Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/XPKdYfBsW7zwT-yZADBB-kogxDI.roa
File: XPKdYfBsW7zwT-yZADBB-kogxDI.roa (raw, json)
Hash identifier: 3f+WfNeQYiqOJK8HUSTC8s85CmT0KTNLCajkp1rscOU=
Subject key identifier: 5C:F2:9D:61:F0:6C:5B:BC:F0:4F:EC:99:00:30:41:FA:4A:20:C4:32
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 0191E6084B0756FB0A659E364074DBDABBE1
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/XPKdYfBsW7zwT-yZADBB-kogxDI.roa
Signing time: Thu 12 Sep 2024 11:39:48 +0000
ROA not before: Thu 12 Sep 2024 11:39:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211619
IP address blocks: 45.9.168.0/24 maxlen: 24
77.242.152.0/24 maxlen: 24
77.242.153.0/24 maxlen: 24
77.242.155.0/24 maxlen: 24
88.209.205.0/24 maxlen: 24
88.209.228.0/24 maxlen: 24
88.209.239.0/24 maxlen: 24
92.52.217.0/24 maxlen: 24
194.41.47.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 18 Oct 2024 12:58:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:e6:08:4b:07:56:fb:0a:65:9e:36:40:74:db:da:bb:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Sep 12 11:39:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5cf29d61f06c5bbcf04fec99003041fa4a20c432
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:35:46:f6:5e:fa:e8:f5:22:bf:0b:43:be:c1:
0d:17:65:3d:28:3e:1d:06:45:00:83:48:68:fb:40:
47:96:95:f3:28:93:e5:39:32:7a:13:53:fb:b8:da:
67:0f:a0:c0:aa:d4:e9:69:2d:56:76:2d:2e:c4:8d:
63:ff:a4:c9:f9:18:e9:da:1a:64:58:2b:a5:ab:7b:
64:5d:e0:59:0f:47:0b:77:8c:64:1d:40:25:0b:90:
e2:69:69:84:40:c5:b3:9e:0b:6b:c9:4a:6d:fe:df:
33:e6:53:ed:23:9f:7d:36:c1:34:63:74:c8:20:57:
db:77:1f:41:b6:f7:7b:c7:e0:ae:01:7b:fa:b6:2e:
4b:70:92:66:a5:c3:24:a0:c2:7c:91:5c:5d:b1:a5:
6e:9e:ff:f7:b1:21:9b:42:e4:e0:c5:05:0d:2e:fc:
66:70:6b:fe:89:77:79:6a:da:a7:1a:52:8c:0e:d8:
9d:f1:ec:ba:9b:2c:25:f0:4b:19:89:01:1b:25:ae:
43:ef:ee:0b:3a:5a:ad:4b:11:54:21:5c:52:8a:4c:
b8:98:57:e7:45:14:01:03:88:fc:40:65:59:1b:a0:
89:34:88:02:8d:ff:22:85:f2:24:f2:55:ab:c5:5d:
8f:5f:69:10:c4:7e:1e:b7:d3:be:ae:4f:e7:ef:ac:
c0:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:F2:9D:61:F0:6C:5B:BC:F0:4F:EC:99:00:30:41:FA:4A:20:C4:32
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/XPKdYfBsW7zwT-yZADBB-kogxDI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.168.0/24
77.242.152.0/23
77.242.155.0/24
88.209.205.0/24
88.209.228.0/24
88.209.239.0/24
92.52.217.0/24
194.41.47.0/24
Signature Algorithm: sha256WithRSAEncryption
1e:93:b9:75:ea:2d:0a:78:58:b5:e0:51:81:07:79:8f:b2:70:
61:60:ae:ba:30:61:d6:52:78:ba:1e:ec:de:61:be:c1:55:ef:
f8:83:4e:5a:be:a9:f1:76:f8:7b:84:60:3b:8a:37:ed:4f:0d:
b5:d2:e5:a7:cf:dc:f6:04:50:6a:30:34:22:8a:e7:c0:80:f9:
27:14:57:11:76:cd:aa:48:04:fc:82:a1:d0:ba:8b:20:28:27:
12:a4:8e:66:d8:9b:ba:03:ff:e0:d6:83:17:f3:68:f7:b5:a8:
d4:90:88:b9:9f:d5:94:99:f3:32:de:95:17:84:bf:cc:73:ff:
c8:cf:75:7e:0f:d7:2e:8d:d8:f2:2a:ed:41:01:91:8b:a7:44:
cb:6c:4d:e4:22:50:28:fc:12:14:ea:05:30:f9:88:be:2c:01:
b9:78:db:46:2b:3a:e3:e1:3b:ac:10:fc:b6:69:70:2e:cc:ee:
90:f8:a8:bc:de:af:a9:a4:cb:90:47:18:e3:35:1e:94:39:6b:
b0:57:88:fb:41:c2:22:09:e9:28:4c:8a:03:b3:d8:90:c7:d8:
14:a8:ad:65:45:ca:63:a7:bb:7f:ac:8f:19:3e:65:d3:cb:f3:
3c:01:18:20:96:55:6c:f0:96:d4:48:56:7f:c6:03:3b:d3:de:
2f:f8:76:51
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZHmCEsHVvsKZZ42QHTb2rvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwOTEyMTEzOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2YyOWQ2MWYwNmM1YmJjZjA0ZmVjOTkwMDMwNDFmYTRhMjBjNDMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDVG9l766PUivwtDvsENF2U9KD4d
BkUAg0ho+0BHlpXzKJPlOTJ6E1P7uNpnD6DAqtTpaS1Wdi0uxI1j/6TJ+Rjp2hpk
WCulq3tkXeBZD0cLd4xkHUAlC5DiaWmEQMWzngtryUpt/t8z5lPtI599NsE0Y3TI
IFfbdx9Btvd7x+CuAXv6ti5LcJJmpcMkoMJ8kVxdsaVunv/3sSGbQuTgxQUNLvxm
cGv+iXd5atqnGlKMDtid8ey6mywl8EsZiQEbJa5D7+4LOlqtSxFUIVxSiky4mFfn
RRQBA4j8QGVZG6CJNIgCjf8ihfIk8lWrxV2PX2kQxH4et9O+rk/n76zA2QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFzynWHwbFu88E/smQAwQfpKIMQyMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWFBLZFlmQnNXN3p3VC15WkFEQkIta29neERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQmoAwQB
TfKYAwQATfKbAwQAWNHNAwQAWNHkAwQAWNHvAwQAXDTZAwQAwikvMA0GCSqGSIb3
DQEBCwUAA4IBAQAek7l16i0KeFi14FGBB3mPsnBhYK66MGHWUni6HuzeYb7BVe/4
g05avqnxdvh7hGA7ijftTw210uWnz9z2BFBqMDQiiufAgPknFFcRds2qSAT8gqHQ
uosgKCcSpI5m2Ju6A//g1oMX82j3tajUkIi5n9WUmfMy3pUXhL/Mc//Iz3V+D9cu
jdjyKu1BAZGLp0TLbE3kIlAo/BIU6gUw+Yi+LAG5eNtGKzrj4TusEPy2aXAuzO6Q
+Ki83q+ppMuQRxjjNR6UOWuwV4j7QcIiCekoTIoDs9iQx9gUqK1lRcpjp7t/rI8Z
PmXTy/M8ARggllVs8JbUSFZ/xgM7094v+HZR
-----END CERTIFICATE-----
Generated at Fri Oct 18 16:42:25 2024 by rpki-client on console-ams.rpki-client.org