Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hz5H1K1PNnWDk_BZfZIli0AfHMk.roa
File: Hz5H1K1PNnWDk_BZfZIli0AfHMk.roa (raw, json)
Hash identifier: ubW4VvRb3euUVWC39O6dwM78hWJUOunUNeyLn/IeX7w=
Subject key identifier: 1F:3E:47:D4:AD:4F:36:75:83:93:F0:59:7D:92:25:8B:40:1F:1C:C9
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018FAF2E5EC45B24B4E3825B329E286EF645
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hz5H1K1PNnWDk_BZfZIli0AfHMk.roa
Signing time: Sat 25 May 2024 09:56:42 +0000
ROA not before: Sat 25 May 2024 09:56:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197537
IP address blocks: 89.213.49.0/24 maxlen: 24
89.213.50.0/23 maxlen: 24
89.213.52.0/22 maxlen: 24
89.213.56.0/22 maxlen: 24
89.213.206.0/23 maxlen: 24
89.213.212.0/24 maxlen: 24
89.213.214.0/24 maxlen: 24
89.213.215.0/24 maxlen: 24
89.213.228.0/22 maxlen: 24
109.176.165.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 27 May 2024 08:49:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:af:2e:5e:c4:5b:24:b4:e3:82:5b:32:9e:28:6e:f6:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 25 09:56:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1f3e47d4ad4f36758393f0597d92258b401f1cc9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:79:0f:85:29:32:8d:8e:00:eb:39:2b:f2:d9:
a4:1c:1e:eb:03:4c:3f:e0:ef:18:fa:1e:bb:4b:17:
cf:db:28:76:59:c1:3c:7e:fb:c9:63:8c:78:52:fd:
64:f2:53:ef:44:80:e7:ca:ac:40:ff:7a:5d:5d:af:
3f:30:99:72:67:27:13:3f:19:a1:0e:16:53:75:d8:
dd:05:be:36:16:13:e6:7f:dc:49:b6:c5:50:2c:24:
18:ac:fc:58:5b:86:05:dd:04:9a:3b:d5:6d:43:c7:
3b:10:75:bc:06:22:b5:5f:a9:2d:fd:42:39:6d:b4:
5b:47:c5:a3:19:ac:6d:dd:5d:a4:36:bc:66:38:04:
eb:24:b5:c0:3f:ae:fe:aa:87:f4:62:f0:56:e9:3d:
60:2f:5a:84:75:55:9e:cb:6f:c9:14:e4:0d:3e:5d:
a5:85:c5:e8:92:7d:44:0f:30:00:1c:3e:ab:68:51:
f1:40:6a:c3:6b:95:90:c0:9e:2d:1e:5a:2c:58:01:
ea:64:bc:ec:21:b8:22:9c:3b:ea:58:25:ce:55:80:
51:e5:b7:74:3b:55:56:fb:e8:29:da:2b:66:1f:a9:
02:90:1b:fa:6c:b3:87:65:78:3b:05:09:a0:58:de:
cf:f9:9c:e9:34:75:23:1e:ac:16:75:5d:22:0e:f5:
e4:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:3E:47:D4:AD:4F:36:75:83:93:F0:59:7D:92:25:8B:40:1F:1C:C9
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/Hz5H1K1PNnWDk_BZfZIli0AfHMk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.213.49.0-89.213.59.255
89.213.206.0/23
89.213.212.0/24
89.213.214.0/23
89.213.228.0/22
109.176.165.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:85:1c:b6:22:f4:4d:1c:e6:a7:f0:d3:9a:1a:62:70:31:e4:
c6:81:b1:83:6c:8f:95:3b:5d:dd:e1:52:b0:4b:c5:0d:e9:95:
0c:8a:fe:cf:7e:ea:f3:e3:61:4e:22:98:c4:6b:95:c1:c6:79:
ce:83:31:5e:ae:ab:58:4b:27:11:1f:af:4d:b9:f6:79:f1:2c:
44:88:db:65:a9:87:42:d9:8c:c7:f5:28:f2:7d:33:d4:9c:a9:
61:1c:97:ac:25:2c:9b:fd:6b:0d:18:1d:9d:66:d7:45:32:49:
89:a4:c5:1a:ac:d4:ba:02:41:ad:ea:e7:8f:6f:3e:eb:cf:cb:
2e:1f:24:55:1a:83:d9:be:e2:df:b0:24:04:90:08:aa:4d:07:
eb:73:e7:b6:b9:b6:ed:3f:8c:85:4e:2d:ac:14:9c:f5:8f:e6:
65:a9:b9:d3:5e:a4:6b:60:03:aa:94:51:56:85:fc:97:9c:ef:
96:07:ab:61:01:be:87:e8:5e:e3:68:35:4a:30:7b:57:e4:eb:
06:47:32:60:19:d0:30:02:8a:c6:1f:ef:82:c5:fd:33:ef:2d:
0e:42:71:2f:0a:2b:33:ee:ea:00:10:5e:cf:3f:88:23:b9:13:
3b:b5:55:ae:8c:45:c3:82:fc:82:f2:1d:50:4e:cc:60:2b:46:
fe:c5:e7:09
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY+vLl7EWyS044JbMp4obvZFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI1MDk1NjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjNlNDdkNGFkNGYzNjc1ODM5M2YwNTk3ZDkyMjU4YjQwMWYxY2M5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nkPhSkyjY4A6zkr8tmkHB7rA0w/
4O8Y+h67SxfP2yh2WcE8fvvJY4x4Uv1k8lPvRIDnyqxA/3pdXa8/MJlyZycTPxmh
DhZTddjdBb42FhPmf9xJtsVQLCQYrPxYW4YF3QSaO9VtQ8c7EHW8BiK1X6kt/UI5
bbRbR8WjGaxt3V2kNrxmOATrJLXAP67+qof0YvBW6T1gL1qEdVWey2/JFOQNPl2l
hcXokn1EDzAAHD6raFHxQGrDa5WQwJ4tHlosWAHqZLzsIbginDvqWCXOVYBR5bd0
O1VW++gp2itmH6kCkBv6bLOHZXg7BQmgWN7P+ZzpNHUjHqwWdV0iDvXkgQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFB8+R9StTzZ1g5PwWX2SJYtAHxzJMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSHo1SDFLMVBObldEa19CWmZaSWxpMEFmSE1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBABZ1TED
BAJZ1TgDBAFZ1c4DBABZ1dQDBAFZ1dYDBAJZ1eQDBABtsKUwDQYJKoZIhvcNAQEL
BQADggEBAI+FHLYi9E0c5qfw05oaYnAx5MaBsYNsj5U7Xd3hUrBLxQ3plQyK/s9+
6vPjYU4imMRrlcHGec6DMV6uq1hLJxEfr0259nnxLESI22Wph0LZjMf1KPJ9M9Sc
qWEcl6wlLJv9aw0YHZ1m10UySYmkxRqs1LoCQa3q549vPuvPyy4fJFUag9m+4t+w
JASQCKpNB+tz57a5tu0/jIVOLawUnPWP5mWpudNepGtgA6qUUVaF/Jec75YHq2EB
vofoXuNoNUowe1fk6wZHMmAZ0DACisYf74LF/TPvLQ5CcS8KKzPu6gAQXs8/iCO5
Ezu1Va6MRcOC/ILyHVBOzGArRv7F5wk=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:11:01 2025 by rpki-client