Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/rpNbBUaX0yqJkzwzv8UQyyMhzPU.roa
File: rpNbBUaX0yqJkzwzv8UQyyMhzPU.roa (raw, json)
Hash identifier: +gHb+s1cuPnuhnGp2pzGTH6eRYEBkpTH79TYT3SMyUw=
Subject key identifier: AE:93:5B:05:46:97:D3:2A:89:93:3C:33:BF:C5:10:CB:23:21:CC:F5
Certificate issuer: /CN=e5a83b40b3f4d7d31fb3368dafaca1199a449892
Certificate serial: 01914AC0427353F7530875FBE7E4573111B1
Authority key identifier: E5:A8:3B:40:B3:F4:D7:D3:1F:B3:36:8D:AF:AC:A1:19:9A:44:98:92
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/rpNbBUaX0yqJkzwzv8UQyyMhzPU.roa
Signing time: Tue 13 Aug 2024 07:59:59 +0000
ROA not before: Tue 13 Aug 2024 07:59:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199624
IP address blocks: 91.208.171.0/24 maxlen: 32
95.131.176.0/21 maxlen: 32
185.8.4.0/22 maxlen: 32
185.25.9.0/24 maxlen: 32
185.25.10.0/23 maxlen: 32
185.166.240.0/22 maxlen: 32
185.166.243.0/24 maxlen: 32
2a00:7b60::/32 maxlen: 32
2a03:13c0::/32 maxlen: 32
2a0a:2100::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 01 Jan 2025 21:47:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:4a:c0:42:73:53:f7:53:08:75:fb:e7:e4:57:31:11:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5a83b40b3f4d7d31fb3368dafaca1199a449892
Validity
Not Before: Aug 13 07:59:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ae935b054697d32a89933c33bfc510cb2321ccf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:39:79:8f:22:22:a0:d2:64:58:45:94:06:ce:
7d:3e:92:7f:0b:8b:20:00:88:59:19:b7:3e:6a:e7:
4d:01:0c:c7:fc:65:af:10:d1:c6:7f:91:f1:e4:35:
4c:32:5c:a9:90:99:03:3c:b6:35:90:9d:49:39:c3:
68:48:6b:9c:86:be:05:54:d0:af:55:32:95:34:8a:
ca:a6:01:60:80:31:17:db:b6:b6:29:a1:5d:db:6c:
63:13:af:7d:fd:e7:9b:07:10:99:01:cc:28:15:12:
38:62:1a:fc:4d:5d:52:6f:f5:2f:d8:1c:b0:95:52:
ce:3e:47:f3:b2:a3:1b:a7:6c:fc:a2:37:ee:cc:3f:
bb:3c:73:c7:07:7f:f5:cd:ea:a4:b8:a6:f8:09:9d:
44:5e:2b:36:0c:b0:f5:21:7e:90:ae:92:95:4e:da:
14:4c:ec:c2:8a:8a:f1:95:81:0b:fc:c0:93:4c:76:
e9:11:a1:da:33:51:8e:16:ee:09:cc:7e:a8:35:a8:
aa:e1:f0:e1:22:91:dd:d9:22:1c:78:5b:35:e8:df:
5d:2d:8d:58:ba:9b:e4:0c:c2:d2:80:98:34:95:73:
09:87:0e:42:c9:e9:f9:fe:94:f3:10:1f:ae:51:ad:
bc:f2:f0:63:34:20:6d:b2:ca:f6:8c:36:e7:00:89:
8d:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:93:5B:05:46:97:D3:2A:89:93:3C:33:BF:C5:10:CB:23:21:CC:F5
X509v3 Authority Key Identifier:
keyid:E5:A8:3B:40:B3:F4:D7:D3:1F:B3:36:8D:AF:AC:A1:19:9A:44:98:92
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5ag7QLP019MfszaNr6yhGZpEmJI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/rpNbBUaX0yqJkzwzv8UQyyMhzPU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/24cab4-0125-4383-85fa-3d388606da12/1/5ag7QLP019MfszaNr6yhGZpEmJI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.171.0/24
95.131.176.0/21
185.8.4.0/22
185.25.9.0-185.25.11.255
185.166.240.0/22
IPv6:
2a00:7b60::/32
2a03:13c0::/32
2a0a:2100::/29
Signature Algorithm: sha256WithRSAEncryption
9c:ca:0f:9e:8c:ba:6f:e8:7e:30:7b:98:13:99:97:79:25:df:
e0:db:f5:b9:67:8a:3f:a0:d5:cf:82:42:8e:49:db:90:10:a6:
2d:a0:00:19:7a:29:28:4e:75:ab:cc:70:93:33:b4:11:3a:ef:
4a:f9:42:fa:a6:7c:98:7b:7e:57:6f:91:6c:4d:56:f0:e9:c7:
91:15:52:98:3b:8f:6b:d5:ef:74:31:21:94:23:2a:61:5f:77:
3b:e6:09:89:d3:8b:a6:c6:06:94:ef:58:e5:f6:69:19:14:52:
5b:94:d8:1d:26:64:9b:de:2a:1f:08:29:3d:8d:82:de:44:0d:
54:c5:53:ec:81:5f:a9:bc:ba:ed:79:f6:b0:b4:ee:fa:b3:6a:
f3:63:f6:a5:f9:b8:b9:3f:da:bb:42:5d:1b:0f:20:98:f8:39:
8d:0b:70:21:17:18:23:c8:81:48:d1:2b:73:a7:ac:6e:f8:32:
c7:41:7c:44:b8:d8:10:1a:26:e0:e3:aa:ea:59:3d:85:9d:cb:
26:b5:d4:fc:81:e6:9a:79:05:1b:a2:f6:8c:ba:3a:3e:ee:37:
2f:ab:90:ce:7c:70:54:7a:8f:e3:f5:80:c6:3c:90:b5:e9:3f:
79:dd:da:d1:40:fb:d7:d5:29:c1:14:85:e5:64:43:5f:5d:cb:
8f:1e:e5:b2
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAZFKwEJzU/dTCHX75+RXMRGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YTgzYjQwYjNmNGQ3ZDMxZmIzMzY4ZGFmYWNhMTE5OWE0
NDk4OTIwHhcNMjQwODEzMDc1OTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTkzNWIwNTQ2OTdkMzJhODk5MzNjMzNiZmM1MTBjYjIzMjFjY2Y1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDl5jyIioNJkWEWUBs59PpJ/C4sg
AIhZGbc+audNAQzH/GWvENHGf5Hx5DVMMlypkJkDPLY1kJ1JOcNoSGuchr4FVNCv
VTKVNIrKpgFggDEX27a2KaFd22xjE699/eebBxCZAcwoFRI4Yhr8TV1Sb/Uv2Byw
lVLOPkfzsqMbp2z8ojfuzD+7PHPHB3/1zeqkuKb4CZ1EXis2DLD1IX6QrpKVTtoU
TOzCiorxlYEL/MCTTHbpEaHaM1GOFu4JzH6oNaiq4fDhIpHd2SIceFs16N9dLY1Y
upvkDMLSgJg0lXMJhw5Cyen5/pTzEB+uUa288vBjNCBtssr2jDbnAImNcQIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFK6TWwVGl9MqiZM8M7/FEMsjIcz1MB8GA1UdIwQY
MBaAFOWoO0Cz9NfTH7M2ja+soRmaRJiSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFnN1FMUDAxOU1mc3phTnI2eWhHWnBFbUpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yNGNhYjQtMDEyNS00MzgzLTg1ZmEt
M2QzODg2MDZkYTEyLzEvcnBOYkJVYVgweXFKa3p3enY4VVF5eU1oelBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yNGNhYjQtMDEyNS00MzgzLTg1ZmEtM2QzODg2MDZkYTEy
LzEvNWFnN1FMUDAxOU1mc3phTnI2eWhHWnBFbUpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzAsBAIAATAmAwQAW9CrAwQD
X4OwAwQCuQgEMAwDBAC5GQkDBAK5GQgDBAK5pvAwGwQCAAIwFQMFACoAe2ADBQAq
AxPAAwUDKgohADANBgkqhkiG9w0BAQsFAAOCAQEAnMoPnoy6b+h+MHuYE5mXeSXf
4Nv1uWeKP6DVz4JCjknbkBCmLaAAGXopKE51q8xwkzO0ETrvSvlC+qZ8mHt+V2+R
bE1W8OnHkRVSmDuPa9XvdDEhlCMqYV93O+YJidOLpsYGlO9Y5fZpGRRSW5TYHSZk
m94qHwgpPY2C3kQNVMVT7IFfqby67Xn2sLTu+rNq82P2pfm4uT/au0JdGw8gmPg5
jQtwIRcYI8iBSNErc6esbvgyx0F8RLjYEBom4OOq6lk9hZ3LJrXU/IHmmnkFG6L2
jLo6Pu43L6uQznxwVHqP4/WAxjyQtek/ed3a0UD719UpwRSF5WRDX13Ljx7lsg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:59:09 2025 by rpki-client