Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8b05bf-33f1-4b5b-88a4-1673ad8c4012/1/68ngwDJhzqhYnG43l3w5ajrnHbQ.roa
File: 68ngwDJhzqhYnG43l3w5ajrnHbQ.roa (raw, json)
Hash identifier: TRRXYgCNckjIkX/FcRh63crYs/Q8wBPdo6Iz8frDYDg=
Subject key identifier: EB:C9:E0:C0:32:61:CE:A8:58:9C:6E:37:97:7C:39:6A:3A:E7:1D:B4
Certificate issuer: /CN=cd68f7a391b7b1649ed4903482d3e931ed34e3d8
Certificate serial: 018CC500D298FBB52739EB033DBFF1F0C0ED
Authority key identifier: CD:68:F7:A3:91:B7:B1:64:9E:D4:90:34:82:D3:E9:31:ED:34:E3:D8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zWj3o5G3sWSe1JA0gtPpMe0049g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/8b05bf-33f1-4b5b-88a4-1673ad8c4012/1/68ngwDJhzqhYnG43l3w5ajrnHbQ.roa
Signing time: Mon 01 Jan 2024 12:30:14 +0000
ROA not before: Mon 01 Jan 2024 12:30:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39869
IP address blocks: 89.107.152.0/21 maxlen: 21
31.6.64.0/21 maxlen: 21
185.24.216.0/22 maxlen: 22
178.19.96.0/20 maxlen: 20
212.59.224.0/19 maxlen: 19
185.230.108.0/22 maxlen: 22
91.188.96.0/19 maxlen: 19
2a02:2430::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 01 Jan 2025 23:48:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:d2:98:fb:b5:27:39:eb:03:3d:bf:f1:f0:c0:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd68f7a391b7b1649ed4903482d3e931ed34e3d8
Validity
Not Before: Jan 1 12:30:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ebc9e0c03261cea8589c6e37977c396a3ae71db4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:2f:e7:6a:0e:01:c3:c6:ce:fd:58:f8:12:72:
0e:08:cc:0a:6c:74:55:7d:8e:e8:79:a1:f6:3e:18:
9f:d5:90:ca:66:bf:91:f5:fc:49:fd:20:36:a7:1f:
80:06:9f:16:88:15:e8:5f:a5:1d:f4:f3:2d:e7:ce:
0b:56:d3:aa:d2:d4:b7:c2:a9:1c:b9:9e:47:87:0a:
6d:b8:04:ad:45:cf:dc:86:31:b6:eb:5d:72:59:b0:
ea:8d:f1:d3:d8:1e:66:2c:12:94:54:12:8c:1e:46:
79:70:0a:71:94:b8:33:15:1d:c6:f1:6c:ff:e6:3b:
da:ee:01:19:09:e3:9d:51:f2:3f:01:80:c5:9d:42:
78:f4:7c:88:81:1e:69:ae:0c:6e:b3:f4:aa:0c:df:
26:1e:10:48:66:99:85:29:84:2a:6a:2b:86:1c:57:
0f:b4:95:05:21:09:a4:d3:0d:68:cf:8a:ef:f1:6d:
32:30:1d:55:1e:d2:52:bb:8d:a1:0a:bd:16:1c:8d:
8e:44:17:76:e5:f0:da:b3:65:d9:f6:74:e0:32:94:
2d:a2:8a:5e:4a:5a:8a:59:1c:76:2c:3e:a1:44:de:
d0:fd:6d:8e:2e:02:e9:74:c9:7b:5e:6e:a3:5e:16:
f8:a5:29:85:98:fb:bd:d0:2c:ff:07:5f:d1:82:f4:
88:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:C9:E0:C0:32:61:CE:A8:58:9C:6E:37:97:7C:39:6A:3A:E7:1D:B4
X509v3 Authority Key Identifier:
keyid:CD:68:F7:A3:91:B7:B1:64:9E:D4:90:34:82:D3:E9:31:ED:34:E3:D8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zWj3o5G3sWSe1JA0gtPpMe0049g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8b05bf-33f1-4b5b-88a4-1673ad8c4012/1/68ngwDJhzqhYnG43l3w5ajrnHbQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8b05bf-33f1-4b5b-88a4-1673ad8c4012/1/zWj3o5G3sWSe1JA0gtPpMe0049g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.6.64.0/21
89.107.152.0/21
91.188.96.0/19
178.19.96.0/20
185.24.216.0/22
185.230.108.0/22
212.59.224.0/19
IPv6:
2a02:2430::/32
Signature Algorithm: sha256WithRSAEncryption
a1:ec:53:6f:3a:fd:2e:21:a7:09:7e:98:6b:fc:e4:2d:9a:d3:
45:0a:1c:9c:1b:93:06:93:84:7c:b9:c8:95:05:4f:f0:bd:d4:
e1:63:c1:11:aa:0e:da:b9:98:b1:b3:a0:7e:ed:e9:82:0f:dd:
9e:03:17:d6:71:b7:01:0c:48:81:b8:bd:c7:e4:92:c5:3a:33:
3f:84:f9:48:ed:76:02:63:f5:0d:a3:32:a6:60:ac:38:fb:31:
3f:3e:64:45:d4:47:65:69:c4:8f:5d:bc:20:50:68:64:00:31:
f7:c2:e7:20:dc:1d:f4:e4:29:aa:19:a1:2f:73:01:9c:c9:02:
51:57:34:e8:6e:e3:c0:91:72:9e:ad:ba:0e:c8:95:08:c1:cc:
4d:f0:22:ee:1a:22:ae:0c:7c:f8:29:84:35:33:ef:f8:5a:d6:
21:0e:56:ce:10:2a:5a:5c:b3:da:da:a5:ef:3c:39:31:1f:e9:
74:83:4c:ac:fb:de:28:73:ec:9b:bc:96:26:35:7b:16:ef:a0:
dc:88:74:73:67:e8:d6:59:66:43:6b:a5:35:3d:86:ad:3e:fd:
74:69:6a:99:2c:61:8b:6c:55:74:e9:b7:30:bf:f5:08:d1:fc:
23:c3:99:9f:82:d2:6b:bf:e6:1e:c5:7a:e7:03:b9:3b:4b:9e:
9d:e8:8c:f6
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzFANKY+7UnOesDPb/x8MDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNjhmN2EzOTFiN2IxNjQ5ZWQ0OTAzNDgyZDNlOTMxZWQz
NGUzZDgwHhcNMjQwMTAxMTIzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmM5ZTBjMDMyNjFjZWE4NTg5YzZlMzc5NzdjMzk2YTNhZTcxZGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlS/nag4Bw8bO/Vj4EnIOCMwKbHRV
fY7oeaH2Phif1ZDKZr+R9fxJ/SA2px+ABp8WiBXoX6Ud9PMt584LVtOq0tS3wqkc
uZ5HhwptuAStRc/chjG2611yWbDqjfHT2B5mLBKUVBKMHkZ5cApxlLgzFR3G8Wz/
5jva7gEZCeOdUfI/AYDFnUJ49HyIgR5prgxus/SqDN8mHhBIZpmFKYQqaiuGHFcP
tJUFIQmk0w1oz4rv8W0yMB1VHtJSu42hCr0WHI2ORBd25fDas2XZ9nTgMpQtoope
SlqKWRx2LD6hRN7Q/W2OLgLpdMl7Xm6jXhb4pSmFmPu90Cz/B1/RgvSIRwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFOvJ4MAyYc6oWJxuN5d8OWo65x20MB8GA1UdIwQY
MBaAFM1o96ORt7FkntSQNILT6THtNOPYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveldqM281RzNzV1NlMUpBMGd0UHBNZTAwNDlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84YjA1YmYtMzNmMS00YjViLTg4YTQt
MTY3M2FkOGM0MDEyLzEvNjhuZ3dESmh6cWhZbkc0M2wzdzVhanJuSGJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84YjA1YmYtMzNmMS00YjViLTg4YTQtMTY3M2FkOGM0MDEy
LzEveldqM281RzNzV1NlMUpBMGd0UHBNZTAwNDlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDHwZAAwQD
WWuYAwQFW7xgAwQEshNgAwQCuRjYAwQCueZsAwQF1DvgMA0EAgACMAcDBQAqAiQw
MA0GCSqGSIb3DQEBCwUAA4IBAQCh7FNvOv0uIacJfphr/OQtmtNFChycG5MGk4R8
uciVBU/wvdThY8ERqg7auZixs6B+7emCD92eAxfWcbcBDEiBuL3H5JLFOjM/hPlI
7XYCY/UNozKmYKw4+zE/PmRF1EdlacSPXbwgUGhkADH3wucg3B305CmqGaEvcwGc
yQJRVzTobuPAkXKerboOyJUIwcxN8CLuGiKuDHz4KYQ1M+/4WtYhDlbOECpaXLPa
2qXvPDkxH+l0g0ys+94oc+ybvJYmNXsW76DciHRzZ+jWWWZDa6U1PYatPv10aWqZ
LGGLbFV06bcwv/UI0fwjw5mfgtJrv+YexXrnA7k7S56d6Iz2
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:12:31 2025 by rpki-client