Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/Hna5HYkDYTL6KcMsp99x3JFxVx8.roa
File: Hna5HYkDYTL6KcMsp99x3JFxVx8.roa (raw, json)
Hash identifier: Bfa+M7y6zbinBHarIAR4Iwpn9OirxiNpkwY8KsjnY5I=
Subject key identifier: 1E:76:B9:1D:89:03:61:32:FA:29:C3:2C:A7:DF:71:DC:91:71:57:1F
Certificate issuer: /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial: 0195281B7466D8B5719AFD191B9E33AC942D
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/Hna5HYkDYTL6KcMsp99x3JFxVx8.roa
Signing time: Fri 21 Feb 2025 10:44:02 +0000
ROA not before: Fri 21 Feb 2025 10:44:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 81.22.136.0/22 maxlen: 23
89.185.0.0/22 maxlen: 22
109.72.116.0/22 maxlen: 24
109.72.120.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 25 Feb 2025 13:35:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:28:1b:74:66:d8:b5:71:9a:fd:19:1b:9e:33:ac:94:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Validity
Not Before: Feb 21 10:44:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1e76b91d89036132fa29c32ca7df71dc9171571f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:69:43:ca:75:70:dc:f1:10:ff:e0:8b:1c:98:
24:f1:1b:d7:29:90:81:6a:8b:17:82:39:1b:3c:24:
59:eb:c5:76:2a:ca:a0:e5:5a:dd:28:dc:64:e0:d1:
c5:cc:51:0e:dd:cd:8f:ef:0c:a6:36:f8:a8:1c:f0:
51:81:1a:64:da:a8:09:72:b4:53:59:e1:36:7d:c9:
90:f4:e5:a5:bb:07:a6:37:74:b4:ea:84:17:44:77:
26:82:ee:a5:ee:d5:fd:de:ae:89:f0:1d:13:3a:63:
2a:84:d2:c7:d4:64:2d:c4:3b:ab:b4:55:1d:7b:00:
2d:45:fb:20:81:e9:4e:5d:43:d1:69:f4:ad:3a:91:
b9:46:ed:fd:1f:7f:3f:e2:ee:67:8d:67:d3:9f:25:
fc:4a:65:e4:35:0f:e9:39:5c:55:eb:97:a5:63:c3:
00:d3:eb:1a:9e:85:7b:70:cb:4f:8e:ac:04:31:4d:
78:8e:fd:55:fd:b6:30:02:9f:af:c4:eb:b7:84:1e:
1d:d4:21:5d:5c:77:17:ef:ca:3b:59:83:07:3c:e0:
4e:1b:1f:1e:87:a0:da:2d:a6:8a:99:2f:47:66:90:
e0:84:44:98:7a:24:0c:ac:d7:9b:d9:89:32:42:c0:
ce:d0:35:8e:71:3a:f7:a6:46:c6:ff:d7:ce:33:a5:
58:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:76:B9:1D:89:03:61:32:FA:29:C3:2C:A7:DF:71:DC:91:71:57:1F
X509v3 Authority Key Identifier:
keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/Hna5HYkDYTL6KcMsp99x3JFxVx8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.22.136.0/22
89.185.0.0/22
109.72.116.0-109.72.120.255
Signature Algorithm: sha256WithRSAEncryption
6a:77:82:3f:03:47:51:98:c9:13:18:5f:8a:de:f5:c4:02:81:
51:c6:de:d6:0f:1a:27:9a:df:f1:59:28:00:3a:13:03:2b:38:
37:0c:4e:8e:83:b1:0e:84:e3:2b:6a:b4:e0:7a:80:10:49:0d:
79:f7:59:6b:37:bd:e5:bc:9e:e7:a3:d6:9a:14:98:a0:7f:cd:
d8:42:ff:34:95:fe:0a:b9:3f:5e:f9:01:30:f1:be:5f:21:5c:
86:7f:f9:b1:aa:6c:83:6e:89:05:72:da:4c:ae:66:6c:cb:1d:
b6:d6:14:5f:29:f6:39:cd:59:11:5b:ea:32:48:7d:45:59:3b:
3c:eb:cc:5d:ff:37:18:d8:88:e8:ee:55:1a:31:a3:4e:de:d1:
3a:dd:83:74:2c:5c:5d:af:9b:12:f5:0e:32:8f:a4:d4:40:ef:
51:72:48:5c:85:01:2d:a4:ca:7f:4d:6b:e5:20:23:a0:85:b0:
fd:a1:23:83:de:97:53:a7:66:3f:39:d3:16:d6:75:39:24:2d:
39:1c:6f:1d:64:71:22:ed:fc:77:14:cb:67:9a:ea:23:26:45:
59:53:fa:0e:e8:cc:1a:52:36:06:30:4f:d7:98:98:7d:67:88:
00:5e:90:dc:3d:33:17:b9:fe:d4:97:e8:14:f3:0e:6c:33:d0:
14:fe:8e:28
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZUoG3Rm2LVxmv0ZG54zrJQtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMjIxMTA0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTc2YjkxZDg5MDM2MTMyZmEyOWMzMmNhN2RmNzFkYzkxNzE1NzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumlDynVw3PEQ/+CLHJgk8RvXKZCB
aosXgjkbPCRZ68V2Ksqg5VrdKNxk4NHFzFEO3c2P7wymNvioHPBRgRpk2qgJcrRT
WeE2fcmQ9OWluwemN3S06oQXRHcmgu6l7tX93q6J8B0TOmMqhNLH1GQtxDurtFUd
ewAtRfsggelOXUPRafStOpG5Ru39H38/4u5njWfTnyX8SmXkNQ/pOVxV65elY8MA
0+sanoV7cMtPjqwEMU14jv1V/bYwAp+vxOu3hB4d1CFdXHcX78o7WYMHPOBOGx8e
h6DaLaaKmS9HZpDghESYeiQMrNeb2YkyQsDO0DWOcTr3pkbG/9fOM6VYMQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFB52uR2JA2Ey+inDLKffcdyRcVcfMB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvSG5hNUhZa0RZVEw2S2NNc3A5OXgzSkZ4Vng4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCURaIAwQC
WbkAMAwDBAJtSHQDBABtSHgwDQYJKoZIhvcNAQELBQADggEBAGp3gj8DR1GYyRMY
X4re9cQCgVHG3tYPGiea3/FZKAA6EwMrODcMTo6DsQ6E4ytqtOB6gBBJDXn3WWs3
veW8nuej1poUmKB/zdhC/zSV/gq5P175ATDxvl8hXIZ/+bGqbINuiQVy2kyuZmzL
HbbWFF8p9jnNWRFb6jJIfUVZOzzrzF3/NxjYiOjuVRoxo07e0Trdg3QsXF2vmxL1
DjKPpNRA71FySFyFAS2kyn9Na+UgI6CFsP2hI4Pel1OnZj850xbWdTkkLTkcbx1k
cSLt/HcUy2ea6iMmRVlT+g7ozBpSNgYwT9eYmH1niABekNw9Mxe5/tSX6BTzDmwz
0BT+jig=
-----END CERTIFICATE-----
Generated at Fri May 2 00:40:16 2025 by rpki-client