Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/Lt0kUGcFBvFHNX7YcP0NNgt2BZc.roa
File: Lt0kUGcFBvFHNX7YcP0NNgt2BZc.roa (raw, json)
Hash identifier: ge7EpYh6ER4tMZDWgbLD772g4lvszoa2OZNKMdgl3nY=
Subject key identifier: 2E:DD:24:50:67:05:06:F1:47:35:7E:D8:70:FD:0D:36:0B:76:05:97
Certificate issuer: /CN=2bc8695772f0e64f3b9a1621733cc02506f74702
Certificate serial: 018570CBCD9E86CCF866C117DEB18CBA3CEC
Authority key identifier: 2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/Lt0kUGcFBvFHNX7YcP0NNgt2BZc.roa
Signing time: Mon 02 Jan 2023 04:44:42 +0000
ROA not before: Mon 02 Jan 2023 04:44:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35732
IP address blocks: 91.188.209.0/24 maxlen: 24
91.188.210.0/24 maxlen: 24
91.188.211.0/24 maxlen: 24
91.188.208.80/28 maxlen: 28
91.188.208.0/24 maxlen: 24
2a0f:b1c2:1::/48 maxlen: 48
2a0f:b1c2:3::/48 maxlen: 48
2a0f:b1c1::/32 maxlen: 32
2a0f:b1c2::/48 maxlen: 48
2a0f:b1c0::/32 maxlen: 32
2a0f:b1c2:2::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 01 Jan 2024 14:29:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:cb:cd:9e:86:cc:f8:66:c1:17:de:b1:8c:ba:3c:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2bc8695772f0e64f3b9a1621733cc02506f74702
Validity
Not Before: Jan 2 04:44:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2edd2450670506f147357ed870fd0d360b760597
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:f3:f5:ff:4c:b5:39:b7:e7:2b:6b:d9:dd:42:
ab:01:bd:de:2e:be:46:10:d7:89:70:f3:c6:d2:a1:
7a:f4:64:f0:9b:36:06:04:ab:52:f0:75:7c:09:1b:
e7:88:5b:e2:b0:1b:71:06:d7:ee:f6:bc:0e:18:0c:
14:6d:8d:f3:22:24:a6:7b:20:62:cc:15:b8:eb:30:
36:b0:0b:f2:2e:3e:42:77:e3:84:98:4a:54:5f:78:
04:d0:aa:1c:e8:42:d0:ef:bd:cf:85:7b:58:f6:cb:
1f:14:97:24:d1:1f:40:1b:29:2f:e7:d6:9e:9a:3d:
ff:15:aa:99:23:21:f7:81:9f:f9:b5:18:1f:98:23:
0f:e2:61:52:b0:4a:6f:04:a0:88:db:e7:28:d4:54:
7d:23:af:8d:38:4b:15:2c:64:bb:0d:fb:6c:33:0f:
96:04:48:49:42:2b:cd:ba:f9:fb:ab:4e:52:c3:eb:
92:2e:e8:50:ce:51:53:5d:18:7d:30:a5:6e:bb:21:
b2:1c:36:db:ff:95:4e:e7:bc:94:de:89:19:04:54:
f3:a0:37:8b:e7:95:c1:2b:32:91:e8:5c:e9:9b:ae:
59:0a:34:c3:b8:ef:7a:2b:91:8c:69:6d:01:b8:56:
4d:c2:c3:e1:9a:6b:df:1d:74:0c:47:6e:df:f3:fa:
aa:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:DD:24:50:67:05:06:F1:47:35:7E:D8:70:FD:0D:36:0B:76:05:97
X509v3 Authority Key Identifier:
keyid:2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/Lt0kUGcFBvFHNX7YcP0NNgt2BZc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.188.208.0/22
IPv6:
2a0f:b1c0::-2a0f:b1c2:3:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
6a:f6:17:ea:76:67:91:58:76:f6:6c:ea:63:91:c4:7b:85:c1:
d0:08:b0:54:b7:7e:4c:42:01:bb:e2:93:0b:0d:0e:66:aa:27:
9f:38:5c:06:05:d4:19:15:89:a6:54:68:c4:72:ef:b2:f4:72:
a2:9a:92:d5:7e:4f:36:d6:c1:5f:eb:44:9f:6c:e7:4f:d2:9e:
a9:8d:c1:bc:0a:79:f7:cd:a3:ae:e8:56:87:b6:1a:2f:ec:ad:
0b:58:b0:cc:9a:3a:de:f7:5e:da:8f:a9:67:b3:64:40:18:b1:
45:c4:ef:48:5e:aa:04:87:11:1a:4b:19:43:5b:d8:b8:62:e3:
e0:e7:49:7a:0a:70:5e:b0:cc:13:f0:d2:fc:d6:97:e3:3b:4e:
e8:ae:ec:ca:06:8f:b3:ef:bc:4a:4a:61:7d:53:08:6b:40:9e:
c9:40:4a:3a:4f:6b:0c:b0:5f:e7:22:da:bc:13:79:01:dd:f6:
ea:de:99:48:21:17:88:5e:63:32:3d:60:e6:ed:a7:0b:e2:06:
51:f4:03:8e:53:2c:12:e2:b2:bd:b2:14:14:08:c7:be:cd:b8:
92:a5:11:31:22:8c:a7:21:74:a9:a4:d4:b8:2a:50:12:cc:b5:
9d:a7:98:97:9f:e2:21:32:6b:ef:87:a9:f5:6d:17:26:38:7f:
8e:b4:85:c8
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYVwy82ehsz4ZsEX3rGMujzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYzg2OTU3NzJmMGU2NGYzYjlhMTYyMTczM2NjMDI1MDZm
NzQ3MDIwHhcNMjMwMTAyMDQ0NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWRkMjQ1MDY3MDUwNmYxNDczNTdlZDg3MGZkMGQzNjBiNzYwNTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPP1/0y1ObfnK2vZ3UKrAb3eLr5G
ENeJcPPG0qF69GTwmzYGBKtS8HV8CRvniFvisBtxBtfu9rwOGAwUbY3zIiSmeyBi
zBW46zA2sAvyLj5Cd+OEmEpUX3gE0Koc6ELQ773PhXtY9ssfFJck0R9AGykv59ae
mj3/FaqZIyH3gZ/5tRgfmCMP4mFSsEpvBKCI2+co1FR9I6+NOEsVLGS7DftsMw+W
BEhJQivNuvn7q05Sw+uSLuhQzlFTXRh9MKVuuyGyHDbb/5VO57yU3okZBFTzoDeL
55XBKzKR6Fzpm65ZCjTDuO96K5GMaW0BuFZNwsPhmmvfHXQMR27f8/qqtQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFC7dJFBnBQbxRzV+2HD9DTYLdgWXMB8GA1UdIwQY
MBaAFCvIaVdy8OZPO5oWIXM8wCUG90cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzhocFYzTHc1azg3bWhZaGN6ekFKUWIzUndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9jYmZhOWItMDI5MS00OGUzLTgwNWMt
NDNkNjZhMDMzMWVjLzEvTHQwa1VHY0ZCdkZITlg3WWNQME5OZ3QyQlpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9jYmZhOWItMDI5MS00OGUzLTgwNWMtNDNkNjZhMDMzMWVj
LzEvSzhocFYzTHc1azg3bWhZaGN6ekFKUWIzUndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQCW7zQMBgE
AgACMBIwEAMFBioPscADBwIqD7HCAAAwDQYJKoZIhvcNAQELBQADggEBAGr2F+p2
Z5FYdvZs6mORxHuFwdAIsFS3fkxCAbvikwsNDmaqJ584XAYF1BkViaZUaMRy77L0
cqKaktV+TzbWwV/rRJ9s50/SnqmNwbwKeffNo67oVoe2Gi/srQtYsMyaOt73XtqP
qWezZEAYsUXE70heqgSHERpLGUNb2Lhi4+DnSXoKcF6wzBPw0vzWl+M7Tuiu7MoG
j7PvvEpKYX1TCGtAnslASjpPawywX+ci2rwTeQHd9uremUghF4heYzI9YObtpwvi
BlH0A45TLBLisr2yFBQIx77NuJKlETEijKchdKmk1LgqUBLMtZ2nmJef4iEya++H
qfVtFyY4f460hcg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:25 2024 by rpki-client on console-ams.rpki-client.org