Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gGQklpKljQ3IDeTeqCfzDEp3sMQ.roa
File: gGQklpKljQ3IDeTeqCfzDEp3sMQ.roa (raw, json)
Hash identifier: L5R2gibQoMg4VLMAoLCqk9KkhS4SjluQtyDPacA992A=
Subject key identifier: 80:64:24:96:92:A5:8D:0D:C8:0D:E4:DE:A8:27:F3:0C:4A:77:B0:C4
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018E6006DF321CFF1C155AADC8B7C4503C7D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gGQklpKljQ3IDeTeqCfzDEp3sMQ.roa
Signing time: Thu 21 Mar 2024 08:00:46 +0000
ROA not before: Thu 21 Mar 2024 08:00:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215727
IP address blocks: 89.213.107.0/24 maxlen: 24
89.213.112.0/24 maxlen: 24
89.213.116.0/24 maxlen: 24
89.213.157.0/24 maxlen: 24
89.213.223.0/24 maxlen: 24
89.213.227.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 22 Mar 2024 14:53:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:60:06:df:32:1c:ff:1c:15:5a:ad:c8:b7:c4:50:3c:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 21 08:00:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8064249692a58d0dc80de4dea827f30c4a77b0c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:49:c5:57:f8:89:94:8a:c5:1d:40:7b:a4:f6:
21:c6:26:20:ae:97:57:56:d7:49:6d:47:12:b7:12:
f8:3f:55:ca:5a:79:99:3f:33:eb:2d:a5:13:24:ac:
00:40:9a:38:e7:56:27:70:9c:88:48:b3:92:96:83:
3e:f2:6a:57:5e:f7:94:74:d3:4c:ae:27:45:04:4b:
2f:b9:71:e3:06:0c:c1:e7:13:3b:7e:ce:18:f9:a6:
3c:d7:26:10:63:8b:dd:17:c4:db:a9:3e:88:e7:f2:
30:07:7c:be:d5:f9:3d:d1:1d:b9:21:a6:ca:d2:3a:
9e:8b:2b:3c:28:8d:00:cc:67:16:27:13:92:c4:4e:
19:fb:48:22:2e:40:ae:bd:42:c2:24:59:80:78:c0:
32:37:1f:44:8f:88:05:41:31:2d:ab:29:ff:ca:7f:
1a:8b:35:28:1d:98:1f:19:6c:a0:93:a3:66:48:56:
e2:72:73:f6:0f:38:3e:70:85:98:00:07:12:f8:29:
29:a6:52:8e:6f:57:13:d0:18:b0:d0:03:3e:27:c1:
dd:e5:9d:7d:e8:55:3c:98:91:80:03:c4:24:e3:a4:
ca:fe:53:a5:6c:ad:f4:c6:c1:56:dd:67:69:41:ed:
c0:fb:2d:91:bf:a2:b5:c1:41:05:a9:fd:79:a2:6d:
65:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:64:24:96:92:A5:8D:0D:C8:0D:E4:DE:A8:27:F3:0C:4A:77:B0:C4
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/gGQklpKljQ3IDeTeqCfzDEp3sMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.213.107.0/24
89.213.112.0/24
89.213.116.0/24
89.213.157.0/24
89.213.223.0/24
89.213.227.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:9f:03:72:24:1b:fb:be:1e:e2:ab:4b:92:64:c2:e5:82:0b:
26:69:be:82:b5:18:56:66:9f:3e:c7:ca:34:6a:b2:7a:85:50:
ed:5b:bb:a9:a1:a5:db:6b:ef:c2:b5:74:fd:fb:2a:19:9b:8d:
3e:91:89:7c:24:f0:fd:b2:f3:53:82:3a:0a:27:94:4c:10:d2:
6c:96:66:17:ae:ea:ff:59:49:e5:7d:4d:d7:f4:dd:63:d7:9b:
09:6c:06:3a:74:f3:15:e5:2c:28:73:1b:32:b9:8a:be:a3:9b:
27:05:ff:cb:d5:6d:9e:d6:83:d7:6e:1c:d8:7a:b6:b1:f1:69:
e6:13:d2:11:4b:48:55:5d:84:d2:6f:5e:e7:5d:eb:d8:27:5e:
d2:89:41:a4:af:65:7a:17:e6:b3:bb:4b:e7:19:e0:25:8c:98:
b5:d0:87:b3:24:48:78:82:bd:58:93:80:80:0f:f4:34:d0:4f:
ec:18:b5:57:c9:89:04:f7:ff:21:ef:13:74:8c:fc:f8:ed:71:
75:a9:9f:e4:9d:68:11:2d:0e:39:06:96:bd:f0:e9:42:4f:66:
ad:ad:ff:9d:90:03:57:a4:89:27:9e:9f:cf:67:09:50:f7:97:
de:63:8d:4f:be:ba:11:04:7e:01:8a:b8:21:5e:b3:99:fb:10:
2c:e2:2f:c8
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAY5gBt8yHP8cFVqtyLfEUDx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzIxMDgwMDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDY0MjQ5NjkyYTU4ZDBkYzgwZGU0ZGVhODI3ZjMwYzRhNzdiMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0nFV/iJlIrFHUB7pPYhxiYgrpdX
VtdJbUcStxL4P1XKWnmZPzPrLaUTJKwAQJo451YncJyISLOSloM+8mpXXveUdNNM
ridFBEsvuXHjBgzB5xM7fs4Y+aY81yYQY4vdF8TbqT6I5/IwB3y+1fk90R25IabK
0jqeiys8KI0AzGcWJxOSxE4Z+0giLkCuvULCJFmAeMAyNx9Ej4gFQTEtqyn/yn8a
izUoHZgfGWygk6NmSFbicnP2Dzg+cIWYAAcS+CkpplKOb1cT0Biw0AM+J8Hd5Z19
6FU8mJGAA8Qk46TK/lOlbK30xsFW3WdpQe3A+y2Rv6K1wUEFqf15om1lIwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIBkJJaSpY0NyA3k3qgn8wxKd7DEMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZ0dRa2xwS2xqUTNJRGVUZXFDZnpERXAzc01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAWdVrAwQA
WdVwAwQAWdV0AwQAWdWdAwQAWdXfAwQAWdXjMA0GCSqGSIb3DQEBCwUAA4IBAQCi
nwNyJBv7vh7iq0uSZMLlggsmab6CtRhWZp8+x8o0arJ6hVDtW7upoaXba+/CtXT9
+yoZm40+kYl8JPD9svNTgjoKJ5RMENJslmYXrur/WUnlfU3X9N1j15sJbAY6dPMV
5SwocxsyuYq+o5snBf/L1W2e1oPXbhzYerax8WnmE9IRS0hVXYTSb17nXevYJ17S
iUGkr2V6F+azu0vnGeAljJi10IezJEh4gr1Yk4CAD/Q00E/sGLVXyYkE9/8h7xN0
jPz47XF1qZ/knWgRLQ45Bpa98OlCT2atrf+dkANXpIknnp/PZwlQ95feY41PvroR
BH4BirghXrOZ+xAs4i/I
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:11:47 2025 by rpki-client