Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qmFynxiMXFc_W65lqG3MhWxEa48.roa
File: qmFynxiMXFc_W65lqG3MhWxEa48.roa (raw, json)
Hash identifier: DmZCUszhLbow0iZDuSHLQomWGs16WndJGLgfdumOGMU=
Subject key identifier: AA:61:72:9F:18:8C:5C:57:3F:5B:AE:65:A8:6D:CC:85:6C:44:6B:8F
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0191ADD1A3C9AAA87D97995741DA37528EE0
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qmFynxiMXFc_W65lqG3MhWxEa48.roa
Signing time: Sun 01 Sep 2024 13:41:22 +0000
ROA not before: Sun 01 Sep 2024 13:41:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20473
IP address blocks: 81.5.189.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.176.0/24 maxlen: 24
89.213.183.0/24 maxlen: 24
89.213.212.0/24 maxlen: 24
89.213.249.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 29 Sep 2024 13:19:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:ad:d1:a3:c9:aa:a8:7d:97:99:57:41:da:37:52:8e:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Sep 1 13:41:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aa61729f188c5c573f5bae65a86dcc856c446b8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:36:20:c8:38:c9:0f:04:41:a3:33:2e:62:f4:
2f:e8:be:7a:38:e1:2a:a9:31:b0:32:a4:3a:13:39:
35:46:04:13:67:2f:de:1c:54:fb:c2:2f:3c:2a:14:
fd:c7:7e:3f:62:40:15:86:fe:4b:3b:09:c8:a3:73:
5c:5f:9c:65:25:3f:88:c7:f9:dd:d7:e5:70:cb:85:
80:b8:e1:ea:89:3f:de:6e:9b:7a:6c:0a:30:c8:fe:
37:ed:07:88:8c:60:38:8e:05:5e:9b:4d:88:e3:97:
c0:b8:5d:04:f5:49:2a:53:b4:b8:3e:b1:37:89:fd:
5b:6b:ca:26:52:a5:5b:cd:a2:c2:34:10:8f:c0:79:
47:fb:df:c2:6a:c2:00:c5:c8:a5:12:2e:c0:26:86:
6e:eb:66:d8:8f:fa:0b:ce:7b:65:28:35:2f:59:43:
ac:2c:05:c4:21:2f:ec:cd:f4:32:8b:1e:6b:05:71:
97:12:e3:b4:8d:d0:63:cb:ea:7f:6a:60:8d:19:f5:
ea:b3:95:c5:75:a8:52:c2:03:35:31:bb:78:b4:d5:
88:c9:18:0c:63:88:df:80:7d:a5:99:05:d9:43:fb:
e8:66:3a:d6:7f:36:2a:ff:aa:94:e3:90:e1:cb:e5:
bc:ef:3c:f7:d9:a2:c3:be:26:80:76:3b:94:39:85:
69:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:61:72:9F:18:8C:5C:57:3F:5B:AE:65:A8:6D:CC:85:6C:44:6B:8F
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/qmFynxiMXFc_W65lqG3MhWxEa48.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.189.0/24
89.213.146.0/24
89.213.152.0/24
89.213.176.0/24
89.213.183.0/24
89.213.212.0/24
89.213.249.0/24
Signature Algorithm: sha256WithRSAEncryption
78:84:04:08:8c:5d:05:0f:48:e8:5d:df:00:26:6e:55:e2:a7:
d9:5a:1c:a7:b8:f9:1e:4e:1c:d8:d1:3d:37:8a:4e:65:be:e2:
53:21:52:24:49:2e:fe:cf:ee:19:43:d2:0a:a1:9d:65:c2:b0:
41:da:36:ad:2d:de:c5:07:0b:1d:3c:dc:da:f0:bc:17:6d:73:
ab:96:e5:09:5e:4c:bc:30:6c:e3:79:34:df:82:77:dd:a1:60:
02:f1:6c:d9:4d:9d:5b:28:12:89:4a:0a:69:7a:8a:60:3a:c2:
3c:0b:93:32:c0:e9:45:43:e4:b6:4f:da:3f:e6:d3:35:21:58:
a1:0e:8b:8c:da:a2:f8:9a:aa:32:42:a8:ea:a2:df:12:a8:50:
fb:c8:3f:70:09:bd:3b:fa:29:f7:37:96:37:10:15:e2:cb:b1:
88:f7:4b:4c:8b:a0:e5:7e:41:bb:76:35:57:cb:54:51:36:e7:
21:23:28:39:c5:08:01:b1:c6:bf:10:12:0b:7e:2e:69:d0:4b:
49:78:c8:4b:2c:4a:fa:4d:4d:00:90:ec:48:8e:9a:2a:00:4e:
6b:97:90:31:ef:67:9d:a0:ba:21:b4:0b:ba:3f:f8:b8:79:f1:
ac:ff:14:0a:ec:36:3c:c0:8a:bf:0a:5f:f5:e8:9f:9a:26:66:
18:d0:8d:45
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZGt0aPJqqh9l5lXQdo3Uo7gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTAxMTM0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTYxNzI5ZjE4OGM1YzU3M2Y1YmFlNjVhODZkY2M4NTZjNDQ2YjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjYgyDjJDwRBozMuYvQv6L56OOEq
qTGwMqQ6Ezk1RgQTZy/eHFT7wi88KhT9x34/YkAVhv5LOwnIo3NcX5xlJT+Ix/nd
1+Vwy4WAuOHqiT/ebpt6bAowyP437QeIjGA4jgVem02I45fAuF0E9UkqU7S4PrE3
if1ba8omUqVbzaLCNBCPwHlH+9/CasIAxcilEi7AJoZu62bYj/oLzntlKDUvWUOs
LAXEIS/szfQyix5rBXGXEuO0jdBjy+p/amCNGfXqs5XFdahSwgM1Mbt4tNWIyRgM
Y4jfgH2lmQXZQ/voZjrWfzYq/6qU45Dhy+W87zz32aLDviaAdjuUOYVpvwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKphcp8YjFxXP1uuZahtzIVsRGuPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcW1GeW54aU1YRmNfVzY1bHFHM01oV3hFYTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAUQW9AwQA
WdWSAwQAWdWYAwQAWdWwAwQAWdW3AwQAWdXUAwQAWdX5MA0GCSqGSIb3DQEBCwUA
A4IBAQB4hAQIjF0FD0joXd8AJm5V4qfZWhynuPkeThzY0T03ik5lvuJTIVIkSS7+
z+4ZQ9IKoZ1lwrBB2jatLd7FBwsdPNza8LwXbXOrluUJXky8MGzjeTTfgnfdoWAC
8WzZTZ1bKBKJSgppeopgOsI8C5MywOlFQ+S2T9o/5tM1IVihDouM2qL4mqoyQqjq
ot8SqFD7yD9wCb07+in3N5Y3EBXiy7GI90tMi6DlfkG7djVXy1RRNuchIyg5xQgB
sca/EBILfi5p0EtJeMhLLEr6TU0AkOxIjpoqAE5rl5Ax72edoLohtAu6P/i4efGs
/xQK7DY8wIq/Cl/16J+aJmYY0I1F
-----END CERTIFICATE-----
Generated at Sat May 17 02:25:56 2025 by rpki-client