Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/z8Ug_SbeObB3ODb0f9ErXY44QAg.roa
File: z8Ug_SbeObB3ODb0f9ErXY44QAg.roa (raw, json)
Hash identifier: xoHgZTS2AVGE4gKwu1+lP1Qtl7ZhhaCE5iIcibvj8tY=
Subject key identifier: CF:C5:20:FD:26:DE:39:B0:77:38:36:F4:7F:D1:2B:5D:8E:38:40:08
Certificate issuer: /CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Certificate serial: 018ECE07E2080F0AAAEA9FA851921826D0C5
Authority key identifier: 22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/z8Ug_SbeObB3ODb0f9ErXY44QAg.roa
Signing time: Thu 11 Apr 2024 16:40:06 +0000
ROA not before: Thu 11 Apr 2024 16:40:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212212
IP address blocks: 91.242.48.0/23 maxlen: 23
91.242.50.0/23 maxlen: 23
151.248.70.0/23 maxlen: 23
176.108.224.0/22 maxlen: 22
185.76.52.0/23 maxlen: 23
185.76.54.0/23 maxlen: 23
194.107.122.0/24 maxlen: 24
194.213.6.0/24 maxlen: 24
195.54.54.0/24 maxlen: 24
195.54.55.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 15:48:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:ce:07:e2:08:0f:0a:aa:ea:9f:a8:51:92:18:26:d0:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f2c2e7bc1da54d919ca5b5941d378892b2ccb2
Validity
Not Before: Apr 11 16:40:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cfc520fd26de39b0773836f47fd12b5d8e384008
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:c4:87:0b:a9:f8:af:f5:13:dc:eb:c0:11:52:
43:65:95:ae:41:1a:0a:22:0c:c6:87:b4:6f:9b:22:
2a:f8:1f:c8:b0:76:10:b9:bf:67:a3:c7:ee:b3:32:
87:b6:a3:22:ff:d1:c9:e7:01:e1:27:98:bb:22:24:
4d:32:1a:4d:1c:1d:b7:e6:97:15:93:ff:c8:49:26:
81:40:90:43:3f:b2:2d:84:3a:78:38:8a:dd:32:da:
56:98:a0:15:48:f6:c3:9a:9d:e1:a9:b8:69:6c:43:
65:23:0b:1e:a8:c9:17:1a:22:8d:d0:f9:68:02:2c:
dc:1e:76:09:df:7c:57:21:42:ad:7d:ea:99:35:b0:
48:7b:8e:ca:06:54:7a:c1:e9:6e:f2:62:50:41:d6:
9d:f7:b6:d8:0c:cc:ee:6d:fa:b0:d4:36:8e:12:2a:
e8:0d:38:bd:2e:2f:7e:f9:8d:e2:42:92:b4:bd:a7:
5a:85:af:b7:ec:f1:0b:55:d3:47:17:e8:18:6c:ee:
47:bd:4e:9b:ee:6c:08:47:29:4b:70:88:3f:60:a6:
72:78:48:e2:2a:08:71:f4:4b:e6:e5:e8:f1:c4:fe:
ed:6b:f8:22:8c:68:ec:0b:14:8b:ec:63:a6:83:74:
30:81:22:1f:5e:72:71:f3:ac:06:d0:3f:98:8e:86:
09:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:C5:20:FD:26:DE:39:B0:77:38:36:F4:7F:D1:2B:5D:8E:38:40:08
X509v3 Authority Key Identifier:
keyid:22:F2:C2:E7:BC:1D:A5:4D:91:9C:A5:B5:94:1D:37:88:92:B2:CC:B2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvLC57wdpU2RnKW1lB03iJKyzLI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/z8Ug_SbeObB3ODb0f9ErXY44QAg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/602530-6d22-46f1-8e05-02def6e84c91/1/IvLC57wdpU2RnKW1lB03iJKyzLI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.242.48.0/22
151.248.70.0/23
176.108.224.0/22
185.76.52.0/22
194.107.122.0/24
194.213.6.0/24
195.54.54.0/23
Signature Algorithm: sha256WithRSAEncryption
1a:ab:dd:2b:ee:66:c6:d0:d5:24:79:11:49:59:43:bd:c7:25:
7f:ab:49:86:05:08:89:82:74:a2:f6:a2:ce:8b:93:95:fb:37:
0d:0d:76:7d:85:ba:f5:17:8c:cc:ff:28:40:24:05:83:ee:6b:
62:cf:bd:f1:86:ff:ff:bf:6f:7a:68:47:71:b4:73:d6:e0:b9:
66:c1:49:80:de:53:33:f8:27:05:28:85:00:14:a9:92:3a:86:
c4:93:52:a9:01:b2:b9:e0:f1:a5:c1:6f:96:21:ad:3e:66:4a:
cd:ca:20:d1:03:c6:28:f4:20:e9:d1:6d:45:41:ca:b5:be:51:
5b:0c:7c:5b:a5:52:14:64:3b:3b:e0:68:0f:21:f9:0e:de:f9:
83:33:36:9b:bc:d7:28:af:4a:08:14:bf:e2:7f:8e:a4:92:45:
35:ed:f2:3a:17:89:e8:b6:4b:9d:e0:84:16:89:11:11:19:93:
19:d1:a4:e5:92:2d:c5:46:f9:dc:b6:c1:3f:93:19:da:a1:b8:
10:63:07:a8:23:0c:c3:ad:ad:21:c3:30:05:59:ac:64:07:14:
2d:93:e1:73:f6:95:b2:4f:6b:b6:2e:26:1f:08:e7:71:6c:4b:
69:44:ea:5e:6d:61:b5:97:22:36:e0:25:5a:35:6d:93:f5:c3:
83:59:e1:8d
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY7OB+IIDwqq6p+oUZIYJtDFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjJjMmU3YmMxZGE1NGQ5MTljYTViNTk0MWQzNzg4OTJi
MmNjYjIwHhcNMjQwNDExMTY0MDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmM1MjBmZDI2ZGUzOWIwNzczODM2ZjQ3ZmQxMmI1ZDhlMzg0MDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMSHC6n4r/UT3OvAEVJDZZWuQRoK
IgzGh7RvmyIq+B/IsHYQub9no8fuszKHtqMi/9HJ5wHhJ5i7IiRNMhpNHB235pcV
k//ISSaBQJBDP7IthDp4OIrdMtpWmKAVSPbDmp3hqbhpbENlIwseqMkXGiKN0Plo
AizcHnYJ33xXIUKtfeqZNbBIe47KBlR6welu8mJQQdad97bYDMzubfqw1DaOEiro
DTi9Li9++Y3iQpK0vadaha+37PELVdNHF+gYbO5HvU6b7mwIRylLcIg/YKZyeEji
Kghx9Evm5ejxxP7ta/gijGjsCxSL7GOmg3QwgSIfXnJx86wG0D+YjoYJAQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFM/FIP0m3jmwdzg29H/RK12OOEAIMB8GA1UdIwQY
MBaAFCLywue8HaVNkZyltZQdN4iSssyyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUt
MDJkZWY2ZTg0YzkxLzEvejhVZ19TYmVPYkIzT0RiMGY5RXJYWTQ0UUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi82MDI1MzAtNmQyMi00NmYxLThlMDUtMDJkZWY2ZTg0Yzkx
LzEvSXZMQzU3d2RwVTJSbktXMWxCMDNpSkt5ekxJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCW/IwAwQB
l/hGAwQCsGzgAwQCuUw0AwQAwmt6AwQAwtUGAwQBwzY2MA0GCSqGSIb3DQEBCwUA
A4IBAQAaq90r7mbG0NUkeRFJWUO9xyV/q0mGBQiJgnSi9qLOi5OV+zcNDXZ9hbr1
F4zM/yhAJAWD7mtiz73xhv//v296aEdxtHPW4LlmwUmA3lMz+CcFKIUAFKmSOobE
k1KpAbK54PGlwW+WIa0+ZkrNyiDRA8Yo9CDp0W1FQcq1vlFbDHxbpVIUZDs74GgP
IfkO3vmDMzabvNcor0oIFL/if46kkkU17fI6F4notkud4IQWiRERGZMZ0aTlki3F
RvnctsE/kxnaobgQYweoIwzDra0hwzAFWaxkBxQtk+Fz9pWyT2u2LiYfCOdxbEtp
ROpebWG1lyI24CVaNW2T9cODWeGN
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:35:59 2025 by rpki-client