Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/NwZExwiw5Ysma2iL6ErE1vsH6kU.roa
File: NwZExwiw5Ysma2iL6ErE1vsH6kU.roa (raw, json)
Hash identifier: A7vFS5hF7maYi9h/kabhuI7fyJkurWtH1UoG5VNxQjI=
Subject key identifier: 37:06:44:C7:08:B0:E5:8B:26:6B:68:8B:E8:4A:C4:D6:FB:07:EA:45
Certificate issuer: /CN=e916dc9db4e49de71b2fd0819dae853aeb053b06
Certificate serial: 018CCB98CF2979214E4EB01ED4E7C931CA1D
Authority key identifier: E9:16:DC:9D:B4:E4:9D:E7:1B:2F:D0:81:9D:AE:85:3A:EB:05:3B:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6RbcnbTknecbL9CBna6FOusFOwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/NwZExwiw5Ysma2iL6ErE1vsH6kU.roa
Signing time: Tue 02 Jan 2024 19:13:58 +0000
ROA not before: Tue 02 Jan 2024 19:13:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 216129
IP address blocks: 202.181.188.0/24 maxlen: 24
107.161.154.0/24 maxlen: 24
199.83.103.0/24 maxlen: 24
2a13:d200:7::/48 maxlen: 48
2a13:d200::/29 maxlen: 29
2a13:d200:8::/48 maxlen: 48
2a13:d200:6::/48 maxlen: 48
2a13:d200:9::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 08 Jan 2024 17:28:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:cb:98:cf:29:79:21:4e:4e:b0:1e:d4:e7:c9:31:ca:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e916dc9db4e49de71b2fd0819dae853aeb053b06
Validity
Not Before: Jan 2 19:13:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=370644c708b0e58b266b688be84ac4d6fb07ea45
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:b2:99:5c:46:d6:36:b6:40:10:6f:c5:b1:f9:
61:71:c8:49:80:6c:a8:d1:5f:4c:f1:0a:a7:4d:16:
e8:0f:e4:88:64:3a:3b:41:73:10:26:8c:de:19:2f:
84:94:34:a6:0c:74:1f:c0:2a:0b:8b:48:92:6e:b2:
4c:4c:f7:6d:18:0b:a9:e9:a5:3b:57:39:81:00:17:
e4:71:f3:0f:80:ca:54:9a:c3:31:28:7d:83:e3:1d:
e3:5d:13:de:51:8c:77:0e:d8:77:68:33:d7:e0:21:
9b:8a:df:26:fa:25:3f:f2:22:c8:11:a5:3a:e4:49:
c7:b0:65:6e:40:c3:b3:f9:e1:9c:e5:cb:f5:aa:85:
b2:cc:cf:b5:f7:0c:be:15:fd:82:12:5d:46:94:52:
82:78:65:04:11:11:46:78:40:1c:91:c5:17:2b:c8:
02:65:ab:4c:aa:67:12:ec:b0:05:3e:f6:52:eb:8c:
12:37:c4:45:af:43:b2:2d:12:00:62:16:73:94:36:
3f:05:0c:96:87:81:8a:8e:52:62:20:47:77:7f:de:
83:9e:1d:7a:4b:73:51:d7:00:b5:24:fd:fe:0c:94:
d6:fe:e5:60:8d:15:e8:e5:e5:f5:1d:f9:c1:ba:b6:
e8:19:9c:39:04:91:60:d4:71:b1:b8:bc:fa:fa:35:
c4:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:06:44:C7:08:B0:E5:8B:26:6B:68:8B:E8:4A:C4:D6:FB:07:EA:45
X509v3 Authority Key Identifier:
keyid:E9:16:DC:9D:B4:E4:9D:E7:1B:2F:D0:81:9D:AE:85:3A:EB:05:3B:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6RbcnbTknecbL9CBna6FOusFOwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/NwZExwiw5Ysma2iL6ErE1vsH6kU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/1af4a5-0d6c-4776-be5c-be852f644201/1/6RbcnbTknecbL9CBna6FOusFOwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
107.161.154.0/24
199.83.103.0/24
202.181.188.0/24
IPv6:
2a13:d200::/29
Signature Algorithm: sha256WithRSAEncryption
05:a9:87:b3:09:26:ba:25:07:5a:f5:9f:da:17:d5:22:3b:6a:
03:4d:65:e6:7a:62:4d:2b:d1:86:e4:2a:b6:92:62:50:98:39:
50:d4:03:ee:a0:49:f7:b6:5f:11:c3:67:ee:2c:5c:df:4c:c4:
49:5c:e0:6f:f7:fb:1c:f6:86:62:2f:5f:3c:af:40:86:c2:68:
b7:7f:75:ac:69:15:be:c4:fd:a2:3b:96:16:5b:9e:3c:0f:50:
1f:00:7a:6c:78:18:bc:7e:6a:27:f2:bb:23:0d:6c:43:c1:1f:
61:24:bf:23:2b:04:0c:11:da:a5:81:eb:54:3c:de:0d:72:ba:
57:74:6b:d2:38:1b:4b:8e:4d:8a:b1:e4:81:90:69:ff:f1:1c:
6d:ee:7c:67:e2:5c:23:bd:bb:6d:d5:9d:03:e2:d1:b7:f3:fa:
0b:35:ae:23:5f:01:b9:1d:e8:c5:25:1f:ae:f9:7b:65:d3:6d:
32:cf:4b:bb:93:5c:29:6c:df:2c:87:d2:f0:0a:e9:c5:d1:08:
a7:05:8c:0b:ae:e7:8d:77:75:29:bf:bc:b9:b0:47:8a:36:ac:
7e:94:4b:2f:11:a7:53:dc:c9:e3:3f:08:8a:b7:01:2b:a6:5f:
a1:1f:7a:40:22:d8:73:b8:3b:b4:01:3b:df:14:2b:57:f4:7e:
19:ee:b7:bd
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzLmM8peSFOTrAe1OfJMcodMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MTZkYzlkYjRlNDlkZTcxYjJmZDA4MTlkYWU4NTNhZWIw
NTNiMDYwHhcNMjQwMTAyMTkxMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzA2NDRjNzA4YjBlNThiMjY2YjY4OGJlODRhYzRkNmZiMDdlYTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7KZXEbWNrZAEG/FsflhcchJgGyo
0V9M8QqnTRboD+SIZDo7QXMQJozeGS+ElDSmDHQfwCoLi0iSbrJMTPdtGAup6aU7
VzmBABfkcfMPgMpUmsMxKH2D4x3jXRPeUYx3Dth3aDPX4CGbit8m+iU/8iLIEaU6
5EnHsGVuQMOz+eGc5cv1qoWyzM+19wy+Ff2CEl1GlFKCeGUEERFGeEAckcUXK8gC
ZatMqmcS7LAFPvZS64wSN8RFr0OyLRIAYhZzlDY/BQyWh4GKjlJiIEd3f96Dnh16
S3NR1wC1JP3+DJTW/uVgjRXo5eX1HfnBurboGZw5BJFg1HGxuLz6+jXEOQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDcGRMcIsOWLJmtoi+hKxNb7B+pFMB8GA1UdIwQY
MBaAFOkW3J205J3nGy/QgZ2uhTrrBTsGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlJiY25iVGtuZWNiTDlDQm5hNkZPdXNGT3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8xYWY0YTUtMGQ2Yy00Nzc2LWJlNWMt
YmU4NTJmNjQ0MjAxLzEvTndaRXh3aXc1WXNtYTJpTDZFckUxdnNINmtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8xYWY0YTUtMGQ2Yy00Nzc2LWJlNWMtYmU4NTJmNjQ0MjAx
LzEvNlJiY25iVGtuZWNiTDlDQm5hNkZPdXNGT3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAa6GaAwQA
x1NnAwQAyrW8MA0EAgACMAcDBQMqE9IAMA0GCSqGSIb3DQEBCwUAA4IBAQAFqYez
CSa6JQda9Z/aF9UiO2oDTWXmemJNK9GG5Cq2kmJQmDlQ1APuoEn3tl8Rw2fuLFzf
TMRJXOBv9/sc9oZiL188r0CGwmi3f3WsaRW+xP2iO5YWW548D1AfAHpseBi8fmon
8rsjDWxDwR9hJL8jKwQMEdqlgetUPN4NcrpXdGvSOBtLjk2KseSBkGn/8Rxt7nxn
4lwjvbtt1Z0D4tG38/oLNa4jXwG5HejFJR+u+Xtl020yz0u7k1wpbN8sh9LwCunF
0QinBYwLrueNd3Upv7y5sEeKNqx+lEsvEadT3MnjPwiKtwErpl+hH3pAIthzuDu0
ATvfFCtX9H4Z7re9
-----END CERTIFICATE-----
Generated at Mon Jan 8 20:35:26 2024 by rpki-client on console-ams.rpki-client.org