Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/2DfChkVUPOaPuYrcKv7AllcZ0kI.roa
File: 2DfChkVUPOaPuYrcKv7AllcZ0kI.roa (raw, json)
Hash identifier: NmkKcrKle1HeCP5OFvDnSWRRryHC84YiXsEsv0ltlyc=
Subject key identifier: D8:37:C2:86:45:54:3C:E6:8F:B9:8A:DC:2A:FE:C0:96:57:19:D2:42
Certificate issuer: /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial: 01944F340FDCDC9608E46E4383C4035C5AAE
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/2DfChkVUPOaPuYrcKv7AllcZ0kI.roa
Signing time: Fri 10 Jan 2025 07:53:19 +0000
ROA not before: Fri 10 Jan 2025 07:53:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 59432
IP address blocks: 194.143.209.0/24 maxlen: 24
195.114.192.0/24 maxlen: 24
195.114.198.0/24 maxlen: 24
195.114.205.0/24 maxlen: 24
213.220.20.0/24 maxlen: 24
213.220.58.0/24 maxlen: 24
213.220.59.0/24 maxlen: 24
213.220.62.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 13 Jan 2025 07:54:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:4f:34:0f:dc:dc:96:08:e4:6e:43:83:c4:03:5c:5a:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Validity
Not Before: Jan 10 07:53:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d837c28645543ce68fb98adc2afec0965719d242
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:f0:d9:6a:4f:d5:9f:37:c9:da:36:a7:a9:4a:
a6:35:a6:1e:84:55:80:64:23:bb:07:1b:a5:f9:8b:
92:98:39:b2:a6:25:e5:23:d4:d6:d7:e9:95:ed:ad:
b2:33:b5:81:20:b6:67:45:7d:09:f2:f4:19:8c:d4:
77:c4:33:df:5b:71:f4:61:f9:ff:1d:f2:ee:2b:5d:
3d:13:9f:52:5a:84:00:56:14:04:9c:be:85:95:9c:
37:8f:0d:32:b9:e1:86:8d:7a:ef:f4:03:a8:10:fa:
12:a8:4f:54:de:fb:b0:5a:12:7e:45:64:70:ff:a2:
fb:29:9f:72:b1:33:3f:76:97:23:95:1d:99:10:65:
1d:90:3e:63:57:95:e8:bd:85:e6:17:5e:22:ae:58:
f6:e9:51:19:09:45:53:d1:a5:9b:e7:b2:9c:52:1c:
f3:c5:bf:a5:55:f4:75:36:f4:bb:53:e6:77:a9:3d:
a1:ca:6c:42:5b:6e:04:93:2c:67:6c:cf:3d:8f:fc:
8b:e8:10:3e:1d:85:07:fa:33:c8:e2:db:53:9e:9a:
82:f2:94:40:85:27:5f:d7:ee:3b:7b:36:d1:f9:2e:
4b:54:62:65:2a:39:a1:93:d5:c8:cf:16:be:56:31:
6f:24:97:87:04:64:34:fc:3d:2d:b9:ad:ea:5e:9b:
bc:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:37:C2:86:45:54:3C:E6:8F:B9:8A:DC:2A:FE:C0:96:57:19:D2:42
X509v3 Authority Key Identifier:
keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/2DfChkVUPOaPuYrcKv7AllcZ0kI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.143.209.0/24
195.114.192.0/24
195.114.198.0/24
195.114.205.0/24
213.220.20.0/24
213.220.58.0/23
213.220.62.0/24
Signature Algorithm: sha256WithRSAEncryption
75:be:c9:a4:52:21:69:af:b3:64:32:e3:4f:7e:f3:d7:6c:8a:
5d:a2:1c:6b:b0:b6:2f:d2:64:05:f1:d2:d7:15:34:ce:da:73:
35:49:f9:2b:53:46:fd:00:0b:30:26:26:17:1c:ef:0d:e6:04:
c4:08:e2:31:1c:a8:8f:c6:b8:55:b7:c7:8d:0f:79:02:84:b2:
00:8a:46:0f:6c:7d:8d:35:55:30:89:55:31:04:52:b5:57:23:
88:d4:0d:cd:98:e7:1b:cc:b0:02:da:85:6a:b8:4f:60:03:19:
09:16:75:96:ed:53:b4:03:e5:34:a1:cd:ae:7f:9f:af:18:b9:
ba:53:99:c2:3a:a6:a5:07:89:a8:a9:6e:b6:96:70:82:78:31:
81:96:81:d1:50:ca:2b:a1:3d:57:c6:e5:f2:e5:da:73:d9:4a:
33:1b:91:ac:4c:95:f5:e1:e3:07:bd:49:79:d5:3f:9e:4f:93:
89:39:80:8c:4e:7b:ac:b9:b7:1a:96:d4:83:5c:fb:63:c1:ed:
26:44:f3:19:6f:65:88:b3:f2:6a:73:8b:7e:30:c9:68:a3:1b:
e3:ae:2d:5f:8e:0a:74:04:57:0e:0b:bb:a8:f7:ef:67:20:92:
2a:73:78:ce:5d:a8:0a:27:96:08:d9:51:20:be:9d:6f:08:81:
ea:ed:e3:e9
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZRPNA/c3JYI5G5Dg8QDXFquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwMTEwMDc1MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODM3YzI4NjQ1NTQzY2U2OGZiOThhZGMyYWZlYzA5NjU3MTlkMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvDZak/VnzfJ2janqUqmNaYehFWA
ZCO7Bxul+YuSmDmypiXlI9TW1+mV7a2yM7WBILZnRX0J8vQZjNR3xDPfW3H0Yfn/
HfLuK109E59SWoQAVhQEnL6FlZw3jw0yueGGjXrv9AOoEPoSqE9U3vuwWhJ+RWRw
/6L7KZ9ysTM/dpcjlR2ZEGUdkD5jV5XovYXmF14irlj26VEZCUVT0aWb57KcUhzz
xb+lVfR1NvS7U+Z3qT2hymxCW24EkyxnbM89j/yL6BA+HYUH+jPI4ttTnpqC8pRA
hSdf1+47ezbR+S5LVGJlKjmhk9XIzxa+VjFvJJeHBGQ0/D0tua3qXpu8kQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNg3woZFVDzmj7mK3Cr+wJZXGdJCMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvMkRmQ2hrVlVQT2FQdVlyY0t2N0FsbGNaMGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwo/RAwQA
w3LAAwQAw3LGAwQAw3LNAwQA1dwUAwQB1dw6AwQA1dw+MA0GCSqGSIb3DQEBCwUA
A4IBAQB1vsmkUiFpr7NkMuNPfvPXbIpdohxrsLYv0mQF8dLXFTTO2nM1SfkrU0b9
AAswJiYXHO8N5gTECOIxHKiPxrhVt8eND3kChLIAikYPbH2NNVUwiVUxBFK1VyOI
1A3NmOcbzLAC2oVquE9gAxkJFnWW7VO0A+U0oc2uf5+vGLm6U5nCOqalB4moqW62
lnCCeDGBloHRUMoroT1XxuXy5dpz2UozG5GsTJX14eMHvUl51T+eT5OJOYCMTnus
ubcaltSDXPtjwe0mRPMZb2WIs/Jqc4t+MMlooxvjri1fjgp0BFcOC7uo9+9nIJIq
c3jOXagKJ5YI2VEgvp1vCIHq7ePp
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:11:11 2025 by rpki-client