Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/019a1e-be98-414c-8c2c-6b27ff2257c6/1/E-k_YcAfEzSCsixh321k8jST67A.roa
File: E-k_YcAfEzSCsixh321k8jST67A.roa (raw, json)
Hash identifier: lldZMqKAHtT+1syBgiY4lRD69NPbmG0MUIRrT/dryGg=
Subject key identifier: 13:E9:3F:61:C0:1F:13:34:82:B2:2C:61:DF:6D:64:F2:34:93:EB:B0
Certificate issuer: /CN=a47f708c34a5e71daf3d2e54b99ab74f069ef80b
Certificate serial: 019201B2D09436923965C2F5F1F5E4993260
Authority key identifier: A4:7F:70:8C:34:A5:E7:1D:AF:3D:2E:54:B9:9A:B7:4F:06:9E:F8:0B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pH9wjDSl5x2vPS5UuZq3Twae-As.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/019a1e-be98-414c-8c2c-6b27ff2257c6/1/E-k_YcAfEzSCsixh321k8jST67A.roa
Signing time: Tue 17 Sep 2024 20:35:48 +0000
ROA not before: Tue 17 Sep 2024 20:35:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198213
IP address blocks: 109.202.120.0/24 maxlen: 24
109.202.121.0/24 maxlen: 24
109.202.122.0/24 maxlen: 24
109.202.123.0/24 maxlen: 24
109.202.125.0/24 maxlen: 24
109.202.127.0/24 maxlen: 24
2a03:e180::/32 maxlen: 32
2a03:e181::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 01 Jan 2025 13:48:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:01:b2:d0:94:36:92:39:65:c2:f5:f1:f5:e4:99:32:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a47f708c34a5e71daf3d2e54b99ab74f069ef80b
Validity
Not Before: Sep 17 20:35:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=13e93f61c01f133482b22c61df6d64f23493ebb0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:d9:c2:7b:08:a2:fc:f0:36:ce:8d:36:2e:1c:
7c:4d:9f:05:14:a1:79:eb:de:c1:61:b6:ec:b3:2b:
8a:bf:57:a9:c8:ef:f2:0a:6f:08:0f:10:91:f2:50:
ff:c3:7e:ba:6c:cf:91:e8:24:2b:9d:77:ad:db:55:
1c:ee:da:f6:d5:2f:54:81:0c:dc:5a:31:c8:2d:2c:
c7:35:e3:0a:e7:b5:99:cb:54:98:5f:84:50:e2:17:
05:90:ab:59:07:e5:37:4a:60:41:61:65:7f:5b:5c:
31:b8:fd:65:0f:c9:08:d8:ea:8c:0a:fc:43:9d:a4:
ff:54:a1:dd:e4:f1:b4:41:07:02:6c:31:63:4c:fb:
03:51:ce:12:00:3f:62:16:23:b0:ea:b8:f9:3e:8b:
d1:61:c2:0f:7c:9d:8e:46:f5:0a:0c:00:f8:62:5e:
b0:b9:ae:32:9c:f0:a0:0f:11:67:7f:ad:fb:07:52:
38:1e:69:24:c9:72:62:3e:33:c1:05:1c:6c:89:a9:
2a:1a:a6:c6:17:a2:be:6c:fa:20:c5:57:33:b0:65:
e6:0d:bc:f3:1f:05:b1:6b:29:84:a3:0d:05:5d:95:
b1:aa:92:5d:1c:7e:38:76:79:c6:31:68:d2:d9:64:
c2:e4:1b:5f:2a:2e:a7:a7:2e:be:50:66:aa:de:3b:
32:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
13:E9:3F:61:C0:1F:13:34:82:B2:2C:61:DF:6D:64:F2:34:93:EB:B0
X509v3 Authority Key Identifier:
keyid:A4:7F:70:8C:34:A5:E7:1D:AF:3D:2E:54:B9:9A:B7:4F:06:9E:F8:0B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pH9wjDSl5x2vPS5UuZq3Twae-As.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/019a1e-be98-414c-8c2c-6b27ff2257c6/1/E-k_YcAfEzSCsixh321k8jST67A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/019a1e-be98-414c-8c2c-6b27ff2257c6/1/pH9wjDSl5x2vPS5UuZq3Twae-As.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.202.120.0/22
109.202.125.0/24
109.202.127.0/24
IPv6:
2a03:e180::/31
Signature Algorithm: sha256WithRSAEncryption
14:d4:29:f2:66:d2:ff:58:56:db:45:99:b2:cd:c0:fd:e8:76:
a5:2d:76:55:45:e5:30:6e:18:31:39:31:25:f5:e2:aa:19:78:
ae:da:55:d7:6f:c3:e1:34:9f:d7:85:11:92:de:4a:ea:dc:62:
24:5a:65:b1:70:2f:ee:40:b5:c3:aa:e6:4d:3b:41:6a:0c:32:
83:56:9c:6c:ee:67:a7:5f:6f:58:51:46:3e:e8:48:c2:1e:43:
95:a0:b3:3f:e8:98:ab:fc:de:b5:58:e3:83:9a:b7:ef:70:5b:
03:93:ac:2a:b5:a8:45:54:31:79:8c:53:06:08:8e:bf:bf:97:
e9:33:fd:e5:c1:da:aa:9d:e9:4e:28:89:76:c9:d3:87:02:8d:
38:fb:13:7b:07:69:f4:56:9f:65:d3:1c:ee:21:89:eb:c5:02:
22:2d:f1:52:f2:1b:3b:aa:46:74:21:ee:4a:63:ce:c6:0d:2f:
43:87:ed:5d:28:eb:49:f6:1b:70:4e:4c:cc:52:27:45:70:41:
83:28:f8:15:f6:05:31:29:ec:4f:60:a7:c5:6e:2a:44:bd:d9:
f8:6d:aa:6e:98:c8:fe:a4:9f:27:e3:28:11:50:b4:b7:06:83:
c6:bf:ad:09:ac:b7:36:4d:14:d4:83:6f:11:17:0c:bc:be:29:
37:a8:f8:da
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZIBstCUNpI5ZcL18fXkmTJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0N2Y3MDhjMzRhNWU3MWRhZjNkMmU1NGI5OWFiNzRmMDY5
ZWY4MGIwHhcNMjQwOTE3MjAzNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2U5M2Y2MWMwMWYxMzM0ODJiMjJjNjFkZjZkNjRmMjM0OTNlYmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNnCewii/PA2zo02Lhx8TZ8FFKF5
697BYbbssyuKv1epyO/yCm8IDxCR8lD/w366bM+R6CQrnXet21Uc7tr21S9UgQzc
WjHILSzHNeMK57WZy1SYX4RQ4hcFkKtZB+U3SmBBYWV/W1wxuP1lD8kI2OqMCvxD
naT/VKHd5PG0QQcCbDFjTPsDUc4SAD9iFiOw6rj5PovRYcIPfJ2ORvUKDAD4Yl6w
ua4ynPCgDxFnf637B1I4HmkkyXJiPjPBBRxsiakqGqbGF6K+bPogxVczsGXmDbzz
HwWxaymEow0FXZWxqpJdHH44dnnGMWjS2WTC5BtfKi6npy6+UGaq3jsyUwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFBPpP2HAHxM0grIsYd9tZPI0k+uwMB8GA1UdIwQY
MBaAFKR/cIw0pecdrz0uVLmat08GnvgLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEg5d2pEU2w1eDJ2UFM1VXVacTNUd2FlLUFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8wMTlhMWUtYmU5OC00MTRjLThjMmMt
NmIyN2ZmMjI1N2M2LzEvRS1rX1ljQWZFelNDc2l4aDMyMWs4alNUNjdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8wMTlhMWUtYmU5OC00MTRjLThjMmMtNmIyN2ZmMjI1N2M2
LzEvcEg5d2pEU2w1eDJ2UFM1VXVacTNUd2FlLUFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCbcp4AwQA
bcp9AwQAbcp/MA0EAgACMAcDBQEqA+GAMA0GCSqGSIb3DQEBCwUAA4IBAQAU1Cny
ZtL/WFbbRZmyzcD96HalLXZVReUwbhgxOTEl9eKqGXiu2lXXb8PhNJ/XhRGS3krq
3GIkWmWxcC/uQLXDquZNO0FqDDKDVpxs7menX29YUUY+6EjCHkOVoLM/6Jir/N61
WOODmrfvcFsDk6wqtahFVDF5jFMGCI6/v5fpM/3lwdqqnelOKIl2ydOHAo04+xN7
B2n0Vp9l0xzuIYnrxQIiLfFS8hs7qkZ0Ie5KY87GDS9Dh+1dKOtJ9htwTkzMUidF
cEGDKPgV9gUxKexPYKfFbipEvdn4bapumMj+pJ8n4ygRULS3BoPGv60JrLc2TRTU
g28RFwy8vik3qPja
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:29:48 2025 by rpki-client