Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/NlKWDvWV6A8kmXOVjzvKEoIndxY.roa
File: NlKWDvWV6A8kmXOVjzvKEoIndxY.roa (raw, json)
Hash identifier: h+UhxW9S4nTfdgzeYFnXO2ayiFyXxgExy2Nk5oisGQY=
Subject key identifier: 36:52:96:0E:F5:95:E8:0F:24:99:73:95:8F:3B:CA:12:82:27:77:16
Certificate issuer: /CN=63c05afa0dc9a5f8f618c3ed2eec672ec38f6fef
Certificate serial: 018CC6B7E6A1DED84D8691E8C1DA5BDA651D
Authority key identifier: 63:C0:5A:FA:0D:C9:A5:F8:F6:18:C3:ED:2E:EC:67:2E:C3:8F:6F:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/NlKWDvWV6A8kmXOVjzvKEoIndxY.roa
Signing time: Mon 01 Jan 2024 20:29:50 +0000
ROA not before: Mon 01 Jan 2024 20:29:50 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 57350
IP address blocks: 91.231.217.0/24 maxlen: 24
91.231.216.0/24 maxlen: 24
185.41.116.0/23 maxlen: 23
185.41.118.0/23 maxlen: 23
Validation: Failed, certificate revoked on Thu 02 Jan 2025 07:47:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:e6:a1:de:d8:4d:86:91:e8:c1:da:5b:da:65:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63c05afa0dc9a5f8f618c3ed2eec672ec38f6fef
Validity
Not Before: Jan 1 20:29:50 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3652960ef595e80f249973958f3bca1282277716
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:70:98:f0:7c:69:5d:4b:a7:ac:6b:ca:b3:3a:
75:74:b2:38:37:01:12:83:38:d8:7e:7a:aa:57:63:
f4:99:58:ed:0f:fb:78:7a:22:c7:c4:c1:9c:e6:11:
d5:d3:83:fb:cb:00:23:f2:5f:3f:d2:7b:23:b9:67:
b9:9e:3c:34:eb:32:88:03:fd:a6:92:5e:c3:57:73:
f6:c7:fc:4c:0b:7e:8c:d7:89:cb:58:5d:34:20:94:
59:ea:a7:a9:8a:40:f4:bb:50:b2:4c:3a:68:6b:51:
45:4a:34:05:b6:1f:92:f6:54:c8:05:3a:ec:25:dc:
1a:38:80:90:c7:d2:98:05:4e:f5:d4:3c:9d:a3:05:
e4:96:b3:fe:4c:cb:74:89:d8:23:0c:c1:7d:66:ff:
96:83:71:8a:e2:be:42:3f:14:6d:18:93:7c:23:75:
13:2c:01:cc:97:06:0a:77:f3:80:89:f6:7d:5d:1a:
11:fa:f5:14:89:87:11:52:4f:e2:11:ff:c2:81:7a:
3e:09:d2:4f:fe:c2:37:a5:fd:e7:06:88:24:f0:00:
56:6d:43:f4:ae:6a:0c:da:46:6d:7b:db:1c:4c:3c:
bf:80:4f:6e:6e:ee:7a:9b:bf:68:82:b1:6f:ad:03:
c1:38:af:3a:a2:4d:59:7f:fd:af:b1:99:fe:8c:be:
4c:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:52:96:0E:F5:95:E8:0F:24:99:73:95:8F:3B:CA:12:82:27:77:16
X509v3 Authority Key Identifier:
keyid:63:C0:5A:FA:0D:C9:A5:F8:F6:18:C3:ED:2E:EC:67:2E:C3:8F:6F:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/NlKWDvWV6A8kmXOVjzvKEoIndxY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/c4a70e-f7a8-4aa0-98c6-23e09652b3d8/1/Y8Ba-g3Jpfj2GMPtLuxnLsOPb-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.231.216.0/23
185.41.116.0/22
Signature Algorithm: sha256WithRSAEncryption
4c:d8:c6:27:7d:54:c9:4f:4b:a2:ad:d3:ba:4e:59:c6:4b:de:
b3:33:60:f8:71:52:3d:df:c9:68:49:39:d8:a5:00:82:22:f5:
ec:67:00:f1:23:18:28:fd:2a:84:d1:e2:58:6c:d2:7f:d8:64:
aa:71:9b:9c:ea:11:9d:20:53:d5:a7:8b:b9:94:94:46:d0:c1:
50:f8:5f:b9:52:13:59:0e:31:68:9d:8d:d8:26:d2:88:c1:8f:
16:96:98:17:c3:70:ca:9c:87:b4:c7:fd:f3:be:69:2c:ac:41:
bc:65:ad:bb:2a:18:0d:22:71:d1:7b:78:bf:4c:c7:41:ea:98:
84:b0:e5:e2:2a:63:e8:69:da:c1:4c:96:3d:41:c6:d6:bd:4e:
d1:15:05:a2:cc:17:76:a3:ed:3d:ad:44:37:f7:11:dd:5c:30:
b9:9d:0e:3e:78:f0:1f:20:e9:f0:d7:0b:17:74:61:f2:a0:8a:
13:ee:88:52:f6:9c:d1:21:05:a3:ef:7a:5d:67:5f:b2:c8:3e:
14:d0:2b:8a:74:aa:0a:da:dd:b9:aa:fc:ff:b3:a2:65:61:16:
d0:f8:22:62:58:e7:f4:4b:3b:23:27:c0:c9:b7:bb:8f:aa:f3:
65:a9:03:9b:13:cc:29:91:da:21:be:29:3d:06:61:7b:17:79:
79:9c:7b:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGt+ah3thNhpHowdpb2mUdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzYzA1YWZhMGRjOWE1ZjhmNjE4YzNlZDJlZWM2NzJlYzM4
ZjZmZWYwHhcNMjQwMTAxMjAyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjUyOTYwZWY1OTVlODBmMjQ5OTczOTU4ZjNiY2ExMjgyMjc3NzE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtXCY8HxpXUunrGvKszp1dLI4NwES
gzjYfnqqV2P0mVjtD/t4eiLHxMGc5hHV04P7ywAj8l8/0nsjuWe5njw06zKIA/2m
kl7DV3P2x/xMC36M14nLWF00IJRZ6qepikD0u1CyTDpoa1FFSjQFth+S9lTIBTrs
JdwaOICQx9KYBU711DydowXklrP+TMt0idgjDMF9Zv+Wg3GK4r5CPxRtGJN8I3UT
LAHMlwYKd/OAifZ9XRoR+vUUiYcRUk/iEf/CgXo+CdJP/sI3pf3nBogk8ABWbUP0
rmoM2kZte9scTDy/gE9ubu56m79ogrFvrQPBOK86ok1Zf/2vsZn+jL5MAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDZSlg71legPJJlzlY87yhKCJ3cWMB8GA1UdIwQY
MBaAFGPAWvoNyaX49hjD7S7sZy7Dj2/vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWThCYS1nM0pwZmoyR01QdEx1eG5Mc09QYi04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9jNGE3MGUtZjdhOC00YWEwLTk4YzYt
MjNlMDk2NTJiM2Q4LzEvTmxLV0R2V1Y2QThrbVhPVmp6dktFb0luZHhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9jNGE3MGUtZjdhOC00YWEwLTk4YzYtMjNlMDk2NTJiM2Q4
LzEvWThCYS1nM0pwZmoyR01QdEx1eG5Mc09QYi04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+fYAwQC
uSl0MA0GCSqGSIb3DQEBCwUAA4IBAQBM2MYnfVTJT0uirdO6TlnGS96zM2D4cVI9
38loSTnYpQCCIvXsZwDxIxgo/SqE0eJYbNJ/2GSqcZuc6hGdIFPVp4u5lJRG0MFQ
+F+5UhNZDjFonY3YJtKIwY8WlpgXw3DKnIe0x/3zvmksrEG8Za27KhgNInHRe3i/
TMdB6piEsOXiKmPoadrBTJY9QcbWvU7RFQWizBd2o+09rUQ39xHdXDC5nQ4+ePAf
IOnw1wsXdGHyoIoT7ohS9pzRIQWj73pdZ1+yyD4U0CuKdKoK2t25qvz/s6JlYRbQ
+CJiWOf0SzsjJ8DJt7uPqvNlqQObE8wpkdohvik9BmF7F3l5nHvz
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:21:22 2025 by rpki-client