Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/KKRfDeycDPCPwpTyQRsljTZCI0Q.roa
File: KKRfDeycDPCPwpTyQRsljTZCI0Q.roa (raw, json)
Hash identifier: PSzMaw0rlMmL/oZoRxd25ejV8/TeJG1w+oXuPll3EtE=
Subject key identifier: 28:A4:5F:0D:EC:9C:0C:F0:8F:C2:94:F2:41:1B:25:8D:36:42:23:44
Certificate issuer: /CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
Certificate serial: 018CC4937783E30E962E92AD2BD8214894FC
Authority key identifier: 5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/KKRfDeycDPCPwpTyQRsljTZCI0Q.roa
Signing time: Mon 01 Jan 2024 10:30:47 +0000
ROA not before: Mon 01 Jan 2024 10:30:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 57829
IP address blocks: 91.196.240.0/23 maxlen: 24
91.196.240.0/22 maxlen: 24
217.16.192.0/20 maxlen: 24
91.196.242.0/23 maxlen: 24
185.130.0.0/24 maxlen: 24
62.181.223.0/24 maxlen: 24
31.25.64.0/22 maxlen: 24
31.25.64.0/21 maxlen: 24
31.25.68.0/22 maxlen: 24
2a02:7720::/32 maxlen: 48
Validation: Failed, certificate revoked on Mon 15 Jan 2024 07:15:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:93:77:83:e3:0e:96:2e:92:ad:2b:d8:21:48:94:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5c746e9f12c2c0e5459fe4e3d413c1c89de6db0e
Validity
Not Before: Jan 1 10:30:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=28a45f0dec9c0cf08fc294f2411b258d36422344
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:f0:4b:da:27:a5:90:78:1a:2f:57:7d:45:5f:
9a:51:ea:ec:38:c3:98:a7:41:a2:05:ee:0f:1e:25:
f0:89:e3:f9:00:6d:b8:e3:3f:e4:5c:6d:49:94:43:
3b:b4:eb:05:a7:1a:fc:d9:b4:6b:40:7d:36:26:f7:
be:94:d8:6c:d0:22:d1:a6:b2:06:c2:42:b7:02:1e:
45:93:e8:ad:b5:b4:1f:8c:c1:12:40:ed:48:6c:c9:
7d:a5:74:09:c0:18:d6:47:dc:a3:3f:00:48:d1:6c:
21:53:da:80:d0:ae:36:c4:e8:ae:5c:01:c9:56:5b:
37:e6:0a:b3:b9:77:93:83:fe:69:8f:38:f5:6d:2a:
3a:06:c5:9d:14:0c:84:1f:62:bc:36:29:79:79:bd:
61:fe:79:3f:5c:90:62:18:fb:3d:ad:a4:71:59:6d:
7b:40:d2:19:3f:69:44:cf:42:58:14:fa:a7:29:67:
87:5d:e0:02:91:3e:9a:d0:af:37:8b:65:b1:65:e0:
06:3f:34:62:cb:cb:e2:fc:e6:a5:f9:4b:60:6a:3b:
d1:13:8b:9b:d6:69:11:1e:69:4c:6c:58:40:2f:d4:
d9:c5:bc:b1:d8:4a:29:af:18:4c:8d:e8:5b:eb:f8:
e6:57:17:92:f6:1d:b0:d8:4d:aa:8c:4c:2c:f5:15:
ca:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:A4:5F:0D:EC:9C:0C:F0:8F:C2:94:F2:41:1B:25:8D:36:42:23:44
X509v3 Authority Key Identifier:
keyid:5C:74:6E:9F:12:C2:C0:E5:45:9F:E4:E3:D4:13:C1:C8:9D:E6:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XHRunxLCwOVFn-Tj1BPByJ3m2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/KKRfDeycDPCPwpTyQRsljTZCI0Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/d6bf5e-4812-430e-9a13-e5947614ef3f/1/XHRunxLCwOVFn-Tj1BPByJ3m2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.25.64.0/21
62.181.223.0/24
91.196.240.0/22
185.130.0.0/24
217.16.192.0/20
IPv6:
2a02:7720::/32
Signature Algorithm: sha256WithRSAEncryption
a1:f5:a1:1e:8b:8f:aa:d7:94:88:af:e8:e5:2b:b2:62:d1:1a:
d9:da:cf:cc:6b:56:12:47:de:91:c2:25:b0:21:4d:51:fc:7e:
f9:a3:08:e4:25:80:13:17:60:55:eb:55:3d:46:fb:90:ab:b7:
02:d0:e6:f0:32:5c:51:3b:da:de:7d:16:0d:a8:d0:ef:0c:f9:
57:62:a3:45:28:5f:f1:69:91:b6:97:84:42:ad:e2:ea:86:7d:
d2:fd:08:85:8e:d8:d3:22:43:4e:8b:56:f2:74:9d:aa:70:e4:
af:52:85:3b:7a:4e:a0:1d:4c:2c:64:f2:ad:91:3e:6a:c5:70:
ef:91:92:bb:7e:11:66:cf:7f:23:b4:86:4f:ec:4c:38:df:44:
11:1f:18:87:33:e7:f6:bc:19:6f:54:c4:2b:cf:d4:c0:73:f2:
f6:04:c9:b2:51:1b:76:25:9a:e4:b5:2a:1e:54:9f:1d:ba:f1:
d7:bc:8e:0d:98:65:c5:2d:ba:7b:b3:88:86:83:e9:b1:35:96:
43:31:ff:ad:92:fa:94:b0:05:3d:1f:23:8d:59:e7:ee:30:6a:
8a:dc:e5:b4:3b:b9:40:0e:14:47:e3:e8:b2:53:93:ca:5f:49:
0d:11:a3:a8:dd:72:a6:b7:5a:a0:14:74:98:6f:ba:13:9d:81:
b4:24:52:2b
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzEk3eD4w6WLpKtK9ghSJT8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNzQ2ZTlmMTJjMmMwZTU0NTlmZTRlM2Q0MTNjMWM4OWRl
NmRiMGUwHhcNMjQwMTAxMTAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGE0NWYwZGVjOWMwY2YwOGZjMjk0ZjI0MTFiMjU4ZDM2NDIyMzQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfBL2ielkHgaL1d9RV+aUersOMOY
p0GiBe4PHiXwieP5AG244z/kXG1JlEM7tOsFpxr82bRrQH02Jve+lNhs0CLRprIG
wkK3Ah5Fk+ittbQfjMESQO1IbMl9pXQJwBjWR9yjPwBI0WwhU9qA0K42xOiuXAHJ
Vls35gqzuXeTg/5pjzj1bSo6BsWdFAyEH2K8Nil5eb1h/nk/XJBiGPs9raRxWW17
QNIZP2lEz0JYFPqnKWeHXeACkT6a0K83i2WxZeAGPzRiy8vi/Oal+UtgajvRE4ub
1mkRHmlMbFhAL9TZxbyx2EoprxhMjehb6/jmVxeS9h2w2E2qjEws9RXKrQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFCikXw3snAzwj8KU8kEbJY02QiNEMB8GA1UdIwQY
MBaAFFx0bp8SwsDlRZ/k49QTwcid5tsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMt
ZTU5NDc2MTRlZjNmLzEvS0tSZkRleWNEUENQd3BUeVFSc2xqVFpDSTBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9kNmJmNWUtNDgxMi00MzBlLTlhMTMtZTU5NDc2MTRlZjNm
LzEvWEhSdW54TEN3T1ZGbi1UajFCUEJ5SjNtMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDHxlAAwQA
PrXfAwQCW8TwAwQAuYIAAwQE2RDAMA0EAgACMAcDBQAqAncgMA0GCSqGSIb3DQEB
CwUAA4IBAQCh9aEei4+q15SIr+jlK7Ji0RrZ2s/Ma1YSR96RwiWwIU1R/H75owjk
JYATF2BV61U9RvuQq7cC0ObwMlxRO9refRYNqNDvDPlXYqNFKF/xaZG2l4RCreLq
hn3S/QiFjtjTIkNOi1bydJ2qcOSvUoU7ek6gHUwsZPKtkT5qxXDvkZK7fhFmz38j
tIZP7Ew430QRHxiHM+f2vBlvVMQrz9TAc/L2BMmyURt2JZrktSoeVJ8duvHXvI4N
mGXFLbp7s4iGg+mxNZZDMf+tkvqUsAU9HyONWefuMGqK3OW0O7lADhRH4+iyU5PK
X0kNEaOo3XKmt1qgFHSYb7oTnYG0JFIr
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:28 2024 by rpki-client on console-fra.rpki-client.org