Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/KXsS1szceIXPcC3Dm8AlE_T3fA0.roa
File: KXsS1szceIXPcC3Dm8AlE_T3fA0.roa (raw, json)
Hash identifier: u7yO86VGeVZsl+0JLRZ5/9HU0VVLz1E5u7zxEFtsL6Y=
Subject key identifier: 29:7B:12:D6:CC:DC:78:85:CF:70:2D:C3:9B:C0:25:13:F4:F7:7C:0D
Certificate issuer: /CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
Certificate serial: 01900C3231A1D506DBADB3A022AFDD93AAE5
Authority key identifier: C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/KXsS1szceIXPcC3Dm8AlE_T3fA0.roa
Signing time: Wed 12 Jun 2024 11:25:34 +0000
ROA not before: Wed 12 Jun 2024 11:25:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 45147
IP address blocks: 89.42.136.0/22 maxlen: 24
89.42.136.0/23 maxlen: 24
89.42.136.0/24 maxlen: 24
89.42.137.0/24 maxlen: 24
89.42.138.0/23 maxlen: 24
89.42.138.0/24 maxlen: 24
89.42.139.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 12 Jun 2024 13:52:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:0c:32:31:a1:d5:06:db:ad:b3:a0:22:af:dd:93:aa:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c6e1c8c65c86e8d26ddbeb68658a39a7a8e27866
Validity
Not Before: Jun 12 11:25:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=297b12d6ccdc7885cf702dc39bc02513f4f77c0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:cb:5c:63:ba:7f:40:6f:c9:f0:20:c0:cb:ec:
4d:81:9e:7c:1b:0e:47:b1:bc:13:7c:cd:2a:cc:38:
04:04:5b:21:96:85:81:9e:94:c9:3a:47:b9:98:ef:
d4:92:69:0c:eb:83:47:a0:15:88:ee:c1:b5:f9:b3:
4a:79:e9:59:35:40:df:1e:74:52:1e:c9:60:46:f1:
bb:31:71:64:d2:3d:f0:54:36:31:a8:e8:f8:d2:d8:
97:39:26:44:65:3e:9b:e5:60:5e:4d:df:71:8a:5e:
56:1d:60:ac:e3:dc:6f:23:b5:09:ec:19:48:6d:f4:
67:a8:e3:56:3e:ea:97:65:d7:07:8e:d2:0f:06:56:
db:ba:3e:d6:6e:62:f2:7f:d1:f5:35:64:fa:96:b0:
6d:cb:c0:63:b7:d0:e2:21:7c:ac:77:7f:cf:d4:8b:
ef:3b:fe:73:95:4a:e0:61:5a:53:27:a5:fc:00:57:
7e:20:06:5f:4b:e6:a7:2b:e6:88:b2:fd:8e:51:37:
4d:fd:d6:2d:34:40:9f:a7:0c:ea:27:70:59:05:03:
2f:aa:2e:14:61:e1:01:a5:c6:2d:25:3e:53:83:c1:
68:f7:d3:5a:a2:bd:8c:48:3c:e0:fd:01:d6:ce:84:
18:0f:16:09:6a:d6:34:d0:6f:3d:ac:71:11:df:ad:
0b:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:7B:12:D6:CC:DC:78:85:CF:70:2D:C3:9B:C0:25:13:F4:F7:7C:0D
X509v3 Authority Key Identifier:
keyid:C6:E1:C8:C6:5C:86:E8:D2:6D:DB:EB:68:65:8A:39:A7:A8:E2:78:66
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xuHIxlyG6NJt2-toZYo5p6jieGY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/KXsS1szceIXPcC3Dm8AlE_T3fA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/a453fe-a664-47a2-8b8a-ce5e01e71c91/1/xuHIxlyG6NJt2-toZYo5p6jieGY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.42.136.0/22
Signature Algorithm: sha256WithRSAEncryption
2d:ac:e2:88:ea:4b:e5:43:cb:1f:4d:43:49:ad:9b:f9:c5:dc:
62:0f:e7:06:d1:c9:d6:c1:00:72:9a:2f:a2:b7:ee:dd:66:38:
ff:b8:0e:20:e5:a6:17:d2:6f:fc:f3:94:e5:43:e4:80:56:60:
be:6c:cd:15:1b:45:bc:b9:75:25:e0:bd:93:7d:67:0a:37:57:
ad:29:80:59:55:a4:2f:ac:53:b1:e6:ac:78:3e:a7:0c:a0:33:
43:bf:86:b1:59:88:ea:b1:75:fa:a1:76:1d:b7:af:74:0e:9e:
f9:83:40:84:60:75:a8:a4:e0:55:df:72:0e:af:49:a6:ec:11:
84:23:c7:55:52:a6:b9:e1:ea:e5:9c:b2:92:6a:f8:21:6d:13:
24:ed:9d:3c:cc:df:c3:30:77:b7:da:6f:02:9b:96:9b:c8:db:
82:5f:83:50:12:69:28:23:f4:92:f9:11:df:b4:00:cc:bc:be:
62:05:b6:08:2d:c9:b4:d1:18:66:44:11:b7:54:24:bd:c1:e8:
9d:45:48:7e:96:e6:d1:ab:26:62:0e:7c:29:9c:74:22:77:0c:
a5:08:3b:a3:88:8d:ed:9b:19:74:d6:88:89:3e:64:75:fb:cc:
f8:2d:b2:6e:5c:24:42:cd:e3:79:c8:20:de:58:68:11:aa:33:
20:b3:9e:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAMMjGh1QbbrbOgIq/dk6rlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2ZTFjOGM2NWM4NmU4ZDI2ZGRiZWI2ODY1OGEzOWE3YThl
Mjc4NjYwHhcNMjQwNjEyMTEyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTdiMTJkNmNjZGM3ODg1Y2Y3MDJkYzM5YmMwMjUxM2Y0Zjc3YzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyctcY7p/QG/J8CDAy+xNgZ58Gw5H
sbwTfM0qzDgEBFshloWBnpTJOke5mO/UkmkM64NHoBWI7sG1+bNKeelZNUDfHnRS
HslgRvG7MXFk0j3wVDYxqOj40tiXOSZEZT6b5WBeTd9xil5WHWCs49xvI7UJ7BlI
bfRnqONWPuqXZdcHjtIPBlbbuj7WbmLyf9H1NWT6lrBty8Bjt9DiIXysd3/P1Ivv
O/5zlUrgYVpTJ6X8AFd+IAZfS+anK+aIsv2OUTdN/dYtNECfpwzqJ3BZBQMvqi4U
YeEBpcYtJT5Tg8Fo99Naor2MSDzg/QHWzoQYDxYJatY00G89rHER360L1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCl7EtbM3HiFz3Atw5vAJRP093wNMB8GA1UdIwQY
MBaAFMbhyMZchujSbdvraGWKOaeo4nhmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEt
Y2U1ZTAxZTcxYzkxLzEvS1hzUzFzemNlSVhQY0MzRG04QWxFX1QzZkEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9hNDUzZmUtYTY2NC00N2EyLThiOGEtY2U1ZTAxZTcxYzkx
LzEveHVISXhseUc2Tkp0Mi10b1pZbzVwNmppZUdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCWSqIMA0G
CSqGSIb3DQEBCwUAA4IBAQAtrOKI6kvlQ8sfTUNJrZv5xdxiD+cG0cnWwQBymi+i
t+7dZjj/uA4g5aYX0m/885TlQ+SAVmC+bM0VG0W8uXUl4L2TfWcKN1etKYBZVaQv
rFOx5qx4PqcMoDNDv4axWYjqsXX6oXYdt690Dp75g0CEYHWopOBV33IOr0mm7BGE
I8dVUqa54erlnLKSavghbRMk7Z08zN/DMHe32m8Cm5abyNuCX4NQEmkoI/SS+RHf
tADMvL5iBbYILcm00RhmRBG3VCS9weidRUh+lubRqyZiDnwpnHQidwylCDujiI3t
mxl01oiJPmR1+8z4LbJuXCRCzeN5yCDeWGgRqjMgs55l
-----END CERTIFICATE-----
Generated at Mon Apr 28 15:31:55 2025 by rpki-client