Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/Nf4B_sDS9113xbpwicOsxJtQVNw.roa
File: Nf4B_sDS9113xbpwicOsxJtQVNw.roa (raw, json)
Hash identifier: TqssRWzpANpsA28LMQfnYqzaUvCGCiqMUqOmrhoTdJI=
Subject key identifier: 35:FE:01:FE:C0:D2:F7:5D:77:C5:BA:70:89:C3:AC:C4:9B:50:54:DC
Certificate issuer: /CN=31828c99d35cb92e2d53daf128e497e841b63ab0
Certificate serial: 019422FBFC364B5C2D705E5CE162AB3C5AAA
Authority key identifier: 31:82:8C:99:D3:5C:B9:2E:2D:53:DA:F1:28:E4:97:E8:41:B6:3A:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MYKMmdNcuS4tU9rxKOSX6EG2OrA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/Nf4B_sDS9113xbpwicOsxJtQVNw.roa
Signing time: Wed 01 Jan 2025 17:48:46 +0000
ROA not before: Wed 01 Jan 2025 17:48:46 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41898
IP address blocks: 91.135.16.0/20 maxlen: 20
95.130.32.0/21 maxlen: 21
158.255.56.0/21 maxlen: 21
158.255.59.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 20 Jan 2025 08:02:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:fb:fc:36:4b:5c:2d:70:5e:5c:e1:62:ab:3c:5a:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=31828c99d35cb92e2d53daf128e497e841b63ab0
Validity
Not Before: Jan 1 17:48:46 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35fe01fec0d2f75d77c5ba7089c3acc49b5054dc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:4d:13:11:04:2a:ab:f4:1d:18:ee:65:cf:a4:
14:f7:5d:26:af:68:02:42:00:9e:8c:64:12:14:27:
5e:cd:59:10:75:f2:3d:29:97:14:e2:c8:3e:80:fa:
ba:d4:10:c7:34:76:e9:da:a6:aa:85:07:5b:e4:26:
86:17:a1:dd:bd:12:02:8f:7b:88:21:0e:06:26:18:
00:13:9a:7a:67:7a:f0:39:7b:f7:93:41:d1:99:02:
b4:09:d4:ab:38:1d:fc:f1:74:d2:59:ca:91:0c:3a:
8d:64:43:e7:6d:32:a6:bc:4f:1e:21:8f:c5:f6:0a:
a4:7f:62:be:79:d0:5a:9c:dd:8a:b2:6b:77:15:e2:
a6:aa:eb:da:fa:39:f9:43:44:45:7a:c5:f6:38:82:
1c:e0:17:f3:03:82:68:f7:d1:41:01:7c:4d:cf:b5:
4d:1b:a0:1d:85:93:92:73:17:a2:6f:fb:1a:11:c9:
c8:2b:50:0d:24:52:a3:c4:90:54:9c:9f:70:40:49:
52:b1:81:75:93:f4:4f:4f:97:cc:aa:8d:00:df:f3:
94:40:ea:3e:fb:78:6d:a8:2b:cb:b3:eb:37:4d:80:
42:21:8c:4f:d4:7e:9f:48:31:fe:22:2d:d4:16:6f:
6f:ce:8e:b9:55:b8:46:16:70:00:6e:27:ff:f2:2a:
44:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:FE:01:FE:C0:D2:F7:5D:77:C5:BA:70:89:C3:AC:C4:9B:50:54:DC
X509v3 Authority Key Identifier:
keyid:31:82:8C:99:D3:5C:B9:2E:2D:53:DA:F1:28:E4:97:E8:41:B6:3A:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYKMmdNcuS4tU9rxKOSX6EG2OrA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/Nf4B_sDS9113xbpwicOsxJtQVNw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/6cba1a-5f4d-4308-bf46-eb37a85a82c5/1/MYKMmdNcuS4tU9rxKOSX6EG2OrA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.135.16.0/20
95.130.32.0/21
158.255.56.0/21
Signature Algorithm: sha256WithRSAEncryption
63:5f:63:f8:9d:4a:f4:09:e8:cb:e6:a4:5e:3d:d0:9a:cc:12:
5d:a9:f8:6f:af:2c:4d:c8:2c:aa:45:5e:a7:a3:a6:39:fe:7a:
a8:3f:67:b6:7c:54:4b:94:69:67:91:27:16:48:41:6e:49:a3:
ba:bf:20:c3:56:52:64:4e:93:5d:22:9f:50:8a:7e:ae:04:f0:
ca:01:10:72:e1:0d:ac:e6:de:65:8e:12:93:29:59:5e:c9:5f:
11:37:5d:07:f6:b2:ed:1b:75:63:4d:b7:49:80:8e:81:b5:63:
cd:9b:59:d6:4e:8f:e7:34:2d:25:49:51:e0:93:19:b6:f1:4b:
ea:6a:0f:da:ea:04:05:ae:4c:63:ed:0f:0c:bd:f3:ef:dd:9d:
a3:17:1d:8e:2e:c0:e7:4f:4d:63:33:79:c7:de:b9:94:a6:7c:
72:15:91:77:50:da:c4:8e:97:1c:9e:4f:d3:f5:b3:74:e8:9b:
59:72:e2:b2:f2:9d:da:e3:22:99:b0:6f:2a:3e:00:34:50:1e:
ff:26:ae:b6:ca:ce:2d:2a:6d:71:55:34:d5:86:de:80:96:b2:
bb:44:13:83:80:9b:a4:5e:b2:23:3f:8c:8d:00:9c:0a:1b:fc:
33:72:68:34:a7:bc:02:67:4d:fe:a8:66:6a:fc:61:05:0e:98:
41:b5:a3:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQi+/w2S1wtcF5c4WKrPFqqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODI4Yzk5ZDM1Y2I5MmUyZDUzZGFmMTI4ZTQ5N2U4NDFi
NjNhYjAwHhcNMjUwMTAxMTc0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZlMDFmZWMwZDJmNzVkNzdjNWJhNzA4OWMzYWNjNDliNTA1NGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx00TEQQqq/QdGO5lz6QU910mr2gC
QgCejGQSFCdezVkQdfI9KZcU4sg+gPq61BDHNHbp2qaqhQdb5CaGF6HdvRICj3uI
IQ4GJhgAE5p6Z3rwOXv3k0HRmQK0CdSrOB388XTSWcqRDDqNZEPnbTKmvE8eIY/F
9gqkf2K+edBanN2Ksmt3FeKmquva+jn5Q0RFesX2OIIc4BfzA4Jo99FBAXxNz7VN
G6AdhZOScxeib/saEcnIK1ANJFKjxJBUnJ9wQElSsYF1k/RPT5fMqo0A3/OUQOo+
+3htqCvLs+s3TYBCIYxP1H6fSDH+Ii3UFm9vzo65VbhGFnAAbif/8ipE/QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFDX+Af7A0vddd8W6cInDrMSbUFTcMB8GA1UdIwQY
MBaAFDGCjJnTXLkuLVPa8Sjkl+hBtjqwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlLTW1kTmN1UzR0VTlyeEtPU1g2RUcyT3JBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS82Y2JhMWEtNWY0ZC00MzA4LWJmNDYt
ZWIzN2E4NWE4MmM1LzEvTmY0Ql9zRFM5MTEzeGJwd2ljT3N4SnRRVk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS82Y2JhMWEtNWY0ZC00MzA4LWJmNDYtZWIzN2E4NWE4MmM1
LzEvTVlLTW1kTmN1UzR0VTlyeEtPU1g2RUcyT3JBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEW4cQAwQD
X4IgAwQDnv84MA0GCSqGSIb3DQEBCwUAA4IBAQBjX2P4nUr0CejL5qRePdCazBJd
qfhvryxNyCyqRV6no6Y5/nqoP2e2fFRLlGlnkScWSEFuSaO6vyDDVlJkTpNdIp9Q
in6uBPDKARBy4Q2s5t5ljhKTKVleyV8RN10H9rLtG3VjTbdJgI6BtWPNm1nWTo/n
NC0lSVHgkxm28Uvqag/a6gQFrkxj7Q8MvfPv3Z2jFx2OLsDnT01jM3nH3rmUpnxy
FZF3UNrEjpccnk/T9bN06JtZcuKy8p3a4yKZsG8qPgA0UB7/Jq62ys4tKm1xVTTV
ht6AlrK7RBODgJukXrIjP4yNAJwKG/wzcmg0p7wCZ03+qGZq/GEFDphBtaPn
-----END CERTIFICATE-----
Generated at Fri Apr 18 03:29:14 2025 by rpki-client