Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/8f01b3-257b-48d5-82e2-097324dd9ec8/1/CGXAvgg3YX-LdGer-ejg0NOaVLY.roa
File: CGXAvgg3YX-LdGer-ejg0NOaVLY.roa (raw, json)
Hash identifier: EAiQNAQ2tvTCy3q/3VJW2IkeUDrXLEo9WUI+it1BZ8k=
Subject key identifier: 08:65:C0:BE:08:37:61:7F:8B:74:67:AB:F9:E8:E0:D0:D3:9A:54:B6
Certificate issuer: /CN=b562ac701c14d34bb2e4475ec51152a40c9d3d3c
Certificate serial: 018CC7275A50F2A8FD5C5F4C45F87CE6CC4F
Authority key identifier: B5:62:AC:70:1C:14:D3:4B:B2:E4:47:5E:C5:11:52:A4:0C:9D:3D:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tWKscBwU00uy5EdexRFSpAydPTw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/8f01b3-257b-48d5-82e2-097324dd9ec8/1/CGXAvgg3YX-LdGer-ejg0NOaVLY.roa
Signing time: Mon 01 Jan 2024 22:31:34 +0000
ROA not before: Mon 01 Jan 2024 22:31:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51341
IP address blocks: 91.218.85.0/24 maxlen: 24
91.218.84.0/24 maxlen: 24
91.218.86.0/24 maxlen: 24
91.218.87.0/24 maxlen: 24
213.109.201.0/24 maxlen: 24
91.236.141.0/24 maxlen: 24
91.236.140.0/24 maxlen: 24
91.236.143.0/24 maxlen: 24
91.236.142.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 31 May 2024 10:10:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:5a:50:f2:a8:fd:5c:5f:4c:45:f8:7c:e6:cc:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b562ac701c14d34bb2e4475ec51152a40c9d3d3c
Validity
Not Before: Jan 1 22:31:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0865c0be0837617f8b7467abf9e8e0d0d39a54b6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:e4:e3:c6:83:20:2b:af:50:ab:ba:f6:72:4f:
55:69:da:56:25:4e:51:73:79:f3:40:c3:c2:f9:ef:
a2:20:33:4a:84:bc:0e:c2:e7:60:c3:5d:23:8d:dd:
4c:4f:01:c2:89:0a:43:46:26:72:ce:b8:58:a2:3d:
b8:85:b7:50:dc:68:90:7b:e1:b3:e9:1d:29:8b:48:
2e:15:33:79:9e:18:5a:4e:42:ed:9e:5c:ca:08:1a:
6a:5d:40:28:ae:a6:36:ec:84:bc:20:9a:e9:24:d9:
eb:ca:7c:b8:68:80:1f:f0:43:33:e7:13:dd:b6:3e:
31:4a:1b:78:bb:d4:9e:e2:39:06:c4:77:fe:a3:16:
f7:29:26:7d:ff:9e:ae:e4:61:c7:66:3d:da:d7:42:
f7:e0:7e:f7:a6:90:c8:64:2e:91:b4:5b:d1:64:68:
b4:37:b8:ac:ea:90:2e:bd:52:02:f2:cf:55:a6:d7:
bf:7e:0f:80:02:b4:73:90:24:f9:bf:d8:d0:e6:6e:
5e:3e:cb:42:f4:d8:d3:01:f2:5c:f7:65:bd:d8:66:
b0:50:d5:d8:e1:94:e7:0a:a5:49:83:b7:dd:24:ae:
87:55:ad:d9:af:78:92:c0:a9:73:2e:64:96:b4:32:
e0:70:5e:9c:05:b1:33:3c:d5:09:54:b4:31:6a:f2:
fe:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:65:C0:BE:08:37:61:7F:8B:74:67:AB:F9:E8:E0:D0:D3:9A:54:B6
X509v3 Authority Key Identifier:
keyid:B5:62:AC:70:1C:14:D3:4B:B2:E4:47:5E:C5:11:52:A4:0C:9D:3D:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tWKscBwU00uy5EdexRFSpAydPTw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8f01b3-257b-48d5-82e2-097324dd9ec8/1/CGXAvgg3YX-LdGer-ejg0NOaVLY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8f01b3-257b-48d5-82e2-097324dd9ec8/1/tWKscBwU00uy5EdexRFSpAydPTw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.218.84.0/22
91.236.140.0/22
213.109.201.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:a7:dc:ca:96:a6:af:bb:02:71:8f:b3:6c:3d:49:c1:71:6b:
79:6e:d3:64:ef:ca:a2:6a:a6:e6:09:d9:d3:49:39:40:03:50:
95:37:e4:e7:24:9e:b1:35:25:67:b1:d3:ca:e8:68:60:ec:29:
5d:9c:07:7b:f2:ad:56:5a:bb:c0:ef:ef:11:19:1b:d8:4c:87:
6a:1b:33:eb:2e:1b:bc:4d:6c:6b:3b:41:b3:08:eb:56:ff:f3:
2c:da:f2:ec:3e:86:b0:3d:be:96:06:76:4c:1d:29:bd:4a:30:
14:19:ff:33:bf:3d:52:95:b4:66:49:0e:0e:01:0c:46:e5:50:
00:b8:3a:89:45:ef:e1:7f:fd:55:46:3b:57:a8:a4:b0:db:51:
5e:f6:91:8e:4b:f6:8e:45:62:97:03:66:2a:b8:11:13:33:6d:
fb:57:10:28:4f:4c:b1:80:5c:d6:2f:c2:2b:03:c2:bb:51:7a:
54:c4:a7:a8:9f:56:38:bb:b6:ab:82:65:fe:ba:a6:02:aa:fe:
5e:a2:4e:01:df:a1:ab:af:c6:44:c7:17:4b:8c:cb:6e:b9:a6:
6f:60:24:9a:22:db:93:9f:c9:ed:d1:3d:cc:7d:ef:6f:c1:7a:
4e:83:9b:78:cf:88:b0:6f:ce:4f:50:d5:36:70:f7:70:00:9f:
ef:75:3d:ed
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzHJ1pQ8qj9XF9MRfh85sxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NjJhYzcwMWMxNGQzNGJiMmU0NDc1ZWM1MTE1MmE0MGM5
ZDNkM2MwHhcNMjQwMTAxMjIzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODY1YzBiZTA4Mzc2MTdmOGI3NDY3YWJmOWU4ZTBkMGQzOWE1NGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeTjxoMgK69Qq7r2ck9VadpWJU5R
c3nzQMPC+e+iIDNKhLwOwudgw10jjd1MTwHCiQpDRiZyzrhYoj24hbdQ3GiQe+Gz
6R0pi0guFTN5nhhaTkLtnlzKCBpqXUAorqY27IS8IJrpJNnryny4aIAf8EMz5xPd
tj4xSht4u9Se4jkGxHf+oxb3KSZ9/56u5GHHZj3a10L34H73ppDIZC6RtFvRZGi0
N7is6pAuvVIC8s9Vpte/fg+AArRzkCT5v9jQ5m5ePstC9NjTAfJc92W92GawUNXY
4ZTnCqVJg7fdJK6HVa3Zr3iSwKlzLmSWtDLgcF6cBbEzPNUJVLQxavL+swIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAhlwL4IN2F/i3Rnq/no4NDTmlS2MB8GA1UdIwQY
MBaAFLVirHAcFNNLsuRHXsURUqQMnT08MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFdLc2NCd1UwMHV5NUVkZXhSRlNwQXlkUFR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84ZjAxYjMtMjU3Yi00OGQ1LTgyZTIt
MDk3MzI0ZGQ5ZWM4LzEvQ0dYQXZnZzNZWC1MZEdlci1lamcwTk9hVkxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84ZjAxYjMtMjU3Yi00OGQ1LTgyZTItMDk3MzI0ZGQ5ZWM4
LzEvdFdLc2NCd1UwMHV5NUVkZXhSRlNwQXlkUFR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW9pUAwQC
W+yMAwQA1W3JMA0GCSqGSIb3DQEBCwUAA4IBAQAdp9zKlqavuwJxj7NsPUnBcWt5
btNk78qiaqbmCdnTSTlAA1CVN+TnJJ6xNSVnsdPK6Ghg7CldnAd78q1WWrvA7+8R
GRvYTIdqGzPrLhu8TWxrO0GzCOtW//Ms2vLsPoawPb6WBnZMHSm9SjAUGf8zvz1S
lbRmSQ4OAQxG5VAAuDqJRe/hf/1VRjtXqKSw21Fe9pGOS/aORWKXA2YquBETM237
VxAoT0yxgFzWL8IrA8K7UXpUxKeon1Y4u7argmX+uqYCqv5eok4B36Grr8ZExxdL
jMtuuaZvYCSaItuTn8nt0T3Mfe9vwXpOg5t4z4iwb85PUNU2cPdwAJ/vdT3t
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:44:46 2025 by rpki-client