Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/cKnch3yy7dDOp_3G673iuhzkLZw.roa
File: cKnch3yy7dDOp_3G673iuhzkLZw.roa (raw, json)
Hash identifier: 1oiImZmvTwkaN9IW5wwZ4hPtAlxjNGHMiX9snzl62Ok=
Subject key identifier: 70:A9:DC:87:7C:B2:ED:D0:CE:A7:FD:C6:EB:BD:E2:BA:1C:E4:2D:9C
Certificate issuer: /CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Certificate serial: 01967C92B0AC436A8340EB6318CB82CAF7BD
Authority key identifier: 0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/cKnch3yy7dDOp_3G673iuhzkLZw.roa
Signing time: Mon 28 Apr 2025 13:25:10 +0000
ROA not before: Mon 28 Apr 2025 13:25:10 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 9009
IP address blocks: 45.66.132.0/24 maxlen: 24
45.144.242.0/24 maxlen: 24
45.144.243.0/24 maxlen: 24
91.220.202.0/24 maxlen: 24
91.220.203.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 30 Apr 2025 16:21:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:7c:92:b0:ac:43:6a:83:40:eb:63:18:cb:82:ca:f7:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b247e73391ec9d6a2a46f2cb0b02fc994288f13
Validity
Not Before: Apr 28 13:25:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=70a9dc877cb2edd0cea7fdc6ebbde2ba1ce42d9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:2c:b3:e0:69:e8:d9:99:24:68:b4:8d:52:58:
92:54:6e:bd:28:8c:a0:6f:b5:a3:65:2d:05:b6:95:
b2:00:0d:fe:ff:ee:d1:6e:b8:55:39:7c:ca:84:4d:
59:a6:db:b7:49:50:83:68:b0:3d:6c:0f:a9:83:c7:
16:2d:86:6f:a3:0e:db:99:18:87:f6:a2:80:37:9a:
23:40:8b:d3:47:0d:3c:7e:ea:50:f2:e6:f4:b4:a7:
3e:9a:03:6d:9d:b3:c3:57:2d:83:08:92:c2:4b:7a:
a3:0c:71:8c:22:f3:2d:87:2a:34:01:d9:61:7c:49:
c5:ca:d3:6a:ec:04:eb:b9:4d:aa:38:7c:61:2a:f0:
ba:3f:d6:47:f7:b7:a6:a1:46:02:97:a4:bc:0b:b0:
93:3f:3d:c4:19:20:37:cb:12:39:e3:25:f4:95:43:
7d:22:8a:38:5d:64:a5:72:4f:0f:81:83:a1:0b:b4:
80:cb:9d:d1:57:50:9a:c7:bb:af:36:f3:5e:ef:1d:
aa:56:58:b6:8c:06:c8:17:77:5f:b4:ca:29:3e:b6:
cb:2d:65:4a:7b:a2:b8:f5:0b:22:b9:e9:54:a1:be:
db:67:ee:37:8a:a5:7d:c4:ae:84:c1:9e:e9:16:a6:
97:fa:01:9c:af:71:14:32:a7:4a:dc:49:90:74:1a:
5d:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:A9:DC:87:7C:B2:ED:D0:CE:A7:FD:C6:EB:BD:E2:BA:1C:E4:2D:9C
X509v3 Authority Key Identifier:
keyid:0B:24:7E:73:39:1E:C9:D6:A2:A4:6F:2C:B0:B0:2F:C9:94:28:8F:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CyR-czkeydaipG8ssLAvyZQojxM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/cKnch3yy7dDOp_3G673iuhzkLZw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/b3fd40-b125-4282-b883-736789ee6fd0/1/CyR-czkeydaipG8ssLAvyZQojxM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.132.0/24
45.144.242.0/23
91.220.202.0/23
Signature Algorithm: sha256WithRSAEncryption
8a:2a:fb:3c:f5:5c:fb:17:91:2d:2d:40:61:a8:3c:db:eb:ea:
0d:f5:de:15:02:68:e2:96:43:be:1d:7a:2e:cf:03:54:6a:93:
12:da:e6:1b:fb:ee:c4:d7:d3:79:5c:dd:ab:c8:79:4f:e3:ea:
10:68:de:27:03:85:e3:6a:1b:7e:32:12:02:6c:7b:cf:41:9c:
7e:04:8a:b9:c7:25:01:f1:50:b4:77:e7:e9:63:16:76:79:ec:
97:2d:58:af:56:3d:27:e5:41:ad:4d:d9:89:f4:38:93:08:5f:
8d:c0:e6:7c:83:13:6c:72:9d:47:6a:4d:ac:d9:1a:5c:c7:b1:
66:d0:1a:c8:5e:d4:5e:01:5e:b2:53:20:9e:d0:7f:00:80:e4:
1f:82:1d:f5:d5:7f:ff:93:bf:d6:07:94:5d:20:ab:1d:b1:c9:
b3:07:e3:b4:c3:e9:8b:53:f1:fa:fd:91:7b:07:be:30:09:4c:
6f:bf:cc:e2:5c:c8:46:a4:9c:54:cf:51:41:d5:af:e3:22:5a:
63:8b:2d:57:e4:71:94:ab:4e:67:28:60:05:c5:fc:e7:dc:c2:
ef:cb:08:c2:d5:35:95:a4:96:77:2e:14:05:49:d2:59:bc:33:
44:ae:d3:07:e2:bf:29:c4:3f:db:f9:84:fd:e9:08:b9:e8:f1:
50:1b:fc:c4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZ8krCsQ2qDQOtjGMuCyve9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMjQ3ZTczMzkxZWM5ZDZhMmE0NmYyY2IwYjAyZmM5OTQy
ODhmMTMwHhcNMjUwNDI4MTMyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGE5ZGM4NzdjYjJlZGQwY2VhN2ZkYzZlYmJkZTJiYTFjZTQyZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApSyz4Gno2ZkkaLSNUliSVG69KIyg
b7WjZS0FtpWyAA3+/+7RbrhVOXzKhE1Zptu3SVCDaLA9bA+pg8cWLYZvow7bmRiH
9qKAN5ojQIvTRw08fupQ8ub0tKc+mgNtnbPDVy2DCJLCS3qjDHGMIvMthyo0Adlh
fEnFytNq7ATruU2qOHxhKvC6P9ZH97emoUYCl6S8C7CTPz3EGSA3yxI54yX0lUN9
Ioo4XWSlck8PgYOhC7SAy53RV1Cax7uvNvNe7x2qVli2jAbIF3dftMopPrbLLWVK
e6K49QsiuelUob7bZ+43iqV9xK6EwZ7pFqaX+gGcr3EUMqdK3EmQdBpdBQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHCp3Id8su3Qzqf9xuu94roc5C2cMB8GA1UdIwQY
MBaAFAskfnM5HsnWoqRvLLCwL8mUKI8TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMt
NzM2Nzg5ZWU2ZmQwLzEvY0tuY2gzeXk3ZERPcF8zRzY3M2l1aHprTFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9iM2ZkNDAtYjEyNS00MjgyLWI4ODMtNzM2Nzg5ZWU2ZmQw
LzEvQ3lSLWN6a2V5ZGFpcEc4c3NMQXZ5WlFvanhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALUKEAwQB
LZDyAwQBW9zKMA0GCSqGSIb3DQEBCwUAA4IBAQCKKvs89Vz7F5EtLUBhqDzb6+oN
9d4VAmjilkO+HXouzwNUapMS2uYb++7E19N5XN2ryHlP4+oQaN4nA4Xjaht+MhIC
bHvPQZx+BIq5xyUB8VC0d+fpYxZ2eeyXLVivVj0n5UGtTdmJ9DiTCF+NwOZ8gxNs
cp1Hak2s2Rpcx7Fm0BrIXtReAV6yUyCe0H8AgOQfgh311X//k7/WB5RdIKsdscmz
B+O0w+mLU/H6/ZF7B74wCUxvv8ziXMhGpJxUz1FB1a/jIlpjiy1X5HGUq05nKGAF
xfzn3MLvywjC1TWVpJZ3LhQFSdJZvDNErtMH4r8pxD/b+YT96Qi56PFQG/zE
-----END CERTIFICATE-----
Generated at Sun May 11 11:20:39 2025 by rpki-client