Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/b6YvtGF3Gfag3OAY3OBYiw-lkes.roa
File: b6YvtGF3Gfag3OAY3OBYiw-lkes.roa (raw, json)
Hash identifier: MoJI6oIWLRLKO+CZgQYlXOWsLSs5ytd0AtjHptEOBeA=
Subject key identifier: 6F:A6:2F:B4:61:77:19:F6:A0:DC:E0:18:DC:E0:58:8B:0F:A5:91:EB
Certificate issuer: /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial: 018E9D8885A97BBE81CB0E913417B29A7573
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/b6YvtGF3Gfag3OAY3OBYiw-lkes.roa
Signing time: Tue 02 Apr 2024 06:39:13 +0000
ROA not before: Tue 02 Apr 2024 06:39:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35332
IP address blocks: 37.235.112.0/21 maxlen: 24
45.116.184.0/22 maxlen: 24
77.242.112.0/20 maxlen: 24
87.236.0.0/21 maxlen: 24
139.28.200.0/22 maxlen: 24
185.113.212.0/22 maxlen: 24
185.151.96.0/22 maxlen: 24
188.92.56.0/21 maxlen: 24
194.5.181.0/24 maxlen: 24
208.88.128.0/22 maxlen: 24
2a00:a000::/32 maxlen: 48
Validation: Failed, certificate revoked on Thu 04 Apr 2024 14:05:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:9d:88:85:a9:7b:be:81:cb:0e:91:34:17:b2:9a:75:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Validity
Not Before: Apr 2 06:39:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6fa62fb4617719f6a0dce018dce0588b0fa591eb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:c7:1a:71:c8:ff:1e:c1:d1:23:48:ec:fc:83:
fc:7c:e7:c9:a0:9b:45:31:b1:5f:5a:79:41:56:ef:
c1:3c:6f:ee:e2:82:4c:68:36:27:7e:4f:5a:b5:21:
15:01:87:ec:f5:fb:e8:35:be:52:bc:e7:c5:59:d2:
35:04:ea:a7:f8:33:84:51:fa:a7:41:ff:49:84:0f:
87:d7:72:d2:8c:87:d1:0a:8e:b8:7b:0b:e3:27:34:
3f:0a:4a:27:73:90:66:c1:11:8f:a6:3e:11:41:a0:
a4:57:d5:7d:80:3d:69:aa:f0:c7:1a:01:42:38:89:
d5:fe:7f:77:8a:4c:c5:8f:b5:2e:1b:3f:51:f5:f3:
1d:d7:ed:62:a4:7b:ed:01:38:b7:a3:00:d0:68:6f:
d4:ee:00:df:89:04:eb:f4:e9:47:8d:46:2c:22:3c:
ad:d8:18:46:59:cb:40:e9:ac:c9:a4:55:f9:b5:c2:
b7:bf:18:ae:24:a7:42:61:d0:88:28:98:d1:71:9c:
f4:fd:8b:84:3d:da:3c:26:fb:25:24:42:77:28:2a:
97:01:6e:49:a5:67:c6:23:98:28:18:1d:bc:8a:c3:
b8:ae:6f:73:27:f4:50:a4:12:f3:fe:83:f7:11:56:
67:51:1b:ea:0e:a9:8c:33:4d:62:a8:fa:ed:b5:96:
2b:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:A6:2F:B4:61:77:19:F6:A0:DC:E0:18:DC:E0:58:8B:0F:A5:91:EB
X509v3 Authority Key Identifier:
keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/b6YvtGF3Gfag3OAY3OBYiw-lkes.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.112.0/21
45.116.184.0/22
77.242.112.0/20
87.236.0.0/21
139.28.200.0/22
185.113.212.0/22
185.151.96.0/22
188.92.56.0/21
194.5.181.0/24
208.88.128.0/22
IPv6:
2a00:a000::/32
Signature Algorithm: sha256WithRSAEncryption
95:94:18:f3:f7:de:f8:36:fe:ad:2f:97:d0:fc:12:27:e3:43:
72:5a:83:8b:60:c9:ec:db:72:24:cc:03:ef:14:03:38:c6:8e:
05:d0:ce:8c:3e:2a:51:2c:b8:a4:30:85:ea:75:8c:10:8c:21:
1b:99:96:e1:07:86:f0:1b:b4:59:e5:9e:b9:06:1b:4d:00:9e:
50:30:24:1e:4f:6b:ff:e0:08:b4:3c:f0:a0:94:4b:2e:c2:57:
0c:62:46:82:c5:fd:d4:74:7e:0e:e0:15:b4:2d:53:e7:44:ba:
91:2a:f8:ba:63:3d:30:0d:67:04:77:96:f2:36:23:f0:3b:6e:
b5:3e:31:a7:0e:fd:00:75:f1:f4:b0:02:1f:d5:40:f4:85:ae:
5f:61:c5:86:f9:23:98:2f:b0:3a:2f:34:c5:7b:0f:25:eb:24:
7f:bc:4d:f3:d2:3a:c1:df:d1:76:5c:b2:1c:94:08:2f:fe:e9:
ca:a9:12:45:19:26:26:18:bb:d9:50:1b:ed:f9:db:ff:c0:01:
75:8a:e9:26:c3:fa:5e:d0:0e:c4:d5:7b:9f:44:bf:3e:98:ae:
a6:c7:2f:53:97:77:08:24:0e:f5:ec:66:58:2a:d1:c2:f2:ea:
48:5e:49:80:fe:72:0a:b0:47:95:ae:1c:ad:75:16:43:aa:c2:
1c:74:b1:37
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAY6diIWpe76Byw6RNBeymnVzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjQwNDAyMDYzOTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmE2MmZiNDYxNzcxOWY2YTBkY2UwMThkY2UwNTg4YjBmYTU5MWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8caccj/HsHRI0js/IP8fOfJoJtF
MbFfWnlBVu/BPG/u4oJMaDYnfk9atSEVAYfs9fvoNb5SvOfFWdI1BOqn+DOEUfqn
Qf9JhA+H13LSjIfRCo64ewvjJzQ/Ckonc5BmwRGPpj4RQaCkV9V9gD1pqvDHGgFC
OInV/n93ikzFj7UuGz9R9fMd1+1ipHvtATi3owDQaG/U7gDfiQTr9OlHjUYsIjyt
2BhGWctA6azJpFX5tcK3vxiuJKdCYdCIKJjRcZz0/YuEPdo8JvslJEJ3KCqXAW5J
pWfGI5goGB28isO4rm9zJ/RQpBLz/oP3EVZnURvqDqmMM01iqPrttZYrSQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFG+mL7Rhdxn2oNzgGNzgWIsPpZHrMB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvYjZZdnRHRjNHZmFnM09BWTNPQllpdy1sa2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJetwAwQC
LXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQAwgW1AwQC
0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEBCwUAA4IBAQCVlBjz9974Nv6t
L5fQ/BIn40NyWoOLYMns23IkzAPvFAM4xo4F0M6MPipRLLikMIXqdYwQjCEbmZbh
B4bwG7RZ5Z65BhtNAJ5QMCQeT2v/4Ai0PPCglEsuwlcMYkaCxf3UdH4O4BW0LVPn
RLqRKvi6Yz0wDWcEd5byNiPwO261PjGnDv0AdfH0sAIf1UD0ha5fYcWG+SOYL7A6
LzTFew8l6yR/vE3z0jrB39F2XLIclAgv/unKqRJFGSYmGLvZUBvt+dv/wAF1iukm
w/pe0A7E1XufRL8+mK6mxy9Tl3cIJA717GZYKtHC8upIXkmA/nIKsEeVrhytdRZD
qsIcdLE3
-----END CERTIFICATE-----
Generated at Fri Apr 18 15:09:42 2025 by rpki-client