Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/cNgiZM2H5Cgl-Jiu4wfcycgt_1w.roa
File: cNgiZM2H5Cgl-Jiu4wfcycgt_1w.roa (raw, json)
Hash identifier: c9g7N6SRffLSOypXRFWno44C8IsxXr95VTYyJwQWRXE=
Subject key identifier: 70:D8:22:64:CD:87:E4:28:25:F8:98:AE:E3:07:DC:C9:C8:2D:FF:5C
Certificate issuer: /CN=7d0213e3e7ebe6170a3600a8e3ae64ed962c0e36
Certificate serial: 018CC492450FD5CDAC1D76DD546064B9F88F
Authority key identifier: 7D:02:13:E3:E7:EB:E6:17:0A:36:00:A8:E3:AE:64:ED:96:2C:0E:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/cNgiZM2H5Cgl-Jiu4wfcycgt_1w.roa
Signing time: Mon 01 Jan 2024 10:29:29 +0000
ROA not before: Mon 01 Jan 2024 10:29:29 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50719
IP address blocks: 195.191.252.0/23 maxlen: 23
5.206.200.0/21 maxlen: 21
91.227.231.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 03:48:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:92:45:0f:d5:cd:ac:1d:76:dd:54:60:64:b9:f8:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d0213e3e7ebe6170a3600a8e3ae64ed962c0e36
Validity
Not Before: Jan 1 10:29:29 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=70d82264cd87e42825f898aee307dcc9c82dff5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e4:ff:5b:c1:40:2f:a1:e6:dc:24:b3:26:7d:
6d:ea:b6:40:4e:e7:75:e2:c1:52:85:4e:4e:47:57:
f6:fd:81:f7:72:36:1d:f1:9a:86:56:52:33:6e:b6:
4f:dc:a0:05:33:31:ea:3d:7f:f5:0b:20:d7:ee:fc:
8e:cc:17:08:d8:1e:01:95:0e:55:1d:4e:6a:a5:78:
f9:dc:8f:15:f2:d5:b1:8e:cc:78:cc:35:14:30:75:
66:1a:e4:79:2f:1d:35:38:e9:d9:34:b4:bf:76:70:
0b:c2:50:f0:08:dd:de:b8:ea:c9:37:5f:43:63:4a:
57:ce:e6:77:89:1e:2a:0e:71:a3:6d:d6:67:1d:e2:
b3:93:6c:f2:bc:f4:83:21:16:ae:61:75:bc:ad:6c:
0a:22:cd:8b:c3:34:91:df:6e:99:8d:4f:2b:95:24:
c1:21:a6:90:f1:b2:31:b6:0a:0a:5c:94:c4:f5:97:
2a:fa:a7:18:aa:c4:dc:5d:5b:25:bb:75:d3:9f:1f:
ce:56:a7:0f:a0:ed:0a:ba:81:0c:ba:66:37:04:26:
d9:40:fe:b6:ad:ec:5e:f9:16:ab:5e:e5:2c:0e:99:
0c:32:a9:a9:b5:87:1d:b5:49:35:86:d8:0b:d8:46:
9b:ca:ab:00:1c:17:c0:57:67:48:8a:52:04:c1:9d:
12:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:D8:22:64:CD:87:E4:28:25:F8:98:AE:E3:07:DC:C9:C8:2D:FF:5C
X509v3 Authority Key Identifier:
keyid:7D:02:13:E3:E7:EB:E6:17:0A:36:00:A8:E3:AE:64:ED:96:2C:0E:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/cNgiZM2H5Cgl-Jiu4wfcycgt_1w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.206.200.0/21
91.227.231.0/24
195.191.252.0/23
Signature Algorithm: sha256WithRSAEncryption
aa:3d:45:68:01:fb:ff:84:ce:c8:11:72:69:b0:91:12:c5:dc:
62:a8:0f:f8:5a:2f:85:b2:1b:cc:64:86:96:9c:46:17:81:d2:
8d:92:9d:cf:30:76:df:74:36:c5:93:6b:87:b4:6d:4e:0f:f5:
92:59:3c:93:fb:a4:e9:2c:8f:fc:3f:b3:64:a2:3f:13:e0:56:
97:87:e2:1f:b9:46:e7:2f:43:a8:25:da:74:68:11:e9:59:54:
bc:4c:74:7a:30:96:83:42:a4:3b:1c:77:db:2e:03:0b:fe:42:
09:3c:5f:3b:12:22:1e:0d:52:ad:91:3f:2c:e7:5f:01:27:53:
16:23:45:b4:e6:fa:70:2c:0d:63:83:77:53:fa:35:f2:b1:8c:
01:21:25:13:8c:d7:09:9a:ac:ab:b1:93:a8:ef:c3:d7:46:18:
bd:6d:f7:db:9b:16:7c:d2:10:7d:66:07:2d:0f:1d:15:7a:e4:
eb:ec:b7:b2:bf:ec:34:9d:72:cc:5c:df:c6:b1:5e:ba:5d:60:
46:69:70:db:7f:a3:08:8a:94:d1:e3:42:ce:c6:f7:b9:cc:97:
96:d3:26:b4:78:6f:a6:82:70:45:5d:d6:f1:e2:c3:4d:08:68:
d7:df:bc:65:60:7a:05:58:0c:5f:d9:3a:07:77:f0:2a:1a:56:
d0:b0:22:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzEkkUP1c2sHXbdVGBkufiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDIxM2UzZTdlYmU2MTcwYTM2MDBhOGUzYWU2NGVkOTYy
YzBlMzYwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGQ4MjI2NGNkODdlNDI4MjVmODk4YWVlMzA3ZGNjOWM4MmRmZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOT/W8FAL6Hm3CSzJn1t6rZATud1
4sFShU5OR1f2/YH3cjYd8ZqGVlIzbrZP3KAFMzHqPX/1CyDX7vyOzBcI2B4BlQ5V
HU5qpXj53I8V8tWxjsx4zDUUMHVmGuR5Lx01OOnZNLS/dnALwlDwCN3euOrJN19D
Y0pXzuZ3iR4qDnGjbdZnHeKzk2zyvPSDIRauYXW8rWwKIs2LwzSR326ZjU8rlSTB
IaaQ8bIxtgoKXJTE9Zcq+qcYqsTcXVslu3XTnx/OVqcPoO0KuoEMumY3BCbZQP62
rexe+RarXuUsDpkMMqmptYcdtUk1htgL2EabyqsAHBfAV2dIilIEwZ0SjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHDYImTNh+QoJfiYruMH3MnILf9cMB8GA1UdIwQY
MBaAFH0CE+Pn6+YXCjYAqOOuZO2WLA42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFJVDQtZnI1aGNLTmdDbzQ2NWs3WllzRGpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84MjFkYzItNjc2Ni00OTg4LWI3Nzct
MDM1MzIxNDBlZjUyLzEvY05naVpNMkg1Q2dsLUppdTR3ZmN5Y2d0XzF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84MjFkYzItNjc2Ni00OTg4LWI3NzctMDM1MzIxNDBlZjUy
LzEvZlFJVDQtZnI1aGNLTmdDbzQ2NWs3WllzRGpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDBc7IAwQA
W+PnAwQBw7/8MA0GCSqGSIb3DQEBCwUAA4IBAQCqPUVoAfv/hM7IEXJpsJESxdxi
qA/4Wi+FshvMZIaWnEYXgdKNkp3PMHbfdDbFk2uHtG1OD/WSWTyT+6TpLI/8P7Nk
oj8T4FaXh+IfuUbnL0OoJdp0aBHpWVS8THR6MJaDQqQ7HHfbLgML/kIJPF87EiIe
DVKtkT8s518BJ1MWI0W05vpwLA1jg3dT+jXysYwBISUTjNcJmqyrsZOo78PXRhi9
bffbmxZ80hB9ZgctDx0VeuTr7Leyv+w0nXLMXN/GsV66XWBGaXDbf6MIipTR40LO
xve5zJeW0ya0eG+mgnBFXdbx4sNNCGjX37xlYHoFWAxf2ToHd/AqGlbQsCKH
-----END CERTIFICATE-----
Generated at Wed Apr 23 06:58:13 2025 by rpki-client