Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/1-waznYkhqhtRKbHFRS2LZR4WBTA.roa
File: 1-waznYkhqhtRKbHFRS2LZR4WBTA.roa (raw, json)
Hash identifier: Tm/U2mO6gBPIc2Rk0HqHm5B58c23pdXc2fisOSdSR8w=
Subject key identifier: FB:06:B3:9D:89:21:AA:1B:51:29:B1:C5:45:2D:8B:65:1E:16:05:30
Certificate issuer: /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial: 0194EA988E4D81E7DD4CF0946F490B9E8E73
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/1-waznYkhqhtRKbHFRS2LZR4WBTA.roa
Signing time: Sun 09 Feb 2025 12:04:13 +0000
ROA not before: Sun 09 Feb 2025 12:04:13 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 91.108.225.0/24 maxlen: 24
91.108.237.0/24 maxlen: 24
91.108.239.0/24 maxlen: 24
91.108.248.0/22 maxlen: 24
91.108.252.0/23 maxlen: 24
91.108.254.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 11 Feb 2025 10:19:03 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ea:98:8e:4d:81:e7:dd:4c:f0:94:6f:49:0b:9e:8e:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Validity
Not Before: Feb 9 12:04:13 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fb06b39d8921aa1b5129b1c5452d8b651e160530
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:9f:ff:e5:e5:f4:cb:a7:67:fd:55:88:58:d5:
0e:79:40:6c:30:af:c9:ef:14:93:27:9c:eb:0a:7d:
88:7b:4d:d7:15:1c:8b:b4:50:30:71:6c:00:5d:74:
9d:39:51:18:1e:6d:83:20:90:c6:0d:6d:e4:28:80:
08:d7:e0:5c:b4:0b:4f:96:ba:b8:8b:31:94:72:9f:
2c:71:8c:86:ee:af:a6:e4:bb:88:65:e9:7e:4b:40:
48:aa:23:97:da:41:a9:1c:21:44:32:fb:8c:27:6e:
90:27:64:29:95:76:45:00:6b:ff:d4:0b:c6:7c:44:
03:1e:89:ad:c8:c2:ab:87:f9:1d:06:79:78:4e:79:
33:93:28:ac:47:0e:df:d3:98:e9:ac:fb:40:8d:39:
05:04:a9:98:bf:ad:a8:6d:36:f8:88:49:03:34:61:
82:97:78:c0:ca:2f:77:b4:1f:00:db:03:75:15:f7:
77:5f:46:1f:5f:73:ba:a4:4e:9f:82:39:4d:d9:11:
3a:bb:0e:b6:d6:7a:a5:a7:aa:73:4b:82:91:74:7e:
b1:d1:ae:12:eb:aa:2d:fa:9e:69:f6:08:55:8f:2c:
85:99:f6:9a:6e:21:60:79:8a:bb:12:96:9b:fa:63:
4b:f4:77:58:9b:29:3d:55:97:fe:01:f0:58:1f:2d:
cf:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:06:B3:9D:89:21:AA:1B:51:29:B1:C5:45:2D:8B:65:1E:16:05:30
X509v3 Authority Key Identifier:
keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/1-waznYkhqhtRKbHFRS2LZR4WBTA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.225.0/24
91.108.237.0/24
91.108.239.0/24
91.108.248.0-91.108.254.255
Signature Algorithm: sha256WithRSAEncryption
14:5b:59:8a:8a:57:86:d0:39:d2:67:71:07:b4:8f:5f:0c:72:
b6:97:a5:c2:0b:8b:03:7c:b5:f7:19:b2:a3:c1:f0:cf:c5:22:
94:6d:4e:c9:3e:21:45:82:af:ed:a0:22:6a:11:89:77:a9:9e:
ae:49:6f:7a:ec:d6:1a:95:12:16:de:7a:4f:9e:51:13:f9:3e:
57:0d:1b:0a:64:de:3c:c0:fa:0d:2d:ab:d2:38:c3:1f:ff:d7:
b4:ef:8f:96:8d:8a:17:be:4e:6b:51:9c:8a:00:2f:0a:b1:f4:
1f:78:92:28:c1:d7:31:c2:57:ec:ee:80:26:88:ac:c2:99:8b:
c5:dd:84:86:3e:5d:d0:2c:c4:f3:a2:e1:7e:4b:66:78:29:f0:
86:e1:2c:a3:e0:c1:84:9e:d9:bc:69:41:82:4f:8a:4a:ef:61:
0e:69:d5:5e:ee:32:9f:2c:8e:d2:de:c4:80:68:03:3f:22:2d:
d4:81:eb:3b:ea:2f:59:91:cc:e1:7c:5e:90:ff:72:56:63:fd:
61:fe:d8:ac:de:f5:21:7a:03:50:be:8a:50:34:4b:50:a3:4e:
83:25:31:72:cf:c9:81:04:21:ef:59:ef:7a:92:d7:ac:88:e9:
3e:be:0e:9a:42:0f:eb:12:2e:1c:bb:db:97:39:55:f2:58:39:
34:c6:8b:43
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZTqmI5NgefdTPCUb0kLno5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjUwMjA5MTIwNDEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjA2YjM5ZDg5MjFhYTFiNTEyOWIxYzU0NTJkOGI2NTFlMTYwNTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp//5eX0y6dn/VWIWNUOeUBsMK/J
7xSTJ5zrCn2Ie03XFRyLtFAwcWwAXXSdOVEYHm2DIJDGDW3kKIAI1+BctAtPlrq4
izGUcp8scYyG7q+m5LuIZel+S0BIqiOX2kGpHCFEMvuMJ26QJ2QplXZFAGv/1AvG
fEQDHomtyMKrh/kdBnl4TnkzkyisRw7f05jprPtAjTkFBKmYv62obTb4iEkDNGGC
l3jAyi93tB8A2wN1Ffd3X0YfX3O6pE6fgjlN2RE6uw621nqlp6pzS4KRdH6x0a4S
66ot+p5p9ghVjyyFmfaabiFgeYq7Epab+mNL9HdYmyk9VZf+AfBYHy3PaQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFPsGs52JIaobUSmxxUUti2UeFgUwMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvMS13YXpuWWtocWh0UktiSEZSUzJMWlI0V0JUQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTQvNzBhYTMyLTk2MDctNGRiNy04ZjFlLWRhNzU0MzBiMTZm
Ni8xL3d1NUZRbTRTNVFfakRvXzhPZUJFaGRqM016ay5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA5BggrBgEFBQcBBwEB/wQqMCgwJgQCAAEwIAMEAFts4QME
AFts7QMEAFts7zAMAwQDW2z4AwQAW2z+MA0GCSqGSIb3DQEBCwUAA4IBAQAUW1mK
ileG0DnSZ3EHtI9fDHK2l6XCC4sDfLX3GbKjwfDPxSKUbU7JPiFFgq/toCJqEYl3
qZ6uSW967NYalRIW3npPnlET+T5XDRsKZN48wPoNLavSOMMf/9e074+WjYoXvk5r
UZyKAC8KsfQfeJIowdcxwlfs7oAmiKzCmYvF3YSGPl3QLMTzouF+S2Z4KfCG4Syj
4MGEntm8aUGCT4pK72EOadVe7jKfLI7S3sSAaAM/Ii3Uges76i9ZkczhfF6Q/3JW
Y/1h/tis3vUhegNQvopQNEtQo06DJTFyz8mBBCHvWe96ktesiOk+vg6aQg/rEi4c
u9uXOVXyWDk0xotD
-----END CERTIFICATE-----
Generated at Mon Apr 28 01:13:25 2025 by rpki-client