Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/Qo-9Zs-_4KdZe27jGVIq23k543w.roa
File: Qo-9Zs-_4KdZe27jGVIq23k543w.roa (raw, json)
Hash identifier: x3LBU4CmbnxZfHZFFLGbfWs6xe8Ha3gIwve05Lkerr4=
Subject key identifier: 42:8F:BD:66:CF:BF:E0:A7:59:7B:6E:E3:19:52:2A:DB:79:39:E3:7C
Certificate issuer: /CN=d9d0318f2685e32d2dba923f6662771427359738
Certificate serial: 018CC3B703A42F5DC073EDC1DEDE43711762
Authority key identifier: D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/Qo-9Zs-_4KdZe27jGVIq23k543w.roa
Signing time: Mon 01 Jan 2024 06:30:00 +0000
ROA not before: Mon 01 Jan 2024 06:30:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205950
IP address blocks: 109.235.245.0/24 maxlen: 32
109.235.244.0/24 maxlen: 32
109.235.246.0/24 maxlen: 32
109.235.247.0/24 maxlen: 32
2001:1b28:800::/37 maxlen: 128
2001:1b28:406::/48 maxlen: 48
Validation: Failed, certificate revoked on Wed 01 Jan 2025 03:48:31 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b7:03:a4:2f:5d:c0:73:ed:c1:de:de:43:71:17:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d9d0318f2685e32d2dba923f6662771427359738
Validity
Not Before: Jan 1 06:30:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=428fbd66cfbfe0a7597b6ee319522adb7939e37c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:eb:f1:1c:12:c2:d3:ac:7c:21:86:21:9d:1c:
c8:6c:c5:c4:46:ed:ca:b3:42:08:b6:3a:f2:cd:ea:
8e:48:e1:0e:6f:cc:f9:8a:58:36:51:84:a8:53:3b:
b1:2e:63:bc:ba:02:f7:3b:f9:01:ed:ff:67:d3:9f:
34:8e:98:24:d6:00:4d:9a:30:79:76:64:01:d4:2c:
b7:80:9f:d3:32:ef:b7:ab:b0:19:5e:df:85:1b:25:
ba:20:eb:d7:af:92:55:7e:17:c0:00:20:50:5e:50:
9f:13:98:15:78:b6:b0:23:19:07:4a:3a:28:c6:33:
93:4f:33:6f:00:3c:73:f7:69:47:35:f9:51:e0:bb:
54:89:b4:ed:cb:a6:db:9e:4a:94:15:03:06:50:b9:
4b:3f:3b:88:a7:c7:33:de:23:eb:d5:22:77:ce:4c:
62:14:e5:8e:d5:85:3e:b5:f6:5c:15:69:48:3c:a2:
dc:63:29:1e:c5:8c:65:cf:44:ed:75:75:97:8d:f9:
97:5c:11:70:1c:de:d5:64:49:40:ba:4d:cd:7b:5c:
9d:67:86:56:b7:e7:31:25:ac:ae:63:be:df:e1:66:
51:f0:7d:22:9f:bc:51:b1:d8:94:c7:d4:02:1c:0e:
00:bf:19:19:69:7d:5a:98:1a:f4:cd:7a:50:8e:cb:
21:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:8F:BD:66:CF:BF:E0:A7:59:7B:6E:E3:19:52:2A:DB:79:39:E3:7C
X509v3 Authority Key Identifier:
keyid:D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/Qo-9Zs-_4KdZe27jGVIq23k543w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.235.244.0/22
IPv6:
2001:1b28:406::/48
2001:1b28:800::/37
Signature Algorithm: sha256WithRSAEncryption
8b:a1:42:92:b7:30:70:cd:a1:5b:0b:18:a4:3c:60:2d:ca:05:
53:f7:43:11:ee:76:b6:55:ea:04:56:3a:35:e3:96:da:e8:ed:
dd:a4:f9:ac:81:f1:5a:20:95:35:34:9b:1a:ad:77:ad:62:54:
29:7c:f8:f4:39:ed:e2:70:2c:9f:29:28:5d:f1:e0:a6:0f:9b:
c2:11:08:4d:39:97:8d:dc:29:4e:82:90:24:b7:1b:86:76:1d:
5f:de:00:6b:57:2f:46:47:cb:9d:2d:c2:3e:73:d9:c0:5a:1e:
4f:3a:67:3d:cd:8f:e6:2d:8b:f0:17:2f:7f:27:e3:86:6b:6f:
6c:5e:85:a2:02:f4:3d:67:7a:e0:ff:89:3a:33:c2:2e:06:6e:
82:af:a5:b6:a8:08:d7:d9:c5:01:d1:fc:b2:72:ae:23:0a:c6:
b6:b9:31:80:17:41:04:d3:2f:b6:91:ad:4b:6f:0f:07:f8:e4:
e8:0b:a8:15:22:a7:fb:40:e4:0e:ee:4b:3a:2c:94:51:b0:ea:
c7:8a:99:9f:5f:17:27:32:75:76:29:f3:4f:e1:6e:43:1e:f4:
dd:4a:88:8a:a3:13:e5:6c:f7:0e:f3:cc:7c:e9:2f:56:80:39:
02:9f:15:2a:7e:92:07:59:4d:72:62:aa:5d:b7:da:13:e5:20:
31:7f:70:16
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYzDtwOkL13Ac+3B3t5DcRdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDAzMThmMjY4NWUzMmQyZGJhOTIzZjY2NjI3NzE0Mjcz
NTk3MzgwHhcNMjQwMTAxMDYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjhmYmQ2NmNmYmZlMGE3NTk3YjZlZTMxOTUyMmFkYjc5MzllMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+vxHBLC06x8IYYhnRzIbMXERu3K
s0IItjryzeqOSOEOb8z5ilg2UYSoUzuxLmO8ugL3O/kB7f9n0580jpgk1gBNmjB5
dmQB1Cy3gJ/TMu+3q7AZXt+FGyW6IOvXr5JVfhfAACBQXlCfE5gVeLawIxkHSjoo
xjOTTzNvADxz92lHNflR4LtUibTty6bbnkqUFQMGULlLPzuIp8cz3iPr1SJ3zkxi
FOWO1YU+tfZcFWlIPKLcYykexYxlz0TtdXWXjfmXXBFwHN7VZElAuk3Ne1ydZ4ZW
t+cxJayuY77f4WZR8H0in7xRsdiUx9QCHA4AvxkZaX1amBr0zXpQjsshAQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFEKPvWbPv+CnWXtu4xlSKtt5OeN8MB8GA1UdIwQY
MBaAFNnQMY8mheMtLbqSP2ZidxQnNZc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEt
OTZkZGQ1YTAyMzlkLzEvUW8tOVpzLV80S2RaZTI3akdWSXEyM2s1NDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEtOTZkZGQ1YTAyMzlk
LzEvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAMBAIAATAGAwQCbev0MBcE
AgACMBEDBwAgARsoBAYDBgMgARsoCDANBgkqhkiG9w0BAQsFAAOCAQEAi6FCkrcw
cM2hWwsYpDxgLcoFU/dDEe52tlXqBFY6NeOW2ujt3aT5rIHxWiCVNTSbGq13rWJU
KXz49Dnt4nAsnykoXfHgpg+bwhEITTmXjdwpToKQJLcbhnYdX94Aa1cvRkfLnS3C
PnPZwFoeTzpnPc2P5i2L8BcvfyfjhmtvbF6FogL0PWd64P+JOjPCLgZugq+ltqgI
19nFAdH8snKuIwrGtrkxgBdBBNMvtpGtS28PB/jk6AuoFSKn+0DkDu5LOiyUUbDq
x4qZn18XJzJ1dinzT+FuQx703UqIiqMT5Wz3DvPMfOkvVoA5Ap8VKn6SB1lNcmKq
XbfaE+UgMX9wFg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:29:21 2025 by rpki-client