Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/mnX5yvi9u3N-HKnyUfwUNQG5Q-k.roa
File: mnX5yvi9u3N-HKnyUfwUNQG5Q-k.roa (raw, json)
Hash identifier: lD3mFqNz1EK093rUgI1yf/lplYIEb4QtEpXDGwzyKms=
Subject key identifier: 9A:75:F9:CA:F8:BD:BB:73:7E:1C:A9:F2:51:FC:14:35:01:B9:43:E9
Certificate issuer: /CN=3af7710df8add64bb9688e0f4581bea67e402c66
Certificate serial: 01914C1C29922A740E21AB89A1F98929848C
Authority key identifier: 3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/mnX5yvi9u3N-HKnyUfwUNQG5Q-k.roa
Signing time: Tue 13 Aug 2024 14:19:59 +0000
ROA not before: Tue 13 Aug 2024 14:19:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203639
IP address blocks: 45.143.158.0/24 maxlen: 24
45.143.159.0/24 maxlen: 24
46.21.20.0/24 maxlen: 24
46.21.23.0/24 maxlen: 24
46.21.28.0/24 maxlen: 24
46.21.30.0/24 maxlen: 24
77.220.90.0/23 maxlen: 23
185.155.186.0/24 maxlen: 24
185.155.187.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 18 Aug 2024 07:46:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:4c:1c:29:92:2a:74:0e:21:ab:89:a1:f9:89:29:84:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3af7710df8add64bb9688e0f4581bea67e402c66
Validity
Not Before: Aug 13 14:19:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9a75f9caf8bdbb737e1ca9f251fc143501b943e9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:58:3b:e1:7a:00:20:e5:40:42:cf:4c:c0:9b:
09:76:22:50:5a:46:12:05:df:17:a9:38:7f:8d:fa:
fd:39:33:23:55:a5:c6:1e:46:2f:f6:2d:94:44:52:
7a:ee:05:45:43:8a:8d:e4:ae:d1:b1:e4:42:74:3d:
97:73:40:03:db:0f:ac:8b:29:85:bc:d6:01:fb:28:
4e:b7:07:70:d8:49:b0:fd:50:99:98:5f:ff:89:b6:
57:e4:28:79:45:a9:44:97:72:c0:6c:b6:01:52:20:
73:76:6b:d6:ee:4e:03:50:25:3c:f0:6e:db:dd:7d:
20:c9:bd:de:5c:7d:f6:93:06:70:d7:b9:05:86:79:
b6:6b:b5:32:fa:68:91:6e:aa:28:ec:9d:ee:c2:af:
de:eb:55:95:1c:89:df:04:58:19:41:29:d0:9a:d7:
5f:4e:a2:b1:f4:27:f7:2d:f0:67:7e:c5:94:2e:58:
ed:d8:cc:c1:36:ee:54:f8:5d:2e:d0:19:32:75:bd:
8a:db:4b:1c:1f:ee:a7:03:36:5e:7a:13:7c:09:ac:
19:f8:83:3a:50:a2:50:78:97:b8:9e:1c:ad:f1:41:
e0:2f:89:7c:d0:89:44:c2:92:ad:dc:81:f1:b1:b9:
5b:3f:67:1b:df:6b:3c:dc:6f:6c:6d:ad:51:53:d2:
97:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:75:F9:CA:F8:BD:BB:73:7E:1C:A9:F2:51:FC:14:35:01:B9:43:E9
X509v3 Authority Key Identifier:
keyid:3A:F7:71:0D:F8:AD:D6:4B:B9:68:8E:0F:45:81:BE:A6:7E:40:2C:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvdxDfit1ku5aI4PRYG-pn5ALGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/mnX5yvi9u3N-HKnyUfwUNQG5Q-k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/f59fe3-956e-4937-858d-eec416a886f7/1/OvdxDfit1ku5aI4PRYG-pn5ALGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.158.0/23
46.21.20.0/24
46.21.23.0/24
46.21.28.0/24
46.21.30.0/24
77.220.90.0/23
185.155.186.0/23
Signature Algorithm: sha256WithRSAEncryption
51:ba:4a:8f:b4:b5:dd:9f:17:2b:17:d1:f8:79:e1:ce:dc:68:
97:30:db:09:ee:8e:78:74:a6:97:c0:0c:e5:a2:d7:fd:4f:4d:
68:af:6b:82:4e:7b:b8:34:a1:e6:14:a4:bb:c5:54:87:2c:a2:
45:6f:44:3a:ac:19:66:7f:ad:d2:78:ed:be:32:96:38:af:26:
c7:7b:d4:0a:5b:90:90:e1:ef:79:f7:9d:66:ca:ab:4a:f2:c1:
54:22:ba:cc:bc:4d:7f:12:f1:65:c5:a9:81:8e:46:b4:1a:41:
90:66:70:fe:cb:11:9c:32:c2:92:45:77:cf:b9:97:24:8a:52:
bb:e4:50:4d:d8:42:8f:73:86:e2:af:94:81:43:fa:78:0a:27:
01:70:0a:e6:96:6b:82:45:0c:33:2e:27:bc:8b:b3:f2:4c:d8:
60:cd:68:83:67:96:65:a8:5e:eb:d1:c4:fb:27:d9:d4:3d:30:
0f:ae:0d:b9:16:1b:57:0c:e5:cb:4a:ee:54:fa:6c:fc:c8:63:
56:2f:9b:d5:7f:7e:07:8f:75:97:02:87:30:29:a3:7d:96:52:
f8:6b:f1:52:b9:4a:6d:cc:98:bf:de:05:ce:e7:74:d6:ae:d9:
a3:e8:75:5c:c3:60:25:96:ec:ba:8b:7c:b7:a6:fd:22:3c:88:
3d:4e:33:6a
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZFMHCmSKnQOIauJofmJKYSMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjc3MTBkZjhhZGQ2NGJiOTY4OGUwZjQ1ODFiZWE2N2U0
MDJjNjYwHhcNMjQwODEzMTQxOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTc1ZjljYWY4YmRiYjczN2UxY2E5ZjI1MWZjMTQzNTAxYjk0M2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFg74XoAIOVAQs9MwJsJdiJQWkYS
Bd8XqTh/jfr9OTMjVaXGHkYv9i2URFJ67gVFQ4qN5K7RseRCdD2Xc0AD2w+siymF
vNYB+yhOtwdw2Emw/VCZmF//ibZX5Ch5RalEl3LAbLYBUiBzdmvW7k4DUCU88G7b
3X0gyb3eXH32kwZw17kFhnm2a7Uy+miRbqoo7J3uwq/e61WVHInfBFgZQSnQmtdf
TqKx9Cf3LfBnfsWULljt2MzBNu5U+F0u0Bkydb2K20scH+6nAzZeehN8CawZ+IM6
UKJQeJe4nhyt8UHgL4l80IlEwpKt3IHxsblbP2cb32s83G9sba1RU9KX9QIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJp1+cr4vbtzfhyp8lH8FDUBuUPpMB8GA1UdIwQY
MBaAFDr3cQ34rdZLuWiOD0WBvqZ+QCxmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQt
ZWVjNDE2YTg4NmY3LzEvbW5YNXl2aTl1M04tSEtueVVmd1VOUUc1US1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9mNTlmZTMtOTU2ZS00OTM3LTg1OGQtZWVjNDE2YTg4NmY3
LzEvT3ZkeERmaXQxa3U1YUk0UFJZRy1wbjVBTEdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBLY+eAwQA
LhUUAwQALhUXAwQALhUcAwQALhUeAwQBTdxaAwQBuZu6MA0GCSqGSIb3DQEBCwUA
A4IBAQBRukqPtLXdnxcrF9H4eeHO3GiXMNsJ7o54dKaXwAzlotf9T01or2uCTnu4
NKHmFKS7xVSHLKJFb0Q6rBlmf63SeO2+MpY4rybHe9QKW5CQ4e95951myqtK8sFU
IrrMvE1/EvFlxamBjka0GkGQZnD+yxGcMsKSRXfPuZckilK75FBN2EKPc4bir5SB
Q/p4CicBcArmlmuCRQwzLie8i7PyTNhgzWiDZ5ZlqF7r0cT7J9nUPTAPrg25FhtX
DOXLSu5U+mz8yGNWL5vVf34Hj3WXAocwKaN9llL4a/FSuUptzJi/3gXO53TWrtmj
6HVcw2Alluy6i3y3pv0iPIg9TjNq
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:20 2025 by rpki-client