Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/2ffFGBxzKslNhVzEeobsKsY4oPA.roa
File: 2ffFGBxzKslNhVzEeobsKsY4oPA.roa (raw, json)
Hash identifier: iwVad3jgMAn+lMKerl2VIzJJIZjM2RUjnw1DMlSkwdU=
Subject key identifier: D9:F7:C5:18:1C:73:2A:C9:4D:85:5C:C4:7A:86:EC:2A:C6:38:A0:F0
Certificate issuer: /CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Certificate serial: 01928BF17BFA848C738B07492FA640CA33BE
Authority key identifier: B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/2ffFGBxzKslNhVzEeobsKsY4oPA.roa
Signing time: Mon 14 Oct 2024 16:51:51 +0000
ROA not before: Mon 14 Oct 2024 16:51:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12541
IP address blocks: 176.98.220.0/22 maxlen: 24
185.145.224.0/22 maxlen: 24
185.155.64.0/22 maxlen: 24
185.173.44.0/22 maxlen: 24
185.187.180.0/22 maxlen: 24
185.224.76.0/22 maxlen: 24
193.34.240.0/22 maxlen: 24
2a0d:59c0::/29 maxlen: 48
Validation: Failed, certificate revoked on Mon 21 Oct 2024 11:28:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:8b:f1:7b:fa:84:8c:73:8b:07:49:2f:a6:40:ca:33:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b914961f67f22c61e84a66c8ad9c1a8ce51d099b
Validity
Not Before: Oct 14 16:51:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d9f7c5181c732ac94d855cc47a86ec2ac638a0f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:6e:bb:7c:c4:87:d4:53:dd:9c:bd:1b:3a:25:
f6:29:ba:dd:3f:65:db:e9:ab:e3:c0:d0:8f:a7:47:
d7:6c:cb:ac:18:5b:e0:2a:7e:1e:6d:cd:80:ab:a6:
e2:64:da:26:a2:48:7c:e9:35:f9:86:5d:48:ec:00:
47:b0:82:ee:c4:85:1a:62:60:ff:aa:12:14:a8:8a:
33:fe:7f:02:cc:fd:29:15:65:e9:8a:db:f4:09:8a:
a7:c3:a8:0c:56:29:4d:f0:ae:c7:aa:d7:8d:15:37:
c3:e7:55:55:93:9c:56:0d:6a:9a:af:31:b9:db:ff:
e3:e4:a9:0b:5f:70:78:02:56:df:c6:c9:4f:3c:f7:
ab:c0:66:cb:e0:30:60:1c:6e:a0:d9:58:e0:97:0d:
1d:3c:39:98:1c:f4:2e:ad:04:67:fe:36:04:eb:0b:
d4:8f:ff:66:02:76:9b:78:da:31:e2:fe:60:3f:86:
4b:cf:91:d9:c0:cc:7d:15:87:06:64:3e:be:c1:0f:
90:a1:48:8b:27:8a:cd:27:88:87:78:ae:bd:5a:33:
40:04:c6:d5:8b:f5:97:e7:ee:db:c6:a9:0c:2d:bd:
d3:7a:01:41:fe:89:d5:d8:8c:80:eb:ce:13:db:c4:
fe:dc:a8:c6:c7:e2:5b:14:7e:a5:d2:99:39:5a:ab:
48:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:F7:C5:18:1C:73:2A:C9:4D:85:5C:C4:7A:86:EC:2A:C6:38:A0:F0
X509v3 Authority Key Identifier:
keyid:B9:14:96:1F:67:F2:2C:61:E8:4A:66:C8:AD:9C:1A:8C:E5:1D:09:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRSWH2fyLGHoSmbIrZwajOUdCZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/2ffFGBxzKslNhVzEeobsKsY4oPA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/0917a7-9ebd-45b9-9de2-27473ca612de/1/uRSWH2fyLGHoSmbIrZwajOUdCZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.98.220.0/22
185.145.224.0/22
185.155.64.0/22
185.173.44.0/22
185.187.180.0/22
185.224.76.0/22
193.34.240.0/22
IPv6:
2a0d:59c0::/29
Signature Algorithm: sha256WithRSAEncryption
10:51:13:c7:2f:30:85:a4:38:41:56:f5:8d:08:be:7c:ff:bb:
f6:74:8d:01:32:ff:1a:ad:b8:1d:09:d2:8b:68:60:ce:f4:ff:
39:5e:a2:75:4f:26:1a:8f:ff:01:46:19:a4:aa:a5:7f:0a:86:
f9:b6:fc:88:50:1b:e1:87:3c:81:e3:27:a1:46:6e:b3:4d:53:
0c:91:45:98:fc:d8:11:54:c5:c9:4b:38:bf:60:dc:78:ec:bd:
0f:d6:cc:fb:9b:88:1e:2e:db:2a:06:0c:d4:16:fb:49:ba:55:
f4:3c:96:79:ff:de:c9:89:87:c7:fe:39:65:90:62:a5:12:73:
7e:ac:6c:3a:b3:e9:d4:2b:31:c4:8e:eb:c1:b0:eb:cb:3a:93:
ac:2a:9e:3f:37:04:74:38:2a:1f:4a:90:7c:dd:50:29:d1:9b:
d1:f8:38:56:99:b6:ec:64:9f:f4:73:b4:ed:6a:97:31:97:9d:
0c:a0:1d:57:77:ce:7f:a1:de:94:33:cc:0d:a0:4e:d2:02:ef:
af:4d:d5:6e:34:ee:ce:1b:2f:12:d8:82:85:33:94:a3:0e:2e:
a0:d2:a7:93:f3:47:8d:98:08:86:5d:f1:64:46:d2:c1:ad:6d:
9f:c4:b8:3f:06:18:27:3c:47:3c:13:51:8a:fd:71:e2:cf:31:
fe:e4:1b:e5
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAZKL8Xv6hIxziwdJL6ZAyjO+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTQ5NjFmNjdmMjJjNjFlODRhNjZjOGFkOWMxYThjZTUx
ZDA5OWIwHhcNMjQxMDE0MTY1MTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWY3YzUxODFjNzMyYWM5NGQ4NTVjYzQ3YTg2ZWMyYWM2MzhhMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjG67fMSH1FPdnL0bOiX2KbrdP2Xb
6avjwNCPp0fXbMusGFvgKn4ebc2Aq6biZNomokh86TX5hl1I7ABHsILuxIUaYmD/
qhIUqIoz/n8CzP0pFWXpitv0CYqnw6gMVilN8K7HqteNFTfD51VVk5xWDWqarzG5
2//j5KkLX3B4AlbfxslPPPerwGbL4DBgHG6g2Vjglw0dPDmYHPQurQRn/jYE6wvU
j/9mAnabeNox4v5gP4ZLz5HZwMx9FYcGZD6+wQ+QoUiLJ4rNJ4iHeK69WjNABMbV
i/WX5+7bxqkMLb3TegFB/onV2IyA684T28T+3KjGx+JbFH6l0pk5WqtIPwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFNn3xRgccyrJTYVcxHqG7CrGOKDwMB8GA1UdIwQY
MBaAFLkUlh9n8ixh6EpmyK2cGozlHQmbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTIt
Mjc0NzNjYTYxMmRlLzEvMmZmRkdCeHpLc2xOaFZ6RWVvYnNLc1k0b1BBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wOTE3YTctOWViZC00NWI5LTlkZTItMjc0NzNjYTYxMmRl
LzEvdVJTV0gyZnlMR0hvU21iSXJad2FqT1VkQ1pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCsGLcAwQC
uZHgAwQCuZtAAwQCua0sAwQCubu0AwQCueBMAwQCwSLwMA0EAgACMAcDBQMqDVnA
MA0GCSqGSIb3DQEBCwUAA4IBAQAQURPHLzCFpDhBVvWNCL58/7v2dI0BMv8arbgd
CdKLaGDO9P85XqJ1TyYaj/8BRhmkqqV/Cob5tvyIUBvhhzyB4yehRm6zTVMMkUWY
/NgRVMXJSzi/YNx47L0P1sz7m4geLtsqBgzUFvtJulX0PJZ5/97JiYfH/jllkGKl
EnN+rGw6s+nUKzHEjuvBsOvLOpOsKp4/NwR0OCofSpB83VAp0ZvR+DhWmbbsZJ/0
c7Ttapcxl50MoB1Xd85/od6UM8wNoE7SAu+vTdVuNO7OGy8S2IKFM5SjDi6g0qeT
80eNmAiGXfFkRtLBrW2fxLg/BhgnPEc8E1GK/XHizzH+5Bvl
-----END CERTIFICATE-----
Generated at Sat Apr 19 03:13:13 2025 by rpki-client