Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/9d54cb-7ceb-458f-bd77-b2283c9a536f/1/xBECV97i8ioy5Nb-JLXM1jC-Dzk.roa
File: xBECV97i8ioy5Nb-JLXM1jC-Dzk.roa (raw, json)
Hash identifier: O19dZpsQFH46+GUOHoN+qBtOu90wO8UzWLIy4g+iPfw=
Subject key identifier: C4:11:02:57:DE:E2:F2:2A:32:E4:D6:FE:24:B5:CC:D6:30:BE:0F:39
Certificate issuer: /CN=912f169fc744cbe895a9f85edab796d4ac700029
Certificate serial: 018DF42F2B11A6E7F8A031E6CF1F17635E3E
Authority key identifier: 91:2F:16:9F:C7:44:CB:E8:95:A9:F8:5E:DA:B7:96:D4:AC:70:00:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kS8Wn8dEy-iVqfhe2reW1KxwACk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/9d54cb-7ceb-458f-bd77-b2283c9a536f/1/xBECV97i8ioy5Nb-JLXM1jC-Dzk.roa
Signing time: Thu 29 Feb 2024 09:25:48 +0000
ROA not before: Thu 29 Feb 2024 09:25:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43594
IP address blocks: 95.215.124.0/22 maxlen: 22
95.215.124.0/24 maxlen: 24
95.215.125.0/24 maxlen: 24
95.215.126.0/24 maxlen: 24
185.184.232.0/22 maxlen: 22
185.184.232.0/24 maxlen: 24
185.184.233.0/24 maxlen: 24
185.184.234.0/24 maxlen: 24
2a0b:4380::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 19 Jul 2024 02:07:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f4:2f:2b:11:a6:e7:f8:a0:31:e6:cf:1f:17:63:5e:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=912f169fc744cbe895a9f85edab796d4ac700029
Validity
Not Before: Feb 29 09:25:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c4110257dee2f22a32e4d6fe24b5ccd630be0f39
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:da:63:90:8d:cd:df:7a:8b:e3:4c:1f:e6:2a:
95:97:9e:fb:72:80:7e:9b:2d:7e:68:cf:0c:58:c5:
53:68:d4:b3:a4:97:38:8f:59:47:0f:37:81:f2:88:
9d:00:2c:41:2d:f9:6b:7d:7e:28:b4:8a:74:b1:04:
93:73:01:7d:0e:63:58:81:73:02:cf:14:fe:eb:93:
c5:15:56:d4:ca:a7:67:4a:cd:b6:c5:01:d8:e3:c9:
e6:5f:f6:32:fd:f6:d6:27:c0:01:6a:22:52:c9:2f:
a0:53:63:cd:8b:93:61:2b:9a:78:c6:0d:94:e8:ad:
d3:47:63:b3:62:5a:82:33:5a:4d:40:64:d5:ec:92:
e7:d9:69:51:fa:36:81:bc:26:97:16:db:13:66:cf:
34:12:66:65:48:a0:c3:c1:13:fa:33:5a:3b:56:39:
93:dc:17:9b:02:f7:13:75:c9:a0:54:01:80:2a:89:
71:8c:8d:6c:89:99:40:b0:09:46:d7:0a:19:9c:57:
df:dc:19:65:ef:3f:38:10:55:80:08:ee:fb:dd:2c:
cf:f2:48:da:2b:01:c5:2d:9f:36:9f:37:55:71:14:
c2:42:f8:61:7a:6b:ca:d5:8a:48:bb:ad:5f:b6:9d:
3a:96:2e:c5:f4:00:e4:f1:1a:9b:18:10:74:49:e4:
38:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:11:02:57:DE:E2:F2:2A:32:E4:D6:FE:24:B5:CC:D6:30:BE:0F:39
X509v3 Authority Key Identifier:
keyid:91:2F:16:9F:C7:44:CB:E8:95:A9:F8:5E:DA:B7:96:D4:AC:70:00:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kS8Wn8dEy-iVqfhe2reW1KxwACk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9d54cb-7ceb-458f-bd77-b2283c9a536f/1/xBECV97i8ioy5Nb-JLXM1jC-Dzk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/9d54cb-7ceb-458f-bd77-b2283c9a536f/1/kS8Wn8dEy-iVqfhe2reW1KxwACk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.215.124.0/22
185.184.232.0/22
IPv6:
2a0b:4380::/32
Signature Algorithm: sha256WithRSAEncryption
85:d6:32:af:f9:aa:51:91:1a:12:bb:57:07:0c:3a:58:c3:b7:
8c:bf:14:be:aa:25:fc:cd:45:39:a3:19:e3:1b:c5:3d:a7:41:
6d:e8:19:a8:2a:7c:55:3e:fb:9d:99:bb:90:ac:40:31:00:c2:
6d:e4:d0:75:c1:fc:65:67:95:02:86:a5:ee:eb:b0:67:fb:85:
9d:a1:a9:da:4e:bb:33:a0:a3:c2:16:18:8b:11:e6:32:c6:a2:
b8:37:70:41:87:1a:0d:58:a5:84:df:7f:f5:43:df:81:20:2e:
35:18:7e:14:03:dc:72:bb:f5:d2:ae:00:6c:6a:91:97:65:67:
b2:01:9e:67:81:bf:24:e8:83:c1:73:9f:f9:90:8f:f5:c0:2d:
bc:33:48:1c:10:08:0e:1d:be:65:fb:58:cb:08:3c:4c:08:5e:
17:02:9a:24:a8:9b:76:de:df:d8:1d:af:5c:99:d2:fc:af:97:
c7:38:a0:36:5e:55:02:98:82:6c:5c:e8:12:8f:6e:cf:8a:11:
47:71:ad:f6:60:8d:f6:dc:b3:17:0a:7b:75:28:fa:72:5b:9e:
db:03:40:4e:05:d8:da:a3:9a:7b:a6:ae:6b:4e:81:30:85:c7:
27:f3:fa:d9:da:35:4d:16:99:76:0b:0a:b5:14:31:56:8f:2c:
8c:10:f7:9b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY30LysRpuf4oDHmzx8XY14+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxMmYxNjlmYzc0NGNiZTg5NWE5Zjg1ZWRhYjc5NmQ0YWM3
MDAwMjkwHhcNMjQwMjI5MDkyNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDExMDI1N2RlZTJmMjJhMzJlNGQ2ZmUyNGI1Y2NkNjMwYmUwZjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNpjkI3N33qL40wf5iqVl577coB+
my1+aM8MWMVTaNSzpJc4j1lHDzeB8oidACxBLflrfX4otIp0sQSTcwF9DmNYgXMC
zxT+65PFFVbUyqdnSs22xQHY48nmX/Yy/fbWJ8ABaiJSyS+gU2PNi5NhK5p4xg2U
6K3TR2OzYlqCM1pNQGTV7JLn2WlR+jaBvCaXFtsTZs80EmZlSKDDwRP6M1o7VjmT
3BebAvcTdcmgVAGAKolxjI1siZlAsAlG1woZnFff3Bll7z84EFWACO773SzP8kja
KwHFLZ82nzdVcRTCQvhhemvK1YpIu61ftp06li7F9ADk8RqbGBB0SeQ4zwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMQRAlfe4vIqMuTW/iS1zNYwvg85MB8GA1UdIwQY
MBaAFJEvFp/HRMvolan4Xtq3ltSscAApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1M4V244ZEV5LWlWcWZoZTJyZVcxS3h3QUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy85ZDU0Y2ItN2NlYi00NThmLWJkNzct
YjIyODNjOWE1MzZmLzEveEJFQ1Y5N2k4aW95NU5iLUpMWE0xakMtRHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy85ZDU0Y2ItN2NlYi00NThmLWJkNzctYjIyODNjOWE1MzZm
LzEva1M4V244ZEV5LWlWcWZoZTJyZVcxS3h3QUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCX9d8AwQC
ubjoMA0EAgACMAcDBQAqC0OAMA0GCSqGSIb3DQEBCwUAA4IBAQCF1jKv+apRkRoS
u1cHDDpYw7eMvxS+qiX8zUU5oxnjG8U9p0Ft6BmoKnxVPvudmbuQrEAxAMJt5NB1
wfxlZ5UChqXu67Bn+4WdoanaTrszoKPCFhiLEeYyxqK4N3BBhxoNWKWE33/1Q9+B
IC41GH4UA9xyu/XSrgBsapGXZWeyAZ5ngb8k6IPBc5/5kI/1wC28M0gcEAgOHb5l
+1jLCDxMCF4XApokqJt23t/YHa9cmdL8r5fHOKA2XlUCmIJsXOgSj27PihFHca32
YI323LMXCnt1KPpyW57bA0BOBdjao5p7pq5rToEwhccn8/rZ2jVNFpl2Cwq1FDFW
jyyMEPeb
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:45:49 2025 by rpki-client