Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/tLpLU0lzvkuqpi6na3K8MDMnVMQ.roa
File: tLpLU0lzvkuqpi6na3K8MDMnVMQ.roa (raw, json)
Hash identifier: nWtmAKNmrAvHcjEPHUOzlWI6ZCtYePVO6BxTmyTgI+k=
Subject key identifier: B4:BA:4B:53:49:73:BE:4B:AA:A6:2E:A7:6B:72:BC:30:33:27:54:C4
Certificate issuer: /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial: 018D7FAE7D7152D38F47214A47B66F8DADBA
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/tLpLU0lzvkuqpi6na3K8MDMnVMQ.roa
Signing time: Tue 06 Feb 2024 18:29:18 +0000
ROA not before: Tue 06 Feb 2024 18:29:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58270
IP address blocks: 2a0f:b241:121::/48 maxlen: 48
Validation: Failed, certificate revoked on Wed 07 Feb 2024 04:55:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:7f:ae:7d:71:52:d3:8f:47:21:4a:47:b6:6f:8d:ad:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Validity
Not Before: Feb 6 18:29:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b4ba4b534973be4baaa62ea76b72bc30332754c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:eb:4b:94:cc:5f:34:9e:0c:42:0e:71:b5:7f:
14:0c:b0:b4:9e:08:37:5e:03:3b:4e:0e:51:42:81:
5f:6d:70:61:ab:c0:2f:a6:c9:11:33:1e:59:64:fe:
37:ce:df:8b:b8:bf:e8:09:ba:d3:74:42:23:91:48:
7a:ca:4e:c2:df:f7:f9:cb:f5:5c:75:e8:c5:f8:62:
f3:4c:11:a6:80:0e:05:6f:de:c2:ab:ad:d5:d7:3b:
d2:0c:a5:ad:63:49:f9:6d:d4:97:54:b7:d7:28:05:
6c:b9:c3:6c:f9:88:50:7c:ba:63:5b:ac:50:6c:14:
f6:37:3f:13:11:b1:15:6f:89:6d:18:67:5a:ac:78:
b3:3c:75:b0:58:0d:ca:79:f0:a3:0c:4f:ec:c1:9c:
77:27:b1:a9:af:67:a3:58:2e:c1:27:fc:53:0e:56:
cc:b9:1f:2d:64:22:50:0e:da:33:00:fd:fe:18:d4:
96:7f:9d:f6:50:80:cf:f6:53:54:4a:c8:f3:f5:8f:
2c:3b:e3:95:9a:72:e4:e7:b8:5d:8d:cc:c2:32:d2:
94:0f:d3:cc:73:26:e1:76:7c:4d:e2:3c:ba:50:3b:
72:24:b1:1d:85:eb:c0:23:bd:12:5e:14:50:fb:f3:
98:c5:aa:ed:c1:bf:9b:08:c8:54:73:4e:04:26:1d:
e4:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:BA:4B:53:49:73:BE:4B:AA:A6:2E:A7:6B:72:BC:30:33:27:54:C4
X509v3 Authority Key Identifier:
keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/tLpLU0lzvkuqpi6na3K8MDMnVMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0f:b241:121::/48
Signature Algorithm: sha256WithRSAEncryption
1f:99:8c:bb:0f:20:79:61:7d:38:8d:c3:04:2c:50:1e:68:4d:
fe:2a:9a:33:30:2e:26:55:70:2d:92:8e:f8:0d:d0:72:70:24:
2a:f8:71:d4:03:f6:1e:66:d4:0c:2b:3d:52:13:b7:a1:fe:fa:
40:22:8d:10:4d:10:04:d8:b7:17:ca:a5:0a:95:b7:27:41:e6:
53:45:0c:f2:69:1c:e0:de:d5:2e:64:9f:b4:99:77:2c:0e:a4:
1a:84:5c:67:5a:da:6e:c3:0c:27:9d:cc:17:5e:19:12:02:15:
71:ad:94:4d:c5:b7:0a:5b:9c:49:54:37:80:d6:0f:ab:51:e4:
86:30:f8:6c:ad:e6:bd:4c:05:78:1e:cf:89:28:80:4f:ff:2c:
18:fa:c7:44:61:2f:69:03:60:be:4b:2e:1d:23:39:47:69:d1:
1c:77:a7:65:53:d4:95:e5:57:3a:7d:2e:a5:6c:2f:5b:94:b1:
a8:57:ee:f1:df:4e:c1:1a:0c:76:1e:1e:0a:01:4f:25:f1:33:
d8:ba:b0:46:54:b8:d2:bc:55:6e:3d:9c:aa:3b:a4:69:90:a9:
0e:7e:28:88:f8:4b:c0:4d:d6:a9:fb:5f:42:1d:57:7f:4c:17:
b3:bb:47:ae:d9:72:3a:c3:87:91:7a:03:2c:32:6a:dd:0a:48:
29:10:23:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY1/rn1xUtOPRyFKR7Zvja26MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA2MTgyOTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGJhNGI1MzQ5NzNiZTRiYWFhNjJlYTc2YjcyYmMzMDMzMjc1NGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuutLlMxfNJ4MQg5xtX8UDLC0ngg3
XgM7Tg5RQoFfbXBhq8AvpskRMx5ZZP43zt+LuL/oCbrTdEIjkUh6yk7C3/f5y/Vc
dejF+GLzTBGmgA4Fb97Cq63V1zvSDKWtY0n5bdSXVLfXKAVsucNs+YhQfLpjW6xQ
bBT2Nz8TEbEVb4ltGGdarHizPHWwWA3KefCjDE/swZx3J7Gpr2ejWC7BJ/xTDlbM
uR8tZCJQDtozAP3+GNSWf532UIDP9lNUSsjz9Y8sO+OVmnLk57hdjczCMtKUD9PM
cybhdnxN4jy6UDtyJLEdhevAI70SXhRQ+/OYxartwb+bCMhUc04EJh3kzwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLS6S1NJc75LqqYup2tyvDAzJ1TEMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvdExwTFUwbHp2a3VxcGk2bmEzSzhNRE1uVk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQEh
MA0GCSqGSIb3DQEBCwUAA4IBAQAfmYy7DyB5YX04jcMELFAeaE3+KpozMC4mVXAt
ko74DdBycCQq+HHUA/YeZtQMKz1SE7eh/vpAIo0QTRAE2LcXyqUKlbcnQeZTRQzy
aRzg3tUuZJ+0mXcsDqQahFxnWtpuwwwnncwXXhkSAhVxrZRNxbcKW5xJVDeA1g+r
UeSGMPhsrea9TAV4Hs+JKIBP/ywY+sdEYS9pA2C+Sy4dIzlHadEcd6dlU9SV5Vc6
fS6lbC9blLGoV+7x307BGgx2Hh4KAU8l8TPYurBGVLjSvFVuPZyqO6RpkKkOfiiI
+EvATdap+19CHVd/TBezu0eu2XI6w4eRegMsMmrdCkgpECNB
-----END CERTIFICATE-----