Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/70hfgCTNf7xLzQm5abLnjFT2EIg.roa
File: 70hfgCTNf7xLzQm5abLnjFT2EIg.roa (raw, json)
Hash identifier: nawR+s68GvSTCe6cmUI26ciX5o3hqsgVlTbcrqEEZJI=
Subject key identifier: EF:48:5F:80:24:CD:7F:BC:4B:CD:09:B9:69:B2:E7:8C:54:F6:10:88
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01939B4C510B251B84479B3A080DCBC103D0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/70hfgCTNf7xLzQm5abLnjFT2EIg.roa
Signing time: Fri 06 Dec 2024 09:28:10 +0000
ROA not before: Fri 06 Dec 2024 09:28:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 89.37.63.0/24 maxlen: 24
103.212.80.0/24 maxlen: 24
185.121.122.0/23 maxlen: 24
Validation: Failed, certificate revoked on Thu 12 Dec 2024 12:55:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:9b:4c:51:0b:25:1b:84:47:9b:3a:08:0d:cb:c1:03:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Dec 6 09:28:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ef485f8024cd7fbc4bcd09b969b2e78c54f61088
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:84:b4:59:9b:b5:ae:2f:4f:e6:d6:ed:2a:87:
87:95:40:68:92:4d:32:82:55:73:8b:5c:e1:29:2c:
ae:b2:35:0a:8f:27:09:2a:6d:bb:df:06:28:59:e6:
83:34:49:9e:28:2d:f8:a7:6b:be:57:ca:d3:11:fb:
57:ee:ac:23:7d:58:16:45:ff:e1:ba:51:c8:18:87:
9d:37:cb:a5:04:29:4a:4d:96:41:ec:6f:88:7a:c9:
45:d1:b4:d7:f2:1a:c7:9c:41:c7:4c:7f:64:b5:1d:
9b:89:4b:41:66:02:24:8a:8b:fe:b0:26:92:ed:df:
4b:1a:d0:a2:25:0e:6a:4c:ba:6c:a3:77:72:17:cd:
48:ba:9d:e0:1b:02:65:39:44:df:92:cc:6a:11:6c:
d5:83:18:42:45:c4:4b:f4:ef:52:54:de:6a:b8:c5:
2b:c0:c8:56:d8:37:7c:8c:39:5a:62:49:eb:d9:c0:
9d:3b:bb:de:24:e7:51:a6:c1:0c:dc:2a:19:ee:12:
f7:74:be:38:64:c1:3c:30:b3:56:34:5d:61:2f:b4:
af:a5:6f:a0:65:bb:23:be:56:b5:3d:cf:a7:63:09:
b9:8a:25:58:0c:85:12:e2:c6:fa:bf:3e:c5:b3:de:
90:20:9a:d2:32:4c:50:01:03:90:39:48:b7:92:00:
ad:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:48:5F:80:24:CD:7F:BC:4B:CD:09:B9:69:B2:E7:8C:54:F6:10:88
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/70hfgCTNf7xLzQm5abLnjFT2EIg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.37.63.0/24
103.212.80.0/24
185.121.122.0/23
Signature Algorithm: sha256WithRSAEncryption
07:74:31:1c:da:1a:1c:b1:4d:10:db:00:d9:45:85:af:5d:2c:
97:50:9e:9f:e2:99:12:f9:27:0d:85:a9:22:a1:a0:00:6c:b3:
7f:88:79:21:6d:5b:c6:27:05:f3:51:51:af:8c:2b:ad:dc:4a:
38:1e:1c:08:f1:49:2c:ba:d3:ca:c2:b9:81:8d:df:f7:02:1b:
44:1d:7e:ce:3b:a3:72:ee:19:6d:80:ca:71:17:d6:cf:2d:93:
f7:77:08:e1:d1:31:6d:da:fd:fb:e2:58:cc:01:53:10:5a:56:
d5:7d:4a:1c:a8:57:dc:a8:21:fc:30:81:6f:3b:36:7f:d1:ca:
b7:03:26:fd:9e:83:21:5c:c8:c5:4e:5a:c5:4a:9d:30:95:ad:
0c:72:1c:27:b9:36:11:5f:43:73:23:b1:3c:50:4b:66:a2:7a:
d4:81:d8:bf:f2:71:59:41:b2:ed:6b:a2:75:a0:08:5d:26:09:
bd:97:66:87:f8:03:04:ec:9e:5d:e6:ef:ba:34:5f:0f:b9:4e:
1f:27:22:02:aa:82:e1:46:6c:67:5c:29:07:09:ef:11:d4:2b:
4a:11:c8:98:cd:c3:34:a1:1a:e0:0b:63:03:94:20:bb:5f:78:
be:25:96:97:22:76:fa:c9:98:01:19:12:2a:a3:32:8a:b9:90:
4d:10:dd:01
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZObTFELJRuER5s6CA3LwQPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQxMjA2MDkyODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjQ4NWY4MDI0Y2Q3ZmJjNGJjZDA5Yjk2OWIyZTc4YzU0ZjYxMDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5oS0WZu1ri9P5tbtKoeHlUBokk0y
glVzi1zhKSyusjUKjycJKm273wYoWeaDNEmeKC34p2u+V8rTEftX7qwjfVgWRf/h
ulHIGIedN8ulBClKTZZB7G+IeslF0bTX8hrHnEHHTH9ktR2biUtBZgIkiov+sCaS
7d9LGtCiJQ5qTLpso3dyF81Iup3gGwJlOUTfksxqEWzVgxhCRcRL9O9SVN5quMUr
wMhW2Dd8jDlaYknr2cCdO7veJOdRpsEM3CoZ7hL3dL44ZME8MLNWNF1hL7SvpW+g
Zbsjvla1Pc+nYwm5iiVYDIUS4sb6vz7Fs96QIJrSMkxQAQOQOUi3kgCtTwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO9IX4AkzX+8S80JuWmy54xU9hCIMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNzBoZmdDVE5mN3hMelFtNWFiTG5qRlQyRUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSU/AwQA
Z9RQAwQBuXl6MA0GCSqGSIb3DQEBCwUAA4IBAQAHdDEc2hocsU0Q2wDZRYWvXSyX
UJ6f4pkS+ScNhakioaAAbLN/iHkhbVvGJwXzUVGvjCut3Eo4HhwI8UksutPKwrmB
jd/3AhtEHX7OO6Ny7hltgMpxF9bPLZP3dwjh0TFt2v374ljMAVMQWlbVfUocqFfc
qCH8MIFvOzZ/0cq3Ayb9noMhXMjFTlrFSp0wla0MchwnuTYRX0NzI7E8UEtmonrU
gdi/8nFZQbLta6J1oAhdJgm9l2aH+AME7J5d5u+6NF8PuU4fJyICqoLhRmxnXCkH
Ce8R1CtKEciYzcM0oRrgC2MDlCC7X3i+JZaXInb6yZgBGRIqozKKuZBNEN0B
-----END CERTIFICATE-----
Generated at Fri Apr 18 00:56:50 2025 by rpki-client