Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/323add-1d87-416a-bd05-1e9848cb1745/1/M6xigDgh9o93ajbIAFm6xsrGip4.roa
File: M6xigDgh9o93ajbIAFm6xsrGip4.roa (raw, json)
Hash identifier: g+8Ma7tTSPt5xtp8NQyIxzFnG/AfKJZATrui8nWyIUA=
Subject key identifier: 33:AC:62:80:38:21:F6:8F:77:6A:36:C8:00:59:BA:C6:CA:C6:8A:9E
Certificate issuer: /CN=2e6d235bfd2bb77d9886b14cb10dc49c42082353
Certificate serial: 018D82FB7B237EBF6E7659AC70AABB1EDF06
Authority key identifier: 2E:6D:23:5B:FD:2B:B7:7D:98:86:B1:4C:B1:0D:C4:9C:42:08:23:53
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Lm0jW_0rt32YhrFMsQ3EnEIII1M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/323add-1d87-416a-bd05-1e9848cb1745/1/M6xigDgh9o93ajbIAFm6xsrGip4.roa
Signing time: Wed 07 Feb 2024 09:52:15 +0000
ROA not before: Wed 07 Feb 2024 09:52:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50157
IP address blocks: 62.76.121.0/24 maxlen: 24
195.209.152.0/24 maxlen: 24
195.209.153.0/24 maxlen: 24
195.209.154.0/24 maxlen: 24
195.209.155.0/24 maxlen: 24
195.209.156.0/24 maxlen: 24
195.209.157.0/24 maxlen: 24
195.209.158.0/24 maxlen: 24
195.209.159.0/24 maxlen: 24
212.192.191.0/24 maxlen: 24
2001:67c:614::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 17:54:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:82:fb:7b:23:7e:bf:6e:76:59:ac:70:aa:bb:1e:df:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e6d235bfd2bb77d9886b14cb10dc49c42082353
Validity
Not Before: Feb 7 09:52:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=33ac62803821f68f776a36c80059bac6cac68a9e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:67:61:69:5d:4f:62:e4:69:ed:78:1d:fb:c9:
b0:00:09:7d:93:fe:cc:5a:1e:21:76:67:ba:e8:0f:
92:75:72:7a:e8:e5:f8:5b:5d:f0:a5:3a:5f:2e:c7:
12:f9:ba:25:1f:7d:ce:a5:8a:9a:f4:52:e3:3e:60:
ca:70:64:95:5d:d5:17:48:f8:16:15:bd:c3:e0:2b:
40:a1:5a:dc:49:4d:d1:74:8f:53:ce:54:75:95:e4:
87:f4:93:0c:24:e3:70:cc:6a:23:43:31:c7:d1:c7:
de:68:f1:72:f5:f7:d5:c3:4c:58:8a:ea:7f:58:46:
fb:82:47:66:16:f5:ff:eb:1e:69:e1:9e:5d:8d:e1:
10:5f:3b:eb:fe:52:c3:73:d3:85:f6:6a:25:61:b2:
db:f6:49:d9:9f:63:6d:09:2a:f8:fc:6e:a6:96:15:
78:a0:6d:8a:b9:f7:6c:e7:f7:86:a2:51:19:fc:f0:
cb:24:dd:1f:f0:42:18:ca:f2:e9:5b:86:39:65:98:
c0:13:42:a8:ec:d4:56:a9:90:11:be:63:09:48:80:
b1:6c:47:fa:28:cf:8e:f9:65:3e:0c:c2:28:fd:57:
c6:1b:64:48:c5:ab:59:45:76:b2:7c:ce:05:fb:18:
54:1e:54:93:f5:9e:3b:0e:76:db:e9:ee:53:61:0e:
b9:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:AC:62:80:38:21:F6:8F:77:6A:36:C8:00:59:BA:C6:CA:C6:8A:9E
X509v3 Authority Key Identifier:
keyid:2E:6D:23:5B:FD:2B:B7:7D:98:86:B1:4C:B1:0D:C4:9C:42:08:23:53
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lm0jW_0rt32YhrFMsQ3EnEIII1M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/323add-1d87-416a-bd05-1e9848cb1745/1/M6xigDgh9o93ajbIAFm6xsrGip4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/323add-1d87-416a-bd05-1e9848cb1745/1/Lm0jW_0rt32YhrFMsQ3EnEIII1M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.121.0/24
195.209.152.0/21
212.192.191.0/24
IPv6:
2001:67c:614::/48
Signature Algorithm: sha256WithRSAEncryption
6f:97:36:2a:5b:e5:af:0c:06:4e:8f:f3:f4:a6:8b:c2:1e:b8:
6d:6f:4f:ea:61:70:78:ee:ca:fc:07:cb:f4:3b:14:8c:e0:70:
e7:c0:14:42:9f:a7:46:28:4c:70:ff:db:8d:89:78:5d:1f:35:
75:84:29:0b:9f:80:e1:91:85:39:0a:41:1f:f7:1e:d0:f9:21:
71:2e:3d:7b:43:c2:84:cf:a5:64:2e:30:d4:b7:93:9e:16:2f:
34:7b:38:72:89:a0:4e:18:9b:ea:23:38:b0:ff:5d:57:0c:4d:
36:b7:80:f3:f1:cb:25:b4:03:54:6c:0d:47:75:69:e9:1e:39:
90:f0:4e:b3:ee:9e:5b:05:40:db:a1:f2:55:64:3c:69:06:f4:
db:87:21:aa:30:d5:29:6e:76:5d:06:74:b0:b2:f1:6f:04:62:
bc:22:e1:1d:ad:52:30:19:f1:71:dc:d2:1b:60:0a:e3:41:be:
e7:08:42:51:f3:15:e6:69:a2:cd:ef:ca:c0:f4:0d:5d:4d:11:
f1:44:0f:42:2b:b9:34:85:1c:28:5f:b9:f6:c3:3e:e9:96:5a:
cd:6e:f4:37:cc:9f:ff:84:49:3f:4b:5c:5e:11:ef:cb:ce:31:
f8:ac:6c:25:b1:64:a9:68:01:96:7d:94:da:0c:24:ec:fb:c4:
6c:96:25:40
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAY2C+3sjfr9udlmscKq7Ht8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmQyMzViZmQyYmI3N2Q5ODg2YjE0Y2IxMGRjNDljNDIw
ODIzNTMwHhcNMjQwMjA3MDk1MjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2FjNjI4MDM4MjFmNjhmNzc2YTM2YzgwMDU5YmFjNmNhYzY4YTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomdhaV1PYuRp7Xgd+8mwAAl9k/7M
Wh4hdme66A+SdXJ66OX4W13wpTpfLscS+bolH33OpYqa9FLjPmDKcGSVXdUXSPgW
Fb3D4CtAoVrcSU3RdI9TzlR1leSH9JMMJONwzGojQzHH0cfeaPFy9ffVw0xYiup/
WEb7gkdmFvX/6x5p4Z5djeEQXzvr/lLDc9OF9molYbLb9knZn2NtCSr4/G6mlhV4
oG2Kufds5/eGolEZ/PDLJN0f8EIYyvLpW4Y5ZZjAE0Ko7NRWqZARvmMJSICxbEf6
KM+O+WU+DMIo/VfGG2RIxatZRXayfM4F+xhUHlST9Z47Dnbb6e5TYQ65kwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFDOsYoA4IfaPd2o2yABZusbKxoqeMB8GA1UdIwQY
MBaAFC5tI1v9K7d9mIaxTLENxJxCCCNTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG0waldfMHJ0MzJZaHJGTXNRM0VuRUlJSTFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zMjNhZGQtMWQ4Ny00MTZhLWJkMDUt
MWU5ODQ4Y2IxNzQ1LzEvTTZ4aWdEZ2g5bzkzYWpiSUFGbTZ4c3JHaXA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zMjNhZGQtMWQ4Ny00MTZhLWJkMDUtMWU5ODQ4Y2IxNzQ1
LzEvTG0waldfMHJ0MzJZaHJGTXNRM0VuRUlJSTFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAYBAIAATASAwQAPkx5AwQD
w9GYAwQA1MC/MA8EAgACMAkDBwAgAQZ8BhQwDQYJKoZIhvcNAQELBQADggEBAG+X
Nipb5a8MBk6P8/Smi8IeuG1vT+phcHjuyvwHy/Q7FIzgcOfAFEKfp0YoTHD/242J
eF0fNXWEKQufgOGRhTkKQR/3HtD5IXEuPXtDwoTPpWQuMNS3k54WLzR7OHKJoE4Y
m+ojOLD/XVcMTTa3gPPxyyW0A1RsDUd1aekeOZDwTrPunlsFQNuh8lVkPGkG9NuH
Iaow1Sludl0GdLCy8W8EYrwi4R2tUjAZ8XHc0htgCuNBvucIQlHzFeZpos3vysD0
DV1NEfFED0IruTSFHChfufbDPumWWs1u9DfMn/+EST9LXF4R78vOMfisbCWxZKlo
AZZ9lNoMJOz7xGyWJUA=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:19:01 2025 by rpki-client