Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/nqAqltLRjgTeOWh5vZXpGG2KpCk.roa
File: nqAqltLRjgTeOWh5vZXpGG2KpCk.roa (raw, json)
Hash identifier: qJH3ch1VtEOsYKRggbx+bws0jDFNaNBbqOZE/5u2hCI=
Subject key identifier: 9E:A0:2A:96:D2:D1:8E:04:DE:39:68:79:BD:95:E9:18:6D:8A:A4:29
Certificate issuer: /CN=ffbcae2b290c801d57d09d025a9348e16706f182
Certificate serial: 0193DE12F27A6A2D0D10714CBA67BCD7B1EB
Authority key identifier: FF:BC:AE:2B:29:0C:80:1D:57:D0:9D:02:5A:93:48:E1:67:06:F1:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_7yuKykMgB1X0J0CWpNI4WcG8YI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/nqAqltLRjgTeOWh5vZXpGG2KpCk.roa
Signing time: Thu 19 Dec 2024 08:40:03 +0000
ROA not before: Thu 19 Dec 2024 08:40:03 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198537
IP address blocks: 37.221.100.0/22 maxlen: 24
45.159.236.0/22 maxlen: 24
77.83.40.0/22 maxlen: 24
91.209.115.0/24 maxlen: 24
91.209.149.0/24 maxlen: 24
91.236.32.0/22 maxlen: 24
185.146.52.0/22 maxlen: 24
194.53.1.0/24 maxlen: 24
194.53.2.0/24 maxlen: 24
194.53.61.0/24 maxlen: 24
195.14.26.0/23 maxlen: 24
195.14.112.0/23 maxlen: 24
2a07:4bc0::/29 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 15:49:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:de:12:f2:7a:6a:2d:0d:10:71:4c:ba:67:bc:d7:b1:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ffbcae2b290c801d57d09d025a9348e16706f182
Validity
Not Before: Dec 19 08:40:03 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9ea02a96d2d18e04de396879bd95e9186d8aa429
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:6c:6c:5b:98:fb:c2:87:c0:83:e8:3d:33:f4:
76:f1:b7:8c:36:15:92:a1:66:e3:73:65:b4:cd:b8:
5d:87:c9:e6:d3:dd:23:5a:4c:f7:49:33:d7:13:ae:
5f:7a:88:3d:21:2a:69:a3:9c:4a:45:8d:11:c2:ad:
17:54:cc:bd:fc:cf:b1:e3:69:f2:d5:cc:e7:b2:c7:
7c:ca:e1:cd:aa:2e:9f:13:32:6b:32:91:a5:ee:ce:
96:34:30:37:13:9f:73:1c:19:51:e4:2f:8d:66:9f:
a4:08:a4:ba:4e:68:85:e0:17:5b:30:73:27:5e:ba:
ce:78:cb:6e:2e:d4:f3:96:13:77:09:bf:4b:d5:8a:
e2:90:e9:fd:cc:5c:59:b9:e4:bb:49:9c:b7:07:49:
75:df:94:78:4f:76:27:71:0d:0a:eb:4f:3f:f3:99:
e1:2d:bc:c7:21:30:93:bd:89:cc:b7:b1:dd:e3:e5:
2d:47:bb:af:b9:14:7f:db:f1:a9:b9:f5:1c:95:25:
4f:c4:66:20:c6:4b:61:85:2d:ac:4f:47:38:18:c6:
60:f4:9b:f8:86:17:79:62:7f:a1:3a:6d:3c:61:10:
a6:01:9e:e3:f3:37:0a:62:7b:37:21:74:08:c1:08:
aa:af:01:09:6d:6f:8b:8f:99:4c:23:ac:18:b1:4a:
88:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:A0:2A:96:D2:D1:8E:04:DE:39:68:79:BD:95:E9:18:6D:8A:A4:29
X509v3 Authority Key Identifier:
keyid:FF:BC:AE:2B:29:0C:80:1D:57:D0:9D:02:5A:93:48:E1:67:06:F1:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_7yuKykMgB1X0J0CWpNI4WcG8YI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/nqAqltLRjgTeOWh5vZXpGG2KpCk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/59bcd1-1e0b-485d-9510-096af478f04b/1/_7yuKykMgB1X0J0CWpNI4WcG8YI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.100.0/22
45.159.236.0/22
77.83.40.0/22
91.209.115.0/24
91.209.149.0/24
91.236.32.0/22
185.146.52.0/22
194.53.1.0-194.53.2.255
194.53.61.0/24
195.14.26.0/23
195.14.112.0/23
IPv6:
2a07:4bc0::/29
Signature Algorithm: sha256WithRSAEncryption
7e:90:68:3c:8e:06:13:ea:5d:62:c8:46:34:6c:ba:10:35:25:
9d:c1:c1:19:e5:b4:99:8b:06:63:18:8c:b1:8b:64:b6:0b:c3:
37:fe:37:85:64:89:f9:89:44:6a:8b:03:84:f0:e1:6a:39:ac:
11:6b:29:a5:01:f9:bf:94:33:d6:b3:9b:ea:2d:93:31:07:e0:
10:74:04:de:98:0f:40:61:fe:33:2b:ca:04:00:51:d2:73:e7:
51:49:cd:c5:0c:36:34:3e:3b:ff:e0:ab:0c:2b:f6:2c:98:3a:
03:18:fe:74:85:63:8f:c0:b1:bb:70:c9:98:46:82:9c:2c:7d:
db:b8:6f:31:16:2e:78:e6:9c:41:7d:92:a0:a1:03:72:76:c8:
70:d9:29:3d:a5:51:b6:28:a7:91:d0:c6:79:1b:59:40:a8:3e:
7f:70:5d:ed:c4:3c:51:46:11:21:67:7e:dd:07:b9:f1:c9:ce:
c0:36:b7:d0:d8:c1:b7:50:6d:8d:4a:dd:0c:d2:d2:e1:af:2a:
57:f8:9a:9a:2a:c1:78:49:3c:f9:e4:5e:92:64:64:8a:f8:48:
ed:38:bb:5a:b5:f2:1d:4d:35:af:3a:b0:ea:b7:ae:8f:f2:c2:
ec:2d:d9:6e:17:b0:ad:41:34:75:3c:76:e5:b6:fd:c1:fa:fd:
8d:78:0b:0b
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAZPeEvJ6ai0NEHFMume817HrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYmNhZTJiMjkwYzgwMWQ1N2QwOWQwMjVhOTM0OGUxNjcw
NmYxODIwHhcNMjQxMjE5MDg0MDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWEwMmE5NmQyZDE4ZTA0ZGUzOTY4NzliZDk1ZTkxODZkOGFhNDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWxsW5j7wofAg+g9M/R28beMNhWS
oWbjc2W0zbhdh8nm090jWkz3STPXE65feog9ISppo5xKRY0Rwq0XVMy9/M+x42ny
1cznssd8yuHNqi6fEzJrMpGl7s6WNDA3E59zHBlR5C+NZp+kCKS6TmiF4BdbMHMn
XrrOeMtuLtTzlhN3Cb9L1YrikOn9zFxZueS7SZy3B0l135R4T3YncQ0K608/85nh
LbzHITCTvYnMt7Hd4+UtR7uvuRR/2/GpufUclSVPxGYgxkthhS2sT0c4GMZg9Jv4
hhd5Yn+hOm08YRCmAZ7j8zcKYns3IXQIwQiqrwEJbW+Lj5lMI6wYsUqI1QIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFJ6gKpbS0Y4E3jloeb2V6RhtiqQpMB8GA1UdIwQY
MBaAFP+8rispDIAdV9CdAlqTSOFnBvGCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzd5dUt5a01nQjFYMEowQ1dwTkk0V2NHOFlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81OWJjZDEtMWUwYi00ODVkLTk1MTAt
MDk2YWY0NzhmMDRiLzEvbnFBcWx0TFJqZ1RlT1doNXZaWHBHRzJLcENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81OWJjZDEtMWUwYi00ODVkLTk1MTAtMDk2YWY0NzhmMDRi
LzEvXzd5dUt5a01nQjFYMEowQ1dwTkk0V2NHOFlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKAwQCJd1kAwQC
LZ/sAwQCTVMoAwQAW9FzAwQAW9GVAwQCW+wgAwQCuZI0MAwDBADCNQEDBADCNQID
BADCNT0DBAHDDhoDBAHDDnAwDQQCAAIwBwMFAyoHS8AwDQYJKoZIhvcNAQELBQAD
ggEBAH6QaDyOBhPqXWLIRjRsuhA1JZ3BwRnltJmLBmMYjLGLZLYLwzf+N4VkifmJ
RGqLA4Tw4Wo5rBFrKaUB+b+UM9azm+otkzEH4BB0BN6YD0Bh/jMrygQAUdJz51FJ
zcUMNjQ+O//gqwwr9iyYOgMY/nSFY4/AsbtwyZhGgpwsfdu4bzEWLnjmnEF9kqCh
A3J2yHDZKT2lUbYop5HQxnkbWUCoPn9wXe3EPFFGESFnft0HufHJzsA2t9DYwbdQ
bY1K3QzS0uGvKlf4mpoqwXhJPPnkXpJkZIr4SO04u1q18h1NNa86sOq3ro/ywuwt
2W4XsK1BNHU8duW2/cH6/Y14Cws=
-----END CERTIFICATE-----
Generated at Fri Apr 18 00:43:47 2025 by rpki-client