0:81:08:
81:7e:a6:1f:ed:4d:0e:97:91:62:fc:b5:36:34:05:
bf:25:e5:0d:1a:df:49:3d:77:16:20:1a:d1:5d:66:
d0:bb:26:4a:5b:ea:e7:f9:0b:14:aa:ee:32:12:b0:
0c:df:7c:47:09:f7:0b:00:4f:cc:3f:e6:1e:d4:8e:
e9:05:72:97:f7:c4:11:35:87:49:8e:88:a6:9a:5c:
b2:c3:86:0b:7e:1b:b4:53:cc:46:89:a8:81:aa:26:
cd:e2:58:5a:b7:d5:03:27:d3:27:46:8f:d5:4d:30:
51:1d:49:b0:64:3a:94:8b:8d:76:e3:53:fb:e6:e6:
1e:82:36:ff:52:78:ef:99:06:90:56:09:9d:96:14:
5b:41:c6:9b:4e:8c:e9:88:26:9a:7f:b9:7b:ef:14:
03:43:d9:17:40:fb:42:f9:3a:99:10:1e:69:02:ea:
59:2e:34:0e:59:84:45:7d:0b:4e:a9:6d:56:a8:b8:
c5:2c:0b:75:ab:5a:f2:30:0a:dd:53:d5:be:79:89:
69:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:7B:81:5B:DA:83:F6:87:F0:5A:9F:A0:B8:39:A7:2E:C4:11:BB:7F
X509v3 Authority Key Identifier:
keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/2HuBW9qD9ofwWp-guDmnLsQRu38.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.135.182.0/23
89.34.106.0/24
89.34.219.0/24
93.114.183.0/24
185.198.235.0/24
185.254.67.0/24
188.64.142.0/24
195.88.89.0/24
Signature Algorithm: sha256WithRSAEncryption
27:18:4f:bd:1c:d5:6f:1a:ae:23:00:a7:e7:93:0d:f7:36:c0:
03:c4:37:6e:28:f6:f3:c5:6f:6b:4d:1b:0f:2a:ff:4b:e8:b5:
27:58:7e:f6:0f:02:f5:b9:d8:d8:f4:16:35:07:20:97:9d:8b:
a3:63:b4:ac:0a:8b:58:4f:83:c4:30:7d:5a:cf:e9:e4:aa:1a:
c3:61:6a:df:b9:f2:d7:07:30:14:9b:3a:ca:fa:d3:69:e6:b0:
b0:36:7d:9d:07:89:95:3c:25:c6:9e:d0:d0:99:36:ae:ae:26:
a2:cc:04:6e:c5:2b:3a:80:3c:fe:95:ee:12:d8:b1:c4:29:fd:
e5:3b:f5:89:7a:2f:38:85:e8:0b:97:2f:05:c2:ef:fd:61:7b:
2c:6a:f8:18:39:1d:bb:ce:eb:7a:b6:23:5d:b7:d4:17:00:da:
f8:04:75:36:bf:4e:fd:3b:e3:7b:06:d5:47:bc:48:6e:cd:2c:
47:13:7e:e7:5d:22:4c:c0:58:f0:64:e4:3c:e4:b1:5d:6e:76:
4b:94:8d:06:ab:8f:e9:9b:21:6d:ab:d8:e5:66:7d:b8:7a:b6:
57:91:d2:da:3d:d7:57:7d:9b:88:f3:e7:67:2a:da:9f:a6:e4:
ae:cf:d1:0b:f2:74:e2:33:7b:8d:fc:47:0c:22:09:ec:72:df:
a7:05:ba:4e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZNo2Pi/s7gv2nEvxEclEe0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQxMTI2MTQyMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdiODE1YmRhODNmNjg3ZjA1YTlmYTBiODM5YTcyZWM0MTFiYjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwATTVjUmKQP5x/YgZI667VUnt7kv
1O8bHJPoIXFl55xkNXBjc8huznS5hJRWj6nVksN+rYza8XWggQiBfqYf7U0Ol5Fi
/LU2NAW/JeUNGt9JPXcWIBrRXWbQuyZKW+rn+QsUqu4yErAM33xHCfcLAE/MP+Ye
1I7pBXKX98QRNYdJjoimmlyyw4YLfhu0U8xGiaiBqibN4lhat9UDJ9MnRo/VTTBR
HUmwZDqUi41241P75uYegjb/UnjvmQaQVgmdlhRbQcabTozpiCaaf7l77xQDQ9kX
QPtC+TqZEB5pAupZLjQOWYRFfQtOqW1WqLjFLAt1q1ryMArdU9W+eYlpvQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNh7gVvag/aH8FqfoLg5py7EEbt/MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMkh1Qlc5cUQ5b2Z3V3AtZ3VEbW5Mc1FSdTM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBLYe2AwQA
WSJqAwQAWSLbAwQAXXK3AwQAucbrAwQAuf5DAwQAvECOAwQAw1hZMA0GCSqGSIb3
DQEBCwUAA4IBAQAnGE+9HNVvGq4jAKfnkw33NsADxDduKPbzxW9rTRsPKv9L6LUn
WH72DwL1udjY9BY1ByCXnYujY7SsCotYT4PEMH1az+nkqhrDYWrfufLXBzAUmzrK
+tNp5rCwNn2dB4mVPCXGntDQmTauriaizARuxSs6gDz+le4S2LHEKf3lO/WJei84
hegLly8Fwu/9YXssavgYOR27zut6tiNdt9QXANr4BHU2v079O+N7BtVHvEhuzSxH
E37nXSJMwFjwZOQ85LFdbnZLlI0Gq4/pmyFtq9jlZn24erZXkdLaPddXfZuI8+dn
KtqfpuSuz9EL8nTiM3uN/EcMIgnsct+nBbpO
-----END CERTIFICATE-----
Generated at Fri Mar 14 11:42:40 2025 by rpki-client