Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qVz1-qTVRPKhc7SLmJxuAv6xQ3c.roa
File: qVz1-qTVRPKhc7SLmJxuAv6xQ3c.roa (raw, json)
Hash identifier: xi836nSWqoh6u3rkrUHS/Kxc2SjpygxDCX8utemSYX8=
Subject key identifier: A9:5C:F5:FA:A4:D5:44:F2:A1:73:B4:8B:98:9C:6E:02:FE:B1:43:77
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018FBE365485DF411F2FE51A5915883C5800
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qVz1-qTVRPKhc7SLmJxuAv6xQ3c.roa
Signing time: Tue 28 May 2024 07:59:42 +0000
ROA not before: Tue 28 May 2024 07:59:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5065
IP address blocks: 82.152.52.0/23 maxlen: 24
82.152.55.0/24 maxlen: 24
89.213.248.0/24 maxlen: 24
89.213.249.0/24 maxlen: 24
109.176.25.0/24 maxlen: 24
109.176.27.0/24 maxlen: 24
213.210.40.0/23 maxlen: 24
213.210.48.0/23 maxlen: 24
213.218.226.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 01 Jul 2024 09:54:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:be:36:54:85:df:41:1f:2f:e5:1a:59:15:88:3c:58:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: May 28 07:59:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a95cf5faa4d544f2a173b48b989c6e02feb14377
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:e1:68:94:0c:57:64:c4:6c:28:81:d0:ac:e3:
43:34:01:ec:9f:65:97:bb:d6:b1:a1:72:8b:86:80:
2a:d2:11:d2:12:7b:00:60:0c:a2:b5:3f:27:85:b8:
85:37:5e:10:e9:88:52:eb:c9:b9:65:72:59:59:75:
bd:6f:91:cf:57:66:e4:69:9f:c6:04:cd:ec:0b:98:
0a:a8:83:a0:4a:a6:c7:30:3b:9a:5b:3e:79:33:13:
dc:32:3c:68:ca:50:42:b7:1c:d6:65:ee:1c:30:9e:
30:19:26:f7:45:5a:de:18:47:17:4f:83:6f:da:1e:
e0:3a:f1:11:61:5f:1e:80:07:fd:e7:8d:f5:85:e4:
67:7e:4b:6e:7b:6b:aa:85:ec:84:07:04:c7:bb:85:
8c:93:86:54:c9:b0:0b:7b:06:bf:a0:66:08:d0:e9:
c4:b6:84:37:98:d3:64:e8:d6:3d:e4:00:83:2e:9a:
91:e6:ad:b6:bf:02:da:04:20:d0:d6:9a:c2:d2:d3:
69:90:6a:0a:3d:a7:bc:b0:ae:74:e1:cc:5a:0e:0b:
e4:82:d2:05:86:b8:5d:1a:f8:a7:fa:9c:85:bf:e2:
f7:2c:8e:6d:71:eb:4b:16:72:1e:a9:da:8f:b4:b2:
d5:5b:e9:c5:a0:31:9d:5c:92:97:b9:14:f1:8c:37:
44:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:5C:F5:FA:A4:D5:44:F2:A1:73:B4:8B:98:9C:6E:02:FE:B1:43:77
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qVz1-qTVRPKhc7SLmJxuAv6xQ3c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.52.0/23
82.152.55.0/24
89.213.248.0/23
109.176.25.0/24
109.176.27.0/24
213.210.40.0/23
213.210.48.0/23
213.218.226.0/24
Signature Algorithm: sha256WithRSAEncryption
98:10:92:3d:95:3f:63:f9:d5:2e:a3:21:a0:f1:60:a5:95:e9:
6d:4c:de:f7:ff:cc:18:a3:d4:a9:93:10:b5:c4:88:c3:08:4c:
eb:00:4e:b2:1e:85:49:f4:33:e4:25:3e:a8:b5:82:c8:25:8d:
5e:a1:6b:0d:37:62:eb:0e:40:5b:4b:0c:e7:e9:85:f5:84:e1:
a9:3f:ce:bc:0b:17:dd:00:65:bd:0d:a8:8d:26:01:47:d3:6a:
76:00:c2:80:ad:4f:14:97:e7:2c:a9:33:39:96:a9:40:bc:54:
ab:a7:ac:ab:ad:63:56:79:a1:b9:94:3c:63:e1:c0:33:d9:4b:
79:d0:55:6d:e2:00:e0:db:53:7a:1f:82:50:d4:88:a1:f2:87:
d4:10:4f:28:41:7b:ca:8a:19:db:2b:46:5c:0b:b8:46:ce:df:
d3:6d:ed:1a:ca:38:d2:90:9a:71:5e:8d:d3:a2:4a:3d:33:df:
a0:3c:f4:4c:27:02:65:b1:fe:ae:4a:ab:5d:00:ae:a5:ad:a1:
a2:0a:82:67:11:ad:59:65:ae:b8:64:66:e0:af:61:ed:09:99:
31:9e:ff:84:e0:cc:9c:b4:9f:e3:8a:6e:bb:51:e9:0a:c5:7a:
04:78:7c:c5:94:ac:2c:9e:e7:8f:03:eb:51:d1:18:bb:ad:38:
54:cb:06:a6
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY++NlSF30EfL+UaWRWIPFgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNTI4MDc1OTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTVjZjVmYWE0ZDU0NGYyYTE3M2I0OGI5ODljNmUwMmZlYjE0Mzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8uFolAxXZMRsKIHQrONDNAHsn2WX
u9axoXKLhoAq0hHSEnsAYAyitT8nhbiFN14Q6YhS68m5ZXJZWXW9b5HPV2bkaZ/G
BM3sC5gKqIOgSqbHMDuaWz55MxPcMjxoylBCtxzWZe4cMJ4wGSb3RVreGEcXT4Nv
2h7gOvERYV8egAf95431heRnfktue2uqheyEBwTHu4WMk4ZUybALewa/oGYI0OnE
toQ3mNNk6NY95ACDLpqR5q22vwLaBCDQ1prC0tNpkGoKPae8sK504cxaDgvkgtIF
hrhdGvin+pyFv+L3LI5tcetLFnIeqdqPtLLVW+nFoDGdXJKXuRTxjDdEdQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKlc9fqk1UTyoXO0i5icbgL+sUN3MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcVZ6MS1xVFZSUEtoYzdTTG1KeHVBdjZ4UTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBUpg0AwQA
Upg3AwQBWdX4AwQAbbAZAwQAbbAbAwQB1dIoAwQB1dIwAwQA1driMA0GCSqGSIb3
DQEBCwUAA4IBAQCYEJI9lT9j+dUuoyGg8WClleltTN73/8wYo9SpkxC1xIjDCEzr
AE6yHoVJ9DPkJT6otYLIJY1eoWsNN2LrDkBbSwzn6YX1hOGpP868CxfdAGW9DaiN
JgFH02p2AMKArU8Ul+csqTM5lqlAvFSrp6yrrWNWeaG5lDxj4cAz2Ut50FVt4gDg
21N6H4JQ1Iih8ofUEE8oQXvKihnbK0ZcC7hGzt/Tbe0ayjjSkJpxXo3Toko9M9+g
PPRMJwJlsf6uSqtdAK6lraGiCoJnEa1ZZa64ZGbgr2HtCZkxnv+E4MyctJ/jim67
UekKxXoEeHzFlKwsnuePA+tR0Ri7rThUywam
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:11:47 2025 by rpki-client