Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/PJqYB9oFbifX1-rOCouFDgFXykY.roa
File: PJqYB9oFbifX1-rOCouFDgFXykY.roa (raw, json)
Hash identifier: OEFhqqSFy5yxjK8iD/wDlMg3CKAjJT+ksuu/jopmZIg=
Subject key identifier: 3C:9A:98:07:DA:05:6E:27:D7:D7:EA:CE:0A:8B:85:0E:01:57:CA:46
Certificate issuer: /CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Certificate serial: 01936E8B672200628B9A877F418BC298F5F7
Authority key identifier: 35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/PJqYB9oFbifX1-rOCouFDgFXykY.roa
Signing time: Wed 27 Nov 2024 16:54:09 +0000
ROA not before: Wed 27 Nov 2024 16:54:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35600
IP address blocks: 14.102.102.0/24 maxlen: 24
91.221.92.0/23 maxlen: 24
91.221.106.0/23 maxlen: 24
185.48.132.0/22 maxlen: 24
185.49.123.0/24 maxlen: 24
185.56.176.0/22 maxlen: 22
194.117.246.0/23 maxlen: 23
2001:67c:184c::/48 maxlen: 48
2a00:4780::/32 maxlen: 32
2a02:5520::/32 maxlen: 32
2a0e:ac80::/29 maxlen: 29
Validation: Failed, certificate revoked on Fri 06 Dec 2024 10:39:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:6e:8b:67:22:00:62:8b:9a:87:7f:41:8b:c2:98:f5:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=352f8919e6bc1ef5663489018fc875be34c0f24c
Validity
Not Before: Nov 27 16:54:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3c9a9807da056e27d7d7eace0a8b850e0157ca46
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:01:8c:12:1e:0b:e0:60:32:b2:64:6c:1c:1a:
16:d6:5f:4f:97:73:ae:45:57:50:20:79:ec:70:35:
7b:dc:7e:fc:9b:a0:c4:b8:86:0f:d0:86:be:77:ea:
29:3d:93:07:61:77:1d:d2:76:71:bc:90:14:f4:8d:
39:5e:8d:9f:7c:90:b2:5e:ff:40:e7:02:cd:67:39:
0f:7b:bd:fa:1d:28:7a:8e:fd:5d:23:97:61:cf:60:
41:f7:44:ad:7f:4c:17:45:94:6d:d4:cb:c2:57:40:
a8:b5:21:9b:96:bc:af:c1:40:46:0e:5c:05:48:70:
b0:b6:3c:d4:9f:c2:69:6b:31:e8:02:17:12:99:54:
c5:45:d9:21:03:b4:0a:5b:c6:a6:af:62:37:0d:56:
6d:19:e8:b7:65:cd:d8:ef:25:0d:28:c6:4a:8a:78:
06:2c:4c:f1:57:93:2a:16:de:d2:a8:98:74:c5:be:
89:4b:b8:50:4e:f9:2f:f5:05:0c:55:f8:79:33:7a:
7b:b2:d2:a1:35:44:9e:ea:46:d5:2f:11:1f:42:a2:
21:d2:de:4d:24:17:e7:0d:0f:f9:a7:0b:38:a8:6e:
ea:60:2c:59:95:00:33:5a:3d:35:d0:29:75:5d:5a:
f8:46:4d:48:9b:fe:8d:b7:11:05:77:7f:f2:64:a8:
3f:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:9A:98:07:DA:05:6E:27:D7:D7:EA:CE:0A:8B:85:0E:01:57:CA:46
X509v3 Authority Key Identifier:
keyid:35:2F:89:19:E6:BC:1E:F5:66:34:89:01:8F:C8:75:BE:34:C0:F2:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NS-JGea8HvVmNIkBj8h1vjTA8kw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/PJqYB9oFbifX1-rOCouFDgFXykY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/cf943d-c921-4ef7-9aa0-e3fcb23e3438/1/NS-JGea8HvVmNIkBj8h1vjTA8kw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
14.102.102.0/24
91.221.92.0/23
91.221.106.0/23
185.48.132.0/22
185.49.123.0/24
185.56.176.0/22
194.117.246.0/23
IPv6:
2001:67c:184c::/48
2a00:4780::/32
2a02:5520::/32
2a0e:ac80::/29
Signature Algorithm: sha256WithRSAEncryption
27:02:62:05:6b:69:67:4b:e4:83:17:40:0b:1e:a9:f3:22:1c:
4b:02:97:64:84:07:da:3e:4c:80:43:d5:10:98:92:6d:11:2a:
88:a3:71:80:c3:8c:7b:cf:43:9d:80:6d:de:fe:00:5f:f3:d3:
5b:62:e9:42:0f:f1:e4:47:8a:c8:47:ec:5f:fd:90:37:a6:44:
17:59:85:3f:f0:65:40:ac:02:43:0c:b4:7b:65:3a:d0:ac:1a:
5e:80:9a:e9:29:9d:b7:e6:9c:42:6b:5a:ce:9a:75:25:9e:d2:
8a:6b:85:9a:fe:9d:b0:06:40:eb:7e:ad:f9:25:39:0d:b7:a4:
a7:6c:2e:57:4b:ff:6d:9f:79:bf:57:e6:cd:10:c0:a6:c8:1d:
6c:b3:05:df:0a:0e:b6:2b:64:8b:99:f1:81:68:8b:25:64:21:
ab:47:24:0f:79:d6:62:d6:1e:3a:6b:c5:bf:ea:5b:1f:d0:a9:
09:54:91:0d:d2:fc:aa:14:4f:f5:d4:a9:16:83:a5:76:56:fd:
1a:9b:67:13:27:6f:a2:90:26:86:c0:10:cf:d9:ac:e7:1c:9d:
eb:3a:b4:d8:23:c1:5f:f2:9b:20:07:2d:47:57:e6:8c:02:0f:
00:3c:44:41:07:81:ea:e9:bc:c9:a5:af:f3:76:77:20:45:ab:
f4:86:04:73
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAZNui2ciAGKLmod/QYvCmPX3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmY4OTE5ZTZiYzFlZjU2NjM0ODkwMThmYzg3NWJlMzRj
MGYyNGMwHhcNMjQxMTI3MTY1NDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzlhOTgwN2RhMDU2ZTI3ZDdkN2VhY2UwYThiODUwZTAxNTdjYTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgGMEh4L4GAysmRsHBoW1l9Pl3Ou
RVdQIHnscDV73H78m6DEuIYP0Ia+d+opPZMHYXcd0nZxvJAU9I05Xo2ffJCyXv9A
5wLNZzkPe736HSh6jv1dI5dhz2BB90Stf0wXRZRt1MvCV0CotSGblryvwUBGDlwF
SHCwtjzUn8JpazHoAhcSmVTFRdkhA7QKW8amr2I3DVZtGei3Zc3Y7yUNKMZKingG
LEzxV5MqFt7SqJh0xb6JS7hQTvkv9QUMVfh5M3p7stKhNUSe6kbVLxEfQqIh0t5N
JBfnDQ/5pws4qG7qYCxZlQAzWj010Cl1XVr4Rk1Im/6NtxEFd3/yZKg/QwIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFDyamAfaBW4n19fqzgqLhQ4BV8pGMB8GA1UdIwQY
MBaAFDUviRnmvB71ZjSJAY/Idb40wPJMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAt
ZTNmY2IyM2UzNDM4LzEvUEpxWUI5b0ZiaWZYMS1yT0NvdUZEZ0ZYeWtZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9jZjk0M2QtYzkyMS00ZWY3LTlhYTAtZTNmY2IyM2UzNDM4
LzEvTlMtSkdlYThIdlZtTklrQmo4aDF2alRBOGt3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDAwBAIAATAqAwQADmZmAwQB
W91cAwQBW91qAwQCuTCEAwQAuTF7AwQCuTiwAwQBwnX2MCQEAgACMB4DBwAgAQZ8
GEwDBQAqAEeAAwUAKgJVIAMFAyoOrIAwDQYJKoZIhvcNAQELBQADggEBACcCYgVr
aWdL5IMXQAseqfMiHEsCl2SEB9o+TIBD1RCYkm0RKoijcYDDjHvPQ52Abd7+AF/z
01ti6UIP8eRHishH7F/9kDemRBdZhT/wZUCsAkMMtHtlOtCsGl6AmukpnbfmnEJr
Ws6adSWe0oprhZr+nbAGQOt+rfklOQ23pKdsLldL/22feb9X5s0QwKbIHWyzBd8K
DrYrZIuZ8YFoiyVkIatHJA951mLWHjprxb/qWx/QqQlUkQ3S/KoUT/XUqRaDpXZW
/RqbZxMnb6KQJobAEM/ZrOccnes6tNgjwV/ymyAHLUdX5owCDwA8REEHgerpvMml
r/N2dyBFq/SGBHM=
-----END CERTIFICATE-----
Generated at Tue Apr 8 14:29:08 2025 by rpki-client