Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/QtQw9TnGxsELgILvcNho06SXqNU.roa
File: QtQw9TnGxsELgILvcNho06SXqNU.roa (raw, json)
Hash identifier: u9IgL8Pc/80jX7m4Ya+gvsc5RM3wl8Q5d21X+5B5+dM=
Subject key identifier: 42:D4:30:F5:39:C6:C6:C1:0B:80:82:EF:70:D8:68:D3:A4:97:A8:D5
Certificate issuer: /CN=1a93849bff337df8b8b0bd1ae252ee6119d8a61f
Certificate serial: 018CC9BC445DA6A67578594050EF4EFD5D60
Authority key identifier: 1A:93:84:9B:FF:33:7D:F8:B8:B0:BD:1A:E2:52:EE:61:19:D8:A6:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/QtQw9TnGxsELgILvcNho06SXqNU.roa
Signing time: Tue 02 Jan 2024 10:33:27 +0000
ROA not before: Tue 02 Jan 2024 10:33:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 14618
IP address blocks: 195.46.38.0/24 maxlen: 24
91.213.115.0/24 maxlen: 24
91.200.50.0/24 maxlen: 24
91.241.6.0/23 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 17:53:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:44:5d:a6:a6:75:78:59:40:50:ef:4e:fd:5d:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1a93849bff337df8b8b0bd1ae252ee6119d8a61f
Validity
Not Before: Jan 2 10:33:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=42d430f539c6c6c10b8082ef70d868d3a497a8d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:3b:01:c8:65:4f:3d:7f:09:5b:78:48:8c:9a:
82:f5:72:73:5d:51:35:c1:b7:9b:6d:e6:12:1a:b1:
4d:ee:8b:02:df:d1:71:d0:42:eb:25:6e:d7:b0:14:
ee:d7:06:de:f4:ef:09:50:cb:5f:6f:eb:fd:0a:c8:
ec:59:5e:8f:7e:ce:1b:64:d1:cb:a5:6d:cd:60:22:
e2:98:c7:9e:7b:18:d1:96:be:bf:0b:5f:3f:8b:aa:
f8:f1:c2:41:94:30:cd:bc:e4:30:05:d7:b0:0f:28:
74:e7:96:90:0f:81:80:4d:c7:27:34:a0:f6:4c:ae:
f3:de:a3:cf:84:71:71:6d:97:26:90:8a:0b:b2:da:
2d:80:1e:5e:30:98:f7:48:d1:a3:de:35:b2:ae:58:
51:7f:0f:cf:f4:ce:39:0e:19:6e:2d:6c:9a:4b:82:
ac:3b:e0:88:fb:ca:a8:17:0b:30:b2:d5:55:8b:bc:
87:59:86:c6:f8:8d:ad:05:45:ba:83:ff:99:a8:32:
b7:fd:03:7c:24:56:08:33:c1:7b:e9:c4:5b:01:aa:
93:f1:e6:f9:00:d1:d1:29:be:51:a6:e1:fd:47:c0:
50:94:48:68:39:ae:54:da:bd:33:fb:2f:ca:b2:bc:
b5:99:b8:6b:ab:2c:0e:05:b2:65:68:90:9d:13:63:
99:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:D4:30:F5:39:C6:C6:C1:0B:80:82:EF:70:D8:68:D3:A4:97:A8:D5
X509v3 Authority Key Identifier:
keyid:1A:93:84:9B:FF:33:7D:F8:B8:B0:BD:1A:E2:52:EE:61:19:D8:A6:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpOEm_8zffi4sL0a4lLuYRnYph8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/QtQw9TnGxsELgILvcNho06SXqNU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d4497a-11f2-49ac-aef9-43e67d5d0a85/1/GpOEm_8zffi4sL0a4lLuYRnYph8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.50.0/24
91.213.115.0/24
91.241.6.0/23
195.46.38.0/24
Signature Algorithm: sha256WithRSAEncryption
43:f8:2e:24:41:bc:fc:0d:1b:99:e0:7e:a7:f1:c5:7c:34:f6:
ea:cf:c2:ab:6b:e0:4c:4a:78:d5:5f:0d:4e:a7:22:cc:e9:a6:
1e:1e:64:5a:56:dd:d5:ee:ba:55:8f:15:4e:ca:85:8e:f0:fe:
95:6b:6d:6e:ee:d0:b9:93:3d:e1:d9:68:a0:e8:2a:77:d0:a2:
7f:4f:c8:04:a8:1d:b0:dc:02:87:a8:c0:a5:fa:b6:4a:63:b9:
1b:cb:9c:47:14:de:f7:a9:16:00:13:35:b7:83:8f:0d:67:6b:
c3:da:18:9f:fd:d3:d9:42:ef:e2:b4:20:f3:d2:a9:4b:0f:8c:
5f:8f:67:8a:b4:14:ce:9c:cd:46:0e:fc:8d:1f:79:90:7e:b8:
51:be:3c:00:52:76:79:fe:98:07:0d:db:96:c6:12:f2:9b:d8:
66:0f:16:56:9c:ba:cc:17:47:69:46:51:af:6f:93:1e:46:19:
bf:fe:d3:bb:32:2a:98:42:39:6f:c4:de:73:15:da:53:50:ff:
95:a6:60:0b:d5:fb:75:33:3c:f3:c2:35:62:63:56:83:68:1b:
75:b8:93:49:d0:07:a2:b9:d0:60:47:90:c5:5d:c0:fc:9b:87:
58:09:42:23:01:d4:c2:53:83:42:78:74:a9:23:63:7d:18:84:
50:a9:7f:a8
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzJvERdpqZ1eFlAUO9O/V1gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTM4NDliZmYzMzdkZjhiOGIwYmQxYWUyNTJlZTYxMTlk
OGE2MWYwHhcNMjQwMTAyMTAzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmQ0MzBmNTM5YzZjNmMxMGI4MDgyZWY3MGQ4NjhkM2E0OTdhOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTsByGVPPX8JW3hIjJqC9XJzXVE1
wbebbeYSGrFN7osC39Fx0ELrJW7XsBTu1wbe9O8JUMtfb+v9CsjsWV6Pfs4bZNHL
pW3NYCLimMeeexjRlr6/C18/i6r48cJBlDDNvOQwBdewDyh055aQD4GATccnNKD2
TK7z3qPPhHFxbZcmkIoLstotgB5eMJj3SNGj3jWyrlhRfw/P9M45DhluLWyaS4Ks
O+CI+8qoFwswstVVi7yHWYbG+I2tBUW6g/+ZqDK3/QN8JFYIM8F76cRbAaqT8eb5
ANHRKb5RpuH9R8BQlEhoOa5U2r0z+y/Ksry1mbhrqywOBbJlaJCdE2OZywIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFELUMPU5xsbBC4CC73DYaNOkl6jVMB8GA1UdIwQY
MBaAFBqThJv/M334uLC9GuJS7mEZ2KYfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BPRW1fOHpmZmk0c0wwYTRsTHVZUm5ZcGg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9kNDQ5N2EtMTFmMi00OWFjLWFlZjkt
NDNlNjdkNWQwYTg1LzEvUXRRdzlUbkd4c0VMZ0lMdmNOaG8wNlNYcU5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9kNDQ5N2EtMTFmMi00OWFjLWFlZjktNDNlNjdkNWQwYTg1
LzEvR3BPRW1fOHpmZmk0c0wwYTRsTHVZUm5ZcGg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAW8gyAwQA
W9VzAwQBW/EGAwQAwy4mMA0GCSqGSIb3DQEBCwUAA4IBAQBD+C4kQbz8DRuZ4H6n
8cV8NPbqz8Kra+BMSnjVXw1OpyLM6aYeHmRaVt3V7rpVjxVOyoWO8P6Va21u7tC5
kz3h2Wig6Cp30KJ/T8gEqB2w3AKHqMCl+rZKY7kby5xHFN73qRYAEzW3g48NZ2vD
2hif/dPZQu/itCDz0qlLD4xfj2eKtBTOnM1GDvyNH3mQfrhRvjwAUnZ5/pgHDduW
xhLym9hmDxZWnLrMF0dpRlGvb5MeRhm//tO7MiqYQjlvxN5zFdpTUP+VpmAL1ft1
MzzzwjViY1aDaBt1uJNJ0AeiudBgR5DFXcD8m4dYCUIjAdTCU4NCeHSpI2N9GIRQ
qX+o
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:42:59 2025 by rpki-client