Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/crw8qMKpyZy-3mVK1E2M2PrpMQI.roa
File: crw8qMKpyZy-3mVK1E2M2PrpMQI.roa (raw, json)
Hash identifier: QUySm50e7Kr12TlxEHiiVPVZ66/lEuQcx3V5Ql+XoOA=
Subject key identifier: 72:BC:3C:A8:C2:A9:C9:9C:BE:DE:65:4A:D4:4D:8C:D8:FA:E9:31:02
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 0191FA95D3E91E7BC7187CF4CCB779F070EC
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/crw8qMKpyZy-3mVK1E2M2PrpMQI.roa
Signing time: Mon 16 Sep 2024 11:26:48 +0000
ROA not before: Mon 16 Sep 2024 11:26:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3301
IP address blocks: 2.248.0.0/14 maxlen: 14
2.252.0.0/15 maxlen: 15
2.254.0.0/16 maxlen: 16
2.255.0.0/17 maxlen: 17
2.255.128.0/18 maxlen: 18
2.255.190.0/24 maxlen: 24
2.255.191.0/24 maxlen: 24
62.20.0.0/16 maxlen: 16
77.110.0.0/18 maxlen: 18
78.64.0.0/12 maxlen: 12
81.224.0.0/12 maxlen: 12
81.228.4.0/23 maxlen: 23
81.228.4.0/24 maxlen: 24
81.228.5.0/24 maxlen: 24
82.214.0.0/18 maxlen: 18
85.11.0.0/18 maxlen: 18
90.224.0.0/12 maxlen: 12
92.254.128.0/17 maxlen: 17
95.109.0.0/17 maxlen: 17
95.192.0.0/12 maxlen: 12
185.103.208.0/22 maxlen: 22
185.103.208.0/24 maxlen: 24
188.126.224.0/19 maxlen: 19
188.126.233.0/24 maxlen: 24
188.126.240.0/23 maxlen: 23
192.16.152.0/23 maxlen: 23
192.16.153.0/24 maxlen: 24
192.150.58.0/23 maxlen: 23
192.150.60.0/22 maxlen: 22
192.150.64.0/22 maxlen: 22
192.150.68.0/23 maxlen: 23
192.150.78.0/23 maxlen: 23
192.150.80.0/23 maxlen: 23
193.44.0.0/15 maxlen: 15
194.16.0.0/15 maxlen: 15
194.18.0.0/16 maxlen: 16
194.22.0.0/15 maxlen: 15
194.218.0.0/16 maxlen: 16
194.236.0.0/15 maxlen: 15
195.67.0.0/16 maxlen: 16
195.198.0.0/16 maxlen: 16
195.252.32.0/19 maxlen: 19
212.28.192.0/19 maxlen: 19
212.181.0.0/16 maxlen: 16
213.64.0.0/14 maxlen: 14
217.208.0.0/13 maxlen: 13
Validation: Failed, certificate revoked on Thu 02 Jan 2025 09:49:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:fa:95:d3:e9:1e:7b:c7:18:7c:f4:cc:b7:79:f0:70:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: Sep 16 11:26:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=72bc3ca8c2a9c99cbede654ad44d8cd8fae93102
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:d5:4b:f2:6c:c1:5d:d1:cb:11:8d:a0:82:e4:
9f:a9:7e:56:16:0b:2b:fe:b1:b8:79:f1:f3:b8:1e:
21:5d:55:92:c9:bc:8c:96:e5:6d:e1:78:a9:e0:4d:
53:1a:72:37:9e:ab:63:e1:a9:1a:20:1b:7e:b5:58:
f6:b4:1c:14:8c:db:9a:83:38:ea:8c:60:e9:cd:0a:
6a:1a:78:71:93:5d:ff:be:38:c3:f1:ed:5c:9c:42:
7f:30:a1:ae:ee:b8:0d:ec:8e:00:f9:7c:8f:dd:d8:
42:60:00:60:82:58:fc:e2:54:39:71:0f:85:05:db:
c3:68:63:d7:9a:ec:99:1f:02:3d:dd:51:96:f4:bd:
c9:5d:88:83:c9:22:53:04:b6:01:87:6a:d3:b6:df:
15:82:83:a0:ee:e9:97:23:33:a6:04:17:08:fa:f4:
8d:be:b1:65:b3:c5:c7:50:ca:58:f2:31:f1:5c:65:
25:dd:13:db:24:85:d6:9f:bf:45:b9:94:d9:de:b7:
10:03:40:c8:97:a1:8d:cb:05:5e:fe:48:0b:f7:d8:
b6:be:fb:9d:f6:7f:43:68:e1:b9:46:e5:e0:33:fe:
e7:6f:42:08:78:e5:4f:33:06:49:97:30:50:eb:b6:
41:c9:ef:5b:e3:f0:4f:ea:48:ad:4b:af:c5:b8:ba:
8a:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:BC:3C:A8:C2:A9:C9:9C:BE:DE:65:4A:D4:4D:8C:D8:FA:E9:31:02
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/crw8qMKpyZy-3mVK1E2M2PrpMQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.248.0.0-2.255.191.255
62.20.0.0/16
77.110.0.0/18
78.64.0.0/12
81.224.0.0/12
82.214.0.0/18
85.11.0.0/18
90.224.0.0/12
92.254.128.0/17
95.109.0.0/17
95.192.0.0/12
185.103.208.0/22
188.126.224.0/19
192.16.152.0/23
192.150.58.0-192.150.69.255
192.150.78.0-192.150.81.255
193.44.0.0/15
194.16.0.0-194.18.255.255
194.22.0.0/15
194.218.0.0/16
194.236.0.0/15
195.67.0.0/16
195.198.0.0/16
195.252.32.0/19
212.28.192.0/19
212.181.0.0/16
213.64.0.0/14
217.208.0.0/13
Signature Algorithm: sha256WithRSAEncryption
64:39:31:0d:78:d5:15:4e:c7:0e:9e:2f:b2:52:d9:ff:fc:e1:
08:04:5b:08:98:1c:02:30:ca:f5:9c:f0:8d:25:40:88:03:43:
47:69:5a:57:5b:aa:75:53:ef:f2:e1:6c:7e:f2:88:72:cf:bd:
9e:09:34:6b:ee:d3:0d:c9:4e:c1:a1:45:e9:fa:b9:ea:2a:37:
dc:c9:18:81:18:b6:57:a1:f1:35:e4:fc:cc:e9:97:18:ee:75:
2d:4e:80:c4:83:08:6c:04:8d:76:44:bc:b3:76:52:ea:7c:86:
5d:af:e4:8a:f5:16:8b:7b:a5:8b:4a:0f:b0:93:06:63:99:19:
1e:36:ae:15:df:1f:3c:0c:a3:3a:5f:0e:a0:ce:33:4a:eb:3f:
5d:06:1b:4f:69:90:e8:1c:00:b4:99:9a:4a:f3:d4:30:2c:94:
aa:10:59:63:04:31:03:b9:3f:b4:9b:6d:8e:6e:12:36:1d:e5:
d5:0a:43:de:0d:3c:38:ec:86:26:b2:36:e7:7a:7e:9c:62:2f:
2e:8b:49:39:d1:fe:3f:4f:6d:2f:6d:42:82:93:af:52:d3:f9:
dc:74:79:4b:c9:8b:ec:d2:de:f1:06:75:c8:cc:6c:4a:f5:28:
b7:fd:4a:b0:11:82:60:21:bf:58:76:ef:ce:5b:36:20:a7:a1:
38:d3:07:b4
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgISAZH6ldPpHnvHGHz0zLd58HDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjQwOTE2MTEyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmJjM2NhOGMyYTljOTljYmVkZTY1NGFkNDRkOGNkOGZhZTkzMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9VL8mzBXdHLEY2gguSfqX5WFgsr
/rG4efHzuB4hXVWSybyMluVt4Xip4E1TGnI3nqtj4akaIBt+tVj2tBwUjNuagzjq
jGDpzQpqGnhxk13/vjjD8e1cnEJ/MKGu7rgN7I4A+XyP3dhCYABgglj84lQ5cQ+F
BdvDaGPXmuyZHwI93VGW9L3JXYiDySJTBLYBh2rTtt8VgoOg7umXIzOmBBcI+vSN
vrFls8XHUMpY8jHxXGUl3RPbJIXWn79FuZTZ3rcQA0DIl6GNywVe/kgL99i2vvud
9n9DaOG5RuXgM/7nb0IIeOVPMwZJlzBQ67ZBye9b4/BP6kitS6/FuLqKWQIDAQAB
o4ICvzCCArswHQYDVR0OBBYEFHK8PKjCqcmcvt5lStRNjNj66TECMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvY3J3OHFNS3B5WnktM21WSzFFMk0yUHJwTVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHUBggrBgEFBQcBBwEB/wSBxDCBwTCBvgQCAAEwgbcwCwMD
AwL4AwQGAv+AAwMAPhQDBAZNbgADAwROQAMDBFHgAwQGUtYAAwQGVQsAAwMEWuAD
BAdc/oADBAdfbQADAwRfwAMEArln0AMEBbx+4AMEAcAQmDAMAwQBwJY6AwQBwJZE
MAwDBAHAlk4DBAHAllADAwHBLDAKAwMEwhADAwDCEgMDAcIWAwMAwtoDAwHC7AMD
AMNDAwMAw8YDBAXD/CADBAXUHMADAwDUtQMDAtVAAwMD2dAwDQYJKoZIhvcNAQEL
BQADggEBAGQ5MQ141RVOxw6eL7JS2f/84QgEWwiYHAIwyvWc8I0lQIgDQ0dpWldb
qnVT7/LhbH7yiHLPvZ4JNGvu0w3JTsGhRen6ueoqN9zJGIEYtleh8TXk/Mzplxju
dS1OgMSDCGwEjXZEvLN2Uup8hl2v5Ir1Fot7pYtKD7CTBmOZGR42rhXfHzwMozpf
DqDOM0rrP10GG09pkOgcALSZmkrz1DAslKoQWWMEMQO5P7SbbY5uEjYd5dUKQ94N
PDjshiayNud6fpxiLy6LSTnR/j9PbS9tQoKTr1LT+dx0eUvJi+zS3vEGdcjMbEr1
KLf9SrARgmAhv1h2785bNiCnoTjTB7Q=
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:12:43 2025 by rpki-client