Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_9RixNrU8hOJp7w-ubJ9GZCT_SI.roa
File: _9RixNrU8hOJp7w-ubJ9GZCT_SI.roa (raw, json)
Hash identifier: G7p4+BM9jsadDTGFJeKaxEp4DCIjrtNNJXaScGMj/FQ=
Subject key identifier: FF:D4:62:C4:DA:D4:F2:13:89:A7:BC:3E:B9:B2:7D:19:90:93:FD:22
Certificate issuer: /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial: 01935FE2A860267411D634839AACDC0EA7D6
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_9RixNrU8hOJp7w-ubJ9GZCT_SI.roa
Signing time: Sun 24 Nov 2024 20:35:09 +0000
ROA not before: Sun 24 Nov 2024 20:35:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.87.121.0/24 maxlen: 24
45.135.182.0/24 maxlen: 24
45.135.183.0/24 maxlen: 24
89.34.106.0/24 maxlen: 24
89.34.219.0/24 maxlen: 24
93.114.183.0/24 maxlen: 24
185.198.235.0/24 maxlen: 24
185.254.67.0/24 maxlen: 24
188.64.142.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 25 Nov 2024 10:20:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:5f:e2:a8:60:26:74:11:d6:34:83:9a:ac:dc:0e:a7:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Validity
Not Before: Nov 24 20:35:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ffd462c4dad4f21389a7bc3eb9b27d199093fd22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d9:43:fa:6b:9b:72:6c:52:dc:4e:07:c0:9e:
05:b9:34:6f:70:27:c8:fa:b8:51:8d:b0:25:4b:50:
3f:cb:dd:7c:0d:51:15:20:da:ee:69:e7:f9:ad:10:
34:b8:28:c1:ab:13:ac:2e:cd:c8:6b:20:28:b3:b7:
e7:32:16:04:bf:b7:12:6d:3c:54:40:95:aa:3b:df:
aa:36:76:3c:0b:94:c8:f3:4c:28:1d:a7:96:d3:48:
71:6f:b3:de:89:93:17:0f:68:7c:58:2b:88:31:48:
76:de:5a:e6:2f:37:92:3d:9b:04:10:7e:96:01:89:
90:dc:40:94:5b:2b:5b:1c:86:06:1e:b3:7f:ef:91:
54:67:22:5f:45:f3:9f:6b:7d:41:1e:1d:74:5d:41:
94:0b:5f:ca:c3:b3:d4:6c:41:d5:e8:9d:51:87:40:
bf:3a:74:d9:00:30:1f:14:99:bd:99:06:31:36:fb:
9d:9b:0c:81:c6:a0:06:04:95:a2:bd:8e:e5:09:87:
29:41:8f:33:36:44:b7:d4:ff:e9:4f:ee:0a:25:8b:
43:06:42:54:6e:9d:98:39:8f:0e:47:18:ae:7d:c9:
54:da:83:8a:7e:78:8a:97:3c:f6:0a:44:c4:5e:d3:
1f:ca:03:7d:c7:63:40:b3:85:36:d5:6a:91:a3:2c:
f9:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:D4:62:C4:DA:D4:F2:13:89:A7:BC:3E:B9:B2:7D:19:90:93:FD:22
X509v3 Authority Key Identifier:
keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/_9RixNrU8hOJp7w-ubJ9GZCT_SI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.121.0/24
45.135.182.0/23
89.34.106.0/24
89.34.219.0/24
93.114.183.0/24
185.198.235.0/24
185.254.67.0/24
188.64.142.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:ee:52:86:b5:89:bc:09:34:c9:13:9c:e3:13:72:61:2a:05:
77:23:f8:fb:12:d6:0a:e8:18:84:45:c7:7d:da:e3:f9:d9:c2:
03:97:74:f5:9a:8a:88:f2:6c:1e:cf:c7:ca:d7:fa:41:0a:a6:
fc:33:dc:20:0f:d0:e7:73:1b:3b:a5:47:14:48:1e:e6:40:28:
4c:ef:a5:7f:69:66:45:c6:1c:5d:eb:7f:7d:32:e2:76:bb:e2:
8c:02:a2:eb:41:9b:fe:d6:7f:8e:12:19:f2:a7:28:aa:b9:3e:
51:f2:96:5a:f4:7f:de:05:a5:ba:e3:8f:8d:e3:12:dd:99:af:
a6:11:b9:08:bd:42:95:7e:0f:26:74:ed:99:05:d9:73:24:a3:
6e:e8:47:ca:84:52:a4:02:73:83:e5:ce:c2:ae:1c:3b:80:ca:
ae:72:7d:47:67:a7:c8:3c:50:99:b2:64:61:84:4c:d1:c7:33:
c2:5b:a6:46:ea:06:74:21:b1:b1:a7:c4:87:de:b7:1a:15:3b:
77:03:d9:41:dc:df:84:84:39:16:31:0d:a0:b1:e1:eb:f7:6d:
ac:df:51:0f:2d:17:cd:e4:32:87:1c:3a:d1:05:27:70:7f:f3:
15:4d:6c:64:56:ed:04:ff:b9:33:4d:82:34:ea:e0:89:20:d1:
08:61:8b:58
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZNf4qhgJnQR1jSDmqzcDqfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQxMTI0MjAzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmQ0NjJjNGRhZDRmMjEzODlhN2JjM2ViOWIyN2QxOTkwOTNmZDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9lD+mubcmxS3E4HwJ4FuTRvcCfI
+rhRjbAlS1A/y918DVEVINruaef5rRA0uCjBqxOsLs3IayAos7fnMhYEv7cSbTxU
QJWqO9+qNnY8C5TI80woHaeW00hxb7PeiZMXD2h8WCuIMUh23lrmLzeSPZsEEH6W
AYmQ3ECUWytbHIYGHrN/75FUZyJfRfOfa31BHh10XUGUC1/Kw7PUbEHV6J1Rh0C/
OnTZADAfFJm9mQYxNvudmwyBxqAGBJWivY7lCYcpQY8zNkS31P/pT+4KJYtDBkJU
bp2YOY8ORxiufclU2oOKfniKlzz2CkTEXtMfygN9x2NAs4U21WqRoyz5dwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFP/UYsTa1PITiae8PrmyfRmQk/0iMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvXzlSaXhOclU4aE9KcDd3LXViSjlHWkNUX1NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVd5AwQB
LYe2AwQAWSJqAwQAWSLbAwQAXXK3AwQAucbrAwQAuf5DAwQAvECOMA0GCSqGSIb3
DQEBCwUAA4IBAQAq7lKGtYm8CTTJE5zjE3JhKgV3I/j7EtYK6BiERcd92uP52cID
l3T1moqI8mwez8fK1/pBCqb8M9wgD9Dncxs7pUcUSB7mQChM76V/aWZFxhxd6399
MuJ2u+KMAqLrQZv+1n+OEhnypyiquT5R8pZa9H/eBaW644+N4xLdma+mEbkIvUKV
fg8mdO2ZBdlzJKNu6EfKhFKkAnOD5c7Crhw7gMqucn1HZ6fIPFCZsmRhhEzRxzPC
W6ZG6gZ0IbGxp8SH3rcaFTt3A9lB3N+EhDkWMQ2gseHr922s31EPLRfN5DKHHDrR
BSdwf/MVTWxkVu0E/7kzTYI06uCJINEIYYtY
-----END CERTIFICATE-----
Generated at Fri Mar 14 11:42:45 2025 by rpki-client