Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ciKdmllVWcPxwgn95XSZkpLO6so.roa
File: ciKdmllVWcPxwgn95XSZkpLO6so.roa (raw, json)
Hash identifier: sfq0f2KIh9nDXqZgAhRnIIKOu4xz8FAHXvygZyCc5so=
Subject key identifier: 72:22:9D:9A:59:55:59:C3:F1:C2:09:FD:E5:74:99:92:92:CE:EA:CA
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018E7676DD1EFF07A93B043653E04785FD6B
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ciKdmllVWcPxwgn95XSZkpLO6so.roa
Signing time: Mon 25 Mar 2024 16:34:45 +0000
ROA not before: Mon 25 Mar 2024 16:34:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 64267
IP address blocks: 80.240.85.0/24 maxlen: 24
80.240.87.0/24 maxlen: 24
217.145.71.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 30 Apr 2024 07:49:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:76:76:dd:1e:ff:07:a9:3b:04:36:53:e0:47:85:fd:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 25 16:34:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=72229d9a595559c3f1c209fde574999292ceeaca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:36:d0:e7:c2:d0:ca:60:fd:25:e5:e5:a0:a0:
d4:db:f7:03:1f:a1:5e:7e:0e:bf:e9:7f:3f:5e:03:
23:6f:e8:72:e3:b4:b8:3f:26:40:55:7d:d9:1a:b8:
8c:f6:5a:80:e0:8c:48:59:1a:d4:0b:ac:e1:f8:4d:
ef:85:db:0c:90:82:5e:d4:25:3a:cb:99:88:48:e5:
08:96:e5:76:ae:fc:28:a0:bc:79:a3:ba:2b:ca:d9:
50:d1:09:34:4b:6b:b7:e9:2a:16:32:1e:50:47:c5:
c6:c1:39:a7:99:e2:36:ba:00:1e:28:f5:e0:b7:e3:
cc:21:2c:bf:c9:24:8e:00:9a:1a:32:0e:bb:86:ca:
07:89:0a:bd:ac:c5:1a:ad:5a:c5:99:49:e1:f4:6f:
c0:6e:1d:67:6c:8c:6a:e3:5c:1a:86:0c:b6:16:84:
43:9f:b9:66:25:c3:70:70:46:1d:0b:82:1e:d9:39:
64:3b:6a:51:d3:7c:0c:b3:af:7b:e7:a5:6d:92:82:
7e:ac:2d:59:19:bf:12:f8:66:06:95:93:fb:c0:02:
97:f7:46:5c:15:f3:4b:74:85:cc:42:a8:39:e5:46:
bd:c0:93:d0:23:9a:5b:1f:9e:9b:b3:82:18:cb:8d:
55:a2:a0:95:3c:e5:06:df:93:b7:4f:f7:46:e3:b7:
46:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:22:9D:9A:59:55:59:C3:F1:C2:09:FD:E5:74:99:92:92:CE:EA:CA
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/ciKdmllVWcPxwgn95XSZkpLO6so.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.85.0/24
80.240.87.0/24
217.145.71.0/24
Signature Algorithm: sha256WithRSAEncryption
34:e4:04:a9:08:f1:aa:ef:46:fe:db:3c:be:e8:ec:0c:4e:64:
80:b7:aa:a4:55:0e:19:6b:0c:44:de:81:00:dc:47:c3:a5:6d:
e1:a4:94:f8:14:5b:8d:17:15:19:3c:66:b9:33:21:d3:df:da:
d3:d6:e1:be:f5:84:5a:79:be:fa:0f:3c:46:9f:9f:06:e8:c6:
70:86:4b:ff:00:b7:05:99:37:9c:a1:6d:ef:f6:fd:88:a0:ec:
23:4e:a4:01:c5:4f:e4:d9:a7:ea:c6:0f:44:ad:87:de:78:58:
e6:93:d2:fd:94:6d:74:93:48:bf:1a:b8:63:89:12:8f:a5:4c:
8c:62:0f:58:e6:62:57:01:09:f1:ac:35:38:a1:19:ce:6a:cf:
fc:f7:45:96:e6:38:26:5a:5f:b9:2f:63:78:69:46:5c:13:5d:
8a:cb:b4:62:46:6c:84:12:20:de:fc:35:fb:6a:5c:78:aa:57:
5e:47:16:41:2f:6e:70:3f:c7:10:f7:32:3a:e1:6e:15:b5:1c:
49:c7:1e:67:28:9f:e7:29:27:e2:74:cf:43:2f:1f:cc:33:33:
5e:63:3c:88:a1:02:81:a2:b5:8b:4d:df:d6:1b:37:96:5c:36:
60:46:18:84:21:7c:d6:84:eb:21:8a:9d:af:df:f6:2a:ab:fb:
ff:e4:8f:a1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY52dt0e/wepOwQ2U+BHhf1rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzI1MTYzNDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjIyOWQ5YTU5NTU1OWMzZjFjMjA5ZmRlNTc0OTk5MjkyY2VlYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTbQ58LQymD9JeXloKDU2/cDH6Fe
fg6/6X8/XgMjb+hy47S4PyZAVX3ZGriM9lqA4IxIWRrUC6zh+E3vhdsMkIJe1CU6
y5mISOUIluV2rvwooLx5o7orytlQ0Qk0S2u36SoWMh5QR8XGwTmnmeI2ugAeKPXg
t+PMISy/ySSOAJoaMg67hsoHiQq9rMUarVrFmUnh9G/Abh1nbIxq41wahgy2FoRD
n7lmJcNwcEYdC4Ie2TlkO2pR03wMs69756VtkoJ+rC1ZGb8S+GYGlZP7wAKX90Zc
FfNLdIXMQqg55Ua9wJPQI5pbH56bs4IYy41VoqCVPOUG35O3T/dG47dGpwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHIinZpZVVnD8cIJ/eV0mZKSzurKMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY2lLZG1sbFZXY1B4d2duOTVYU1prcExPNnNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUPBVAwQA
UPBXAwQA2ZFHMA0GCSqGSIb3DQEBCwUAA4IBAQA05ASpCPGq70b+2zy+6OwMTmSA
t6qkVQ4ZawxE3oEA3EfDpW3hpJT4FFuNFxUZPGa5MyHT39rT1uG+9YRaeb76DzxG
n58G6MZwhkv/ALcFmTecoW3v9v2IoOwjTqQBxU/k2afqxg9ErYfeeFjmk9L9lG10
k0i/GrhjiRKPpUyMYg9Y5mJXAQnxrDU4oRnOas/890WW5jgmWl+5L2N4aUZcE12K
y7RiRmyEEiDe/DX7alx4qldeRxZBL25wP8cQ9zI64W4VtRxJxx5nKJ/nKSfidM9D
Lx/MMzNeYzyIoQKBorWLTd/WGzeWXDZgRhiEIXzWhOship2v3/Yqq/v/5I+h
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:15:04 2025 by rpki-client