Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/BfgWPbVa8eEwc7x6BAphPWb9Ojw.roa
File: BfgWPbVa8eEwc7x6BAphPWb9Ojw.roa (raw, json)
Hash identifier: t1sLKb9MH/QXCJLkt8m52PdzHDJpmfJ1hbJe2o6+sGY=
Subject key identifier: 05:F8:16:3D:B5:5A:F1:E1:30:73:BC:7A:04:0A:61:3D:66:FD:3A:3C
Certificate issuer: /CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Certificate serial: 01905968304379DFD9D5334ED6C4B7ADF6AA
Authority key identifier: 52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/BfgWPbVa8eEwc7x6BAphPWb9Ojw.roa
Signing time: Thu 27 Jun 2024 11:15:18 +0000
ROA not before: Thu 27 Jun 2024 11:15:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 14670
IP address blocks: 65.181.111.0/24 maxlen: 24
190.92.168.0/22 maxlen: 24
190.92.172.0/24 maxlen: 24
190.92.173.0/24 maxlen: 24
192.243.110.0/24 maxlen: 24
192.250.225.0/24 maxlen: 24
192.250.231.0/24 maxlen: 24
193.30.117.0/24 maxlen: 24
195.250.24.0/24 maxlen: 24
195.250.26.0/24 maxlen: 24
199.103.58.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 15 Jul 2024 11:16:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:59:68:30:43:79:df:d9:d5:33:4e:d6:c4:b7:ad:f6:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52cd9a6512dbf25a5f19b827d7a2c7e22a2ee8dd
Validity
Not Before: Jun 27 11:15:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=05f8163db55af1e13073bc7a040a613d66fd3a3c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:4b:5c:16:05:12:ea:aa:94:79:7f:eb:31:59:
aa:ac:ed:8a:5f:6a:53:57:41:9f:2d:39:9e:29:79:
f3:d5:13:d6:7b:81:88:83:a0:59:50:06:6c:13:1a:
a1:18:85:4c:61:95:32:b7:97:a4:ae:df:75:32:8f:
68:9a:37:56:09:31:52:dd:a0:16:c8:88:7f:d0:dc:
b7:90:d2:4a:c5:97:56:53:7c:01:15:7c:95:98:6a:
06:c9:f1:dc:0d:ba:bb:5f:94:6f:16:d7:70:07:e9:
5f:64:bc:40:e9:81:1c:a8:9e:93:a6:21:f5:72:b7:
4f:fd:db:f2:85:ca:2e:79:c5:7c:e9:1d:11:7a:34:
09:1e:00:f4:39:2e:1c:4f:ac:4d:f5:5b:f4:b1:12:
98:2d:e8:5a:01:2d:12:84:43:4c:ef:66:63:ff:19:
86:2f:14:a8:03:13:b5:b6:9c:a3:99:4f:ba:66:05:
5b:4a:84:5d:2c:47:cd:26:65:54:4e:35:d5:32:ba:
ee:1e:0c:f3:bf:06:71:c6:00:4e:b7:ae:5c:c2:84:
3b:5d:4a:96:c1:d5:cb:ce:e3:68:15:fb:f9:d0:26:
36:92:9d:d6:92:98:2d:8b:6f:82:ed:04:82:88:2a:
ba:bb:5d:ba:20:28:c3:97:67:38:92:fa:83:14:97:
9d:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:F8:16:3D:B5:5A:F1:E1:30:73:BC:7A:04:0A:61:3D:66:FD:3A:3C
X509v3 Authority Key Identifier:
keyid:52:CD:9A:65:12:DB:F2:5A:5F:19:B8:27:D7:A2:C7:E2:2A:2E:E8:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Us2aZRLb8lpfGbgn16LH4iou6N0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/BfgWPbVa8eEwc7x6BAphPWb9Ojw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/2223ca-ce38-49bb-b125-cca37606bf18/1/Us2aZRLb8lpfGbgn16LH4iou6N0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
65.181.111.0/24
190.92.168.0-190.92.173.255
192.243.110.0/24
192.250.225.0/24
192.250.231.0/24
193.30.117.0/24
195.250.24.0/24
195.250.26.0/24
199.103.58.0/24
Signature Algorithm: sha256WithRSAEncryption
91:6c:3c:5f:f0:57:b4:36:41:34:04:29:4e:58:af:20:90:f8:
3d:dd:14:d1:16:74:91:39:c1:c7:5b:64:2e:6f:79:1e:51:23:
59:ad:29:50:2e:ee:a1:71:9b:01:9e:89:5a:d0:30:0b:58:47:
e2:da:0d:26:83:19:ea:e0:26:48:21:9f:47:97:4b:62:58:9c:
19:ed:6e:96:54:55:04:78:b2:77:1d:a5:f7:da:71:20:db:05:
e4:4f:8c:de:9a:a2:48:3d:65:57:27:88:81:b5:1c:7e:07:14:
07:ef:6c:7e:8a:9c:81:0f:60:54:75:9f:4a:86:21:8b:5e:6d:
7b:a0:a7:a1:ba:bd:e2:35:67:26:3e:01:0e:a8:d0:8f:b0:bd:
f0:ec:51:7c:c1:b7:8e:c4:5e:47:db:3b:e1:f6:28:71:69:85:
a7:32:f1:d4:f0:cb:bb:d5:13:5a:4a:bb:cb:58:a4:0d:2f:74:
a4:7c:1e:de:97:04:16:db:52:31:3c:f0:12:b7:50:2f:6f:a2:
a9:14:74:37:19:0d:d3:70:0e:5a:56:10:84:d9:5a:d6:d3:fb:
a2:af:cd:6f:09:cb:16:4c:09:e5:59:13:1c:c2:12:ee:9f:b0:
f9:75:2e:05:93:0a:6c:8c:46:1b:37:08:eb:98:6d:09:97:e5:
aa:bf:5e:53
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZBZaDBDed/Z1TNO1sS3rfaqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyY2Q5YTY1MTJkYmYyNWE1ZjE5YjgyN2Q3YTJjN2UyMmEy
ZWU4ZGQwHhcNMjQwNjI3MTExNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWY4MTYzZGI1NWFmMWUxMzA3M2JjN2EwNDBhNjEzZDY2ZmQzYTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuktcFgUS6qqUeX/rMVmqrO2KX2pT
V0GfLTmeKXnz1RPWe4GIg6BZUAZsExqhGIVMYZUyt5ekrt91Mo9omjdWCTFS3aAW
yIh/0Ny3kNJKxZdWU3wBFXyVmGoGyfHcDbq7X5RvFtdwB+lfZLxA6YEcqJ6TpiH1
crdP/dvyhcouecV86R0RejQJHgD0OS4cT6xN9Vv0sRKYLehaAS0ShENM72Zj/xmG
LxSoAxO1tpyjmU+6ZgVbSoRdLEfNJmVUTjXVMrruHgzzvwZxxgBOt65cwoQ7XUqW
wdXLzuNoFfv50CY2kp3Wkpgti2+C7QSCiCq6u126ICjDl2c4kvqDFJedTwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFAX4Fj21WvHhMHO8egQKYT1m/To8MB8GA1UdIwQY
MBaAFFLNmmUS2/JaXxm4J9eix+IqLujdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUt
Y2NhMzc2MDZiZjE4LzEvQmZnV1BiVmE4ZUV3Yzd4NkJBcGhQV2I5T2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8yMjIzY2EtY2UzOC00OWJiLWIxMjUtY2NhMzc2MDZiZjE4
LzEvVXMyYVpSTGI4bHBmR2JnbjE2TEg0aW91Nk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAQbVvMAwD
BAO+XKgDBAG+XKwDBADA824DBADA+uEDBADA+ucDBADBHnUDBADD+hgDBADD+hoD
BADHZzowDQYJKoZIhvcNAQELBQADggEBAJFsPF/wV7Q2QTQEKU5YryCQ+D3dFNEW
dJE5wcdbZC5veR5RI1mtKVAu7qFxmwGeiVrQMAtYR+LaDSaDGergJkghn0eXS2JY
nBntbpZUVQR4sncdpffacSDbBeRPjN6aokg9ZVcniIG1HH4HFAfvbH6KnIEPYFR1
n0qGIYtebXugp6G6veI1ZyY+AQ6o0I+wvfDsUXzBt47EXkfbO+H2KHFphacy8dTw
y7vVE1pKu8tYpA0vdKR8Ht6XBBbbUjE88BK3UC9voqkUdDcZDdNwDlpWEITZWtbT
+6KvzW8JyxZMCeVZExzCEu6fsPl1LgWTCmyMRhs3COuYbQmX5aq/XlM=
-----END CERTIFICATE-----
Generated at Mon Apr 7 14:21:21 2025 by rpki-client