Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/ea4e64-6d70-4bfd-909d-f0546cfab061/1/Y4YA6S6s2p2Bm-xxRBL14d0G3OU.roa
File: Y4YA6S6s2p2Bm-xxRBL14d0G3OU.roa (raw, json)
Hash identifier: KMV+V3BtlLCx5oQ6WLbjGEW4cStlfiCRxsdrOwI+E4w=
Subject key identifier: 63:86:00:E9:2E:AC:DA:9D:81:9B:EC:71:44:12:F5:E1:DD:06:DC:E5
Certificate issuer: /CN=bbc264b5a6494f890fa314f61fd7d27587e35830
Certificate serial: 019427B56E17CBE6D4C791E148996DEB9AF6
Authority key identifier: BB:C2:64:B5:A6:49:4F:89:0F:A3:14:F6:1F:D7:D2:75:87:E3:58:30
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/u8JktaZJT4kPoxT2H9fSdYfjWDA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/ea4e64-6d70-4bfd-909d-f0546cfab061/1/Y4YA6S6s2p2Bm-xxRBL14d0G3OU.roa
Signing time: Thu 02 Jan 2025 15:49:49 +0000
ROA not before: Thu 02 Jan 2025 15:49:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200026
IP address blocks: 145.14.248.0/21 maxlen: 21
153.92.112.0/21 maxlen: 21
185.40.52.0/22 maxlen: 22
2a00:f120::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 03 Feb 2025 09:58:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:b5:6e:17:cb:e6:d4:c7:91:e1:48:99:6d:eb:9a:f6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bbc264b5a6494f890fa314f61fd7d27587e35830
Validity
Not Before: Jan 2 15:49:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=638600e92eacda9d819bec714412f5e1dd06dce5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:16:02:6b:1e:96:36:07:ca:07:1b:35:48:94:
e9:40:aa:04:05:ad:ae:85:77:4d:31:a2:88:23:7c:
ca:d1:a6:8e:48:c7:cf:f4:02:73:d9:86:c5:d9:00:
75:93:c3:4f:3f:0a:ce:6d:bd:29:d7:36:e3:81:cd:
88:1f:2f:ee:c9:a6:6d:64:89:53:65:fe:ab:71:42:
8a:e6:f3:5b:5f:6b:d6:71:af:71:54:c5:7c:b9:34:
b8:4a:57:42:97:c2:30:14:d6:ec:09:41:a9:05:20:
c7:e0:97:04:f3:8d:28:04:73:04:00:d4:3a:6f:5c:
44:8d:69:9f:6d:5d:1b:0d:fd:ca:4a:09:9a:77:74:
ea:43:ea:55:ce:bb:e2:6f:87:c3:84:37:61:47:5f:
92:8f:ab:d9:2a:8b:79:17:69:1e:da:4b:9e:f2:4b:
fe:99:21:e0:0a:41:99:44:99:22:3c:c4:96:34:02:
be:38:8e:f7:64:e9:8a:57:9a:e5:6e:b0:01:cd:4f:
4c:0b:5a:98:56:9b:48:99:62:f7:6b:4b:54:52:c3:
91:d0:43:c7:1e:8e:80:e0:eb:26:18:36:87:e0:cc:
64:84:de:8c:67:30:c9:cf:f6:d9:00:07:1a:3a:71:
47:1c:46:d0:0d:78:a4:29:af:62:f5:6c:03:4e:75:
cd:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
63:86:00:E9:2E:AC:DA:9D:81:9B:EC:71:44:12:F5:E1:DD:06:DC:E5
X509v3 Authority Key Identifier:
keyid:BB:C2:64:B5:A6:49:4F:89:0F:A3:14:F6:1F:D7:D2:75:87:E3:58:30
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u8JktaZJT4kPoxT2H9fSdYfjWDA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/ea4e64-6d70-4bfd-909d-f0546cfab061/1/Y4YA6S6s2p2Bm-xxRBL14d0G3OU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/ea4e64-6d70-4bfd-909d-f0546cfab061/1/u8JktaZJT4kPoxT2H9fSdYfjWDA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
145.14.248.0/21
153.92.112.0/21
185.40.52.0/22
IPv6:
2a00:f120::/32
Signature Algorithm: sha256WithRSAEncryption
94:d7:4c:1a:47:f4:b8:e9:24:c7:e9:79:e2:ef:33:fc:52:18:
57:c3:0d:f8:26:ce:75:81:a0:9d:3a:97:7b:30:96:17:36:d1:
27:5f:c3:64:ca:f1:93:7c:fe:3b:d8:02:e9:e0:6b:d4:96:0d:
a4:a9:da:62:01:1a:f0:8a:60:38:62:e7:bb:da:83:cd:44:f9:
2f:b3:2e:97:c1:5a:4b:a8:5b:bb:95:52:47:c7:18:1e:88:61:
90:b8:f4:d7:ef:e6:0e:c0:8c:d1:36:ec:03:47:25:b4:4d:f9:
34:28:89:10:2c:e5:fb:b2:d6:6d:b7:a9:bc:16:a8:1f:3c:eb:
7e:98:a3:51:a4:bb:46:41:b0:c8:a3:94:30:9f:3a:f7:80:e5:
5d:23:e3:e9:32:fb:3a:4d:7e:85:3c:82:42:3d:4d:d6:da:4c:
0e:4d:7c:0b:40:58:12:aa:26:0d:6d:eb:8d:7a:ca:50:34:f4:
b7:73:41:bf:94:17:b5:44:f1:17:12:f6:70:53:22:ba:3f:81:
6b:d2:72:47:83:39:af:04:cc:86:4b:04:a2:0e:81:3c:79:c8:
d7:5f:37:c3:c1:f8:c7:0c:36:0e:f1:71:bd:bc:40:d0:23:31:
05:38:a0:f8:d7:0c:18:98:d2:6d:30:41:40:69:1e:7d:4b:65:
8d:4c:49:42
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQntW4Xy+bUx5HhSJlt65r2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYzI2NGI1YTY0OTRmODkwZmEzMTRmNjFmZDdkMjc1ODdl
MzU4MzAwHhcNMjUwMTAyMTU0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzg2MDBlOTJlYWNkYTlkODE5YmVjNzE0NDEyZjVlMWRkMDZkY2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRYCax6WNgfKBxs1SJTpQKoEBa2u
hXdNMaKII3zK0aaOSMfP9AJz2YbF2QB1k8NPPwrObb0p1zbjgc2IHy/uyaZtZIlT
Zf6rcUKK5vNbX2vWca9xVMV8uTS4SldCl8IwFNbsCUGpBSDH4JcE840oBHMEANQ6
b1xEjWmfbV0bDf3KSgmad3TqQ+pVzrvib4fDhDdhR1+Sj6vZKot5F2ke2kue8kv+
mSHgCkGZRJkiPMSWNAK+OI73ZOmKV5rlbrABzU9MC1qYVptImWL3a0tUUsOR0EPH
Ho6A4OsmGDaH4MxkhN6MZzDJz/bZAAcaOnFHHEbQDXikKa9i9WwDTnXNyQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFGOGAOkurNqdgZvscUQS9eHdBtzlMB8GA1UdIwQY
MBaAFLvCZLWmSU+JD6MU9h/X0nWH41gwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdThKa3RhWkpUNGtQb3hUMkg5ZlNkWWZqV0RBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9lYTRlNjQtNmQ3MC00YmZkLTkwOWQt
ZjA1NDZjZmFiMDYxLzEvWTRZQTZTNnMycDJCbS14eFJCTDE0ZDBHM09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9lYTRlNjQtNmQ3MC00YmZkLTkwOWQtZjA1NDZjZmFiMDYx
LzEvdThKa3RhWkpUNGtQb3hUMkg5ZlNkWWZqV0RBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDkQ74AwQD
mVxwAwQCuSg0MA0EAgACMAcDBQAqAPEgMA0GCSqGSIb3DQEBCwUAA4IBAQCU10wa
R/S46STH6Xni7zP8UhhXww34Js51gaCdOpd7MJYXNtEnX8NkyvGTfP472ALp4GvU
lg2kqdpiARrwimA4Yue72oPNRPkvsy6XwVpLqFu7lVJHxxgeiGGQuPTX7+YOwIzR
NuwDRyW0Tfk0KIkQLOX7stZtt6m8FqgfPOt+mKNRpLtGQbDIo5Qwnzr3gOVdI+Pp
Mvs6TX6FPIJCPU3W2kwOTXwLQFgSqiYNbeuNespQNPS3c0G/lBe1RPEXEvZwUyK6
P4Fr0nJHgzmvBMyGSwSiDoE8ecjXXzfDwfjHDDYO8XG9vEDQIzEFOKD41wwYmNJt
MEFAaR59S2WNTElC
-----END CERTIFICATE-----
Generated at Tue Apr 22 23:28:46 2025 by rpki-client