Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/oaO3IiIf0-P6LzOYD1_clI4bSMw.roa
File: oaO3IiIf0-P6LzOYD1_clI4bSMw.roa (raw, json)
Hash identifier: j+MAXHTWT5taLtjz7YNwUJ58sFA+NwpXsiNBFBxExho=
Subject key identifier: A1:A3:B7:22:22:1F:D3:E3:FA:2F:33:98:0F:5F:DC:94:8E:1B:48:CC
Certificate issuer: /CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Certificate serial: 018DA70299513A86A8E2DB41E4D94C5944F3
Authority key identifier: DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/oaO3IiIf0-P6LzOYD1_clI4bSMw.roa
Signing time: Wed 14 Feb 2024 09:46:21 +0000
ROA not before: Wed 14 Feb 2024 09:46:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44477
IP address blocks: 138.124.0.0/17 maxlen: 24
138.124.245.0/24 maxlen: 24
138.124.246.0/24 maxlen: 24
138.124.247.0/24 maxlen: 24
138.124.251.0/24 maxlen: 24
138.124.252.0/24 maxlen: 24
138.124.253.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sat 17 Feb 2024 12:24:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:a7:02:99:51:3a:86:a8:e2:db:41:e4:d9:4c:59:44:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da8f05e3843517cf0971c2bf9cddddd62717e52c
Validity
Not Before: Feb 14 09:46:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a1a3b722221fd3e3fa2f33980f5fdc948e1b48cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:1c:26:73:e1:22:0a:19:b1:48:16:54:61:5e:
96:16:43:8f:13:21:f3:66:de:06:81:c3:83:77:69:
94:e4:b8:e6:94:4e:90:42:c4:0c:3c:bd:f8:97:ea:
a9:82:9b:79:db:6d:bb:7b:3c:d5:e8:c3:6f:d9:64:
f8:c6:88:aa:6a:3f:4d:64:03:e2:b5:7e:3f:0f:02:
5a:36:02:c0:30:2b:d7:3c:33:0a:f8:4e:35:2d:dd:
0c:9a:7a:2f:86:e2:be:a5:4b:d0:63:fc:b0:7e:c4:
67:c6:2e:07:dd:06:f0:ca:cb:8a:b0:da:f2:f5:3b:
73:8e:39:e7:31:5a:48:f5:b0:eb:5c:ef:6a:2f:f5:
3b:83:43:3d:d4:8c:d0:c3:62:8d:0c:ec:77:5f:6a:
11:f7:e8:92:63:a9:5f:38:2a:2e:4d:91:30:09:fd:
04:63:f9:d9:5c:1a:64:90:a3:03:65:ee:49:7c:3e:
54:41:12:58:9f:e9:ce:50:9e:aa:f2:50:4a:0f:48:
c1:66:77:57:fa:93:57:5e:20:c5:b5:58:51:68:ae:
7c:97:4d:25:ea:8b:b0:9d:d9:ee:5a:cf:d1:33:01:
a0:a0:49:de:cf:02:67:4c:45:2c:0e:dd:76:de:b4:
ee:2f:f6:e8:00:99:76:d9:ec:06:53:cf:9b:3f:8c:
ac:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:A3:B7:22:22:1F:D3:E3:FA:2F:33:98:0F:5F:DC:94:8E:1B:48:CC
X509v3 Authority Key Identifier:
keyid:DA:8F:05:E3:84:35:17:CF:09:71:C2:BF:9C:DD:DD:D6:27:17:E5:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2o8F44Q1F88JccK_nN3d1icX5Sw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/oaO3IiIf0-P6LzOYD1_clI4bSMw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b9884b-6fc5-4b3e-b1e8-e01e94124674/1/2o8F44Q1F88JccK_nN3d1icX5Sw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
138.124.0.0/17
138.124.245.0-138.124.247.255
138.124.251.0-138.124.253.255
Signature Algorithm: sha256WithRSAEncryption
80:ce:7d:32:e4:d4:cf:6d:44:db:f0:38:d7:91:b5:84:97:ab:
f7:c7:65:03:92:40:0f:4e:38:8f:62:62:8a:4e:5c:08:18:2b:
8a:01:05:9e:ef:dd:f7:54:5d:3e:24:f7:5c:51:01:e0:70:a5:
59:f3:7c:4f:1b:29:de:3b:df:ec:93:34:75:77:e0:37:e8:87:
85:e5:d4:6a:ba:66:2a:55:d3:9a:db:ad:33:d1:11:8f:1d:33:
b1:80:ce:5b:97:f7:b8:db:03:37:5b:26:f4:01:d3:d4:62:51:
46:55:a1:53:b4:7f:a6:6e:48:c1:0a:15:d6:c9:8a:3f:28:18:
98:bd:a9:99:ae:ba:5a:e9:c8:0c:c4:3a:e4:1d:e9:96:68:fa:
f4:d2:93:e1:22:2b:26:f2:81:86:4d:34:d2:3a:fe:a7:15:7f:
4a:c4:99:23:3f:7f:91:0c:90:c6:91:ea:38:90:dd:d2:1d:94:
2c:bd:71:99:9e:97:63:2e:35:9e:89:95:db:c4:28:ce:64:21:
e0:ff:75:f3:80:72:73:6f:37:e8:66:be:4c:43:e7:a3:78:cd:
d5:f7:40:2c:d2:88:ab:a9:fc:f7:66:88:2b:2b:56:fd:cf:b0:
d8:69:7c:92:ac:18:f0:9b:eb:2b:14:2a:93:04:6b:cd:2c:ca:
d2:36:c3:f2
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAY2nAplROoao4ttB5NlMWUTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhOGYwNWUzODQzNTE3Y2YwOTcxYzJiZjljZGRkZGQ2Mjcx
N2U1MmMwHhcNMjQwMjE0MDk0NjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWEzYjcyMjIyMWZkM2UzZmEyZjMzOTgwZjVmZGM5NDhlMWI0OGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmhwmc+EiChmxSBZUYV6WFkOPEyHz
Zt4GgcODd2mU5LjmlE6QQsQMPL34l+qpgpt52227ezzV6MNv2WT4xoiqaj9NZAPi
tX4/DwJaNgLAMCvXPDMK+E41Ld0MmnovhuK+pUvQY/ywfsRnxi4H3QbwysuKsNry
9TtzjjnnMVpI9bDrXO9qL/U7g0M91IzQw2KNDOx3X2oR9+iSY6lfOCouTZEwCf0E
Y/nZXBpkkKMDZe5JfD5UQRJYn+nOUJ6q8lBKD0jBZndX+pNXXiDFtVhRaK58l00l
6ouwndnuWs/RMwGgoEnezwJnTEUsDt123rTuL/boAJl22ewGU8+bP4ysYwIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFKGjtyIiH9Pj+i8zmA9f3JSOG0jMMB8GA1UdIwQY
MBaAFNqPBeOENRfPCXHCv5zd3dYnF+UsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgt
ZTAxZTk0MTI0Njc0LzEvb2FPM0lpSWYwLVA2THpPWUQxX2NsSTRiU013LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iOTg4NGItNmZjNS00YjNlLWIxZTgtZTAxZTk0MTI0Njc0
LzEvMm84RjQ0UTFGODhKY2NLX25OM2QxaWNYNVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiAwQHinwAMAwD
BACKfPUDBAOKfPAwDAMEAIp8+wMEAYp8/DANBgkqhkiG9w0BAQsFAAOCAQEAgM59
MuTUz21E2/A415G1hJer98dlA5JAD044j2Jiik5cCBgrigEFnu/d91RdPiT3XFEB
4HClWfN8Txsp3jvf7JM0dXfgN+iHheXUarpmKlXTmtutM9ERjx0zsYDOW5f3uNsD
N1sm9AHT1GJRRlWhU7R/pm5IwQoV1smKPygYmL2pma66WunIDMQ65B3plmj69NKT
4SIrJvKBhk000jr+pxV/SsSZIz9/kQyQxpHqOJDd0h2ULL1xmZ6XYy41nomV28Qo
zmQh4P9184Byc2836Ga+TEPno3jN1fdALNKIq6n892aIKytW/c+w2Gl8kqwY8Jvr
KxQqkwRrzSzK0jbD8g==
-----END CERTIFICATE-----
Generated at Thu Apr 17 15:41:42 2025 by rpki-client