Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KLTC2fsl2adCHxCA5hKreisSIgA.roa
File: KLTC2fsl2adCHxCA5hKreisSIgA.roa (raw, json)
Hash identifier: Q8Um7DxB7+sp+/GBq/whN+H2GDkdS8Uf1ycOfUekz+s=
Subject key identifier: 28:B4:C2:D9:FB:25:D9:A7:42:1F:10:80:E6:12:AB:7A:2B:12:22:00
Certificate issuer: /CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Certificate serial: 019427486D7F359105378F47F0DA769E1E76
Authority key identifier: 21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KLTC2fsl2adCHxCA5hKreisSIgA.roa
Signing time: Thu 02 Jan 2025 13:50:45 +0000
ROA not before: Thu 02 Jan 2025 13:50:45 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 201216
IP address blocks: 192.121.57.0/24 maxlen: 24
192.121.59.0/24 maxlen: 24
193.181.192.0/24 maxlen: 24
193.183.145.0/24 maxlen: 24
193.183.146.0/24 maxlen: 24
194.14.35.0/24 maxlen: 24
194.14.39.0/24 maxlen: 24
194.132.29.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 29 Jan 2025 13:05:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:6d:7f:35:91:05:37:8f:47:f0:da:76:9e:1e:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2135c7f571eefeb67404ab6c45fd475551adaf1b
Validity
Not Before: Jan 2 13:50:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=28b4c2d9fb25d9a7421f1080e612ab7a2b122200
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:30:89:30:ef:f5:3a:48:13:b6:97:89:e5:f4:
9c:c6:86:14:41:0a:cd:25:99:7d:2d:48:54:eb:98:
97:8d:22:a3:2b:3b:42:d1:ec:48:9f:01:9c:c7:92:
75:b0:ec:49:d5:18:2a:dd:2d:75:83:4f:7a:b6:41:
d9:4b:42:0f:11:ef:24:4a:05:eb:d7:97:4f:05:93:
44:30:2a:20:31:70:f4:2e:26:f1:88:bf:62:74:e3:
f6:af:b3:3b:cd:32:1f:9a:d6:10:24:c9:16:e5:d1:
3e:42:94:63:86:46:3d:8e:9d:ed:01:75:7f:8e:98:
42:bd:9c:56:bf:85:ce:b8:be:2c:39:e1:d4:69:97:
d0:b6:6a:7f:8a:b5:2d:00:36:6f:02:0d:b1:50:dd:
76:45:59:f3:0c:69:d9:1c:9b:4d:0d:65:79:36:2a:
c1:fb:78:05:8c:3f:b9:e6:2c:a8:24:b2:6c:e3:50:
2a:8f:72:dd:4b:53:1c:dd:03:1d:0d:c7:47:6c:b0:
47:dc:11:b9:30:bf:d6:3b:6f:e9:f6:37:27:a8:b2:
67:6d:e8:9b:d8:7a:2f:5b:e5:fb:72:c9:a5:2a:a3:
3a:94:fb:4d:a8:17:5c:25:75:4a:fd:0b:25:5b:49:
b7:7e:82:e7:25:f5:f8:86:7b:bd:6a:69:d7:76:49:
22:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:B4:C2:D9:FB:25:D9:A7:42:1F:10:80:E6:12:AB:7A:2B:12:22:00
X509v3 Authority Key Identifier:
keyid:21:35:C7:F5:71:EE:FE:B6:74:04:AB:6C:45:FD:47:55:51:AD:AF:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/KLTC2fsl2adCHxCA5hKreisSIgA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/680b78-96af-4a85-ac02-943d03321326/1/ITXH9XHu_rZ0BKtsRf1HVVGtrxs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.121.57.0/24
192.121.59.0/24
193.181.192.0/24
193.183.145.0-193.183.146.255
194.14.35.0/24
194.14.39.0/24
194.132.29.0/24
Signature Algorithm: sha256WithRSAEncryption
53:2c:80:4e:42:0e:62:51:29:59:d7:76:ce:96:3a:02:b9:d0:
eb:8e:de:84:ee:ae:6c:67:c0:96:e5:10:31:37:6f:e6:5f:bd:
31:35:42:50:a1:51:74:da:cf:63:d5:ce:8b:5d:9d:3f:ed:2c:
d3:74:9e:6c:7f:f6:46:a3:de:3c:db:0c:6c:ea:23:4c:15:06:
2d:d9:49:ed:2a:1b:54:d9:42:c1:63:e4:0d:7b:dd:9d:d8:bc:
60:7b:44:ab:5c:e6:f1:fc:36:7c:99:37:9d:f5:27:97:93:52:
d7:52:3f:49:e4:4e:83:d2:77:59:61:b1:a5:a5:78:68:36:ea:
d7:28:7d:13:ee:91:4e:5a:66:ad:7b:a0:64:54:8e:57:f2:52:
79:32:de:df:8d:e3:3c:fe:09:1f:bf:5f:75:c7:93:4b:d8:92:
f0:d7:36:5a:f1:b5:29:38:23:3f:4d:1e:31:1d:c7:89:51:49:
1a:4a:87:2f:7d:1b:ca:19:ab:ac:f2:24:9e:93:dc:69:79:88:
f1:74:84:70:d7:47:ac:47:49:e1:e9:31:3b:24:28:85:35:18:
e7:b7:d7:4d:4e:5d:9e:60:3d:87:d0:32:63:c9:3b:9d:ae:66:
61:99:5f:92:05:d8:25:bf:f3:f1:54:e1:ea:40:14:4c:f4:e6:
56:b0:c4:38
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZQnSG1/NZEFN49H8Np2nh52MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMzVjN2Y1NzFlZWZlYjY3NDA0YWI2YzQ1ZmQ0NzU1NTFh
ZGFmMWIwHhcNMjUwMTAyMTM1MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGI0YzJkOWZiMjVkOWE3NDIxZjEwODBlNjEyYWI3YTJiMTIyMjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DCJMO/1OkgTtpeJ5fScxoYUQQrN
JZl9LUhU65iXjSKjKztC0exInwGcx5J1sOxJ1Rgq3S11g096tkHZS0IPEe8kSgXr
15dPBZNEMCogMXD0LibxiL9idOP2r7M7zTIfmtYQJMkW5dE+QpRjhkY9jp3tAXV/
jphCvZxWv4XOuL4sOeHUaZfQtmp/irUtADZvAg2xUN12RVnzDGnZHJtNDWV5NirB
+3gFjD+55iyoJLJs41Aqj3LdS1Mc3QMdDcdHbLBH3BG5ML/WO2/p9jcnqLJnbeib
2HovW+X7csmlKqM6lPtNqBdcJXVK/QslW0m3foLnJfX4hnu9amnXdkkiNwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFCi0wtn7JdmnQh8QgOYSq3orEiIAMB8GA1UdIwQY
MBaAFCE1x/Vx7v62dASrbEX9R1VRra8bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDIt
OTQzZDAzMzIxMzI2LzEvS0xUQzJmc2wyYWRDSHhDQTVoS3JlaXNTSWdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82ODBiNzgtOTZhZi00YTg1LWFjMDItOTQzZDAzMzIxMzI2
LzEvSVRYSDlYSHVfclowQkt0c1JmMUhWVkd0cnhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAwHk5AwQA
wHk7AwQAwbXAMAwDBADBt5EDBADBt5IDBADCDiMDBADCDicDBADChB0wDQYJKoZI
hvcNAQELBQADggEBAFMsgE5CDmJRKVnXds6WOgK50OuO3oTurmxnwJblEDE3b+Zf
vTE1QlChUXTaz2PVzotdnT/tLNN0nmx/9kaj3jzbDGzqI0wVBi3ZSe0qG1TZQsFj
5A173Z3YvGB7RKtc5vH8NnyZN531J5eTUtdSP0nkToPSd1lhsaWleGg26tcofRPu
kU5aZq17oGRUjlfyUnky3t+N4zz+CR+/X3XHk0vYkvDXNlrxtSk4Iz9NHjEdx4lR
SRpKhy99G8oZq6zyJJ6T3Gl5iPF0hHDXR6xHSeHpMTskKIU1GOe3101OXZ5gPYfQ
MmPJO52uZmGZX5IF2CW/8/FU4epAFEz05lawxDg=
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:58:15 2025 by rpki-client