Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/e0d956-7b87-4edd-b944-1d0f29b4b97f/1/N4GCRMBxgcgjmOFagbW6SL3DML0.roa
File: N4GCRMBxgcgjmOFagbW6SL3DML0.roa (raw, json)
Hash identifier: n3PsRSnzHXTDXcfbplvBJ8vScEwSGsuTqHIhyWvZl/g=
Subject key identifier: 37:81:82:44:C0:71:81:C8:23:98:E1:5A:81:B5:BA:48:BD:C3:30:BD
Certificate issuer: /CN=d90d2681514aefee9d3c86e1eae35736c84d1c09
Certificate serial: 018DC5538667D3E04D96C3E6F9BB5EB09733
Authority key identifier: D9:0D:26:81:51:4A:EF:EE:9D:3C:86:E1:EA:E3:57:36:C8:4D:1C:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2Q0mgVFK7-6dPIbh6uNXNshNHAk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/e0d956-7b87-4edd-b944-1d0f29b4b97f/1/N4GCRMBxgcgjmOFagbW6SL3DML0.roa
Signing time: Tue 20 Feb 2024 07:03:21 +0000
ROA not before: Tue 20 Feb 2024 07:03:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 13101
IP address blocks: 81.91.104.0/21 maxlen: 21
103.204.204.0/22 maxlen: 22
193.143.2.0/23 maxlen: 23
193.143.6.0/23 maxlen: 23
199.175.220.0/22 maxlen: 22
Validation: Failed, certificate revoked on Wed 01 Jan 2025 07:48:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:c5:53:86:67:d3:e0:4d:96:c3:e6:f9:bb:5e:b0:97:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d90d2681514aefee9d3c86e1eae35736c84d1c09
Validity
Not Before: Feb 20 07:03:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=37818244c07181c82398e15a81b5ba48bdc330bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:76:f9:2b:14:8a:5e:47:1f:10:9d:ae:88:20:
87:98:bc:ca:f8:d0:d8:e6:e0:2d:e0:a9:6a:a8:3d:
3f:87:27:5f:41:09:83:33:bd:32:91:4f:25:47:fb:
6c:6a:31:de:14:8d:7d:08:c9:f1:e5:d0:f9:f6:48:
e4:51:3f:0f:0d:e7:2e:f7:13:c3:cb:97:39:84:7c:
17:6b:42:7e:81:09:85:6a:04:bc:b7:b5:fb:89:ca:
be:15:26:db:28:6b:f9:24:67:1c:f4:6c:8f:32:38:
6d:da:16:bd:7a:3c:cf:d7:e7:53:84:dd:81:bb:f6:
54:ad:cc:22:77:6a:eb:7e:24:70:c3:e3:27:fb:b5:
42:44:13:bc:15:c9:79:98:c9:66:6a:87:e9:e2:50:
cf:ef:21:82:59:b5:5e:ac:c6:d5:89:d7:6f:b2:07:
d4:31:10:d9:03:5c:0e:cc:1a:14:dd:cf:ce:cb:34:
07:ee:f4:5f:e5:2f:f4:21:d3:b6:f5:94:e3:81:be:
31:dd:3c:4c:bd:8a:90:23:30:27:10:99:20:3b:fc:
e5:56:fb:24:ea:fd:df:60:a6:23:9d:86:22:a8:cd:
b3:51:31:81:dc:8d:6a:4c:65:cc:b4:d7:49:47:fe:
95:33:36:57:59:81:fa:2f:53:5e:8a:c0:05:e6:d4:
c4:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:81:82:44:C0:71:81:C8:23:98:E1:5A:81:B5:BA:48:BD:C3:30:BD
X509v3 Authority Key Identifier:
keyid:D9:0D:26:81:51:4A:EF:EE:9D:3C:86:E1:EA:E3:57:36:C8:4D:1C:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2Q0mgVFK7-6dPIbh6uNXNshNHAk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/e0d956-7b87-4edd-b944-1d0f29b4b97f/1/N4GCRMBxgcgjmOFagbW6SL3DML0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/e0d956-7b87-4edd-b944-1d0f29b4b97f/1/2Q0mgVFK7-6dPIbh6uNXNshNHAk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.91.104.0/21
103.204.204.0/22
193.143.2.0/23
193.143.6.0/23
199.175.220.0/22
Signature Algorithm: sha256WithRSAEncryption
24:35:0e:77:0c:07:69:bd:87:a0:03:62:68:2f:30:80:76:09:
3c:aa:8f:a2:0d:42:a4:7a:1c:51:d6:b5:c3:55:ac:79:02:7b:
ea:06:6b:c8:34:cd:be:c6:86:75:87:06:f8:41:73:2b:07:cf:
d9:fa:14:c3:51:f8:10:5a:a4:1e:92:97:d6:d3:92:a0:1b:d1:
09:00:da:34:bd:f2:27:35:27:20:7b:f5:68:2c:e3:be:e3:7e:
d1:ba:54:09:2b:a7:2b:2b:86:07:8e:f5:fc:50:cd:9e:59:7d:
e5:45:7a:8b:53:80:96:9c:47:d0:ae:05:85:3d:60:d9:3d:aa:
37:cb:44:1c:50:ff:26:5a:0d:e1:83:8a:89:6d:8f:d3:ae:8b:
47:3f:e9:79:07:59:6d:e9:5e:bd:5c:75:82:97:5e:d8:e7:52:
1b:ff:6e:78:5f:33:f5:7b:0b:05:ed:04:ec:fb:c2:c9:f7:1b:
be:5d:2c:7f:89:db:10:be:6e:aa:42:df:bf:cf:59:f6:95:2d:
0c:bc:9b:b5:98:f3:4c:cd:72:91:50:a9:22:ea:78:81:00:87:
5a:c1:e8:8d:b9:2c:67:af:af:26:09:c4:44:fd:45:21:34:b4:
94:02:b1:22:fa:40:e3:35:61:47:4e:80:e7:49:b4:20:74:2b:
a3:b9:f9:b8
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY3FU4Zn0+BNlsPm+btesJczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MGQyNjgxNTE0YWVmZWU5ZDNjODZlMWVhZTM1NzM2Yzg0
ZDFjMDkwHhcNMjQwMjIwMDcwMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzgxODI0NGMwNzE4MWM4MjM5OGUxNWE4MWI1YmE0OGJkYzMzMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Xb5KxSKXkcfEJ2uiCCHmLzK+NDY
5uAt4KlqqD0/hydfQQmDM70ykU8lR/tsajHeFI19CMnx5dD59kjkUT8PDecu9xPD
y5c5hHwXa0J+gQmFagS8t7X7icq+FSbbKGv5JGcc9GyPMjht2ha9ejzP1+dThN2B
u/ZUrcwid2rrfiRww+Mn+7VCRBO8Fcl5mMlmaofp4lDP7yGCWbVerMbViddvsgfU
MRDZA1wOzBoU3c/OyzQH7vRf5S/0IdO29ZTjgb4x3TxMvYqQIzAnEJkgO/zlVvsk
6v3fYKYjnYYiqM2zUTGB3I1qTGXMtNdJR/6VMzZXWYH6L1NeisAF5tTEBwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDeBgkTAcYHII5jhWoG1uki9wzC9MB8GA1UdIwQY
MBaAFNkNJoFRSu/unTyG4erjVzbITRwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlEwbWdWRks3LTZkUEliaDZ1TlhOc2hOSEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9lMGQ5NTYtN2I4Ny00ZWRkLWI5NDQt
MWQwZjI5YjRiOTdmLzEvTjRHQ1JNQnhnY2dqbU9GYWdiVzZTTDNETUwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9lMGQ5NTYtN2I4Ny00ZWRkLWI5NDQtMWQwZjI5YjRiOTdm
LzEvMlEwbWdWRks3LTZkUEliaDZ1TlhOc2hOSEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDUVtoAwQC
Z8zMAwQBwY8CAwQBwY8GAwQCx6/cMA0GCSqGSIb3DQEBCwUAA4IBAQAkNQ53DAdp
vYegA2JoLzCAdgk8qo+iDUKkehxR1rXDVax5AnvqBmvINM2+xoZ1hwb4QXMrB8/Z
+hTDUfgQWqQekpfW05KgG9EJANo0vfInNScge/VoLOO+437RulQJK6crK4YHjvX8
UM2eWX3lRXqLU4CWnEfQrgWFPWDZPao3y0QcUP8mWg3hg4qJbY/TrotHP+l5B1lt
6V69XHWCl17Y51Ib/254XzP1ewsF7QTs+8LJ9xu+XSx/idsQvm6qQt+/z1n2lS0M
vJu1mPNMzXKRUKki6niBAIdaweiNuSxnr68mCcRE/UUhNLSUArEi+kDjNWFHToDn
SbQgdCujufm4
-----END CERTIFICATE-----
Generated at Sun Feb 16 22:02:01 2025 by rpki-client