Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/2ZpXRGqYeCEbZrs0M3mMnVzax2w.roa
File: 2ZpXRGqYeCEbZrs0M3mMnVzax2w.roa (raw, json)
Hash identifier: /QQsDEvlAnfP7NdFYT4trmfTvJclB3QAVZwCtlww97Q=
Subject key identifier: D9:9A:57:44:6A:98:78:21:1B:66:BB:34:33:79:8C:9D:5C:DA:C7:6C
Certificate issuer: /CN=93202129969576ce357fae26c9c7cf98a8250ea6
Certificate serial: 018E04C737947F49D627E8398D7CDAEC0674
Authority key identifier: 93:20:21:29:96:95:76:CE:35:7F:AE:26:C9:C7:CF:98:A8:25:0E:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kyAhKZaVds41f64mycfPmKglDqY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/2ZpXRGqYeCEbZrs0M3mMnVzax2w.roa
Signing time: Sun 03 Mar 2024 14:45:48 +0000
ROA not before: Sun 03 Mar 2024 14:45:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6677
IP address blocks: 31.209.192.0/18 maxlen: 18
85.220.0.0/17 maxlen: 17
157.157.0.0/16 maxlen: 16
157.157.2.0/24 maxlen: 24
157.157.4.0/24 maxlen: 24
157.157.136.0/24 maxlen: 24
192.147.34.0/24 maxlen: 24
194.105.224.0/19 maxlen: 19
194.105.224.0/24 maxlen: 24
212.30.192.0/19 maxlen: 19
213.167.128.0/19 maxlen: 19
213.167.150.0/24 maxlen: 24
213.167.152.0/24 maxlen: 24
2001:1a98::/29 maxlen: 29
2001:1a98::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 24 Apr 2024 15:41:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:04:c7:37:94:7f:49:d6:27:e8:39:8d:7c:da:ec:06:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=93202129969576ce357fae26c9c7cf98a8250ea6
Validity
Not Before: Mar 3 14:45:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d99a57446a9878211b66bb3433798c9d5cdac76c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:64:e3:62:0b:b6:7e:be:7a:23:de:af:5b:85:
92:3f:b7:75:1e:41:2b:3a:48:a8:1b:4d:4c:f8:b3:
24:86:39:e4:cb:40:cd:4c:b1:d5:21:38:a6:13:44:
fc:6b:0e:b8:89:e7:b7:2b:b4:95:8b:3f:28:b6:20:
13:3c:b4:6c:1a:fc:0f:0b:e5:69:2e:93:f1:48:62:
be:30:a0:ee:d2:da:89:3b:b8:d8:12:a5:72:ce:16:
fc:e7:12:c3:3d:d4:52:33:e6:43:65:a8:a7:4b:16:
09:e2:e8:10:ae:3a:5c:f5:03:b2:d4:02:46:a8:fc:
f2:05:9a:b5:c8:c2:a5:cf:fc:8d:0f:70:88:dc:2f:
ae:04:ba:b2:b5:31:38:30:9a:ed:a7:2a:da:55:24:
38:70:89:5e:87:6a:47:6d:0e:b6:96:11:78:8f:30:
10:af:52:55:ab:35:6a:9b:61:16:8b:e8:ad:e3:45:
95:04:54:d7:a6:e8:f7:fa:4c:a0:42:28:c0:c5:b6:
3b:ce:7b:a7:72:56:01:09:ca:62:04:a4:1e:86:32:
45:f6:f3:54:6e:43:c7:e3:d2:bf:80:a8:ba:ba:6b:
50:7b:6d:f7:df:d0:ba:aa:d4:a9:d1:dc:86:19:97:
c1:72:ae:7d:77:f3:94:57:e9:10:80:f3:1e:52:12:
fd:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:9A:57:44:6A:98:78:21:1B:66:BB:34:33:79:8C:9D:5C:DA:C7:6C
X509v3 Authority Key Identifier:
keyid:93:20:21:29:96:95:76:CE:35:7F:AE:26:C9:C7:CF:98:A8:25:0E:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kyAhKZaVds41f64mycfPmKglDqY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/2ZpXRGqYeCEbZrs0M3mMnVzax2w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/d6e796-0e14-45b1-9cf3-5ad58abfbb1f/1/kyAhKZaVds41f64mycfPmKglDqY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.209.192.0/18
85.220.0.0/17
157.157.0.0/16
192.147.34.0/24
194.105.224.0/19
212.30.192.0/19
213.167.128.0/19
IPv6:
2001:1a98::/29
Signature Algorithm: sha256WithRSAEncryption
78:82:01:27:73:91:9e:49:ce:fc:6f:d4:03:39:09:bc:04:22:
94:40:dd:7f:50:52:d4:84:53:1f:11:ce:df:c2:93:53:9b:89:
cb:23:8d:a4:0d:b0:a7:73:37:67:6d:e3:28:76:27:d1:1b:03:
28:f5:96:83:9f:33:76:7a:39:ef:6b:f6:1a:95:34:05:5b:1c:
62:37:41:73:6d:48:5f:b6:b8:cb:42:5c:9c:70:8a:06:c5:96:
e5:68:54:bb:9d:b6:8d:31:93:37:a9:85:d6:e6:9f:d0:87:09:
61:4b:71:33:b9:f8:34:21:e0:2a:d2:fd:f5:23:e5:e0:f2:1e:
90:71:4c:dd:cd:ff:27:f2:c9:36:02:26:eb:c2:e0:a3:de:f2:
9d:0e:b1:39:0e:77:ec:f5:b4:9a:5a:b8:ac:bd:e3:4c:fa:89:
f9:e2:48:b2:48:6e:2a:b8:3b:ab:17:ca:70:58:40:ca:53:b5:
8b:d7:f6:ab:34:67:d3:16:de:93:24:88:5f:7a:0a:96:bc:0c:
ed:ad:d4:3f:91:dc:b2:5b:23:cb:26:e5:f2:1b:2f:57:ad:af:
cc:e6:9a:19:60:33:05:69:bf:f5:f1:f0:39:d3:84:af:c9:b0:
a4:8d:71:f2:0b:b6:19:9a:fb:8d:f4:4d:4b:d4:d5:68:1f:f0:
f3:fc:e9:11
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY4ExzeUf0nWJ+g5jXza7AZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMjAyMTI5OTY5NTc2Y2UzNTdmYWUyNmM5YzdjZjk4YTgy
NTBlYTYwHhcNMjQwMzAzMTQ0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTlhNTc0NDZhOTg3ODIxMWI2NmJiMzQzMzc5OGM5ZDVjZGFjNzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWTjYgu2fr56I96vW4WSP7d1HkEr
OkioG01M+LMkhjnky0DNTLHVITimE0T8aw64iee3K7SViz8otiATPLRsGvwPC+Vp
LpPxSGK+MKDu0tqJO7jYEqVyzhb85xLDPdRSM+ZDZainSxYJ4ugQrjpc9QOy1AJG
qPzyBZq1yMKlz/yND3CI3C+uBLqytTE4MJrtpyraVSQ4cIleh2pHbQ62lhF4jzAQ
r1JVqzVqm2EWi+it40WVBFTXpuj3+kygQijAxbY7znunclYBCcpiBKQehjJF9vNU
bkPH49K/gKi6umtQe23339C6qtSp0dyGGZfBcq59d/OUV+kQgPMeUhL9ewIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNmaV0RqmHghG2a7NDN5jJ1c2sdsMB8GA1UdIwQY
MBaAFJMgISmWlXbONX+uJsnHz5ioJQ6mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3lBaEtaYVZkczQxZjY0bXljZlBtS2dsRHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9kNmU3OTYtMGUxNC00NWIxLTljZjMt
NWFkNThhYmZiYjFmLzEvMlpwWFJHcVllQ0ViWnJzME0zbU1uVnpheDJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9kNmU3OTYtMGUxNC00NWIxLTljZjMtNWFkNThhYmZiYjFm
LzEva3lBaEtaYVZkczQxZjY0bXljZlBtS2dsRHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAvBAIAATApAwQGH9HAAwQH
VdwAAwMAnZ0DBADAkyIDBAXCaeADBAXUHsADBAXVp4AwDQQCAAIwBwMFAyABGpgw
DQYJKoZIhvcNAQELBQADggEBAHiCASdzkZ5Jzvxv1AM5CbwEIpRA3X9QUtSEUx8R
zt/Ck1ObicsjjaQNsKdzN2dt4yh2J9EbAyj1loOfM3Z6Oe9r9hqVNAVbHGI3QXNt
SF+2uMtCXJxwigbFluVoVLudto0xkzephdbmn9CHCWFLcTO5+DQh4CrS/fUj5eDy
HpBxTN3N/yfyyTYCJuvC4KPe8p0OsTkOd+z1tJpauKy940z6ifniSLJIbiq4O6sX
ynBYQMpTtYvX9qs0Z9MW3pMkiF96Cpa8DO2t1D+R3LJbI8sm5fIbL1etr8zmmhlg
MwVpv/Xx8DnThK/JsKSNcfILthma+430TUvU1Wgf8PP86RE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:53 2024 by rpki-client on console-ams.rpki-client.org