Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ospNxp2adhIp4imvX9xNu74aXoc.roa
File: ospNxp2adhIp4imvX9xNu74aXoc.roa (raw, json)
Hash identifier: BFarvt9NQ1XLd3zX1IJSE1H+kxVh3ixTVstBj6KPSyw=
Subject key identifier: A2:CA:4D:C6:9D:9A:76:12:29:E2:29:AF:5F:DC:4D:BB:BE:1A:5E:87
Certificate issuer: /CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Certificate serial: 0191E4CB866EAD5FC6717F1CD6AD2142777E
Authority key identifier: 29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ospNxp2adhIp4imvX9xNu74aXoc.roa
Signing time: Thu 12 Sep 2024 05:53:49 +0000
ROA not before: Thu 12 Sep 2024 05:53:49 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25211
IP address blocks: 85.239.144.0/24 maxlen: 24
85.239.146.0/24 maxlen: 24
85.239.147.0/24 maxlen: 24
85.239.148.0/24 maxlen: 24
85.239.150.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 31 Oct 2024 09:09:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:e4:cb:86:6e:ad:5f:c6:71:7f:1c:d6:ad:21:42:77:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=29d2daff1c5bb61a0ac8b3caead4b8a1fa284d0f
Validity
Not Before: Sep 12 05:53:49 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a2ca4dc69d9a761229e229af5fdc4dbbbe1a5e87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:f2:19:db:20:f8:ea:57:b3:e0:c7:dd:a3:bc:
2b:6f:bb:4f:c8:20:26:4d:f1:b4:b8:b4:33:65:2f:
18:d2:f4:6d:06:7a:24:96:2a:2c:2a:9c:29:a2:cb:
2e:2f:e7:41:8b:07:2f:9d:df:aa:98:fc:32:6e:ed:
c6:f3:19:95:f6:36:4e:8d:98:b3:54:38:72:d8:46:
6f:59:a4:e2:85:1a:0c:58:35:99:8e:7e:85:ae:c0:
0d:21:4f:b2:e9:93:56:de:fe:a0:93:75:e8:dc:8b:
a6:5d:f9:1b:bf:58:6f:e9:52:64:77:7f:83:1c:bb:
56:0e:4d:5c:6a:20:f2:5f:23:e8:87:2c:fa:df:7f:
f2:a3:6a:9c:5b:ac:43:24:02:56:53:7a:ef:24:14:
37:1f:6b:35:76:f8:28:66:ec:db:ad:09:fa:8f:6a:
e4:ae:28:9a:27:7d:6e:1e:3c:73:a3:f1:63:0b:f9:
cb:28:96:9a:26:0a:95:a3:41:2b:76:38:9a:ed:ed:
40:71:ff:d7:9c:50:60:93:69:b2:c5:a1:71:64:b7:
db:87:98:e2:83:83:26:10:25:08:c0:86:40:dd:dc:
1c:f1:41:07:99:14:62:20:fb:2d:19:c9:01:d4:6d:
41:fb:05:63:13:a0:b5:c4:65:8f:87:2f:fd:55:c3:
5f:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:CA:4D:C6:9D:9A:76:12:29:E2:29:AF:5F:DC:4D:BB:BE:1A:5E:87
X509v3 Authority Key Identifier:
keyid:29:D2:DA:FF:1C:5B:B6:1A:0A:C8:B3:CA:EA:D4:B8:A1:FA:28:4D:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KdLa_xxbthoKyLPK6tS4ofooTQ8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/ospNxp2adhIp4imvX9xNu74aXoc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e5ea98-9601-4add-a7f8-4f57d9cf5caa/1/KdLa_xxbthoKyLPK6tS4ofooTQ8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.239.144.0/24
85.239.146.0-85.239.148.255
85.239.150.0/24
Signature Algorithm: sha256WithRSAEncryption
75:23:fc:7a:a3:ae:f3:8e:52:c9:77:62:4a:68:a5:e2:d7:a3:
b3:ec:df:6b:75:de:8b:5b:1a:78:f2:eb:69:9f:ce:21:e6:85:
fd:a4:2b:9c:f5:8c:0d:55:c1:1f:60:93:ef:69:0e:ea:72:02:
90:65:b0:25:27:4c:72:81:e9:d9:e9:27:9f:ff:2c:15:39:04:
a3:23:34:03:d4:3b:d7:7d:5f:53:b4:9d:b2:aa:b3:c2:40:e1:
ba:04:29:4b:a9:a8:b5:0a:83:3f:14:ae:db:ef:b5:8c:0b:2b:
36:ed:f8:80:0d:67:77:41:b1:ee:16:01:42:d9:35:32:cf:97:
41:89:aa:31:0e:37:b4:6b:be:1c:a9:cb:60:0d:7d:d1:95:09:
71:48:0b:76:42:0d:74:56:1c:a2:1e:4a:8e:6d:02:6a:bf:25:
5a:03:42:4d:6f:e3:04:93:6c:45:93:e1:40:39:a4:78:02:65:
e3:28:e9:03:c5:70:68:62:d6:69:ba:e2:04:d1:93:00:e1:4f:
9f:8b:7c:50:4c:3b:2e:7a:87:4a:7f:d9:4e:af:83:9b:e7:79:
84:37:38:f9:0f:e2:f6:66:5b:7c:e2:bc:ad:14:08:51:1d:ba:
85:b9:71:44:40:c6:11:d8:8b:c8:05:16:3f:e1:c6:bd:d3:50:
12:6b:f4:85
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZHky4ZurV/GcX8c1q0hQnd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZDJkYWZmMWM1YmI2MWEwYWM4YjNjYWVhZDRiOGExZmEy
ODRkMGYwHhcNMjQwOTEyMDU1MzQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmNhNGRjNjlkOWE3NjEyMjllMjI5YWY1ZmRjNGRiYmJlMWE1ZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2fIZ2yD46lez4Mfdo7wrb7tPyCAm
TfG0uLQzZS8Y0vRtBnokliosKpwpossuL+dBiwcvnd+qmPwybu3G8xmV9jZOjZiz
VDhy2EZvWaTihRoMWDWZjn6FrsANIU+y6ZNW3v6gk3Xo3IumXfkbv1hv6VJkd3+D
HLtWDk1caiDyXyPohyz633/yo2qcW6xDJAJWU3rvJBQ3H2s1dvgoZuzbrQn6j2rk
riiaJ31uHjxzo/FjC/nLKJaaJgqVo0Erdjia7e1Acf/XnFBgk2myxaFxZLfbh5ji
g4MmECUIwIZA3dwc8UEHmRRiIPstGckB1G1B+wVjE6C1xGWPhy/9VcNfJwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKLKTcadmnYSKeIpr1/cTbu+Gl6HMB8GA1UdIwQY
MBaAFCnS2v8cW7YaCsizyurUuKH6KE0PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3Zjgt
NGY1N2Q5Y2Y1Y2FhLzEvb3NwTnhwMmFkaElwNGltdlg5eE51NzRhWG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNWVhOTgtOTYwMS00YWRkLWE3ZjgtNGY1N2Q5Y2Y1Y2Fh
LzEvS2RMYV94eGJ0aG9LeUxQSzZ0UzRvZm9vVFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAVe+QMAwD
BAFV75IDBABV75QDBABV75YwDQYJKoZIhvcNAQELBQADggEBAHUj/HqjrvOOUsl3
YkpopeLXo7Ps32t13otbGnjy62mfziHmhf2kK5z1jA1VwR9gk+9pDupyApBlsCUn
THKB6dnpJ5//LBU5BKMjNAPUO9d9X1O0nbKqs8JA4boEKUupqLUKgz8UrtvvtYwL
Kzbt+IANZ3dBse4WAULZNTLPl0GJqjEON7Rrvhypy2ANfdGVCXFIC3ZCDXRWHKIe
So5tAmq/JVoDQk1v4wSTbEWT4UA5pHgCZeMo6QPFcGhi1mm64gTRkwDhT5+LfFBM
Oy56h0p/2U6vg5vneYQ3OPkP4vZmW3zivK0UCFEduoW5cURAxhHYi8gFFj/hxr3T
UBJr9IU=
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:04:59 2025 by rpki-client