Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/itgf7GyYbALf8NQrEamYB0Z1Uzc.roa
File: itgf7GyYbALf8NQrEamYB0Z1Uzc.roa (raw, json)
Hash identifier: ol2uX6GxMEjSYNb8E789G4hYI1aHYXMXTEn6eMAioT4=
Subject key identifier: 8A:D8:1F:EC:6C:98:6C:02:DF:F0:D4:2B:11:A9:98:07:46:75:53:37
Certificate issuer: /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial: 01956A70007C6A4B21E026DCB9056AB99D85
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/itgf7GyYbALf8NQrEamYB0Z1Uzc.roa
Signing time: Thu 06 Mar 2025 07:51:19 +0000
ROA not before: Thu 06 Mar 2025 07:51:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 62.171.230.0/24 maxlen: 24
194.238.78.0/24 maxlen: 24
194.238.79.0/24 maxlen: 24
213.18.220.0/22 maxlen: 24
217.177.0.0/21 maxlen: 24
217.177.32.0/24 maxlen: 24
217.180.12.0/24 maxlen: 24
217.180.22.0/23 maxlen: 24
217.180.46.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sat 15 Mar 2025 12:53:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:6a:70:00:7c:6a:4b:21:e0:26:dc:b9:05:6a:b9:9d:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Validity
Not Before: Mar 6 07:51:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8ad81fec6c986c02dff0d42b11a9980746755337
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:06:af:9f:10:89:74:fb:60:09:67:2e:a6:7a:
09:e1:3d:b4:4d:8d:ee:7a:57:ea:8b:84:ec:09:88:
6f:cf:80:47:44:a9:b1:76:e2:a7:ab:e1:a3:7d:5c:
27:2b:bf:95:e9:3f:6e:d3:b4:38:66:c5:2e:61:84:
da:58:c1:a4:38:48:07:51:43:6b:32:8f:b3:af:4a:
ae:73:a6:7e:1c:ec:79:e0:d4:47:63:e5:dd:24:13:
be:0f:29:bd:9d:3e:2d:c1:da:be:e3:cf:7c:6e:ce:
e2:97:36:f9:da:76:33:f7:84:98:88:87:4c:e7:f0:
d1:0e:da:a0:dd:3e:5f:04:78:91:3a:24:0b:84:92:
37:0f:91:e6:96:18:7d:cc:12:49:f8:78:45:60:2b:
21:1d:10:4f:d7:7b:72:15:19:74:15:0a:3b:cc:e5:
dd:8d:0d:98:f1:33:16:fb:82:ab:df:96:59:1c:79:
c6:8c:7f:ad:69:ad:9c:26:37:ff:25:40:e0:40:9b:
f6:ca:1c:4e:f1:de:ef:70:3b:4f:39:38:e9:3f:54:
2c:2f:75:cb:aa:94:06:bc:7a:75:52:2a:cc:80:0c:
1e:ea:54:74:bb:f7:d0:73:1c:5f:30:fa:4d:d4:e4:
d1:88:c3:32:39:9b:25:33:ef:61:02:82:72:96:a8:
a5:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:D8:1F:EC:6C:98:6C:02:DF:F0:D4:2B:11:A9:98:07:46:75:53:37
X509v3 Authority Key Identifier:
keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/itgf7GyYbALf8NQrEamYB0Z1Uzc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.171.230.0/24
194.238.78.0/23
213.18.220.0/22
217.177.0.0/21
217.177.32.0/24
217.180.12.0/24
217.180.22.0/23
217.180.46.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:69:ce:78:69:52:64:b2:44:30:20:22:9e:68:9d:a1:94:7a:
6c:01:8c:a1:93:bc:81:85:dc:9d:ef:47:22:62:bd:27:e8:5a:
fc:e9:1c:b4:b8:03:ca:95:90:6c:43:ea:9e:87:7c:1d:b0:a6:
98:39:7a:58:f5:3d:81:41:f1:d7:55:2d:02:b2:f6:95:47:e8:
08:6d:1b:b7:02:65:3e:ac:f3:0a:a5:b3:d5:e8:00:fd:f3:9d:
bf:ca:4a:0e:2c:44:a7:22:8d:f2:c5:c3:37:48:65:22:51:80:
9a:8c:2e:e4:33:8b:2c:af:42:2e:f1:ba:9a:d3:6b:43:45:19:
e5:25:b8:ef:13:2b:4d:91:d5:21:47:91:4e:2a:c4:1b:29:26:
db:10:9b:71:9c:2d:3c:83:42:73:3f:84:85:9d:24:2f:dd:90:
e7:45:d6:c6:57:b1:6a:d2:c4:7b:2a:dc:39:78:51:24:14:de:
2c:67:f5:5f:e9:99:d6:b0:8a:92:dd:fc:7f:37:e4:e3:27:2d:
7f:c3:51:81:00:cb:5f:cc:8a:2a:a3:79:9e:85:42:68:e3:ef:
1c:88:28:55:7d:77:b7:47:f9:91:0d:97:01:91:94:d3:77:44:
59:c3:7e:fb:1d:78:e6:29:7a:58:f1:5a:17:eb:46:c5:04:0c:
8a:3d:a9:2b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZVqcAB8aksh4CbcuQVquZ2FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMzA2MDc1MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWQ4MWZlYzZjOTg2YzAyZGZmMGQ0MmIxMWE5OTgwNzQ2NzU1MzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AavnxCJdPtgCWcupnoJ4T20TY3u
elfqi4TsCYhvz4BHRKmxduKnq+GjfVwnK7+V6T9u07Q4ZsUuYYTaWMGkOEgHUUNr
Mo+zr0quc6Z+HOx54NRHY+XdJBO+Dym9nT4twdq+4898bs7ilzb52nYz94SYiIdM
5/DRDtqg3T5fBHiROiQLhJI3D5Hmlhh9zBJJ+HhFYCshHRBP13tyFRl0FQo7zOXd
jQ2Y8TMW+4Kr35ZZHHnGjH+taa2cJjf/JUDgQJv2yhxO8d7vcDtPOTjpP1QsL3XL
qpQGvHp1UirMgAwe6lR0u/fQcxxfMPpN1OTRiMMyOZslM+9hAoJylqilvwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIrYH+xsmGwC3/DUKxGpmAdGdVM3MB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvaXRnZjdHeVliQUxmOE5RckVhbVlCMFoxVXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAPqvmAwQB
wu5OAwQC1RLcAwQD2bEAAwQA2bEgAwQA2bQMAwQB2bQWAwQA2bQuMA0GCSqGSIb3
DQEBCwUAA4IBAQB/ac54aVJkskQwICKeaJ2hlHpsAYyhk7yBhdyd70ciYr0n6Fr8
6Ry0uAPKlZBsQ+qeh3wdsKaYOXpY9T2BQfHXVS0CsvaVR+gIbRu3AmU+rPMKpbPV
6AD9852/ykoOLESnIo3yxcM3SGUiUYCajC7kM4ssr0Iu8bqa02tDRRnlJbjvEytN
kdUhR5FOKsQbKSbbEJtxnC08g0JzP4SFnSQv3ZDnRdbGV7Fq0sR7Ktw5eFEkFN4s
Z/Vf6ZnWsIqS3fx/N+TjJy1/w1GBAMtfzIoqo3mehUJo4+8ciChVfXe3R/mRDZcB
kZTTd0RZw377HXjmKXpY8VoX60bFBAyKPakr
-----END CERTIFICATE-----
Generated at Sat Apr 5 10:56:19 2025 by rpki-client