Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/8f01b3-257b-48d5-82e2-097324dd9ec8/1/2L1jgAgNpjlgfPDxU1p7K6OdNCI.roa
File: 2L1jgAgNpjlgfPDxU1p7K6OdNCI.roa (raw, json)
Hash identifier: d78i6v/zdsQ6nNllKILOwLnlhdn/YhHe/eByzJbrMdw=
Subject key identifier: D8:BD:63:80:08:0D:A6:39:60:7C:F0:F1:53:5A:7B:2B:A3:9D:34:22
Certificate issuer: /CN=b562ac701c14d34bb2e4475ec51152a40c9d3d3c
Certificate serial: 0190D9F7DFFB5A64ABB9381ED30A5A272DCF
Authority key identifier: B5:62:AC:70:1C:14:D3:4B:B2:E4:47:5E:C5:11:52:A4:0C:9D:3D:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tWKscBwU00uy5EdexRFSpAydPTw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/8f01b3-257b-48d5-82e2-097324dd9ec8/1/2L1jgAgNpjlgfPDxU1p7K6OdNCI.roa
Signing time: Mon 22 Jul 2024 10:23:38 +0000
ROA not before: Mon 22 Jul 2024 10:23:38 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51341
IP address blocks: 46.255.25.0/24 maxlen: 24
91.218.84.0/24 maxlen: 24
91.218.85.0/24 maxlen: 24
91.218.86.0/24 maxlen: 24
91.218.87.0/24 maxlen: 24
91.236.140.0/24 maxlen: 24
91.236.141.0/24 maxlen: 24
91.236.142.0/24 maxlen: 24
91.236.143.0/24 maxlen: 24
213.109.201.0/24 maxlen: 24
2a13:af80::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 01 Jan 2025 23:48:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:d9:f7:df:fb:5a:64:ab:b9:38:1e:d3:0a:5a:27:2d:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b562ac701c14d34bb2e4475ec51152a40c9d3d3c
Validity
Not Before: Jul 22 10:23:38 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d8bd6380080da639607cf0f1535a7b2ba39d3422
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:3b:8c:cf:29:05:54:95:05:1d:02:da:b6:17:
38:85:d8:44:d4:54:3a:c9:b0:d2:a1:f9:a1:f9:42:
61:8f:23:12:11:d5:2d:62:ee:f9:95:1b:c6:d0:32:
2f:53:41:58:ba:93:22:aa:3a:41:14:a7:b0:19:ab:
e3:98:29:b6:43:6d:c0:fc:38:1d:c7:a3:e2:a5:46:
9d:8d:59:83:1c:47:82:22:e3:98:44:a6:0d:42:bf:
4a:e7:f6:f7:92:22:54:94:5b:76:bb:a9:4b:de:7d:
31:f3:68:1d:82:54:1d:20:5e:01:80:a1:63:a8:29:
c1:13:5c:6d:13:96:5a:84:a3:47:37:93:fa:db:83:
0e:79:85:ad:f3:f6:bf:f7:5b:48:47:8d:68:df:53:
8a:29:9c:94:73:ef:97:76:71:a2:af:34:c3:a5:4b:
5d:90:b2:3b:0a:82:d3:38:24:1e:40:23:22:a3:8a:
21:46:f2:a3:f5:7a:ae:b3:68:b6:c1:77:2d:29:bb:
f7:20:68:9b:95:40:6c:e4:0b:39:29:8a:b7:35:8e:
83:fc:03:92:f2:cb:81:c5:3e:cc:01:bd:4c:12:a9:
5e:92:7d:bb:b8:95:5c:49:ad:a3:d7:21:37:3a:f4:
aa:69:d4:1a:62:a6:a6:55:81:9b:2a:40:29:de:c4:
14:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:BD:63:80:08:0D:A6:39:60:7C:F0:F1:53:5A:7B:2B:A3:9D:34:22
X509v3 Authority Key Identifier:
keyid:B5:62:AC:70:1C:14:D3:4B:B2:E4:47:5E:C5:11:52:A4:0C:9D:3D:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tWKscBwU00uy5EdexRFSpAydPTw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8f01b3-257b-48d5-82e2-097324dd9ec8/1/2L1jgAgNpjlgfPDxU1p7K6OdNCI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8f01b3-257b-48d5-82e2-097324dd9ec8/1/tWKscBwU00uy5EdexRFSpAydPTw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.255.25.0/24
91.218.84.0/22
91.236.140.0/22
213.109.201.0/24
IPv6:
2a13:af80::/29
Signature Algorithm: sha256WithRSAEncryption
18:32:60:df:03:73:27:c7:92:76:9a:38:5d:20:2d:87:16:5f:
18:0c:07:b6:32:53:9e:7e:c4:22:63:9c:e7:bf:7f:65:1e:d7:
75:2d:f5:ad:80:6f:67:73:44:af:31:73:ea:a0:6c:62:81:73:
2f:3d:b0:b0:2b:e2:d8:7c:0d:14:e5:ae:4e:05:81:48:3f:a9:
56:47:c1:91:3d:b3:6d:c7:6f:31:1e:6e:cb:2b:a4:43:ec:94:
fd:7f:83:c8:f2:4c:ce:b4:2b:c8:fd:1d:99:68:b6:fc:2f:f7:
df:4a:12:6b:f9:42:d8:69:68:7c:53:89:9d:d6:c3:1d:7f:0e:
33:3a:26:d4:26:b2:28:54:50:ad:bf:c4:b9:cc:08:85:97:81:
cd:c3:fa:3c:e2:05:6a:85:2f:e3:78:09:47:cc:26:6c:ea:a8:
c9:75:c1:62:42:82:d4:91:7f:f7:38:84:16:f8:4a:96:3d:00:
b0:9c:45:d8:50:87:82:5a:ad:0f:5a:33:d2:76:e5:8f:41:55:
b5:54:dc:0d:65:cf:a4:d7:f2:d6:8e:53:b5:27:bd:56:58:dc:
28:23:61:88:10:dd:f7:a9:d5:a2:84:6d:22:1a:ad:5f:7a:7c:
33:03:e2:02:82:5d:aa:f4:d4:d1:3f:a8:80:cd:ba:f4:83:40:
b2:f0:08:ae
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZDZ99/7WmSruTge0wpaJy3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NjJhYzcwMWMxNGQzNGJiMmU0NDc1ZWM1MTE1MmE0MGM5
ZDNkM2MwHhcNMjQwNzIyMTAyMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGJkNjM4MDA4MGRhNjM5NjA3Y2YwZjE1MzVhN2IyYmEzOWQzNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zuMzykFVJUFHQLathc4hdhE1FQ6
ybDSofmh+UJhjyMSEdUtYu75lRvG0DIvU0FYupMiqjpBFKewGavjmCm2Q23A/Dgd
x6PipUadjVmDHEeCIuOYRKYNQr9K5/b3kiJUlFt2u6lL3n0x82gdglQdIF4BgKFj
qCnBE1xtE5ZahKNHN5P624MOeYWt8/a/91tIR41o31OKKZyUc++XdnGirzTDpUtd
kLI7CoLTOCQeQCMio4ohRvKj9Xqus2i2wXctKbv3IGiblUBs5As5KYq3NY6D/AOS
8suBxT7MAb1MEqlekn27uJVcSa2j1yE3OvSqadQaYqamVYGbKkAp3sQUhwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFNi9Y4AIDaY5YHzw8VNaeyujnTQiMB8GA1UdIwQY
MBaAFLVirHAcFNNLsuRHXsURUqQMnT08MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFdLc2NCd1UwMHV5NUVkZXhSRlNwQXlkUFR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84ZjAxYjMtMjU3Yi00OGQ1LTgyZTIt
MDk3MzI0ZGQ5ZWM4LzEvMkwxamdBZ05wamxnZlBEeFUxcDdLNk9kTkNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84ZjAxYjMtMjU3Yi00OGQ1LTgyZTItMDk3MzI0ZGQ5ZWM4
LzEvdFdLc2NCd1UwMHV5NUVkZXhSRlNwQXlkUFR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQALv8ZAwQC
W9pUAwQCW+yMAwQA1W3JMA0EAgACMAcDBQMqE6+AMA0GCSqGSIb3DQEBCwUAA4IB
AQAYMmDfA3Mnx5J2mjhdIC2HFl8YDAe2MlOefsQiY5znv39lHtd1LfWtgG9nc0Sv
MXPqoGxigXMvPbCwK+LYfA0U5a5OBYFIP6lWR8GRPbNtx28xHm7LK6RD7JT9f4PI
8kzOtCvI/R2ZaLb8L/ffShJr+ULYaWh8U4md1sMdfw4zOibUJrIoVFCtv8S5zAiF
l4HNw/o84gVqhS/jeAlHzCZs6qjJdcFiQoLUkX/3OIQW+EqWPQCwnEXYUIeCWq0P
WjPSduWPQVW1VNwNZc+k1/LWjlO1J71WWNwoI2GIEN33qdWihG0iGq1fenwzA+IC
gl2q9NTRP6iAzbr0g0Cy8Aiu
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:45:00 2025 by rpki-client