Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/t9RZtYM1TGEMt1syPgITn8S6yxc.roa
File: t9RZtYM1TGEMt1syPgITn8S6yxc.roa (raw, json)
Hash identifier: zIj5Jh4OKcBo5HQ6NodMOlq+a7yM6D/J29/6rKcVe2U=
Subject key identifier: B7:D4:59:B5:83:35:4C:61:0C:B7:5B:32:3E:02:13:9F:C4:BA:CB:17
Certificate issuer: /CN=d4e2971e5d8169c940af020db027bedad8991590
Certificate serial: 01942067B5F402F9D27AFF5AE83847CE4ABE
Authority key identifier: D4:E2:97:1E:5D:81:69:C9:40:AF:02:0D:B0:27:BE:DA:D8:99:15:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1OKXHl2BaclArwINsCe-2tiZFZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/t9RZtYM1TGEMt1syPgITn8S6yxc.roa
Signing time: Wed 01 Jan 2025 05:47:35 +0000
ROA not before: Wed 01 Jan 2025 05:47:35 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 48294
IP address blocks: 45.86.222.0/23 maxlen: 23
45.91.36.0/22 maxlen: 22
84.252.104.0/24 maxlen: 24
85.9.192.0/18 maxlen: 24
91.132.128.0/22 maxlen: 22
185.70.32.0/22 maxlen: 22
185.124.0.0/22 maxlen: 22
185.126.160.0/22 maxlen: 22
Validation: Failed, certificate revoked on Wed 19 Feb 2025 16:45:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:67:b5:f4:02:f9:d2:7a:ff:5a:e8:38:47:ce:4a:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4e2971e5d8169c940af020db027bedad8991590
Validity
Not Before: Jan 1 05:47:35 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b7d459b583354c610cb75b323e02139fc4bacb17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:7a:54:a8:05:a2:1a:7a:2c:92:a2:80:65:6b:
e2:95:dd:e4:66:0c:98:cd:ec:aa:30:c1:64:d0:68:
b0:36:c5:56:cf:4a:b1:d6:03:2a:42:83:79:7a:b2:
e3:6b:49:11:96:00:c7:17:ef:a4:38:7b:7a:c1:41:
b2:5b:af:ab:f3:54:7a:e8:a7:95:d5:e6:c5:d3:22:
88:3a:35:cb:32:92:b9:50:f4:86:b8:a4:15:44:1f:
79:80:7d:65:c0:11:c7:3b:d9:7f:94:3c:aa:83:1d:
bd:52:d1:71:6d:db:3b:e4:b6:bc:9f:cc:3a:23:14:
41:c5:8e:f4:e4:d6:3c:a8:95:bc:e1:0c:33:37:7d:
b0:6e:e9:a0:97:ca:f4:20:2c:67:40:d4:1d:c2:b4:
ed:2d:63:1e:e9:7f:e1:d7:17:30:cc:b2:83:c1:c3:
5e:30:ec:b0:2e:74:09:fc:02:42:69:fd:c0:ba:42:
77:ab:e7:b7:ce:4c:ef:5a:8b:8c:cb:cb:f4:b5:97:
2f:1d:7c:fc:88:8e:ac:f2:7b:20:3b:0b:8d:19:25:
42:96:16:4b:fb:2f:59:95:8d:8d:40:26:bf:ba:c9:
d9:96:81:39:cb:ac:f9:d6:31:35:f7:d9:74:70:e3:
d2:fb:64:e6:8e:f4:67:c4:bc:76:10:33:b6:b6:58:
9c:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:D4:59:B5:83:35:4C:61:0C:B7:5B:32:3E:02:13:9F:C4:BA:CB:17
X509v3 Authority Key Identifier:
keyid:D4:E2:97:1E:5D:81:69:C9:40:AF:02:0D:B0:27:BE:DA:D8:99:15:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1OKXHl2BaclArwINsCe-2tiZFZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/t9RZtYM1TGEMt1syPgITn8S6yxc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/478aea-6b94-49a3-aa7f-189490d60ea6/1/1OKXHl2BaclArwINsCe-2tiZFZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.86.222.0/23
45.91.36.0/22
84.252.104.0/24
85.9.192.0/18
91.132.128.0/22
185.70.32.0/22
185.124.0.0/22
185.126.160.0/22
Signature Algorithm: sha256WithRSAEncryption
70:15:40:40:78:cd:90:bf:dc:ef:d9:58:81:a6:97:2e:73:cc:
b4:f0:41:47:e2:47:de:f2:f1:34:40:25:38:26:72:fc:5c:f2:
32:91:7b:42:51:b8:0d:05:22:cc:2d:57:2e:47:7a:ab:10:8e:
74:2b:b7:0f:e0:8c:ec:e8:a6:94:66:d2:c0:c9:15:26:85:b8:
20:ab:ea:de:74:37:9b:69:dd:44:79:b6:4b:42:b4:bf:76:34:
85:1c:51:4e:ff:57:71:84:9d:38:05:4f:9a:76:7e:0c:e9:53:
be:81:d3:a0:82:9a:25:2d:1b:af:33:dd:01:05:2e:f7:8f:e2:
39:86:55:b6:c5:c1:2b:c5:29:cc:d9:e3:82:77:cb:45:b7:57:
3a:b9:ca:a0:18:b1:0a:2b:8f:ac:b3:14:b3:b9:ec:f2:1a:b2:
0f:b4:8d:52:bf:2a:ce:04:6c:08:63:53:ca:6b:2b:0e:29:71:
d2:f2:fb:40:4d:20:de:d2:13:89:6c:44:41:9c:df:24:42:42:
9e:80:1f:df:53:50:46:54:f1:ec:b9:4f:02:dd:45:9c:13:1d:
f8:be:b1:13:4f:a6:98:67:21:89:14:21:cf:ab:82:8c:3e:16:
53:14:b8:63:e1:af:77:b0:89:23:4f:9a:eb:62:8a:96:3e:15:
d1:18:8b:72
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQgZ7X0AvnSev9a6DhHzkq+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ZTI5NzFlNWQ4MTY5Yzk0MGFmMDIwZGIwMjdiZWRhZDg5
OTE1OTAwHhcNMjUwMTAxMDU0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2Q0NTliNTgzMzU0YzYxMGNiNzViMzIzZTAyMTM5ZmM0YmFjYjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3HpUqAWiGnoskqKAZWvild3kZgyY
zeyqMMFk0GiwNsVWz0qx1gMqQoN5erLja0kRlgDHF++kOHt6wUGyW6+r81R66KeV
1ebF0yKIOjXLMpK5UPSGuKQVRB95gH1lwBHHO9l/lDyqgx29UtFxbds75La8n8w6
IxRBxY705NY8qJW84QwzN32wbumgl8r0ICxnQNQdwrTtLWMe6X/h1xcwzLKDwcNe
MOywLnQJ/AJCaf3AukJ3q+e3zkzvWouMy8v0tZcvHXz8iI6s8nsgOwuNGSVClhZL
+y9ZlY2NQCa/usnZloE5y6z51jE199l0cOPS+2TmjvRnxLx2EDO2tlicSwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLfUWbWDNUxhDLdbMj4CE5/EussXMB8GA1UdIwQY
MBaAFNTilx5dgWnJQK8CDbAnvtrYmRWQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU9LWEhsMkJhY2xBcndJTnNDZS0ydGlaRlpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80NzhhZWEtNmI5NC00OWEzLWFhN2Yt
MTg5NDkwZDYwZWE2LzEvdDlSWnRZTTFUR0VNdDFzeVBnSVRuOFM2eXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80NzhhZWEtNmI5NC00OWEzLWFhN2YtMTg5NDkwZDYwZWE2
LzEvMU9LWEhsMkJhY2xBcndJTnNDZS0ydGlaRlpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBLVbeAwQC
LVskAwQAVPxoAwQGVQnAAwQCW4SAAwQCuUYgAwQCuXwAAwQCuX6gMA0GCSqGSIb3
DQEBCwUAA4IBAQBwFUBAeM2Qv9zv2ViBppcuc8y08EFH4kfe8vE0QCU4JnL8XPIy
kXtCUbgNBSLMLVcuR3qrEI50K7cP4Izs6KaUZtLAyRUmhbggq+redDebad1EebZL
QrS/djSFHFFO/1dxhJ04BU+adn4M6VO+gdOggpolLRuvM90BBS73j+I5hlW2xcEr
xSnM2eOCd8tFt1c6ucqgGLEKK4+ssxSzuezyGrIPtI1SvyrOBGwIY1PKaysOKXHS
8vtATSDe0hOJbERBnN8kQkKegB/fU1BGVPHsuU8C3UWcEx34vrETT6aYZyGJFCHP
q4KMPhZTFLhj4a93sIkjT5rrYoqWPhXRGIty
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:51:53 2025 by rpki-client