Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/kRDaI6KEp0MjB-Gki8NY2aemUmQ.roa
File: kRDaI6KEp0MjB-Gki8NY2aemUmQ.roa (raw, json)
Hash identifier: BC50wQfgxGS75wjt4QOgeojFXgMeaKS+iXiG7zbk7Vo=
Subject key identifier: 91:10:DA:23:A2:84:A7:43:23:07:E1:A4:8B:C3:58:D9:A7:A6:52:64
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 018CCA99E24406E4460D173BB0A78D8BEA23
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/kRDaI6KEp0MjB-Gki8NY2aemUmQ.roa
Signing time: Tue 02 Jan 2024 14:35:31 +0000
ROA not before: Tue 02 Jan 2024 14:35:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205007
IP address blocks: 138.124.125.0/24 maxlen: 24
138.124.127.0/24 maxlen: 24
138.124.126.0/24 maxlen: 24
138.124.31.0/24 maxlen: 24
138.124.253.0/24 maxlen: 24
138.124.252.0/24 maxlen: 24
138.124.251.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 14 Feb 2024 09:46:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:99:e2:44:06:e4:46:0d:17:3b:b0:a7:8d:8b:ea:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Jan 2 14:35:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9110da23a284a7432307e1a48bc358d9a7a65264
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:00:09:b9:2a:6c:db:20:2d:98:9b:80:cb:71:
8d:51:9d:a9:b4:84:d2:51:5b:89:4e:b9:39:be:6f:
3c:81:1a:34:c3:fa:75:2e:5e:25:35:dc:aa:41:b5:
1b:45:da:f9:83:cb:a3:5b:e7:1f:6e:22:e9:5e:89:
05:1a:0a:cc:ab:6d:45:2d:cc:d3:8c:c0:2d:36:76:
50:b4:20:c7:7a:99:aa:2b:bf:d7:db:81:4a:85:30:
c2:c3:01:2e:c4:55:fc:ab:21:b9:f3:f1:bf:4b:9e:
ab:6e:77:9e:97:a5:b6:68:73:a6:9a:67:f2:dc:01:
11:be:8a:98:32:77:8a:6a:7a:90:be:13:23:94:fc:
ee:bc:a6:74:c4:61:ab:f8:12:56:db:45:c5:30:11:
2b:01:b9:e2:d6:85:3c:71:16:9f:39:81:30:c7:33:
d6:d2:e5:63:94:fd:2c:82:69:7d:7b:2d:96:8b:54:
fb:a2:13:4b:0a:28:93:5a:82:84:ae:3c:d8:1b:6c:
44:94:5b:29:8f:41:7a:fa:3a:44:bc:52:b5:9e:6e:
cd:38:8f:66:a1:79:f8:a9:94:1e:99:c7:df:36:3a:
f3:24:3e:af:ff:17:cf:5e:3c:b2:e0:f8:20:4a:57:
f4:42:64:a3:6e:d9:e5:dc:6a:77:6b:a6:e4:cc:3e:
a4:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:10:DA:23:A2:84:A7:43:23:07:E1:A4:8B:C3:58:D9:A7:A6:52:64
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/kRDaI6KEp0MjB-Gki8NY2aemUmQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.31.0/24
138.124.125.0-138.124.127.255
138.124.251.0-138.124.253.255
Signature Algorithm: sha256WithRSAEncryption
08:3f:84:00:1e:ce:0a:f8:66:99:4e:26:6c:5b:18:1d:76:2a:
e7:77:7d:8b:a8:af:27:f2:a0:27:33:36:55:e9:bd:e1:69:d3:
a4:48:80:80:54:2a:43:ef:8b:02:a9:d6:43:dc:be:26:c7:fc:
d5:8e:0d:f9:84:e9:ea:f6:ea:a6:eb:61:2c:ca:d8:a2:a5:48:
9a:0b:3b:ad:21:c0:ba:9a:ae:74:01:7c:db:df:65:5d:ef:b0:
3b:fd:59:9f:fa:9d:f2:c1:00:1e:9d:27:96:9e:8c:fe:03:01:
9d:f2:43:47:b9:77:0b:6e:44:43:01:79:42:c8:fe:7a:35:92:
eb:9a:bc:45:da:8e:2f:61:3d:c8:77:aa:2b:50:e1:47:03:05:
92:f1:35:2c:80:58:ca:08:76:76:84:b7:96:9a:fe:d8:a7:4f:
c7:9f:c7:5b:bd:0d:15:b4:5e:d7:88:7a:0e:04:d5:6d:ff:2c:
1f:40:c8:26:26:87:8d:93:64:15:73:59:8d:cc:30:37:23:bd:
60:9a:56:ca:75:e8:3a:fa:43:25:3c:0f:f7:4a:e7:64:01:a4:
bf:45:50:48:d4:f6:ac:5d:2c:9b:61:00:e4:67:27:31:69:ee:
97:2c:37:ac:ca:44:31:80:8f:7a:4b:38:a8:90:1f:90:ce:45:
d2:36:2e:04
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzKmeJEBuRGDRc7sKeNi+ojMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjQwMTAyMTQzNTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTEwZGEyM2EyODRhNzQzMjMwN2UxYTQ4YmMzNThkOWE3YTY1MjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAAJuSps2yAtmJuAy3GNUZ2ptITS
UVuJTrk5vm88gRo0w/p1Ll4lNdyqQbUbRdr5g8ujW+cfbiLpXokFGgrMq21FLczT
jMAtNnZQtCDHepmqK7/X24FKhTDCwwEuxFX8qyG58/G/S56rbneel6W2aHOmmmfy
3AERvoqYMneKanqQvhMjlPzuvKZ0xGGr+BJW20XFMBErAbni1oU8cRafOYEwxzPW
0uVjlP0sgml9ey2Wi1T7ohNLCiiTWoKErjzYG2xElFspj0F6+jpEvFK1nm7NOI9m
oXn4qZQemcffNjrzJD6v/xfPXjyy4PggSlf0QmSjbtnl3Gp3a6bkzD6kSwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFJEQ2iOihKdDIwfhpIvDWNmnplJkMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEva1JEYUk2S0VwME1qQi1Ha2k4TlkyYWVtVW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQAinwfMAwD
BACKfH0DBAeKfAAwDAMEAIp8+wMEAYp8/DANBgkqhkiG9w0BAQsFAAOCAQEACD+E
AB7OCvhmmU4mbFsYHXYq53d9i6ivJ/KgJzM2Vem94WnTpEiAgFQqQ++LAqnWQ9y+
Jsf81Y4N+YTp6vbqputhLMrYoqVImgs7rSHAupqudAF8299lXe+wO/1Zn/qd8sEA
Hp0nlp6M/gMBnfJDR7l3C25EQwF5Qsj+ejWS65q8RdqOL2E9yHeqK1DhRwMFkvE1
LIBYygh2doS3lpr+2KdPx5/HW70NFbRe14h6DgTVbf8sH0DIJiaHjZNkFXNZjcww
NyO9YJpWynXoOvpDJTwP90rnZAGkv0VQSNT2rF0sm2EA5GcnMWnulyw3rMpEMYCP
eks4qJAfkM5F0jYuBA==
-----END CERTIFICATE-----
Generated at Thu Apr 17 15:53:52 2025 by rpki-client