Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/bnVMXTlcMhQSfoUMYP0iSrnU9vU.roa
File: bnVMXTlcMhQSfoUMYP0iSrnU9vU.roa (raw, json)
Hash identifier: 1chv22IdE9dJKEDdhtX02GctBA5Bozgd6tz5SP3Cbi8=
Subject key identifier: 6E:75:4C:5D:39:5C:32:14:12:7E:85:0C:60:FD:22:4A:B9:D4:F6:F5
Certificate issuer: /CN=a6ed442b91d4e83a6de39fb67971a1e79c6b1ed5
Certificate serial: 019421444E6BEFB5D6A3ED2F52A87C7F8017
Authority key identifier: A6:ED:44:2B:91:D4:E8:3A:6D:E3:9F:B6:79:71:A1:E7:9C:6B:1E:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pu1EK5HU6Dpt45-2eXGh55xrHtU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/bnVMXTlcMhQSfoUMYP0iSrnU9vU.roa
Signing time: Wed 01 Jan 2025 09:48:32 +0000
ROA not before: Wed 01 Jan 2025 09:48:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200019
IP address blocks: 91.208.162.0/24 maxlen: 24
91.208.184.0/24 maxlen: 24
91.208.197.0/24 maxlen: 24
91.208.206.0/24 maxlen: 24
2a0f:5f40::/29 maxlen: 48
2a0f:5f40::/48 maxlen: 48
2a0f:5f40:1::/48 maxlen: 48
2a0f:5f40:1000::/48 maxlen: 48
2a0f:5f47::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 Jan 2025 13:52:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:4e:6b:ef:b5:d6:a3:ed:2f:52:a8:7c:7f:80:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a6ed442b91d4e83a6de39fb67971a1e79c6b1ed5
Validity
Not Before: Jan 1 09:48:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6e754c5d395c3214127e850c60fd224ab9d4f6f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:4b:05:e2:a8:3a:c4:a4:d1:61:f2:c5:f6:ce:
be:70:cc:75:55:69:56:f8:1a:ea:2d:52:05:0f:8c:
aa:00:f4:3d:5d:82:a4:3a:05:5a:51:78:71:6e:82:
60:bb:cf:6f:00:25:1c:e9:70:49:47:c9:f9:02:27:
d1:c4:c4:8f:82:63:a8:e9:26:ac:cf:de:49:d5:b7:
87:2e:d4:a5:4f:18:42:78:12:21:77:77:c6:b1:79:
c6:e9:8b:1d:fb:63:02:d2:b4:c5:13:11:01:70:14:
b1:a4:af:88:f8:d8:4e:2d:a4:a2:a8:fd:7c:18:e1:
12:e3:ac:66:5a:11:ec:77:c6:34:c7:ce:9d:13:5d:
9a:64:34:58:36:f5:53:bb:3c:4d:da:79:af:54:a3:
ff:ba:51:de:e6:6c:20:32:13:6b:80:fc:99:20:ff:
f3:bd:8d:6d:a4:27:23:74:40:38:4a:0b:b8:47:f6:
08:48:bf:fe:2a:3e:c4:d7:4b:e9:3f:8c:6a:b8:e5:
e8:97:b7:8a:ab:55:49:ee:f9:7e:2d:81:9c:79:5c:
6a:b6:14:75:01:8e:4c:8b:77:70:20:20:c6:e8:d1:
d5:f8:d7:a4:82:87:b8:dd:71:7e:12:32:22:c7:95:
e6:4c:cb:b9:95:37:f7:19:21:1c:3d:e3:94:ea:db:
a6:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:75:4C:5D:39:5C:32:14:12:7E:85:0C:60:FD:22:4A:B9:D4:F6:F5
X509v3 Authority Key Identifier:
keyid:A6:ED:44:2B:91:D4:E8:3A:6D:E3:9F:B6:79:71:A1:E7:9C:6B:1E:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pu1EK5HU6Dpt45-2eXGh55xrHtU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/bnVMXTlcMhQSfoUMYP0iSrnU9vU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/553dc6-12d0-4d4a-a294-97c5d59b0bbf/1/pu1EK5HU6Dpt45-2eXGh55xrHtU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.208.162.0/24
91.208.184.0/24
91.208.197.0/24
91.208.206.0/24
IPv6:
2a0f:5f40::/29
Signature Algorithm: sha256WithRSAEncryption
03:24:7d:fe:3e:8c:72:4a:16:a8:29:33:b8:06:e0:37:4e:43:
37:7c:6a:8d:4a:03:be:84:98:b1:d8:8b:31:e2:f9:a3:21:d5:
e1:5d:c7:c8:52:90:19:21:9f:1c:ff:a0:e5:b5:aa:cc:71:6a:
50:b2:6a:67:de:b7:90:96:47:5f:c2:31:77:8b:30:51:6c:69:
90:ee:00:83:ac:7f:5e:8a:d3:33:89:b4:7d:8c:b3:f5:19:06:
aa:9d:46:1e:14:3f:a6:b1:f2:e0:5e:ae:be:39:0a:3b:64:9e:
97:35:0b:26:a4:87:5d:b4:eb:aa:ca:04:a7:c8:dc:48:3e:93:
0f:42:8e:c6:00:4e:6e:11:2a:2f:e4:1e:9e:12:b6:38:d4:6c:
42:49:ca:4b:02:67:25:69:58:19:80:5e:48:21:8c:d9:38:0f:
bb:01:e9:d7:a1:1a:8c:87:eb:d9:40:07:e0:5b:a0:2a:9e:40:
45:24:8f:b8:30:b5:a9:91:aa:c5:a7:72:3e:19:55:93:7f:bd:
6a:aa:3f:a7:4b:67:d5:5c:b2:64:b0:9c:c5:3c:2b:a3:e8:d2:
89:a6:63:04:52:5d:e8:8c:f7:73:54:65:e5:e3:5f:5e:58:1b:
67:d3:aa:2d:17:e0:db:e5:01:77:fb:10:eb:a2:ac:6f:4d:45:
4f:4b:ca:98
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZQhRE5r77XWo+0vUqh8f4AXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2ZWQ0NDJiOTFkNGU4M2E2ZGUzOWZiNjc5NzFhMWU3OWM2
YjFlZDUwHhcNMjUwMTAxMDk0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTc1NGM1ZDM5NWMzMjE0MTI3ZTg1MGM2MGZkMjI0YWI5ZDRmNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EsF4qg6xKTRYfLF9s6+cMx1VWlW
+BrqLVIFD4yqAPQ9XYKkOgVaUXhxboJgu89vACUc6XBJR8n5AifRxMSPgmOo6Sas
z95J1beHLtSlTxhCeBIhd3fGsXnG6Ysd+2MC0rTFExEBcBSxpK+I+NhOLaSiqP18
GOES46xmWhHsd8Y0x86dE12aZDRYNvVTuzxN2nmvVKP/ulHe5mwgMhNrgPyZIP/z
vY1tpCcjdEA4Sgu4R/YISL/+Kj7E10vpP4xquOXol7eKq1VJ7vl+LYGceVxqthR1
AY5Mi3dwICDG6NHV+Nekgoe43XF+EjIix5XmTMu5lTf3GSEcPeOU6tum3wIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFG51TF05XDIUEn6FDGD9Ikq51Pb1MB8GA1UdIwQY
MBaAFKbtRCuR1Og6beOftnlxoeecax7VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHUxRUs1SFU2RHB0NDUtMmVYR2g1NXhySHRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS81NTNkYzYtMTJkMC00ZDRhLWEyOTQt
OTdjNWQ1OWIwYmJmLzEvYm5WTVhUbGNNaFFTZm9VTVlQMGlTcm5VOXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS81NTNkYzYtMTJkMC00ZDRhLWEyOTQtOTdjNWQ1OWIwYmJm
LzEvcHUxRUs1SFU2RHB0NDUtMmVYR2g1NXhySHRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAW9CiAwQA
W9C4AwQAW9DFAwQAW9DOMA0EAgACMAcDBQMqD19AMA0GCSqGSIb3DQEBCwUAA4IB
AQADJH3+PoxyShaoKTO4BuA3TkM3fGqNSgO+hJix2Isx4vmjIdXhXcfIUpAZIZ8c
/6DltarMcWpQsmpn3reQlkdfwjF3izBRbGmQ7gCDrH9eitMzibR9jLP1GQaqnUYe
FD+msfLgXq6+OQo7ZJ6XNQsmpIddtOuqygSnyNxIPpMPQo7GAE5uESov5B6eErY4
1GxCScpLAmclaVgZgF5IIYzZOA+7AenXoRqMh+vZQAfgW6AqnkBFJI+4MLWpkarF
p3I+GVWTf71qqj+nS2fVXLJksJzFPCuj6NKJpmMEUl3ojPdzVGXl419eWBtn06ot
F+Db5QF3+xDroqxvTUVPS8qY
-----END CERTIFICATE-----
Generated at Thu Apr 17 18:43:09 2025 by rpki-client