Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/d19fc2-8949-4fe6-931b-1c4bb58ab720/1/S21Heg2yO_M6haIsUhcrMXM0c18.roa
File: S21Heg2yO_M6haIsUhcrMXM0c18.roa (raw, json)
Hash identifier: W7Te323md+CoTnB6X0XkbXh73E59TGwa6gqtatEJ/N0=
Subject key identifier: 4B:6D:47:7A:0D:B2:3B:F3:3A:85:A2:2C:52:17:2B:31:73:34:73:5F
Certificate issuer: /CN=4a8e68702ef5d48c4f2b072d9cb473e62b87b3e4
Certificate serial: 01942BD331904FF5DB00DFB2A593756C0579
Authority key identifier: 4A:8E:68:70:2E:F5:D4:8C:4F:2B:07:2D:9C:B4:73:E6:2B:87:B3:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/So5ocC711IxPKwctnLRz5iuHs-Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b2/d19fc2-8949-4fe6-931b-1c4bb58ab720/1/S21Heg2yO_M6haIsUhcrMXM0c18.roa
Signing time: Fri 03 Jan 2025 11:00:48 +0000
ROA not before: Fri 03 Jan 2025 11:00:48 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214197
IP address blocks: 5.28.40.0/21 maxlen: 24
2a05:e980::/29 maxlen: 32
Validation: Failed, certificate revoked on Wed 08 Jan 2025 15:38:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:2b:d3:31:90:4f:f5:db:00:df:b2:a5:93:75:6c:05:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4a8e68702ef5d48c4f2b072d9cb473e62b87b3e4
Validity
Not Before: Jan 3 11:00:48 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b6d477a0db23bf33a85a22c52172b317334735f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:e4:0d:44:72:ee:e4:30:63:36:18:0c:51:67:
c6:8c:1c:cc:c7:72:dd:d3:2e:a7:95:99:0a:6b:a3:
da:98:89:c3:94:f5:19:ef:45:2f:9a:5d:f7:9e:f9:
c5:90:f4:51:24:0a:85:08:e8:2e:7a:f4:cf:79:67:
6a:0e:5d:fb:a6:bd:4d:33:f0:a7:f6:28:cd:91:76:
1b:35:ad:17:e2:43:fd:15:2b:ea:c0:42:fb:a4:7c:
9c:87:97:c3:7a:57:da:4f:e7:f7:d9:d5:e1:c0:5d:
f1:72:1d:0a:fa:65:33:4f:78:43:5b:af:5c:77:61:
57:32:92:56:d7:7b:d6:f3:86:66:58:02:49:4b:51:
31:d8:c8:96:21:65:4b:f7:23:83:18:0b:1c:04:a5:
d1:41:0e:14:19:0b:73:09:ed:05:02:a4:1d:26:a2:
31:ac:4a:57:0a:c5:ae:d4:d3:56:f2:49:42:2e:e7:
9b:e1:c3:40:29:b3:58:8d:af:60:f1:14:ee:10:b3:
7e:fd:ad:da:8c:6b:aa:fb:8e:f7:15:73:de:7f:52:
24:fe:54:7c:1b:52:23:f9:57:18:aa:d6:6c:9f:16:
01:cc:6a:08:bf:ab:b8:b3:43:e2:8b:8e:0c:53:fe:
be:99:42:2d:98:92:73:ad:e1:ec:43:19:72:81:37:
f8:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:6D:47:7A:0D:B2:3B:F3:3A:85:A2:2C:52:17:2B:31:73:34:73:5F
X509v3 Authority Key Identifier:
keyid:4A:8E:68:70:2E:F5:D4:8C:4F:2B:07:2D:9C:B4:73:E6:2B:87:B3:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/So5ocC711IxPKwctnLRz5iuHs-Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/d19fc2-8949-4fe6-931b-1c4bb58ab720/1/S21Heg2yO_M6haIsUhcrMXM0c18.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/d19fc2-8949-4fe6-931b-1c4bb58ab720/1/So5ocC711IxPKwctnLRz5iuHs-Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.28.40.0/21
IPv6:
2a05:e980::/29
Signature Algorithm: sha256WithRSAEncryption
77:e2:ca:01:4e:2f:55:4a:66:d9:16:7e:bc:50:42:ed:c7:44:
cd:48:c0:ea:2f:24:09:67:00:ab:b2:9b:d1:67:96:31:18:bb:
b8:ac:96:bd:ab:b6:fc:b9:b0:0a:3e:da:cd:f9:c1:70:aa:6c:
63:32:b8:fc:5d:1d:8f:5d:5f:e4:d3:7c:38:97:79:89:86:98:
10:9f:92:75:04:fb:f5:c2:f3:dc:1c:b0:3a:3e:1b:35:2b:78:
48:5d:5f:1b:71:f5:c9:e8:68:fd:cd:d6:0c:69:0d:73:d4:72:
66:3c:69:e7:47:46:fe:5b:70:0e:15:aa:c3:dc:93:78:89:f2:
88:e1:ef:03:52:7e:c9:14:06:a4:68:c5:ca:96:5f:ad:32:16:
9b:aa:ed:26:67:4a:5c:79:88:c0:35:ce:80:b4:36:8a:c0:84:
2a:0a:45:16:c7:a5:b5:16:ed:c9:88:cc:c1:0b:7a:2f:42:51:
af:2f:ce:da:4e:6d:5a:30:c8:b2:38:1b:92:fe:0f:49:5b:f1:
63:04:b0:c4:d5:b2:a1:84:bd:26:d3:9f:56:63:92:e4:e8:83:
6b:4e:98:77:37:f7:aa:a2:37:59:95:9b:ed:09:e5:d3:26:52:
a0:ea:c1:10:22:2b:fd:c4:f6:ed:27:81:90:ad:7e:f2:49:31:
04:3e:b8:71
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQr0zGQT/XbAN+ypZN1bAV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhOGU2ODcwMmVmNWQ0OGM0ZjJiMDcyZDljYjQ3M2U2MmI4
N2IzZTQwHhcNMjUwMTAzMTEwMDQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjZkNDc3YTBkYjIzYmYzM2E4NWEyMmM1MjE3MmIzMTczMzQ3MzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOQNRHLu5DBjNhgMUWfGjBzMx3Ld
0y6nlZkKa6PamInDlPUZ70Uvml33nvnFkPRRJAqFCOguevTPeWdqDl37pr1NM/Cn
9ijNkXYbNa0X4kP9FSvqwEL7pHych5fDelfaT+f32dXhwF3xch0K+mUzT3hDW69c
d2FXMpJW13vW84ZmWAJJS1Ex2MiWIWVL9yODGAscBKXRQQ4UGQtzCe0FAqQdJqIx
rEpXCsWu1NNW8klCLueb4cNAKbNYja9g8RTuELN+/a3ajGuq+473FXPef1Ik/lR8
G1Ij+VcYqtZsnxYBzGoIv6u4s0Pii44MU/6+mUItmJJzreHsQxlygTf4bwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEttR3oNsjvzOoWiLFIXKzFzNHNfMB8GA1UdIwQY
MBaAFEqOaHAu9dSMTysHLZy0c+Yrh7PkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU281b2NDNzExSXhQS3djdG5MUno1aXVIcy1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9kMTlmYzItODk0OS00ZmU2LTkzMWIt
MWM0YmI1OGFiNzIwLzEvUzIxSGVnMnlPX002aGFJc1VoY3JNWE0wYzE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9kMTlmYzItODk0OS00ZmU2LTkzMWItMWM0YmI1OGFiNzIw
LzEvU281b2NDNzExSXhQS3djdG5MUno1aXVIcy1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDBRwoMA0E
AgACMAcDBQMqBemAMA0GCSqGSIb3DQEBCwUAA4IBAQB34soBTi9VSmbZFn68UELt
x0TNSMDqLyQJZwCrspvRZ5YxGLu4rJa9q7b8ubAKPtrN+cFwqmxjMrj8XR2PXV/k
03w4l3mJhpgQn5J1BPv1wvPcHLA6Phs1K3hIXV8bcfXJ6Gj9zdYMaQ1z1HJmPGnn
R0b+W3AOFarD3JN4ifKI4e8DUn7JFAakaMXKll+tMhabqu0mZ0pceYjANc6AtDaK
wIQqCkUWx6W1Fu3JiMzBC3ovQlGvL87aTm1aMMiyOBuS/g9JW/FjBLDE1bKhhL0m
059WY5Lk6INrTph3N/eqojdZlZvtCeXTJlKg6sEQIiv9xPbtJ4GQrX7ySTEEPrhx
-----END CERTIFICATE-----
Generated at Sun Apr 20 05:12:30 2025 by rpki-client