Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/Zao7t4r1XOCwX1JX6ByUgMNXJ_8.roa
File: Zao7t4r1XOCwX1JX6ByUgMNXJ_8.roa (raw, json)
Hash identifier: I1ELla8gR+oola7iuvbcTmBEyJceN/+dnYkUlnyPPUo=
Subject key identifier: 65:AA:3B:B7:8A:F5:5C:E0:B0:5F:52:57:E8:1C:94:80:C3:57:27:FF
Certificate issuer: /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial: 019425FDC51AC5F59C7890EA78549138BCF1
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/Zao7t4r1XOCwX1JX6ByUgMNXJ_8.roa
Signing time: Thu 02 Jan 2025 07:49:35 +0000
ROA not before: Thu 02 Jan 2025 07:49:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48648
IP address blocks: 91.198.233.0/24 maxlen: 24
91.211.120.0/24 maxlen: 24
91.211.122.0/24 maxlen: 24
193.107.80.0/24 maxlen: 24
194.28.103.0/24 maxlen: 24
195.12.56.0/22 maxlen: 22
2a0a:2c0::/48 maxlen: 48
2a0a:2c0:2::/48 maxlen: 48
Validation: Failed, certificate revoked on Fri 24 Jan 2025 12:42:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fd:c5:1a:c5:f5:9c:78:90:ea:78:54:91:38:bc:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Validity
Not Before: Jan 2 07:49:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=65aa3bb78af55ce0b05f5257e81c9480c35727ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:58:f7:49:7e:51:76:72:35:7d:92:d5:01:20:
ed:f5:06:40:5c:b6:88:cd:52:ea:d1:b7:0b:33:70:
78:bd:da:6e:0d:37:0d:2c:0c:db:4f:fd:bd:4e:23:
54:99:2f:84:f5:e8:36:2d:8d:f3:32:62:02:f9:fd:
7b:d1:d1:39:63:ba:cb:3a:88:71:52:75:e8:ad:ee:
6d:24:0e:e2:22:bc:76:5b:bc:de:e6:b1:0f:ad:b6:
97:d4:8b:f1:25:f9:08:bc:9f:c8:bb:59:64:95:a0:
c6:af:19:25:2e:88:86:f5:71:02:a3:d4:ab:f4:d0:
f7:37:5a:af:da:67:79:c3:aa:72:b9:08:c5:ad:8b:
94:36:41:6a:cf:fc:9c:46:d1:be:72:e0:78:cc:69:
91:09:26:20:f7:95:44:5e:e0:29:45:16:4f:f8:e2:
1d:f4:eb:67:6f:26:e3:7e:ed:00:01:6f:70:94:8a:
d9:58:c6:18:02:fd:27:fa:61:22:f7:24:b4:49:73:
b6:7a:5c:54:58:2e:21:56:7a:b3:9d:da:7b:68:db:
75:31:f9:da:91:9b:eb:7f:32:96:b1:57:9c:58:46:
e9:f6:ab:01:28:10:d5:17:ca:44:2d:93:3b:ff:f6:
6b:1b:d8:ce:8a:b2:db:d8:5f:00:97:e1:49:86:be:
1b:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
65:AA:3B:B7:8A:F5:5C:E0:B0:5F:52:57:E8:1C:94:80:C3:57:27:FF
X509v3 Authority Key Identifier:
keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/Zao7t4r1XOCwX1JX6ByUgMNXJ_8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.198.233.0/24
91.211.120.0/24
91.211.122.0/24
193.107.80.0/24
194.28.103.0/24
195.12.56.0/22
IPv6:
2a0a:2c0::/48
2a0a:2c0:2::/48
Signature Algorithm: sha256WithRSAEncryption
0a:80:76:6a:30:ae:f3:93:10:1d:72:4c:e8:b6:1b:24:fa:2c:
0e:f7:d9:7e:4c:0c:d4:72:5c:92:3e:83:0b:9b:21:8a:b7:a2:
0b:b1:71:da:75:9d:6e:89:a2:2e:29:e8:7a:7d:48:fd:8b:fa:
d8:31:3b:0c:eb:e4:48:ce:3b:ce:e4:21:13:b8:6e:23:65:f8:
d9:be:8a:a6:d3:6c:bd:e1:d8:f2:b1:4b:4e:02:d3:13:1f:43:
83:74:0e:cf:e5:71:7a:c6:cc:d9:59:c1:aa:3d:41:15:7e:70:
a9:a9:b4:f3:e5:25:74:64:cb:53:00:a1:cc:25:5d:0e:ad:b9:
d9:75:1a:45:0a:e4:fd:d4:f8:e0:f5:de:46:0d:9a:e0:a7:e9:
9d:31:ba:e7:e0:58:07:e9:c8:b9:ee:ab:14:97:e9:af:b3:7e:
95:a6:a3:06:72:50:3e:da:6f:9d:87:64:81:31:da:0f:f8:5b:
41:e1:58:28:80:ca:cc:7f:28:0c:31:1a:aa:06:f4:69:34:3d:
a6:f0:3f:39:7f:23:01:dc:28:1f:e5:a1:bf:91:0e:8f:9f:38:
05:be:bc:22:fc:66:c3:35:b8:0a:ac:e1:06:c3:da:c5:41:dd:
4a:9a:52:ca:b4:4f:74:8f:e4:76:40:a3:b1:fd:4c:94:ee:de:
a9:bb:2d:03
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZQl/cUaxfWceJDqeFSROLzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjUwMTAyMDc0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWFhM2JiNzhhZjU1Y2UwYjA1ZjUyNTdlODFjOTQ4MGMzNTcyN2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplj3SX5RdnI1fZLVASDt9QZAXLaI
zVLq0bcLM3B4vdpuDTcNLAzbT/29TiNUmS+E9eg2LY3zMmIC+f170dE5Y7rLOohx
UnXore5tJA7iIrx2W7ze5rEPrbaX1IvxJfkIvJ/Iu1lklaDGrxklLoiG9XECo9Sr
9ND3N1qv2md5w6pyuQjFrYuUNkFqz/ycRtG+cuB4zGmRCSYg95VEXuApRRZP+OId
9Otnbybjfu0AAW9wlIrZWMYYAv0n+mEi9yS0SXO2elxUWC4hVnqzndp7aNt1Mfna
kZvrfzKWsVecWEbp9qsBKBDVF8pELZM7//ZrG9jOirLb2F8Al+FJhr4bmwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFGWqO7eK9VzgsF9SV+gclIDDVyf/MB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvWmFvN3Q0cjFYT0N3WDFKWDZCeVVnTU5YSl84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAqBAIAATAkAwQAW8bpAwQA
W9N4AwQAW9N6AwQAwWtQAwQAwhxnAwQCwww4MBgEAgACMBIDBwAqCgLAAAADBwAq
CgLAAAIwDQYJKoZIhvcNAQELBQADggEBAAqAdmowrvOTEB1yTOi2GyT6LA732X5M
DNRyXJI+gwubIYq3oguxcdp1nW6Joi4p6Hp9SP2L+tgxOwzr5EjOO87kIRO4biNl
+Nm+iqbTbL3h2PKxS04C0xMfQ4N0Ds/lcXrGzNlZwao9QRV+cKmptPPlJXRky1MA
ocwlXQ6tudl1GkUK5P3U+OD13kYNmuCn6Z0xuufgWAfpyLnuqxSX6a+zfpWmowZy
UD7ab52HZIEx2g/4W0HhWCiAysx/KAwxGqoG9Gk0PabwPzl/IwHcKB/lob+RDo+f
OAW+vCL8ZsM1uAqs4QbD2sVB3UqaUsq0T3SP5HZAo7H9TJTu3qm7LQM=
-----END CERTIFICATE-----
Generated at Tue Apr 22 12:36:29 2025 by rpki-client