Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/NbDItXfyon0VqNf4FVF7-axYx_c.roa
File: NbDItXfyon0VqNf4FVF7-axYx_c.roa (raw, json)
Hash identifier: LCdsowLEp6owSuuOl5J5Fqfmte1tPV7RXX5Jcf5b12Q=
Subject key identifier: 35:B0:C8:B5:77:F2:A2:7D:15:A8:D7:F8:15:51:7B:F9:AC:58:C7:F7
Certificate issuer: /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial: 018CC80123E82B7A33375DD2A2B5384D48F9
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/NbDItXfyon0VqNf4FVF7-axYx_c.roa
Signing time: Tue 02 Jan 2024 02:29:27 +0000
ROA not before: Tue 02 Jan 2024 02:29:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15899
IP address blocks: 85.254.9.0/24 maxlen: 24
85.254.10.0/24 maxlen: 24
85.254.8.0/24 maxlen: 24
85.254.11.0/24 maxlen: 24
85.254.14.0/24 maxlen: 24
85.254.15.0/24 maxlen: 24
85.254.13.0/24 maxlen: 24
85.254.12.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 05 Feb 2024 09:12:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:23:e8:2b:7a:33:37:5d:d2:a2:b5:38:4d:48:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Validity
Not Before: Jan 2 02:29:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=35b0c8b577f2a27d15a8d7f815517bf9ac58c7f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:1b:7e:3d:38:7e:32:f8:ce:71:50:45:77:cf:
50:85:e3:5d:2f:3b:63:92:0c:a1:d4:3f:58:a0:71:
7c:c7:77:f9:b6:6e:e1:78:2f:dd:4e:1b:52:90:fa:
be:52:9b:09:76:ac:59:70:33:4f:54:d7:7d:c8:cb:
54:50:03:d1:e5:80:34:b1:41:98:18:03:3b:15:c8:
3f:fb:99:d9:d6:dc:54:bc:fd:7b:66:25:d9:ef:92:
2c:2b:ef:b7:a2:f3:9d:f7:5c:1b:9a:e6:4d:98:ba:
60:74:f4:a4:80:0b:9f:f5:7b:e7:3a:4c:50:9f:c9:
c4:b8:99:68:2b:45:d0:2d:62:30:99:4c:60:af:96:
40:a5:e1:83:32:4b:a7:5a:97:03:a2:10:f2:4f:9a:
bf:3c:cb:00:54:90:5d:e7:5f:b2:da:57:c0:e2:59:
bc:57:6f:d8:21:4c:6e:dd:ae:44:0f:6c:03:14:c9:
80:39:46:f6:1a:16:b5:0f:ce:90:9f:3f:cb:46:b8:
57:d7:6e:1f:5c:09:a4:5f:da:6c:43:71:39:6d:fe:
6a:3d:90:ce:3e:d9:6a:36:ad:28:b0:72:70:b6:08:
44:52:16:45:3c:65:07:fb:89:b8:26:0d:5c:e6:3f:
e1:c1:91:e0:f0:ee:58:8b:9d:82:96:1f:75:8a:24:
6c:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:B0:C8:B5:77:F2:A2:7D:15:A8:D7:F8:15:51:7B:F9:AC:58:C7:F7
X509v3 Authority Key Identifier:
keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/NbDItXfyon0VqNf4FVF7-axYx_c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.254.8.0/21
Signature Algorithm: sha256WithRSAEncryption
69:4b:ec:55:7c:fc:7a:2a:eb:0d:cc:e1:f1:02:1f:32:41:39:
c1:b1:3a:83:0a:68:9c:83:10:4b:a3:85:37:a6:28:5c:86:11:
4a:46:ca:0a:e9:a6:52:c4:b1:43:ec:7b:49:2d:cb:15:ed:ba:
d0:53:9a:25:10:b4:f8:9d:0c:98:17:24:ce:21:2d:09:82:04:
a1:e0:85:da:cf:e0:a3:6e:1a:9a:f4:cb:7b:00:b4:cc:7d:e3:
93:05:d6:18:34:b5:74:fb:54:c5:bf:30:0c:5a:56:45:20:36:
f1:1f:1d:12:c2:f3:7d:67:5c:e0:f3:bc:42:29:7b:f3:9b:60:
2b:f7:41:28:33:35:01:24:77:15:66:62:62:88:33:aa:03:5d:
6a:db:a8:b8:5b:64:c5:f8:75:c0:a6:49:c2:23:98:75:b7:76:
56:91:53:e4:06:69:87:80:b6:d8:9a:b4:e8:1e:05:b7:7b:d0:
7b:d2:2f:d7:a4:9c:63:c3:d2:e4:fb:5e:f2:a4:52:f8:5c:76:
cc:ff:8d:3a:8f:bc:51:de:15:64:b7:4e:39:1d:08:09:ea:bf:
ad:16:c4:06:95:5c:0b:9b:e5:7b:ce:17:7b:0f:46:fc:d5:e8:
66:2d:df:7a:da:88:76:f1:25:fe:91:e4:e7:ec:c2:6f:b6:9e:
91:f2:db:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASPoK3ozN13SorU4TUj5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWIwYzhiNTc3ZjJhMjdkMTVhOGQ3ZjgxNTUxN2JmOWFjNThjN2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkRt+PTh+MvjOcVBFd89QheNdLztj
kgyh1D9YoHF8x3f5tm7heC/dThtSkPq+UpsJdqxZcDNPVNd9yMtUUAPR5YA0sUGY
GAM7Fcg/+5nZ1txUvP17ZiXZ75IsK++3ovOd91wbmuZNmLpgdPSkgAuf9XvnOkxQ
n8nEuJloK0XQLWIwmUxgr5ZApeGDMkunWpcDohDyT5q/PMsAVJBd51+y2lfA4lm8
V2/YIUxu3a5ED2wDFMmAOUb2Gha1D86Qnz/LRrhX124fXAmkX9psQ3E5bf5qPZDO
PtlqNq0osHJwtghEUhZFPGUH+4m4Jg1c5j/hwZHg8O5Yi52Clh91iiRs3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWwyLV38qJ9FajX+BVRe/msWMf3MB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvTmJESXRYZnlvbjBWcU5mNEZWRjctYXhZeF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDVf4IMA0G
CSqGSIb3DQEBCwUAA4IBAQBpS+xVfPx6KusNzOHxAh8yQTnBsTqDCmicgxBLo4U3
pihchhFKRsoK6aZSxLFD7HtJLcsV7brQU5olELT4nQyYFyTOIS0JggSh4IXaz+Cj
bhqa9Mt7ALTMfeOTBdYYNLV0+1TFvzAMWlZFIDbxHx0SwvN9Z1zg87xCKXvzm2Ar
90EoMzUBJHcVZmJiiDOqA11q26i4W2TF+HXApknCI5h1t3ZWkVPkBmmHgLbYmrTo
HgW3e9B70i/XpJxjw9Lk+17ypFL4XHbM/406j7xR3hVkt045HQgJ6r+tFsQGlVwL
m+V7zhd7D0b81ehmLd962oh28SX+keTn7MJvtp6R8ts3
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:13:23 2025 by rpki-client