Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kQRWjD4dvLmy5QH6Haaet4OHfJY.roa
File: kQRWjD4dvLmy5QH6Haaet4OHfJY.roa (raw, json)
Hash identifier: Ylkog4gPuQt1xnK9fMtQzNUpQOntNxL+NmR3vMp0vNA=
Subject key identifier: 91:04:56:8C:3E:1D:BC:B9:B2:E5:01:FA:1D:A6:9E:B7:83:87:7C:96
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01942143F426492FA33651A82255833D750E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kQRWjD4dvLmy5QH6Haaet4OHfJY.roa
Signing time: Wed 01 Jan 2025 09:48:09 +0000
ROA not before: Wed 01 Jan 2025 09:48:09 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 64267
IP address blocks: 80.240.85.0/24 maxlen: 24
89.213.229.0/24 maxlen: 24
109.176.243.0/24 maxlen: 24
217.145.71.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 13 Jan 2025 09:43:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:f4:26:49:2f:a3:36:51:a8:22:55:83:3d:75:0e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 1 09:48:09 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9104568c3e1dbcb9b2e501fa1da69eb783877c96
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:89:c9:df:ed:e2:a8:be:75:b8:51:85:a3:c3:
9d:95:22:37:8d:61:c7:26:05:48:1d:14:e2:15:93:
b2:8d:9c:70:6a:88:5a:62:e4:7a:52:3f:65:df:62:
de:a9:13:da:50:e7:8c:9e:06:08:f6:85:2b:3f:f3:
62:0f:5b:29:29:8d:38:55:f8:3b:7d:c8:88:30:de:
65:71:a1:07:6c:79:cd:b4:f7:16:f5:a7:72:e3:69:
3c:ab:49:c9:e4:c3:6f:fa:8a:2e:a4:f2:5c:a3:2a:
29:6a:45:0d:09:f5:44:c0:8b:82:b0:7b:57:40:d9:
e9:d4:b3:9b:f4:58:a3:99:bc:a6:6f:e9:12:12:ef:
0e:bb:e7:f9:20:b2:1b:a9:23:74:89:60:05:35:fd:
25:86:6b:38:4f:81:a4:71:10:28:ce:18:87:fe:1f:
56:04:e7:e6:b8:91:4e:87:cf:a1:15:1c:11:2a:09:
c5:be:ba:81:68:c4:32:5e:22:be:22:bf:3d:50:49:
fa:40:f5:45:62:8b:a9:bd:2c:9d:2a:1e:cb:05:7e:
a6:b8:d4:63:85:f5:c4:30:1c:11:10:a7:ce:0c:24:
45:5f:9b:ea:00:66:2b:56:15:65:1c:e6:2d:32:2b:
f2:68:c3:1f:af:74:c7:06:d1:c4:64:16:52:1d:3b:
c4:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:04:56:8C:3E:1D:BC:B9:B2:E5:01:FA:1D:A6:9E:B7:83:87:7C:96
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/kQRWjD4dvLmy5QH6Haaet4OHfJY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.85.0/24
89.213.229.0/24
109.176.243.0/24
217.145.71.0/24
Signature Algorithm: sha256WithRSAEncryption
82:00:7d:e4:59:0f:0b:de:7f:9c:65:a8:f8:6b:be:57:cc:22:
db:c1:72:35:fc:9a:60:bc:81:8d:a6:85:22:c9:d1:3f:84:e5:
01:78:08:3b:4c:45:da:ba:a8:60:48:e6:f4:63:8b:6e:a8:1a:
63:86:06:c1:78:6c:6a:16:99:5a:0a:e3:dc:70:8c:ee:93:d3:
0c:2c:12:96:a1:e5:c7:36:99:bf:70:c9:c8:cf:5a:ef:2d:75:
b6:1d:f4:cb:05:c8:ae:1e:72:8c:99:ef:f1:8e:c9:30:51:3a:
19:15:55:63:53:3e:97:a0:94:70:c1:0c:91:36:8f:c9:4e:27:
56:45:bc:5b:be:c3:23:17:fc:21:ef:13:6d:cd:b0:9e:4f:24:
22:b7:51:f9:c9:b8:87:e2:66:65:98:33:92:c9:13:18:f3:1d:
2d:8a:d4:08:af:3c:11:c2:d1:58:42:11:3e:fa:19:21:6a:04:
1c:a8:44:51:bf:da:fc:ae:7b:cd:ff:d1:be:81:92:27:7e:9c:
67:e6:f1:3a:53:89:0d:3c:fa:69:92:45:7f:b2:2c:7a:fa:38:
11:2d:bb:31:18:78:90:0c:9a:41:97:1d:2f:5d:70:48:e4:ed:
2c:c5:09:1c:ae:4b:b9:01:d4:91:19:e2:dd:b5:37:77:5c:64:
e1:57:14:5f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQhQ/QmSS+jNlGoIlWDPXUOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTA0NTY4YzNlMWRiY2I5YjJlNTAxZmExZGE2OWViNzgzODc3Yzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYnJ3+3iqL51uFGFo8OdlSI3jWHH
JgVIHRTiFZOyjZxwaohaYuR6Uj9l32LeqRPaUOeMngYI9oUrP/NiD1spKY04Vfg7
fciIMN5lcaEHbHnNtPcW9ady42k8q0nJ5MNv+ooupPJcoyopakUNCfVEwIuCsHtX
QNnp1LOb9Fijmbymb+kSEu8Ou+f5ILIbqSN0iWAFNf0lhms4T4GkcRAozhiH/h9W
BOfmuJFOh8+hFRwRKgnFvrqBaMQyXiK+Ir89UEn6QPVFYoupvSydKh7LBX6muNRj
hfXEMBwREKfODCRFX5vqAGYrVhVlHOYtMivyaMMfr3THBtHEZBZSHTvEgwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJEEVow+Hby5suUB+h2mnreDh3yWMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEva1FSV2pENGR2TG15NVFINkhhYWV0NE9IZkpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUPBVAwQA
WdXlAwQAbbDzAwQA2ZFHMA0GCSqGSIb3DQEBCwUAA4IBAQCCAH3kWQ8L3n+cZaj4
a75XzCLbwXI1/JpgvIGNpoUiydE/hOUBeAg7TEXauqhgSOb0Y4tuqBpjhgbBeGxq
FplaCuPccIzuk9MMLBKWoeXHNpm/cMnIz1rvLXW2HfTLBciuHnKMme/xjskwUToZ
FVVjUz6XoJRwwQyRNo/JTidWRbxbvsMjF/wh7xNtzbCeTyQit1H5ybiH4mZlmDOS
yRMY8x0titQIrzwRwtFYQhE++hkhagQcqERRv9r8rnvN/9G+gZInfpxn5vE6U4kN
PPppkkV/six6+jgRLbsxGHiQDJpBlx0vXXBI5O0sxQkcrku5AdSRGeLdtTd3XGTh
VxRf
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:22:36 2025 by rpki-client