Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-jqFzioiPuS_zaYPSozIEPsekRk.roa
File: 1-jqFzioiPuS_zaYPSozIEPsekRk.roa (raw, json)
Hash identifier: In1AYN+wr25M3bU+O6bGDEjixWfn68jV/A/MxjzjU1A=
Subject key identifier: FA:3A:85:CE:2A:22:3E:E4:BF:CD:A6:0F:4A:8C:C8:10:FB:1E:91:19
Certificate issuer: /CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Certificate serial: 0192512480EE1A83CE4405C20552EA1FFDB0
Authority key identifier: 4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-jqFzioiPuS_zaYPSozIEPsekRk.roa
Signing time: Thu 03 Oct 2024 06:49:59 +0000
ROA not before: Thu 03 Oct 2024 06:49:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7029
IP address blocks: 31.56.160.0/21 maxlen: 24
31.57.192.0/22 maxlen: 24
31.57.202.0/24 maxlen: 24
31.57.203.0/24 maxlen: 24
31.57.224.0/22 maxlen: 24
31.57.232.0/22 maxlen: 24
31.57.240.0/22 maxlen: 24
31.57.244.0/22 maxlen: 24
31.57.252.0/22 maxlen: 24
Validation: Failed, certificate revoked on Fri 01 Nov 2024 06:47:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:51:24:80:ee:1a:83:ce:44:05:c2:05:52:ea:1f:fd:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f1b095fab67633c0127d61ff6857864ea6b25c5
Validity
Not Before: Oct 3 06:49:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fa3a85ce2a223ee4bfcda60f4a8cc810fb1e9119
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:ca:80:04:35:d2:9d:e8:7d:31:1d:43:7e:9d:
32:c5:e5:98:6b:bb:36:cf:cf:f6:62:f2:8f:63:9d:
c0:0b:4b:9a:bb:e5:d1:1a:16:06:b1:0d:7e:38:a9:
f1:9c:90:01:e7:a3:01:29:e7:74:94:6e:b7:fb:81:
0b:1e:fa:48:bc:c0:42:85:ce:d3:5b:63:72:97:39:
f4:37:37:f5:7e:26:f6:cf:9b:21:6b:d6:02:9f:0f:
39:a8:c6:c6:5c:b8:bd:16:85:53:dd:ec:fd:00:39:
7e:83:33:0d:a6:ec:99:66:01:71:e0:47:34:e2:2d:
e8:ea:51:28:e9:01:28:e3:39:9a:eb:3b:ae:32:30:
1a:83:e8:f0:31:89:f0:e7:c2:ca:2d:52:2a:ee:25:
6c:b7:1a:df:e8:2e:09:4f:bb:4e:d8:2a:bb:36:58:
9b:a9:da:8f:22:49:6d:b9:84:66:d9:cf:4e:08:83:
2d:f6:51:c6:3b:65:ea:32:b5:05:d1:71:cb:1d:e4:
43:41:b8:97:b6:df:f6:98:b0:03:42:73:6d:6f:ac:
6a:59:f5:e7:01:95:ee:93:c4:72:ad:92:d8:4f:3a:
d6:7a:d3:7a:76:c3:6e:c3:42:fd:f7:0e:9c:92:93:
f1:7c:c0:d6:1e:62:31:94:7b:2b:a4:6c:06:85:fd:
9f:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:3A:85:CE:2A:22:3E:E4:BF:CD:A6:0F:4A:8C:C8:10:FB:1E:91:19
X509v3 Authority Key Identifier:
keyid:4F:1B:09:5F:AB:67:63:3C:01:27:D6:1F:F6:85:78:64:EA:6B:25:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/1-jqFzioiPuS_zaYPSozIEPsekRk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/511f95-e4bf-43f1-af2f-b811cfcb9fd5/1/TxsJX6tnYzwBJ9Yf9oV4ZOprJcU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.56.160.0/21
31.57.192.0/22
31.57.202.0/23
31.57.224.0/22
31.57.232.0/22
31.57.240.0/21
31.57.252.0/22
Signature Algorithm: sha256WithRSAEncryption
24:4d:c8:17:79:be:d6:7f:66:77:e6:96:b9:1a:44:c2:45:ee:
ce:12:c7:f7:1f:fa:01:2e:10:00:0e:ab:7b:45:42:df:46:dd:
3e:8f:03:da:c1:3d:fd:e7:bd:31:00:76:47:cb:9a:07:b3:39:
8d:a4:0a:03:39:1a:8e:5e:2d:97:f3:20:46:26:7d:9d:7e:43:
f7:3a:cc:a8:7b:ea:71:ff:c9:2c:e8:65:33:bc:88:03:36:32:
32:d6:88:02:98:48:71:99:c6:80:df:4e:d2:37:f1:d9:bf:ab:
12:a7:72:c8:78:87:c2:95:95:92:e7:e7:ea:aa:0e:44:b1:de:
8f:62:2f:e1:cd:99:d2:9e:48:f5:90:a8:08:84:2a:93:0d:e4:
4e:cf:6b:19:54:0a:26:3c:49:03:2e:bc:70:04:7b:aa:81:d8:
ae:84:fb:5f:a1:a1:11:1c:ae:8e:2a:14:c4:a2:c0:8e:1f:23:
73:ae:2f:64:fa:a5:78:2e:fd:40:80:f8:00:91:3d:15:c6:33:
8f:29:f1:45:43:be:60:f6:41:97:ba:63:d5:2c:c9:61:5b:ae:
d5:21:9c:86:36:a7:e0:f8:5d:aa:5e:56:fa:5f:4a:b0:b0:1f:
f3:ac:c8:7d:0b:3a:da:be:b5:b5:74:1f:45:bb:17:1c:9f:8c:
e3:18:21:1d
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAZJRJIDuGoPORAXCBVLqH/2wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMWIwOTVmYWI2NzYzM2MwMTI3ZDYxZmY2ODU3ODY0ZWE2
YjI1YzUwHhcNMjQxMDAzMDY0OTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTNhODVjZTJhMjIzZWU0YmZjZGE2MGY0YThjYzgxMGZiMWU5MTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcqABDXSneh9MR1Dfp0yxeWYa7s2
z8/2YvKPY53AC0uau+XRGhYGsQ1+OKnxnJAB56MBKed0lG63+4ELHvpIvMBChc7T
W2Nylzn0Nzf1fib2z5sha9YCnw85qMbGXLi9FoVT3ez9ADl+gzMNpuyZZgFx4Ec0
4i3o6lEo6QEo4zma6zuuMjAag+jwMYnw58LKLVIq7iVstxrf6C4JT7tO2Cq7Nlib
qdqPIkltuYRm2c9OCIMt9lHGO2XqMrUF0XHLHeRDQbiXtt/2mLADQnNtb6xqWfXn
AZXuk8RyrZLYTzrWetN6dsNuw0L99w6ckpPxfMDWHmIxlHsrpGwGhf2f6QIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFPo6hc4qIj7kv82mD0qMyBD7HpEZMB8GA1UdIwQY
MBaAFE8bCV+rZ2M8ASfWH/aFeGTqayXFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhzSlg2dG5ZendCSjlZZjlvVjRaT3BySmNVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81MTFmOTUtZTRiZi00M2YxLWFmMmYt
YjgxMWNmY2I5ZmQ1LzEvMS1qcUZ6aW9pUHVTX3phWVBTb3pJRVBzZWtSay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTIvNTExZjk1LWU0YmYtNDNmMS1hZjJmLWI4MTFjZmNiOWZk
NS8xL1R4c0pYNnRuWXp3Qko5WWY5b1Y0Wk9wckpjVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBDBggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAx84oAME
Ah85wAMEAR85ygMEAh854AMEAh856AMEAx858AMEAh85/DANBgkqhkiG9w0BAQsF
AAOCAQEAJE3IF3m+1n9md+aWuRpEwkXuzhLH9x/6AS4QAA6re0VC30bdPo8D2sE9
/ee9MQB2R8uaB7M5jaQKAzkajl4tl/MgRiZ9nX5D9zrMqHvqcf/JLOhlM7yIAzYy
MtaIAphIcZnGgN9O0jfx2b+rEqdyyHiHwpWVkufn6qoORLHej2Iv4c2Z0p5I9ZCo
CIQqkw3kTs9rGVQKJjxJAy68cAR7qoHYroT7X6GhERyujioUxKLAjh8jc64vZPql
eC79QID4AJE9FcYzjynxRUO+YPZBl7pj1SzJYVuu1SGchjan4Phdql5W+l9KsLAf
86zIfQs62r61tXQfRbsXHJ+M4xghHQ==
-----END CERTIFICATE-----
Generated at Fri Nov 1 07:30:31 2024 by rpki-client on console-fra.rpki-client.org