Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/Q-9cNP3_ePZugPMosSZzSQJPxgI.roa
File: Q-9cNP3_ePZugPMosSZzSQJPxgI.roa (raw, json)
Hash identifier: KXfelgNB9ynQaiW6t+0ldGIKoFH6Rzr+kn+LqxDAnA4=
Subject key identifier: 43:EF:5C:34:FD:FF:78:F6:6E:80:F3:28:B1:26:73:49:02:4F:C6:02
Certificate issuer: /CN=ef8455d40c2e3dbcb24446fcc97a09ed4badedc3
Certificate serial: 019280B7089C0564D0719915391A0268E84C
Authority key identifier: EF:84:55:D4:0C:2E:3D:BC:B2:44:46:FC:C9:7A:09:ED:4B:AD:ED:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/74RV1AwuPbyyREb8yXoJ7Uut7cM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/Q-9cNP3_ePZugPMosSZzSQJPxgI.roa
Signing time: Sat 12 Oct 2024 12:32:11 +0000
ROA not before: Sat 12 Oct 2024 12:32:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198050
IP address blocks: 64.190.43.0/24 maxlen: 24
91.231.70.0/23 maxlen: 23
91.231.80.0/22 maxlen: 22
176.97.24.0/21 maxlen: 21
Validation: Failed, certificate revoked on Wed 01 Jan 2025 13:48:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:80:b7:08:9c:05:64:d0:71:99:15:39:1a:02:68:e8:4c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef8455d40c2e3dbcb24446fcc97a09ed4badedc3
Validity
Not Before: Oct 12 12:32:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=43ef5c34fdff78f66e80f328b1267349024fc602
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:93:1c:71:b9:ab:07:34:50:6f:28:e3:2c:34:
5a:a4:53:d1:a8:a8:ba:45:f0:a8:28:54:0d:59:4a:
6f:6d:4c:90:04:7b:5e:18:9c:43:d1:b7:0f:b5:d4:
79:51:60:89:9b:b9:b2:c9:fc:ff:34:bd:e2:ac:67:
a7:09:8f:e7:10:e6:6c:7e:16:08:11:48:dc:52:8b:
09:80:9f:37:9e:a5:06:70:f4:8f:fd:88:e4:c7:43:
ff:a3:de:27:3b:1c:ff:76:24:be:72:f3:27:87:0d:
e4:8c:c9:74:3e:90:fc:74:06:11:75:86:35:a5:75:
83:81:0d:1e:c0:7c:23:9b:b9:c0:21:78:06:c6:f0:
8e:b1:66:42:54:86:01:f0:83:78:d4:b5:93:5c:f0:
73:05:d4:e8:a5:5a:84:57:8c:02:8b:2b:c9:42:62:
9c:96:91:70:2c:ab:1a:1c:3e:c3:8e:db:9e:06:b2:
ba:35:4c:b5:9d:72:be:1d:64:2a:11:9e:de:17:c7:
5b:b7:d5:d2:f3:87:59:ba:81:bc:07:b5:24:f7:24:
f7:63:82:d3:2c:5c:ce:94:31:bb:dc:c4:16:d3:a1:
82:2a:ef:dd:8c:dc:2f:eb:16:4f:98:e7:e1:0d:e5:
38:e1:47:95:7f:6d:44:62:20:58:8d:24:38:7c:68:
c9:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:EF:5C:34:FD:FF:78:F6:6E:80:F3:28:B1:26:73:49:02:4F:C6:02
X509v3 Authority Key Identifier:
keyid:EF:84:55:D4:0C:2E:3D:BC:B2:44:46:FC:C9:7A:09:ED:4B:AD:ED:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/74RV1AwuPbyyREb8yXoJ7Uut7cM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/Q-9cNP3_ePZugPMosSZzSQJPxgI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/0e488f-180d-4c8a-a452-4c74bb59c594/1/74RV1AwuPbyyREb8yXoJ7Uut7cM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.190.43.0/24
91.231.70.0/23
91.231.80.0/22
176.97.24.0/21
Signature Algorithm: sha256WithRSAEncryption
09:73:73:63:87:c0:3b:38:ff:cf:0e:33:7d:fa:12:95:47:c0:
83:1d:19:28:78:31:6b:58:03:74:5c:e4:40:e6:d4:67:72:82:
f7:64:39:5b:b9:22:d3:f6:65:d5:38:12:e7:81:33:d3:26:d7:
b2:52:ac:2f:66:21:f4:50:88:2e:e7:76:3f:0e:ff:4e:be:fc:
b3:f4:b7:d0:c3:d4:15:d1:4b:d2:6b:3a:6a:cf:54:cd:1c:6a:
a1:43:ac:84:a7:6a:f9:0f:9f:5d:3f:db:f0:61:4e:18:2f:2a:
91:a0:02:c2:f8:03:38:3c:44:89:9e:b7:d3:e4:10:70:0e:51:
2e:24:98:e1:93:bd:32:84:6e:ed:8d:be:b3:5a:1e:f9:35:44:
c4:bd:5f:b9:47:c7:d8:34:89:c6:14:c1:fb:58:29:f2:33:ee:
ff:27:a7:0f:78:a8:50:33:01:fc:bf:2f:a9:6d:1b:e2:24:c2:
cc:9a:2b:0d:19:fe:56:46:ed:36:a0:e4:b2:b8:9c:2a:11:d5:
17:96:31:19:5e:27:c3:e8:c5:09:ca:80:af:7b:ff:5d:5d:00:
00:25:2e:a6:13:8b:6e:e0:a8:14:84:d0:38:3f:22:4d:9a:7d:
69:86:8c:d9:10:92:85:fe:68:5b:64:b1:f4:35:79:41:cf:72:
6d:4c:7e:2b
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZKAtwicBWTQcZkVORoCaOhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmODQ1NWQ0MGMyZTNkYmNiMjQ0NDZmY2M5N2EwOWVkNGJh
ZGVkYzMwHhcNMjQxMDEyMTIzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2VmNWMzNGZkZmY3OGY2NmU4MGYzMjhiMTI2NzM0OTAyNGZjNjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pMccbmrBzRQbyjjLDRapFPRqKi6
RfCoKFQNWUpvbUyQBHteGJxD0bcPtdR5UWCJm7myyfz/NL3irGenCY/nEOZsfhYI
EUjcUosJgJ83nqUGcPSP/Yjkx0P/o94nOxz/diS+cvMnhw3kjMl0PpD8dAYRdYY1
pXWDgQ0ewHwjm7nAIXgGxvCOsWZCVIYB8IN41LWTXPBzBdTopVqEV4wCiyvJQmKc
lpFwLKsaHD7DjtueBrK6NUy1nXK+HWQqEZ7eF8dbt9XS84dZuoG8B7Uk9yT3Y4LT
LFzOlDG73MQW06GCKu/djNwv6xZPmOfhDeU44UeVf21EYiBYjSQ4fGjJKQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFEPvXDT9/3j2boDzKLEmc0kCT8YCMB8GA1UdIwQY
MBaAFO+EVdQMLj28skRG/Ml6Ce1Lre3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzRSVjFBd3VQYnl5UkViOHlYb0o3VXV0N2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi8wZTQ4OGYtMTgwZC00YzhhLWE0NTIt
NGM3NGJiNTljNTk0LzEvUS05Y05QM19lUFp1Z1BNb3NTWnpTUUpQeGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi8wZTQ4OGYtMTgwZC00YzhhLWE0NTItNGM3NGJiNTljNTk0
LzEvNzRSVjFBd3VQYnl5UkViOHlYb0o3VXV0N2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAQL4rAwQB
W+dGAwQCW+dQAwQDsGEYMA0GCSqGSIb3DQEBCwUAA4IBAQAJc3Njh8A7OP/PDjN9
+hKVR8CDHRkoeDFrWAN0XORA5tRncoL3ZDlbuSLT9mXVOBLngTPTJteyUqwvZiH0
UIgu53Y/Dv9Ovvyz9LfQw9QV0UvSazpqz1TNHGqhQ6yEp2r5D59dP9vwYU4YLyqR
oALC+AM4PESJnrfT5BBwDlEuJJjhk70yhG7tjb6zWh75NUTEvV+5R8fYNInGFMH7
WCnyM+7/J6cPeKhQMwH8vy+pbRviJMLMmisNGf5WRu02oOSyuJwqEdUXljEZXifD
6MUJyoCve/9dXQAAJS6mE4tu4KgUhNA4PyJNmn1phozZEJKF/mhbZLH0NXlBz3Jt
TH4r
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:09:49 2025 by rpki-client