Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/l2smdz3z-xi9zXbA3XKdeIhm-GU.roa
File: l2smdz3z-xi9zXbA3XKdeIhm-GU.roa (raw, json)
Hash identifier: MZVi1kmrXqSh8KlS9K8FuD6fi7igUWbugQqrXbVbPGs=
Subject key identifier: 97:6B:26:77:3D:F3:FB:18:BD:CD:76:C0:DD:72:9D:78:88:66:F8:65
Certificate issuer: /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial: 018CC9BBC7510B74E88E4C187420048CC216
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/l2smdz3z-xi9zXbA3XKdeIhm-GU.roa
Signing time: Tue 02 Jan 2024 10:32:55 +0000
ROA not before: Tue 02 Jan 2024 10:32:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5588
IP address blocks: 195.70.32.0/19 maxlen: 19
217.20.128.0/20 maxlen: 20
195.56.202.0/23 maxlen: 23
195.56.203.0/24 maxlen: 24
84.2.79.0/24 maxlen: 24
217.116.32.0/20 maxlen: 20
194.149.0.0/19 maxlen: 19
195.56.0.0/16 maxlen: 16
91.120.0.0/16 maxlen: 16
194.88.32.0/19 maxlen: 19
194.88.37.0/24 maxlen: 24
2a00:10d0::/32 maxlen: 32
2a02:738::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 01 Jan 2025 11:48:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bb:c7:51:0b:74:e8:8e:4c:18:74:20:04:8c:c2:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Validity
Not Before: Jan 2 10:32:55 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=976b26773df3fb18bdcd76c0dd729d788866f865
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:c2:ed:6b:86:ab:59:f8:fe:b5:8b:ef:c4:36:
81:c6:81:85:fd:2c:10:7e:40:3c:1d:36:0e:56:32:
95:6d:dc:05:1c:27:4b:37:35:78:ce:50:a0:0a:96:
c0:65:3f:49:aa:4c:46:9d:46:11:22:9b:04:50:dd:
f2:86:52:76:e4:56:77:6e:58:9c:82:dd:8d:d2:05:
20:0f:e1:34:0f:16:4c:eb:22:83:b0:4a:ff:2f:2f:
2c:ed:8f:92:78:e3:01:89:52:3f:28:cd:1d:7a:6e:
32:af:e3:33:00:eb:38:cd:6a:dc:5d:61:38:35:5c:
10:1c:fb:d2:be:68:b8:85:6d:43:00:99:c5:bd:75:
72:16:7d:f7:4b:01:88:5a:fc:35:83:5e:6b:3f:13:
35:2a:d7:ed:29:97:3f:1d:c1:5c:67:3a:91:da:d1:
04:cd:d8:36:a8:44:ee:96:64:b4:dd:4a:a1:05:8c:
aa:db:82:14:9a:b2:a0:0a:75:a9:2d:f2:d4:fd:fc:
31:7a:cd:37:42:74:00:12:2b:9e:3d:96:33:1c:07:
e4:70:16:28:95:33:53:60:6d:c0:05:7f:f3:c6:fb:
64:46:ce:f6:75:c4:12:5f:ef:ca:16:a3:f3:b6:b6:
ca:10:06:9e:d2:32:41:19:e7:f2:62:f0:de:a5:7a:
3b:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:6B:26:77:3D:F3:FB:18:BD:CD:76:C0:DD:72:9D:78:88:66:F8:65
X509v3 Authority Key Identifier:
keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/l2smdz3z-xi9zXbA3XKdeIhm-GU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.2.79.0/24
91.120.0.0/16
194.88.32.0/19
194.149.0.0/19
195.56.0.0/16
195.70.32.0/19
217.20.128.0/20
217.116.32.0/20
IPv6:
2a00:10d0::/32
2a02:738::/32
Signature Algorithm: sha256WithRSAEncryption
84:41:9f:e7:0f:0d:ae:ab:c7:e2:fa:a4:c8:73:b9:09:38:9b:
40:9c:76:af:7e:aa:91:de:a4:c6:a5:2f:ca:93:7c:4a:64:36:
f4:2c:1b:48:42:0a:f3:da:c7:d3:13:e7:34:cf:83:61:ec:dc:
a7:d0:dc:84:d4:93:83:fd:d8:30:07:12:7c:46:3b:e9:6e:a5:
23:18:9b:57:c2:03:e8:77:c2:8e:d4:d7:a0:12:4c:5c:78:64:
c6:b3:7d:9c:14:17:98:de:64:5c:fc:0a:8a:1c:fa:f7:ba:f1:
3f:63:96:56:8d:6a:b6:20:9f:fb:5c:05:75:16:86:76:ea:d9:
32:13:76:72:e2:c5:10:1b:01:69:85:f1:18:d4:4a:bf:35:6c:
c8:5a:f5:4f:0d:d9:db:7c:ff:52:63:60:fd:ec:cd:e0:e7:58:
a3:0c:cf:60:87:b8:72:0b:e2:15:53:58:04:d9:01:e9:c3:b4:
66:36:83:f4:5f:46:c2:f2:90:39:6c:ea:d0:91:8c:33:d0:c5:
47:04:1b:b5:5c:bf:6c:dd:56:49:b3:30:0f:34:ea:01:06:18:
46:cf:2e:37:cd:31:57:9e:98:37:dc:08:44:86:a3:79:53:60:
32:35:a9:1e:5c:53:28:4c:08:46:62:16:1e:d7:7a:ad:65:f8:
c5:b2:be:39
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzJu8dRC3TojkwYdCAEjMIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjQwMTAyMTAzMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzZiMjY3NzNkZjNmYjE4YmRjZDc2YzBkZDcyOWQ3ODg4NjZmODY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMLta4arWfj+tYvvxDaBxoGF/SwQ
fkA8HTYOVjKVbdwFHCdLNzV4zlCgCpbAZT9JqkxGnUYRIpsEUN3yhlJ25FZ3blic
gt2N0gUgD+E0DxZM6yKDsEr/Ly8s7Y+SeOMBiVI/KM0dem4yr+MzAOs4zWrcXWE4
NVwQHPvSvmi4hW1DAJnFvXVyFn33SwGIWvw1g15rPxM1KtftKZc/HcFcZzqR2tEE
zdg2qETulmS03UqhBYyq24IUmrKgCnWpLfLU/fwxes03QnQAEiuePZYzHAfkcBYo
lTNTYG3ABX/zxvtkRs72dcQSX+/KFqPztrbKEAae0jJBGefyYvDepXo7BwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFJdrJnc98/sYvc12wN1ynXiIZvhlMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvbDJzbWR6M3oteGk5elhiQTNYS2RlSWhtLUdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDA0BAIAATAuAwQAVAJPAwMA
W3gDBAXCWCADBAXClQADAwDDOAMEBcNGIAMEBNkUgAMEBNl0IDAUBAIAAjAOAwUA
KgAQ0AMFACoCBzgwDQYJKoZIhvcNAQELBQADggEBAIRBn+cPDa6rx+L6pMhzuQk4
m0Ccdq9+qpHepMalL8qTfEpkNvQsG0hCCvPax9MT5zTPg2Hs3KfQ3ITUk4P92DAH
EnxGO+lupSMYm1fCA+h3wo7U16ASTFx4ZMazfZwUF5jeZFz8Cooc+ve68T9jllaN
arYgn/tcBXUWhnbq2TITdnLixRAbAWmF8RjUSr81bMha9U8N2dt8/1JjYP3szeDn
WKMMz2CHuHIL4hVTWATZAenDtGY2g/RfRsLykDls6tCRjDPQxUcEG7Vcv2zdVkmz
MA806gEGGEbPLjfNMVeemDfcCESGo3lTYDI1qR5cUyhMCEZiFh7Xeq1l+MWyvjk=
-----END CERTIFICATE-----
Generated at Tue Apr 29 10:21:15 2025 by rpki-client