Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MSh15BBA7k8ruEizgBaUvPVFNFU.roa
File: MSh15BBA7k8ruEizgBaUvPVFNFU.roa (raw, json)
Hash identifier: vL0EvGx8ZFmVxmFGdrhlt+/1erQt56jwrLxKqJKP80E=
Subject key identifier: 31:28:75:E4:10:40:EE:4F:2B:B8:48:B3:80:16:94:BC:F5:45:34:55
Certificate issuer: /CN=302f09f265e9b278f8073d6982ff175713a5a0fa
Certificate serial: 018EF0D26CB3EC3B439387A3D5D5714FB82E
Authority key identifier: 30:2F:09:F2:65:E9:B2:78:F8:07:3D:69:82:FF:17:57:13:A5:A0:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MC8J8mXpsnj4Bz1pgv8XVxOloPo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MSh15BBA7k8ruEizgBaUvPVFNFU.roa
Signing time: Thu 18 Apr 2024 10:48:25 +0000
ROA not before: Thu 18 Apr 2024 10:48:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 21234
IP address blocks: 217.25.128.0/20 maxlen: 24
217.25.137.0/24 maxlen: 24
217.25.138.0/24 maxlen: 24
2a07:fbc0::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 Jan 2025 15:48:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f0:d2:6c:b3:ec:3b:43:93:87:a3:d5:d5:71:4f:b8:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=302f09f265e9b278f8073d6982ff175713a5a0fa
Validity
Not Before: Apr 18 10:48:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=312875e41040ee4f2bb848b3801694bcf5453455
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:c1:5d:a4:a2:13:f9:49:3a:46:d7:2b:bf:44:
d5:d8:30:d6:72:87:fd:c7:dd:01:13:b0:d8:8e:4d:
09:cf:a6:70:69:b1:f8:66:45:bc:3e:a1:2b:aa:b8:
a2:af:96:7f:88:f3:b8:f0:27:7c:3b:02:d0:41:d1:
c6:e4:67:e1:ab:bd:8d:03:4b:4b:6e:03:3e:41:56:
f6:99:be:30:9b:ee:c6:82:81:4f:66:6f:90:c7:01:
24:f5:19:e3:37:66:33:da:47:9b:a7:3f:6e:cf:63:
2c:a4:46:ef:de:11:8f:5d:6a:38:1f:83:4d:9c:76:
26:4e:07:50:96:70:de:52:97:0b:bf:ce:38:b5:94:
98:0a:ef:40:ec:c6:41:1e:98:39:43:23:cb:d6:ef:
7a:92:ba:65:ec:8b:5e:a9:41:87:e9:6b:6c:2d:5e:
a7:4d:33:19:6e:64:36:77:b0:de:01:1d:65:16:d7:
33:78:e7:04:7a:1e:56:36:ad:a9:70:9a:8f:b1:35:
57:c2:81:4f:2c:73:28:1e:31:30:5f:53:c1:e1:b4:
7c:31:12:84:17:54:d3:be:57:9e:9d:38:17:bc:03:
e7:c9:ce:4a:06:a9:87:de:82:e1:9b:a9:f1:58:b5:
4d:89:ab:a2:01:d0:7c:81:db:50:c1:db:75:b4:d8:
9a:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:28:75:E4:10:40:EE:4F:2B:B8:48:B3:80:16:94:BC:F5:45:34:55
X509v3 Authority Key Identifier:
keyid:30:2F:09:F2:65:E9:B2:78:F8:07:3D:69:82:FF:17:57:13:A5:A0:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MC8J8mXpsnj4Bz1pgv8XVxOloPo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MSh15BBA7k8ruEizgBaUvPVFNFU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/e75ad2-1e30-455e-9787-3b55f2327b34/1/MC8J8mXpsnj4Bz1pgv8XVxOloPo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.25.128.0/20
IPv6:
2a07:fbc0::/32
Signature Algorithm: sha256WithRSAEncryption
b0:ce:a8:c6:82:78:23:d4:e3:00:2d:19:10:66:d3:64:5c:48:
51:a7:5d:85:b9:46:45:e7:2c:6b:38:47:a2:08:17:e4:fc:ba:
cc:11:6b:82:17:e3:d7:7f:14:6a:2f:a4:fc:12:08:d4:21:62:
d2:15:65:a0:ea:5d:66:16:71:ea:fd:cf:23:98:35:3f:0c:b4:
99:fe:2d:d3:ed:75:7b:a8:ae:c4:5f:f9:34:85:bf:09:e8:05:
53:fa:82:20:d4:eb:a2:c0:02:65:2e:2f:87:d4:a3:66:44:df:
1e:1c:ed:7e:0d:95:6e:e0:be:8a:f1:f3:f6:c5:fb:16:6e:a6:
0c:67:4e:3e:e4:17:52:61:0d:ce:a8:df:89:ae:79:69:c9:53:
f3:78:40:ba:49:f5:13:2a:f2:e6:32:47:a2:e1:34:0e:37:6a:
39:d2:cf:26:35:b7:dd:80:b8:18:d3:01:ce:75:86:15:df:35:
49:e6:0b:14:0d:4c:3f:46:d9:9d:a1:48:49:70:85:a7:08:a3:
be:da:7a:6a:76:10:30:a6:70:a2:b2:49:18:de:5a:d2:b0:dc:
f6:79:59:b8:ec:ca:02:f1:a1:68:51:08:0b:3b:a7:02:ef:8d:
99:13:d2:d1:d9:dd:c9:f6:bf:96:14:32:9a:3b:37:77:3f:0b:
84:59:7f:87
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY7w0myz7DtDk4ej1dVxT7guMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMmYwOWYyNjVlOWIyNzhmODA3M2Q2OTgyZmYxNzU3MTNh
NWEwZmEwHhcNMjQwNDE4MTA0ODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTI4NzVlNDEwNDBlZTRmMmJiODQ4YjM4MDE2OTRiY2Y1NDUzNDU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcFdpKIT+Uk6Rtcrv0TV2DDWcof9
x90BE7DYjk0Jz6ZwabH4ZkW8PqErqriir5Z/iPO48Cd8OwLQQdHG5Gfhq72NA0tL
bgM+QVb2mb4wm+7GgoFPZm+QxwEk9RnjN2Yz2kebpz9uz2MspEbv3hGPXWo4H4NN
nHYmTgdQlnDeUpcLv844tZSYCu9A7MZBHpg5QyPL1u96krpl7IteqUGH6WtsLV6n
TTMZbmQ2d7DeAR1lFtczeOcEeh5WNq2pcJqPsTVXwoFPLHMoHjEwX1PB4bR8MRKE
F1TTvleenTgXvAPnyc5KBqmH3oLhm6nxWLVNiauiAdB8gdtQwdt1tNiaWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDEodeQQQO5PK7hIs4AWlLz1RTRVMB8GA1UdIwQY
MBaAFDAvCfJl6bJ4+Ac9aYL/F1cTpaD6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUM4SjhtWHBzbmo0QnoxcGd2OFhWeE9sb1BvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9lNzVhZDItMWUzMC00NTVlLTk3ODct
M2I1NWYyMzI3YjM0LzEvTVNoMTVCQkE3azhydUVpemdCYVV2UFZGTkZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9lNzVhZDItMWUzMC00NTVlLTk3ODctM2I1NWYyMzI3YjM0
LzEvTUM4SjhtWHBzbmo0QnoxcGd2OFhWeE9sb1BvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQE2RmAMA0E
AgACMAcDBQAqB/vAMA0GCSqGSIb3DQEBCwUAA4IBAQCwzqjGgngj1OMALRkQZtNk
XEhRp12FuUZF5yxrOEeiCBfk/LrMEWuCF+PXfxRqL6T8EgjUIWLSFWWg6l1mFnHq
/c8jmDU/DLSZ/i3T7XV7qK7EX/k0hb8J6AVT+oIg1OuiwAJlLi+H1KNmRN8eHO1+
DZVu4L6K8fP2xfsWbqYMZ04+5BdSYQ3OqN+JrnlpyVPzeEC6SfUTKvLmMkei4TQO
N2o50s8mNbfdgLgY0wHOdYYV3zVJ5gsUDUw/RtmdoUhJcIWnCKO+2npqdhAwpnCi
skkY3lrSsNz2eVm47MoC8aFoUQgLO6cC742ZE9LR2d3J9r+WFDKaOzd3PwuEWX+H
-----END CERTIFICATE-----
Generated at Mon Apr 21 15:03:23 2025 by rpki-client