Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/FMpDIrR7jSvKWa8vmkzrrexWQGM.roa
File: FMpDIrR7jSvKWa8vmkzrrexWQGM.roa (raw, json)
Hash identifier: 4+NJcHRH1X9kXXJ+t311MDPJuoi9l6wur3umgvg/pTU=
Subject key identifier: 14:CA:43:22:B4:7B:8D:2B:CA:59:AF:2F:9A:4C:EB:AD:EC:56:40:63
Certificate issuer: /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial: 018EA96E2E0AC0285B4A4041620CE5FFEF35
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/FMpDIrR7jSvKWa8vmkzrrexWQGM.roa
Signing time: Thu 04 Apr 2024 14:05:53 +0000
ROA not before: Thu 04 Apr 2024 14:05:53 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35332
IP address blocks: 37.235.112.0/21 maxlen: 24
45.89.144.0/22 maxlen: 24
45.116.184.0/22 maxlen: 24
77.242.112.0/20 maxlen: 24
87.236.0.0/21 maxlen: 24
139.28.200.0/22 maxlen: 24
185.113.212.0/22 maxlen: 24
185.151.96.0/22 maxlen: 24
188.92.56.0/21 maxlen: 24
194.5.181.0/24 maxlen: 24
208.88.128.0/22 maxlen: 24
2a00:a000::/32 maxlen: 48
Validation: Failed, certificate revoked on Fri 21 Jun 2024 07:16:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:a9:6e:2e:0a:c0:28:5b:4a:40:41:62:0c:e5:ff:ef:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Validity
Not Before: Apr 4 14:05:53 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=14ca4322b47b8d2bca59af2f9a4cebadec564063
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:ef:06:c0:42:d0:20:4a:e8:f8:db:57:98:54:
6b:f5:b6:21:62:3b:8c:e7:30:92:e7:70:f5:ac:c0:
c8:db:a6:bd:4b:4b:62:b9:81:76:5b:18:3b:8b:c3:
78:af:e2:47:d6:95:59:55:10:c6:35:68:7f:64:59:
f7:3b:6e:04:e7:8b:5d:09:69:ce:1f:42:95:e7:ab:
9d:1f:37:6f:ff:3c:11:98:65:62:95:42:98:98:30:
d7:b9:5b:8f:c7:0b:37:5d:64:d3:39:f6:9e:c9:1b:
71:0b:87:92:9c:7d:7c:bc:d0:fa:bb:f6:0d:18:29:
31:29:f2:44:64:b4:94:1b:fe:db:f9:97:4a:d8:7f:
97:ed:6f:49:71:80:64:43:e2:26:c3:ac:0f:0e:b1:
aa:b9:ac:9a:3a:90:ad:54:b1:9e:6d:6c:20:9f:b7:
4d:85:00:3f:f8:ae:a7:a6:34:ad:a9:0f:1f:8e:81:
73:44:4e:0d:73:0d:28:f4:b6:e3:9b:91:83:85:eb:
97:45:ad:04:33:c9:8b:aa:9d:4f:e3:c0:93:8b:61:
bd:d7:b6:af:2b:9a:52:5b:9d:57:e1:5f:86:2e:f0:
8d:9f:5a:3b:fd:20:09:12:d0:2f:3b:4a:21:1a:32:
bf:5f:5a:79:a0:36:53:db:12:34:d7:9d:2f:48:90:
84:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:CA:43:22:B4:7B:8D:2B:CA:59:AF:2F:9A:4C:EB:AD:EC:56:40:63
X509v3 Authority Key Identifier:
keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/FMpDIrR7jSvKWa8vmkzrrexWQGM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.112.0/21
45.89.144.0/22
45.116.184.0/22
77.242.112.0/20
87.236.0.0/21
139.28.200.0/22
185.113.212.0/22
185.151.96.0/22
188.92.56.0/21
194.5.181.0/24
208.88.128.0/22
IPv6:
2a00:a000::/32
Signature Algorithm: sha256WithRSAEncryption
30:2c:5e:30:95:c5:4c:82:6a:7c:79:2c:30:d2:63:b2:ba:9a:
c2:80:d8:6a:8e:1a:f2:fb:f0:ca:80:53:27:9f:97:81:1c:e4:
1c:74:c8:3a:64:62:72:d8:cb:82:13:2e:34:e3:ea:1b:b0:f4:
3e:a2:a2:08:0b:a6:b2:1f:54:6f:3d:b8:f2:78:62:56:fa:c1:
91:25:72:a6:19:dc:b8:66:85:93:73:86:e0:4d:2c:12:4c:27:
f5:de:07:fa:6c:34:41:f9:d9:90:ca:21:d9:70:41:f8:56:44:
8b:72:7e:fd:ad:f8:b8:0f:24:7f:7a:7b:d6:44:d0:c0:21:1f:
8f:05:e1:e2:4a:48:9a:d8:e6:be:1e:ad:0f:35:fd:6b:9a:e7:
f7:af:24:03:de:46:dc:f5:43:15:b6:cc:b9:28:c4:c9:33:41:
b9:2d:32:4a:f6:b1:73:4d:7a:7e:da:63:0f:33:31:9d:eb:a0:
b6:6a:b9:d1:f7:4b:bc:47:d6:c3:6e:6e:d1:95:20:60:f9:9f:
dc:01:8e:0b:79:86:3d:20:02:0d:0b:b7:05:81:1d:26:92:86:
90:b0:ab:11:fe:31:b5:da:fd:a9:12:08:00:e0:d2:9e:55:11:
bf:47:2d:09:12:2b:e9:f6:55:4a:0a:d6:b7:b2:e7:5f:11:1b:
63:01:44:57
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAY6pbi4KwChbSkBBYgzl/+81MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjQwNDA0MTQwNTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGNhNDMyMmI0N2I4ZDJiY2E1OWFmMmY5YTRjZWJhZGVjNTY0MDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+8GwELQIEro+NtXmFRr9bYhYjuM
5zCS53D1rMDI26a9S0tiuYF2Wxg7i8N4r+JH1pVZVRDGNWh/ZFn3O24E54tdCWnO
H0KV56udHzdv/zwRmGVilUKYmDDXuVuPxws3XWTTOfaeyRtxC4eSnH18vND6u/YN
GCkxKfJEZLSUG/7b+ZdK2H+X7W9JcYBkQ+Imw6wPDrGquayaOpCtVLGebWwgn7dN
hQA/+K6npjStqQ8fjoFzRE4Ncw0o9Lbjm5GDheuXRa0EM8mLqp1P48CTi2G917av
K5pSW51X4V+GLvCNn1o7/SAJEtAvO0ohGjK/X1p5oDZT2xI0150vSJCEDwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFBTKQyK0e40rylmvL5pM663sVkBjMB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvRk1wRElyUjdqU3ZLV2E4dm1renJyZXhXUUdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDJetwAwQC
LVmQAwQCLXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQA
wgW1AwQC0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEBCwUAA4IBAQAwLF4w
lcVMgmp8eSww0mOyuprCgNhqjhry+/DKgFMnn5eBHOQcdMg6ZGJy2MuCEy404+ob
sPQ+oqIIC6ayH1RvPbjyeGJW+sGRJXKmGdy4ZoWTc4bgTSwSTCf13gf6bDRB+dmQ
yiHZcEH4VkSLcn79rfi4DyR/envWRNDAIR+PBeHiSkia2Oa+Hq0PNf1rmuf3ryQD
3kbc9UMVtsy5KMTJM0G5LTJK9rFzTXp+2mMPMzGd66C2arnR90u8R9bDbm7RlSBg
+Z/cAY4LeYY9IAINC7cFgR0mkoaQsKsR/jG12v2pEggA4NKeVRG/Ry0JEivp9lVK
Cta3sudfERtjAURX
-----END CERTIFICATE-----
Generated at Fri Apr 18 15:26:25 2025 by rpki-client