Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/b70490-fcae-48ec-9249-beba754add57/1/gDu55KWmAaijBFrjPJxZaBNVvf8.roa
File: gDu55KWmAaijBFrjPJxZaBNVvf8.roa (raw, json)
Hash identifier: K8SEf89qomdnNGh3pxjVeYI8hvhd1vOWkdK7iuiu2Ko=
Subject key identifier: 80:3B:B9:E4:A5:A6:01:A8:A3:04:5A:E3:3C:9C:59:68:13:55:BD:FF
Certificate issuer: /CN=fe6d4a36340c3dad87a03921d0f88ff65162897a
Certificate serial: 018CC5001FED99EF445AA57831F1A91DE25E
Authority key identifier: FE:6D:4A:36:34:0C:3D:AD:87:A0:39:21:D0:F8:8F:F6:51:62:89:7A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_m1KNjQMPa2HoDkh0PiP9lFiiXo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/b70490-fcae-48ec-9249-beba754add57/1/gDu55KWmAaijBFrjPJxZaBNVvf8.roa
Signing time: Mon 01 Jan 2024 12:29:28 +0000
ROA not before: Mon 01 Jan 2024 12:29:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209288
IP address blocks: 91.202.210.0/24 maxlen: 24
212.18.105.0/24 maxlen: 24
185.112.73.0/24 maxlen: 24
151.248.17.0/24 maxlen: 24
151.248.16.0/24 maxlen: 24
151.248.16.0/22 maxlen: 22
151.248.19.0/24 maxlen: 24
151.248.18.0/24 maxlen: 24
2a05:ccc0::/29 maxlen: 29
2a10:c080::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 01 Jan 2025 17:48:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:1f:ed:99:ef:44:5a:a5:78:31:f1:a9:1d:e2:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe6d4a36340c3dad87a03921d0f88ff65162897a
Validity
Not Before: Jan 1 12:29:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=803bb9e4a5a601a8a3045ae33c9c59681355bdff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:8a:98:6a:ff:35:21:9d:57:41:73:53:ac:70:
97:d7:24:12:f4:59:b8:09:05:ff:7a:15:02:07:dd:
aa:b5:0f:2b:bb:b7:91:50:e1:96:47:33:99:9f:13:
13:7e:1e:55:6d:8e:a7:57:87:70:28:2f:0a:b8:1d:
4a:10:c6:fc:8e:e8:af:31:3b:65:7d:eb:c5:ac:4c:
41:81:5b:a7:b7:8a:e1:a5:cd:6a:cc:89:6e:0e:d9:
54:18:26:69:c5:bf:b5:9d:ed:8f:08:43:aa:55:e1:
00:99:77:ca:ad:f9:ff:da:e8:68:b7:18:ae:ae:37:
dd:22:5b:58:4a:78:7e:d1:4c:b3:d0:4d:b2:42:fd:
38:9e:34:11:e7:a2:63:7f:dc:c3:80:ae:9a:50:ff:
e4:87:f6:b0:b9:5d:98:f5:86:8c:31:30:14:bf:4e:
e9:c6:c9:c3:bc:3b:0e:91:9e:89:c8:c1:1b:1c:33:
1d:f2:3a:4f:bf:5f:30:32:21:7b:ee:55:ce:d0:41:
95:5b:b3:4f:df:cc:a3:f9:2d:c7:b9:44:e2:f1:92:
87:cb:70:ad:bc:d9:dd:a2:eb:1a:4f:79:a1:69:45:
df:b5:b5:16:ca:7a:da:79:c6:bc:74:43:ef:4e:c0:
ea:cb:51:c4:9c:42:6a:f7:be:d2:fb:cd:d2:3b:c7:
f4:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
80:3B:B9:E4:A5:A6:01:A8:A3:04:5A:E3:3C:9C:59:68:13:55:BD:FF
X509v3 Authority Key Identifier:
keyid:FE:6D:4A:36:34:0C:3D:AD:87:A0:39:21:D0:F8:8F:F6:51:62:89:7A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_m1KNjQMPa2HoDkh0PiP9lFiiXo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b70490-fcae-48ec-9249-beba754add57/1/gDu55KWmAaijBFrjPJxZaBNVvf8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/b70490-fcae-48ec-9249-beba754add57/1/_m1KNjQMPa2HoDkh0PiP9lFiiXo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.202.210.0/24
151.248.16.0/22
185.112.73.0/24
212.18.105.0/24
IPv6:
2a05:ccc0::/29
2a10:c080::/29
Signature Algorithm: sha256WithRSAEncryption
31:3d:1a:6f:54:c5:2b:f6:ba:2c:0b:52:2f:bd:12:47:85:ad:
72:80:be:32:4a:bd:27:ef:42:d5:e7:46:20:c4:d0:f0:af:13:
17:1d:e2:33:b5:bd:cc:25:52:a5:f6:80:8a:45:7c:60:61:b2:
df:17:dc:c6:5b:81:0a:2a:e5:72:d0:27:90:0f:6d:62:04:55:
c7:8d:b2:12:9d:4f:ee:f9:6e:f6:4a:23:da:37:f4:ef:53:78:
b8:60:f4:65:5d:b7:e1:6d:36:6a:fd:dc:44:b6:89:a6:7f:81:
17:d1:5b:90:bb:4a:c9:79:2d:97:ad:0a:a6:ed:7a:b5:a0:a5:
84:b8:e6:03:37:1e:a0:1c:22:e4:79:1f:b8:44:68:ff:31:14:
a2:d4:90:15:05:fc:e8:1b:f1:d1:5a:eb:39:a5:d3:57:d1:4b:
8e:3a:d5:53:5b:ad:c6:16:c3:5a:8a:9a:7a:47:45:f8:02:a4:
95:07:1a:92:a0:c3:2e:c1:ae:3c:f7:8c:27:72:33:55:22:a2:
be:0c:04:82:5c:f7:64:f4:10:c4:51:c8:ae:72:94:43:aa:98:
0b:69:bb:fc:69:d4:fc:b7:ec:d1:c9:ca:b0:80:f1:36:1f:11:
6f:68:29:66:ae:d4:34:4c:04:93:8b:4a:b2:85:87:50:ac:5e:
9c:6e:28:d4
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYzFAB/tme9EWqV4MfGpHeJeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNmQ0YTM2MzQwYzNkYWQ4N2EwMzkyMWQwZjg4ZmY2NTE2
Mjg5N2EwHhcNMjQwMTAxMTIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDNiYjllNGE1YTYwMWE4YTMwNDVhZTMzYzljNTk2ODEzNTViZGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA54qYav81IZ1XQXNTrHCX1yQS9Fm4
CQX/ehUCB92qtQ8ru7eRUOGWRzOZnxMTfh5VbY6nV4dwKC8KuB1KEMb8juivMTtl
fevFrExBgVunt4rhpc1qzIluDtlUGCZpxb+1ne2PCEOqVeEAmXfKrfn/2uhotxiu
rjfdIltYSnh+0Uyz0E2yQv04njQR56Jjf9zDgK6aUP/kh/awuV2Y9YaMMTAUv07p
xsnDvDsOkZ6JyMEbHDMd8jpPv18wMiF77lXO0EGVW7NP38yj+S3HuUTi8ZKHy3Ct
vNndousaT3mhaUXftbUWynraeca8dEPvTsDqy1HEnEJq977S+83SO8f0awIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFIA7ueSlpgGoowRa4zycWWgTVb3/MB8GA1UdIwQY
MBaAFP5tSjY0DD2th6A5IdD4j/ZRYol6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX20xS05qUU1QYTJIb0RraDBQaVA5bEZpaVhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9iNzA0OTAtZmNhZS00OGVjLTkyNDkt
YmViYTc1NGFkZDU3LzEvZ0R1NTVLV21BYWlqQkZyalBKeFphQk5WdmY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9iNzA0OTAtZmNhZS00OGVjLTkyNDktYmViYTc1NGFkZDU3
LzEvX20xS05qUU1QYTJIb0RraDBQaVA5bEZpaVhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQAW8rSAwQC
l/gQAwQAuXBJAwQA1BJpMBQEAgACMA4DBQMqBczAAwUDKhDAgDANBgkqhkiG9w0B
AQsFAAOCAQEAMT0ab1TFK/a6LAtSL70SR4WtcoC+Mkq9J+9C1edGIMTQ8K8TFx3i
M7W9zCVSpfaAikV8YGGy3xfcxluBCirlctAnkA9tYgRVx42yEp1P7vlu9koj2jf0
71N4uGD0ZV234W02av3cRLaJpn+BF9FbkLtKyXktl60Kpu16taClhLjmAzceoBwi
5HkfuERo/zEUotSQFQX86Bvx0VrrOaXTV9FLjjrVU1utxhbDWoqaekdF+AKklQca
kqDDLsGuPPeMJ3IzVSKivgwEglz3ZPQQxFHIrnKUQ6qYC2m7/GnU/Lfs0cnKsIDx
Nh8Rb2gpZq7UNEwEk4tKsoWHUKxenG4o1A==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:33:59 2025 by rpki-client