Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/896a48-dca4-4d23-8f07-8754a1c9060b/1/rz3SXWeko3RS78sSXk2HPCUyYBY.roa
File: rz3SXWeko3RS78sSXk2HPCUyYBY.roa (raw, json)
Hash identifier: 6XQcrMWqxW8IDVD+5VBV6fOKJjIPnlirqifnnPbSVaY=
Subject key identifier: AF:3D:D2:5D:67:A4:A3:74:52:EF:CB:12:5E:4D:87:3C:25:32:60:16
Certificate issuer: /CN=6fee27d594ddb2f09c8cb59245801c9af5a34c22
Certificate serial: 018CC3B7223593A059F052AA6AC0210E5E16
Authority key identifier: 6F:EE:27:D5:94:DD:B2:F0:9C:8C:B5:92:45:80:1C:9A:F5:A3:4C:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/b-4n1ZTdsvCcjLWSRYAcmvWjTCI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/896a48-dca4-4d23-8f07-8754a1c9060b/1/rz3SXWeko3RS78sSXk2HPCUyYBY.roa
Signing time: Mon 01 Jan 2024 06:30:08 +0000
ROA not before: Mon 01 Jan 2024 06:30:08 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 196745
IP address blocks: 37.143.138.0/24 maxlen: 24
37.143.139.0/24 maxlen: 24
37.143.136.0/24 maxlen: 24
37.143.136.0/21 maxlen: 24
37.143.140.0/24 maxlen: 24
37.143.141.0/24 maxlen: 24
37.143.143.0/24 maxlen: 24
37.143.142.0/24 maxlen: 24
2a00:b340:33::/48 maxlen: 48
2a00:b340:34::/48 maxlen: 48
2a00:b340:32::/48 maxlen: 48
2a00:b340:31::/48 maxlen: 48
2a00:b340:35::/48 maxlen: 48
2a00:b340:30::/48 maxlen: 48
2a00:b340:20::/48 maxlen: 48
2a00:b340:10::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 13:49:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b7:22:35:93:a0:59:f0:52:aa:6a:c0:21:0e:5e:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6fee27d594ddb2f09c8cb59245801c9af5a34c22
Validity
Not Before: Jan 1 06:30:08 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=af3dd25d67a4a37452efcb125e4d873c25326016
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:88:a9:40:43:76:c7:e5:bf:e0:ff:d6:4d:77:
aa:02:ff:47:d8:28:42:9f:7b:9e:28:32:c3:e8:35:
9e:12:d8:41:ab:b9:0c:35:8c:61:72:46:df:61:11:
29:06:3a:10:55:08:c3:d9:27:10:3a:f1:a9:07:60:
4e:e9:6e:22:25:fe:ef:36:88:ed:d9:dd:d9:2d:bf:
e9:a0:bb:0f:16:75:a5:5f:16:a6:11:80:54:5a:3d:
50:eb:16:d1:1d:ae:60:28:9e:b6:ab:50:42:3e:8f:
52:c9:a0:69:4d:56:22:b0:48:a7:ed:14:d2:20:0f:
6b:d2:de:e1:1d:12:cd:71:b6:a8:84:39:42:38:11:
cb:e1:97:fc:57:e8:47:19:4a:1e:c0:ac:62:ac:df:
93:8a:44:93:2d:d9:d8:c0:60:a7:d6:43:a7:04:ea:
29:99:bb:df:09:18:f9:e9:44:75:e6:31:93:f3:79:
5f:3a:eb:e1:17:36:ae:41:46:5e:3f:61:59:82:79:
76:e9:67:0b:81:ee:4e:d8:cd:6d:92:75:08:d2:e9:
6b:2e:71:50:1a:64:55:ec:fe:69:c7:9e:7b:33:16:
af:d5:7f:bf:88:aa:ce:26:0c:0f:a2:79:9a:37:13:
1b:57:49:00:f1:43:aa:28:0c:2c:1d:0e:21:2a:09:
75:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:3D:D2:5D:67:A4:A3:74:52:EF:CB:12:5E:4D:87:3C:25:32:60:16
X509v3 Authority Key Identifier:
keyid:6F:EE:27:D5:94:DD:B2:F0:9C:8C:B5:92:45:80:1C:9A:F5:A3:4C:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b-4n1ZTdsvCcjLWSRYAcmvWjTCI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/896a48-dca4-4d23-8f07-8754a1c9060b/1/rz3SXWeko3RS78sSXk2HPCUyYBY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/896a48-dca4-4d23-8f07-8754a1c9060b/1/b-4n1ZTdsvCcjLWSRYAcmvWjTCI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.143.136.0/21
IPv6:
2a00:b340:10::/48
2a00:b340:20::/48
2a00:b340:30::-2a00:b340:35:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
ae:d3:56:80:9f:89:43:56:84:cb:aa:05:39:a0:30:28:08:80:
6e:07:a1:a5:9a:43:63:9e:f2:95:90:66:be:f4:d0:ff:f5:98:
64:3c:1d:3d:7b:72:4d:5d:21:c7:b7:df:84:2d:46:d4:30:62:
47:ec:e5:32:bb:41:ed:13:7c:2c:ae:c2:38:84:d1:a1:a6:c7:
27:a7:26:8e:52:d6:31:f1:b5:b6:15:fe:54:49:d3:5e:6b:c4:
56:48:92:a9:dd:de:dd:52:e7:6a:80:c4:f3:18:3c:15:32:5a:
d6:84:b3:2c:59:f7:bf:21:28:4a:0e:12:d3:be:63:d3:61:9f:
ac:84:73:e7:5c:e7:d6:eb:c5:12:60:aa:b9:7e:a2:f7:f0:b2:
36:b1:d0:de:0d:68:27:9c:ed:25:e6:d3:58:96:20:36:ba:6e:
4b:2c:d4:02:88:d2:01:cf:61:5d:c9:6f:e6:9a:70:22:bd:0b:
b5:b0:3d:f4:92:01:10:ef:ec:05:d2:7f:d7:d7:69:31:52:65:
d4:b4:c0:8b:26:1d:aa:f6:6c:bc:b7:b2:96:d2:2a:ee:a6:73:
52:62:08:64:21:4d:92:4b:62:5a:94:15:8a:d4:33:5b:35:f2:
dc:57:a7:77:31:a7:69:28:a9:44:3f:8c:22:b6:bb:64:b7:e3:
77:ab:d8:13
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzDtyI1k6BZ8FKqasAhDl4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmZWUyN2Q1OTRkZGIyZjA5YzhjYjU5MjQ1ODAxYzlhZjVh
MzRjMjIwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNkZDI1ZDY3YTRhMzc0NTJlZmNiMTI1ZTRkODczYzI1MzI2MDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArYipQEN2x+W/4P/WTXeqAv9H2ChC
n3ueKDLD6DWeEthBq7kMNYxhckbfYREpBjoQVQjD2ScQOvGpB2BO6W4iJf7vNojt
2d3ZLb/poLsPFnWlXxamEYBUWj1Q6xbRHa5gKJ62q1BCPo9SyaBpTVYisEin7RTS
IA9r0t7hHRLNcbaohDlCOBHL4Zf8V+hHGUoewKxirN+TikSTLdnYwGCn1kOnBOop
mbvfCRj56UR15jGT83lfOuvhFzauQUZeP2FZgnl26WcLge5O2M1tknUI0ulrLnFQ
GmRV7P5px557Mxav1X+/iKrOJgwPonmaNxMbV0kA8UOqKAwsHQ4hKgl1IwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFK890l1npKN0Uu/LEl5NhzwlMmAWMB8GA1UdIwQY
MBaAFG/uJ9WU3bLwnIy1kkWAHJr1o0wiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYi00bjFaVGRzdkNjakxXU1JZQWNtdldqVENJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi84OTZhNDgtZGNhNC00ZDIzLThmMDct
ODc1NGExYzkwNjBiLzEvcnozU1hXZWtvM1JTNzhzU1hrMkhQQ1V5WUJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi84OTZhNDgtZGNhNC00ZDIzLThmMDctODc1NGExYzkwNjBi
LzEvYi00bjFaVGRzdkNjakxXU1JZQWNtdldqVENJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAMBAIAATAGAwQDJY+IMCwE
AgACMCYDBwAqALNAABADBwAqALNAACAwEgMHBCoAs0AAMAMHASoAs0AANDANBgkq
hkiG9w0BAQsFAAOCAQEArtNWgJ+JQ1aEy6oFOaAwKAiAbgehpZpDY57ylZBmvvTQ
//WYZDwdPXtyTV0hx7ffhC1G1DBiR+zlMrtB7RN8LK7COITRoabHJ6cmjlLWMfG1
thX+VEnTXmvEVkiSqd3e3VLnaoDE8xg8FTJa1oSzLFn3vyEoSg4S075j02GfrIRz
51zn1uvFEmCquX6i9/CyNrHQ3g1oJ5ztJebTWJYgNrpuSyzUAojSAc9hXclv5ppw
Ir0LtbA99JIBEO/sBdJ/19dpMVJl1LTAiyYdqvZsvLeyltIq7qZzUmIIZCFNkkti
WpQVitQzWzXy3FendzGnaSipRD+MIra7ZLfjd6vYEw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:33 2025 by rpki-client