Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TnL_gspqAySeKEISgbUrzBvsx2U.roa
File: TnL_gspqAySeKEISgbUrzBvsx2U.roa (raw, json)
Hash identifier: lMgpXbtJOzPasDntYxvdJa5hwuHZVBkwz9V/eJ26fag=
Subject key identifier: 4E:72:FF:82:CA:6A:03:24:9E:28:42:12:81:B5:2B:CC:1B:EC:C7:65
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018F2A07281D24A08EC2C56795F574942569
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TnL_gspqAySeKEISgbUrzBvsx2U.roa
Signing time: Mon 29 Apr 2024 13:24:22 +0000
ROA not before: Mon 29 Apr 2024 13:24:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43289
IP address blocks: 82.163.22.0/24 maxlen: 24
89.213.210.0/24 maxlen: 24
109.176.19.0/24 maxlen: 24
213.210.62.0/24 maxlen: 24
217.145.68.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 29 May 2024 08:00:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:2a:07:28:1d:24:a0:8e:c2:c5:67:95:f5:74:94:25:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 29 13:24:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4e72ff82ca6a03249e28421281b52bcc1becc765
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:84:9e:f0:1a:27:42:84:0f:12:b4:4d:df:43:
f5:5e:f0:ca:80:1b:fe:4c:3d:76:7b:22:c1:14:77:
da:54:01:b5:4a:90:4d:f0:ae:a1:0f:e8:da:bb:9e:
c8:8c:a9:36:fe:de:12:33:c0:47:9b:d3:74:d1:96:
19:17:09:50:10:61:e9:1b:b9:de:27:b5:2d:71:79:
35:56:8c:ba:0f:50:03:2d:c0:3b:8e:d3:5b:4e:c8:
43:c9:03:c2:1a:78:70:5f:f7:fa:c4:3b:48:cf:86:
9b:d0:41:64:59:3d:94:de:2f:76:f1:8d:05:67:d5:
c1:99:1b:10:4a:f7:5e:1b:b7:c1:ef:a4:32:89:9c:
55:a4:9a:c3:d1:96:5b:f6:17:b4:46:f1:b2:24:1c:
6f:b8:58:f3:f9:ae:59:72:d2:ee:61:2e:81:28:30:
f6:d1:16:76:57:8f:71:08:d5:1f:a3:ae:40:f5:38:
e0:48:37:46:4a:66:3f:6d:03:d4:e3:33:f5:42:8a:
e9:f8:73:2d:53:08:c4:34:bc:2a:25:82:40:0b:6e:
67:d8:c3:57:65:fe:be:b4:40:03:46:cd:ed:a9:4c:
fb:bc:16:ef:a6:4b:e4:84:80:a1:c4:0f:72:4b:3c:
20:7c:40:7b:19:e1:54:e0:a8:33:19:95:51:9a:02:
5f:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:72:FF:82:CA:6A:03:24:9E:28:42:12:81:B5:2B:CC:1B:EC:C7:65
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/TnL_gspqAySeKEISgbUrzBvsx2U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.163.22.0/24
89.213.210.0/24
109.176.19.0/24
213.210.62.0/24
217.145.68.0/24
Signature Algorithm: sha256WithRSAEncryption
99:52:23:b9:25:38:27:6c:49:79:44:2f:9c:68:97:61:1f:d2:
1c:45:51:ca:23:19:4a:2d:e8:21:b7:aa:a7:f6:b2:25:1b:71:
49:ed:17:5d:b5:c2:fb:73:a0:84:9f:4c:a9:68:1d:8b:5f:ef:
01:00:1e:2b:1e:b6:0f:03:9f:67:fc:3b:c0:47:fb:eb:44:d8:
d5:e6:8c:69:4f:88:77:8b:48:dc:d8:ef:8c:23:4a:4d:94:6c:
88:38:f3:6e:6e:b8:9d:ab:62:df:9e:e0:a3:2d:f4:7a:1d:66:
16:04:6f:be:cd:42:c7:ce:e0:b7:cf:33:eb:7d:f7:2e:95:29:
40:2d:af:8e:1d:dd:b2:c2:57:9f:47:90:80:c3:e8:51:37:54:
4f:78:33:07:ea:8b:8a:cf:4b:72:12:8f:1f:9c:65:6c:19:51:
7e:b7:8c:a2:d4:16:7b:1e:cc:39:3a:34:ca:0d:84:9a:1e:89:
94:01:dc:6d:dd:32:ab:59:e6:bb:39:e3:d3:a8:f0:80:ba:78:
cb:7b:86:68:54:e4:95:f8:24:49:ee:b6:c8:9c:01:4f:de:25:
5a:ca:ca:ba:04:bb:54:6e:97:f4:1f:8e:53:7b:de:27:3f:f9:
4a:fa:97:f2:95:08:16:6c:c5:64:34:72:7f:87:4c:dd:64:3b:
44:31:03:68
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY8qBygdJKCOwsVnlfV0lCVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDI5MTMyNDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTcyZmY4MmNhNmEwMzI0OWUyODQyMTI4MWI1MmJjYzFiZWNjNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv4Se8BonQoQPErRN30P1XvDKgBv+
TD12eyLBFHfaVAG1SpBN8K6hD+jau57IjKk2/t4SM8BHm9N00ZYZFwlQEGHpG7ne
J7UtcXk1Voy6D1ADLcA7jtNbTshDyQPCGnhwX/f6xDtIz4ab0EFkWT2U3i928Y0F
Z9XBmRsQSvdeG7fB76QyiZxVpJrD0ZZb9he0RvGyJBxvuFjz+a5ZctLuYS6BKDD2
0RZ2V49xCNUfo65A9TjgSDdGSmY/bQPU4zP1Qorp+HMtUwjENLwqJYJAC25n2MNX
Zf6+tEADRs3tqUz7vBbvpkvkhIChxA9ySzwgfEB7GeFU4KgzGZVRmgJfQQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFE5y/4LKagMknihCEoG1K8wb7MdlMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvVG5MX2dzcHFBeVNlS0VJU2diVXJ6QnZzeDJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAUqMWAwQA
WdXSAwQAbbATAwQA1dI+AwQA2ZFEMA0GCSqGSIb3DQEBCwUAA4IBAQCZUiO5JTgn
bEl5RC+caJdhH9IcRVHKIxlKLeght6qn9rIlG3FJ7RddtcL7c6CEn0ypaB2LX+8B
AB4rHrYPA59n/DvAR/vrRNjV5oxpT4h3i0jc2O+MI0pNlGyIOPNubridq2LfnuCj
LfR6HWYWBG++zULHzuC3zzPrffculSlALa+OHd2ywlefR5CAw+hRN1RPeDMH6ouK
z0tyEo8fnGVsGVF+t4yi1BZ7Hsw5OjTKDYSaHomUAdxt3TKrWea7OePTqPCAunjL
e4ZoVOSV+CRJ7rbInAFP3iVaysq6BLtUbpf0H45Te94nP/lK+pfylQgWbMVkNHJ/
h0zdZDtEMQNo
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:20:38 2025 by rpki-client