Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/tOANOG2IszN-zGW0ItbTKn2F7kg.roa
File: tOANOG2IszN-zGW0ItbTKn2F7kg.roa (raw, json)
Hash identifier: LqPHlxSshMkJGCEn2Mxigd6NojdW+lBI083+SeDo4pk=
Subject key identifier: B4:E0:0D:38:6D:88:B3:33:7E:CC:65:B4:22:D6:D3:2A:7D:85:EE:48
Certificate issuer: /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial: 01952AC2C74EB125247F813952D8AF1CF72E
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/tOANOG2IszN-zGW0ItbTKn2F7kg.roa
Signing time: Fri 21 Feb 2025 23:06:02 +0000
ROA not before: Fri 21 Feb 2025 23:06:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 40676
IP address blocks: 2a14:640:2::/48 maxlen: 48
Validation: Failed, certificate revoked on Sun 23 Feb 2025 09:21:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:2a:c2:c7:4e:b1:25:24:7f:81:39:52:d8:af:1c:f7:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Validity
Not Before: Feb 21 23:06:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b4e00d386d88b3337ecc65b422d6d32a7d85ee48
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:e8:e7:09:e0:b1:9a:1e:9c:c2:bf:95:14:71:
4b:b7:af:5a:b9:39:8e:43:78:fd:e8:f9:da:04:ac:
3f:5e:58:f0:39:ab:55:5b:fd:4d:57:b7:02:dd:e0:
55:a0:f8:a5:e9:40:b5:75:eb:ad:bc:4e:11:5c:42:
d2:4a:16:bb:b5:b5:ab:6f:05:09:0b:cd:7f:ce:f2:
da:50:88:b7:c8:8e:88:e0:8d:52:04:d1:ae:d5:fb:
32:16:95:57:ce:5f:b4:1d:b8:0c:50:a6:e2:e0:e2:
59:02:1b:c5:8d:12:bf:7c:37:f3:93:bd:03:08:3d:
12:77:37:3b:4a:3b:10:53:38:c7:10:f8:11:db:0a:
e3:10:48:25:bf:d7:3c:88:93:2a:e8:78:1b:51:ab:
4b:4e:1b:b1:a8:12:16:d2:56:ac:23:fa:8e:58:75:
3c:69:85:10:48:82:82:92:de:8a:ee:e9:d6:1a:65:
76:6a:5d:70:5a:f3:8e:48:b5:fe:e7:6b:9b:3f:d7:
e7:54:ad:7d:82:61:bc:18:43:25:32:73:6a:1c:de:
bd:0c:c1:9b:eb:3a:89:90:fd:82:54:dc:f3:cd:a1:
67:79:84:ae:88:aa:45:b2:3f:a0:91:8f:8e:b7:95:
32:db:36:af:fa:dd:9c:0f:e2:7d:b3:7e:62:18:74:
21:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:E0:0D:38:6D:88:B3:33:7E:CC:65:B4:22:D6:D3:2A:7D:85:EE:48
X509v3 Authority Key Identifier:
keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/tOANOG2IszN-zGW0ItbTKn2F7kg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a14:640:2::/48
Signature Algorithm: sha256WithRSAEncryption
8d:43:01:70:ff:eb:a5:5b:7e:c7:e8:b7:fa:6d:cd:cb:98:84:
8a:ac:c3:90:25:e4:9a:b5:e1:bd:bf:69:7a:c6:d4:36:e5:76:
28:76:8c:b1:2f:72:7f:b7:4a:5b:7d:a5:68:8f:26:f9:36:8f:
14:69:d1:41:d8:7c:8a:c7:77:b7:eb:98:33:82:0e:be:12:b9:
51:d1:4b:bc:ae:3c:cb:e8:be:88:23:f8:8a:e2:dc:34:5c:a3:
15:ea:98:a5:ee:a0:41:fd:0b:7f:74:f0:7d:f4:a8:4b:98:3e:
75:06:2c:23:f1:e4:4f:e8:ec:a7:d4:78:a1:87:cb:86:52:b1:
0c:1a:dd:f4:c5:08:cd:ad:5f:f2:38:01:78:9d:05:06:63:0d:
be:9b:07:36:2c:ec:7a:6b:8c:32:8d:e8:25:a0:ee:82:6d:c5:
1a:ba:b0:b4:5e:da:1f:bb:64:4d:75:97:a6:7f:ee:97:0f:63:
d5:d3:56:14:ad:8a:20:e3:7b:66:5c:9a:f4:ec:15:35:11:61:
77:8a:13:74:fb:16:82:b3:74:ce:ac:3a:58:c9:5f:09:5a:65:
a3:9c:fd:5a:15:86:16:22:b0:dd:4a:01:b0:8b:a7:61:25:ac:
28:9c:95:03:cb:9e:b2:09:5c:db:45:80:f4:3a:8f:d7:c7:14:
85:bc:4d:f3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZUqwsdOsSUkf4E5UtivHPcuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwMjIxMjMwNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGUwMGQzODZkODhiMzMzN2VjYzY1YjQyMmQ2ZDMyYTdkODVlZTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ujnCeCxmh6cwr+VFHFLt69auTmO
Q3j96PnaBKw/XljwOatVW/1NV7cC3eBVoPil6UC1deutvE4RXELSSha7tbWrbwUJ
C81/zvLaUIi3yI6I4I1SBNGu1fsyFpVXzl+0HbgMUKbi4OJZAhvFjRK/fDfzk70D
CD0Sdzc7SjsQUzjHEPgR2wrjEEglv9c8iJMq6HgbUatLThuxqBIW0lasI/qOWHU8
aYUQSIKCkt6K7unWGmV2al1wWvOOSLX+52ubP9fnVK19gmG8GEMlMnNqHN69DMGb
6zqJkP2CVNzzzaFneYSuiKpFsj+gkY+Ot5Uy2zav+t2cD+J9s35iGHQhMwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLTgDThtiLMzfsxltCLW0yp9he5IMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvdE9BTk9HMklzek4tekdXMEl0YlRLbjJGN2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhQGQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCNQwFw/+ulW37H6Lf6bc3LmISKrMOQJeSateG9
v2l6xtQ25XYodoyxL3J/t0pbfaVojyb5No8UadFB2HyKx3e365gzgg6+ErlR0Uu8
rjzL6L6II/iK4tw0XKMV6pil7qBB/Qt/dPB99KhLmD51Biwj8eRP6Oyn1Hihh8uG
UrEMGt30xQjNrV/yOAF4nQUGYw2+mwc2LOx6a4wyjegloO6CbcUaurC0Xtofu2RN
dZemf+6XD2PV01YUrYog43tmXJr07BU1EWF3ihN0+xaCs3TOrDpYyV8JWmWjnP1a
FYYWIrDdSgGwi6dhJawonJUDy56yCVzbRYD0Oo/XxxSFvE3z
-----END CERTIFICATE-----
Generated at Thu Apr 17 03:44:14 2025 by rpki-client