Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QMStszEKylm442ziZEg3pa_y6Qs.roa
File: QMStszEKylm442ziZEg3pa_y6Qs.roa (raw, json)
Hash identifier: vtHgwqAvarMS4NjHOI3pvFfXWgEJrXFcva+sUsUy/JU=
Subject key identifier: 40:C4:AD:B3:31:0A:CA:59:B8:E3:6C:E2:64:48:37:A5:AF:F2:E9:0B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0192B4A3A9A52280AB78705FF2100D7B2E0B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QMStszEKylm442ziZEg3pa_y6Qs.roa
Signing time: Tue 22 Oct 2024 14:31:17 +0000
ROA not before: Tue 22 Oct 2024 14:31:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43548
IP address blocks: 85.217.164.0/22 maxlen: 32
85.217.176.0/21 maxlen: 32
87.120.99.0/24 maxlen: 24
87.120.246.0/24 maxlen: 24
87.121.108.0/23 maxlen: 23
91.92.168.0/22 maxlen: 22
93.123.65.0/24 maxlen: 24
94.156.4.0/23 maxlen: 23
94.156.80.0/21 maxlen: 21
94.156.97.0/24 maxlen: 24
2a00:1728:2d::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 22 Oct 2024 14:32:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:b4:a3:a9:a5:22:80:ab:78:70:5f:f2:10:0d:7b:2e:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 22 14:31:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=40c4adb3310aca59b8e36ce2644837a5aff2e90b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:b5:2e:6e:a5:6e:31:a3:78:3e:a5:05:ff:c5:
8b:ec:75:c3:60:a1:ea:37:8e:a4:2d:d1:b5:ab:c0:
1b:b8:1e:a0:73:bf:44:40:63:f8:c4:61:58:7a:25:
43:ef:95:12:30:da:3c:08:9c:7e:55:d3:ce:e8:64:
f8:40:bf:ba:c9:67:eb:d7:dc:be:5f:ea:70:6d:d5:
3c:a0:7c:ee:a7:61:82:4f:bc:aa:36:6c:68:e0:dc:
ba:be:4b:50:6b:73:cc:87:d3:c9:5a:fe:12:c1:5b:
ce:ec:a5:37:95:31:3d:d3:c9:2b:83:47:52:73:33:
dd:54:0f:b5:81:a7:0d:33:6f:0a:7b:8b:a6:9e:e5:
d8:27:0c:0b:fa:8c:a0:c5:34:60:6a:7c:6a:f3:90:
2a:87:bc:e3:de:b9:c3:5d:2e:5c:3a:fd:49:b4:8c:
ea:a0:ac:cf:a8:de:a4:d4:78:d5:34:d2:d2:e6:8e:
c4:0a:20:54:b8:09:07:cd:bf:46:f6:5f:22:c9:49:
dd:71:9a:2c:43:cf:aa:c5:4f:86:1d:38:6d:e3:44:
a5:d7:22:7d:0a:1d:fb:1c:1f:53:c2:11:ef:20:0d:
f8:73:3f:78:47:44:b6:12:e7:91:e9:ca:ed:86:f9:
0b:2a:2e:45:27:c7:0a:c7:c4:4b:c7:7c:ba:21:0a:
21:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:C4:AD:B3:31:0A:CA:59:B8:E3:6C:E2:64:48:37:A5:AF:F2:E9:0B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QMStszEKylm442ziZEg3pa_y6Qs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.217.164.0/22
85.217.176.0/21
87.120.99.0/24
87.120.246.0/24
87.121.108.0/23
91.92.168.0/22
93.123.65.0/24
94.156.4.0/23
94.156.80.0/21
94.156.97.0/24
IPv6:
2a00:1728:2d::/48
Signature Algorithm: sha256WithRSAEncryption
5f:e0:10:5f:7f:ac:73:9a:e2:a0:54:ee:03:b0:a2:e8:af:66:
c2:73:18:d9:43:36:fb:78:e5:4b:aa:5a:e9:34:18:d2:a8:23:
04:e6:9c:12:5e:c1:0a:d5:64:b3:c8:f4:07:3c:da:32:b4:28:
8a:8e:7b:cb:be:1b:fe:b8:2e:16:f8:5d:62:a2:e5:14:64:de:
c8:ce:76:68:0b:eb:39:50:69:0b:f5:df:e3:fb:bc:7d:2c:d9:
82:19:17:43:5f:ee:48:78:6c:45:23:9c:5e:da:bd:13:73:67:
fa:1c:bf:e3:31:5f:2a:d6:e7:50:0b:f8:72:ce:ff:5e:b2:b4:
04:e2:7a:5d:be:34:b5:9e:df:53:b7:98:9a:e3:65:0f:7e:bd:
50:5b:01:2c:01:b9:50:75:c7:d0:44:8e:71:8c:d1:1a:b7:00:
4e:ad:d6:7b:5c:02:2f:e5:2e:66:2c:7e:04:4d:f7:fc:3c:e1:
8c:bd:f2:ea:af:30:57:7b:5b:eb:f0:39:e1:b1:3d:78:cd:2f:
05:de:25:d6:f6:1f:38:01:71:25:cd:79:99:7c:97:ac:d4:c0:
30:c7:3a:06:8c:7c:f0:f9:81:de:7c:cc:1e:f7:f7:d5:20:4a:
9f:79:5f:e9:29:46:ad:c5:a1:08:47:a0:bd:6e:19:c8:5c:ed:
04:04:3e:c2
-----BEGIN CERTIFICATE-----
MIIFRDCCBCygAwIBAgISAZK0o6mlIoCreHBf8hANey4LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMDIyMTQzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGM0YWRiMzMxMGFjYTU5YjhlMzZjZTI2NDQ4MzdhNWFmZjJlOTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrUubqVuMaN4PqUF/8WL7HXDYKHq
N46kLdG1q8AbuB6gc79EQGP4xGFYeiVD75USMNo8CJx+VdPO6GT4QL+6yWfr19y+
X+pwbdU8oHzup2GCT7yqNmxo4Ny6vktQa3PMh9PJWv4SwVvO7KU3lTE908krg0dS
czPdVA+1gacNM28Ke4umnuXYJwwL+oygxTRganxq85Aqh7zj3rnDXS5cOv1JtIzq
oKzPqN6k1HjVNNLS5o7ECiBUuAkHzb9G9l8iyUndcZosQ8+qxU+GHTht40Sl1yJ9
Ch37HB9TwhHvIA34cz94R0S2EueR6crthvkLKi5FJ8cKx8RLx3y6IQohLwIDAQAB
o4ICUDCCAkwwHQYDVR0OBBYEFEDErbMxCspZuONs4mRIN6Wv8ukLMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUU1TdHN6RUt5bG00NDJ6aVpFZzNwYV95NlFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGYGCCsGAQUFBwEHAQH/BFcwVTBCBAIAATA8AwQCVdmkAwQD
VdmwAwQAV3hjAwQAV3j2AwQBV3lsAwQCW1yoAwQAXXtBAwQBXpwEAwQDXpxQAwQA
XpxhMA8EAgACMAkDBwAqABcoAC0wDQYJKoZIhvcNAQELBQADggEBAF/gEF9/rHOa
4qBU7gOwouivZsJzGNlDNvt45UuqWuk0GNKoIwTmnBJewQrVZLPI9Ac82jK0KIqO
e8u+G/64Lhb4XWKi5RRk3sjOdmgL6zlQaQv13+P7vH0s2YIZF0Nf7kh4bEUjnF7a
vRNzZ/ocv+MxXyrW51AL+HLO/16ytATiel2+NLWe31O3mJrjZQ9+vVBbASwBuVB1
x9BEjnGM0Rq3AE6t1ntcAi/lLmYsfgRN9/w84Yy98uqvMFd7W+vwOeGxPXjNLwXe
Jdb2HzgBcSXNeZl8l6zUwDDHOgaMfPD5gd58zB7399UgSp95X+kpRq3FoQhHoL1u
Gchc7QQEPsI=
-----END CERTIFICATE-----
Generated at Tue May 13 18:58:24 2025 by rpki-client