Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/aZ4pXB6Td07_2KaljBVlO-zl_iE.roa
File: aZ4pXB6Td07_2KaljBVlO-zl_iE.roa (raw, json)
Hash identifier: yF6RaDYUEhah5IhMxokVbx/HAa1i2i9XqBJ7hGHEGPw=
Subject key identifier: 69:9E:29:5C:1E:93:77:4E:FF:D8:A6:A5:8C:15:65:3B:EC:E5:FE:21
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 019425FC711A07556EDFBD17E61DCD2D6559
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/aZ4pXB6Td07_2KaljBVlO-zl_iE.roa
Signing time: Thu 02 Jan 2025 07:48:08 +0000
ROA not before: Thu 02 Jan 2025 07:48:08 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41378
IP address blocks: 31.25.88.0/23 maxlen: 24
37.123.192.0/21 maxlen: 24
82.115.30.0/23 maxlen: 24
185.148.12.0/22 maxlen: 24
185.212.60.0/22 maxlen: 24
185.217.108.0/23 maxlen: 24
185.217.110.0/23 maxlen: 24
185.218.4.0/22 maxlen: 24
212.107.28.0/22 maxlen: 24
Validation: Failed, certificate revoked on Tue 08 Apr 2025 14:34:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:fc:71:1a:07:55:6e:df:bd:17:e6:1d:cd:2d:65:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 2 07:48:08 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=699e295c1e93774effd8a6a58c15653bece5fe21
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:91:a1:48:7d:49:2a:a6:b8:ae:81:49:1d:4e:
d3:03:f5:a8:f2:61:94:cd:55:fd:79:de:9f:f3:65:
1c:61:e7:22:5d:80:9a:c6:c9:6a:20:3f:19:e5:c8:
25:a8:46:93:ef:2c:14:ab:43:71:36:bd:32:52:4c:
c9:d3:b1:39:7e:b3:7e:d0:ac:8f:9a:d8:7a:e2:af:
80:aa:8a:87:aa:0f:19:2d:33:c6:63:54:fe:5b:b7:
29:fa:5e:3e:54:fa:51:1e:b0:a3:ae:9b:32:25:47:
f2:68:f4:ed:06:5d:79:0d:b7:63:38:fa:d5:27:f9:
c1:d2:fd:4b:34:15:26:91:9b:16:c6:b3:96:6a:f3:
07:16:d7:87:c3:1c:33:9f:72:f3:ba:86:59:40:e5:
a3:55:24:fd:b0:85:cd:b8:a8:aa:98:26:a4:1f:43:
9a:0b:7a:9c:33:e6:41:2b:6b:e5:3c:35:19:2c:ea:
c8:c4:6c:c8:5e:32:73:36:e3:85:a7:80:7c:11:b1:
d1:15:bd:a8:88:0c:77:fb:ff:24:00:8f:18:e8:fe:
24:79:cb:44:72:71:a9:7e:90:ed:e3:b5:a4:e4:67:
8c:96:b4:4e:ad:e4:fe:82:70:cf:c4:3e:20:54:cb:
1e:a3:91:de:44:01:c1:b2:88:9b:ea:48:18:bc:a0:
fd:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:9E:29:5C:1E:93:77:4E:FF:D8:A6:A5:8C:15:65:3B:EC:E5:FE:21
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/aZ4pXB6Td07_2KaljBVlO-zl_iE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.25.88.0/23
37.123.192.0/21
82.115.30.0/23
185.148.12.0/22
185.212.60.0/22
185.217.108.0/22
185.218.4.0/22
212.107.28.0/22
Signature Algorithm: sha256WithRSAEncryption
bd:62:34:ff:dd:1c:35:e5:27:6e:76:1c:03:2c:52:db:59:a2:
43:ea:d3:c5:7a:7f:bf:75:fd:4a:25:24:a8:c6:b5:e3:c8:74:
fc:e3:24:dd:f6:53:e3:26:aa:08:67:b5:36:f9:61:1d:42:80:
1e:2b:cf:63:ce:24:17:3f:7b:48:90:45:a9:a4:7a:e1:f4:9a:
bb:87:aa:66:c4:65:9f:4f:95:66:a5:6f:8f:ac:f2:70:31:75:
de:3f:12:76:32:70:96:e9:67:4f:8a:ed:e1:70:17:26:3a:50:
5b:1a:6c:ff:cb:6f:79:3a:a1:1c:3b:10:ee:0f:48:47:a1:6c:
0a:8b:5f:17:2f:14:2e:a7:99:31:6a:6e:0b:88:a3:f5:89:1f:
bb:36:0d:c3:e1:44:ec:80:04:f1:32:9b:ae:b6:0d:8a:b6:55:
2f:6f:6c:54:0e:57:51:c8:39:7d:fe:98:dd:fd:6d:28:76:17:
54:94:72:e1:35:fa:da:fc:1d:0a:d9:4d:3c:e7:dd:85:ff:82:
12:f7:aa:e9:ae:63:e2:05:3b:5b:f8:7c:37:bf:97:53:69:a8:
44:ea:ca:37:40:6e:d3:76:cb:09:18:88:fb:00:f4:11:7e:0c:
5b:6d:56:00:6e:4f:83:76:d7:63:81:73:3a:17:5a:f9:f7:4c:
5a:50:f8:f1
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQl/HEaB1Vu370X5h3NLWVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTllMjk1YzFlOTM3NzRlZmZkOGE2YTU4YzE1NjUzYmVjZTVmZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspGhSH1JKqa4roFJHU7TA/Wo8mGU
zVX9ed6f82UcYeciXYCaxslqID8Z5cglqEaT7ywUq0NxNr0yUkzJ07E5frN+0KyP
mth64q+AqoqHqg8ZLTPGY1T+W7cp+l4+VPpRHrCjrpsyJUfyaPTtBl15DbdjOPrV
J/nB0v1LNBUmkZsWxrOWavMHFteHwxwzn3LzuoZZQOWjVST9sIXNuKiqmCakH0Oa
C3qcM+ZBK2vlPDUZLOrIxGzIXjJzNuOFp4B8EbHRFb2oiAx3+/8kAI8Y6P4kectE
cnGpfpDt47Wk5GeMlrROreT+gnDPxD4gVMseo5HeRAHBsoib6kgYvKD9aQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGmeKVwek3dO/9impYwVZTvs5f4hMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvYVo0cFhCNlRkMDdfMkthbGpCVmxPLXpsX2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBHxlYAwQD
JXvAAwQBUnMeAwQCuZQMAwQCudQ8AwQCudlsAwQCudoEAwQC1GscMA0GCSqGSIb3
DQEBCwUAA4IBAQC9YjT/3Rw15SdudhwDLFLbWaJD6tPFen+/df1KJSSoxrXjyHT8
4yTd9lPjJqoIZ7U2+WEdQoAeK89jziQXP3tIkEWppHrh9Jq7h6pmxGWfT5VmpW+P
rPJwMXXePxJ2MnCW6WdPiu3hcBcmOlBbGmz/y295OqEcOxDuD0hHoWwKi18XLxQu
p5kxam4LiKP1iR+7Ng3D4UTsgATxMpuutg2KtlUvb2xUDldRyDl9/pjd/W0odhdU
lHLhNfra/B0K2U08592F/4IS96rprmPiBTtb+Hw3v5dTaahE6so3QG7TdssJGIj7
APQRfgxbbVYAbk+DdtdjgXM6F1r590xaUPjx
-----END CERTIFICATE-----
Generated at Fri Apr 11 19:00:25 2025 by rpki-client