Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/r8pLaL_p1AslqPuUVsNdfw34LfU.roa
File: r8pLaL_p1AslqPuUVsNdfw34LfU.roa (raw, json)
Hash identifier: 6HlfK2NNMURPcwW0MLOjZLHyKzrXS9ro6D7w86rCNbY=
Subject key identifier: AF:CA:4B:68:BF:E9:D4:0B:25:A8:FB:94:56:C3:5D:7F:0D:F8:2D:F5
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01939D454486F9CE3FDFB69C50CAC020D81B
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/r8pLaL_p1AslqPuUVsNdfw34LfU.roa
Signing time: Fri 06 Dec 2024 18:39:42 +0000
ROA not before: Fri 06 Dec 2024 18:39:42 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 398343
IP address blocks: 193.124.15.0/24 maxlen: 24
193.124.24.0/24 maxlen: 24
194.87.123.0/24 maxlen: 24
194.135.104.0/24 maxlen: 24
212.193.25.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 11 Dec 2024 11:25:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:9d:45:44:86:f9:ce:3f:df:b6:9c:50:ca:c0:20:d8:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 6 18:39:42 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=afca4b68bfe9d40b25a8fb9456c35d7f0df82df5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:c9:b9:3d:e0:ce:d5:80:b4:3e:06:2e:40:d6:
b1:0e:cb:87:f1:53:87:48:89:92:cd:d2:f5:97:13:
93:1d:fd:53:1c:88:13:77:9e:e7:bf:4c:6f:5b:07:
a3:2c:00:6c:fc:4a:c5:1f:92:76:ab:d7:4b:06:5e:
61:cb:36:e4:a0:0e:d0:67:e9:e9:13:1f:8a:e6:cd:
4d:3f:ea:6b:84:9a:07:54:5d:78:93:0a:1d:01:b4:
b5:cc:e8:61:b4:be:6c:3d:a3:b8:61:5f:b5:ef:98:
cf:c4:87:1a:7d:90:97:71:53:d7:f0:a4:91:9c:9d:
77:34:dc:72:37:07:84:49:55:4e:d8:ab:17:fb:a2:
7a:6d:7b:5c:90:7c:37:98:dc:7d:5a:05:4b:ad:18:
5b:1e:3b:cf:1c:a4:40:04:17:12:d6:1c:22:81:dd:
dc:ba:04:69:95:5b:b7:b0:54:4e:40:01:b7:3d:ae:
6c:4e:e9:cf:44:90:49:93:67:1f:e8:1c:19:78:3d:
7e:f3:bf:5f:e0:2d:c9:9e:d5:e6:8f:59:99:7d:b8:
1e:60:94:37:9f:30:1d:07:df:0f:fd:e7:45:71:2e:
37:b9:d7:5f:65:ca:b8:a0:e8:c4:d1:44:d1:6c:9d:
1d:c9:e1:6e:74:ca:8e:0c:90:38:8c:a3:6d:4d:14:
14:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:CA:4B:68:BF:E9:D4:0B:25:A8:FB:94:56:C3:5D:7F:0D:F8:2D:F5
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/r8pLaL_p1AslqPuUVsNdfw34LfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.15.0/24
193.124.24.0/24
194.87.123.0/24
194.135.104.0/24
212.193.25.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:85:03:b7:9b:6a:1c:1a:3f:d0:33:1e:99:27:af:5a:dd:03:
bf:ad:d8:31:24:a6:0b:ff:e2:bf:19:ae:12:73:cc:13:0b:b8:
b5:2d:a3:1b:47:d6:d6:b9:1c:9b:54:e8:b4:1a:f1:87:42:b7:
f4:dc:88:e9:7a:bf:01:de:ea:37:e3:14:e8:06:7d:ed:23:80:
30:71:6d:00:9a:0a:e3:2b:df:98:38:46:6d:48:10:70:00:6c:
b9:8b:2d:44:0d:24:a6:db:f7:91:5e:4e:11:11:51:4c:88:b3:
e6:48:f0:21:59:8d:9e:37:25:05:ea:6e:b8:20:bf:44:88:3f:
3d:d9:46:86:4e:7f:79:83:9b:ec:a6:f1:90:7e:4e:e5:7d:c2:
3a:ee:7e:ea:36:5d:32:f0:a6:1b:87:ca:a7:aa:ed:b4:4c:f2:
39:b9:26:d0:63:61:dc:9d:08:74:1c:80:43:43:94:28:72:d4:
59:b4:66:bb:62:20:09:6b:3b:62:c9:8d:0e:3d:23:b2:b6:1e:
67:9f:64:77:3e:93:54:da:26:90:3d:ae:c0:59:0b:b2:44:7d:
64:80:b9:97:bc:4f:d6:3d:a6:a5:4f:64:21:70:5d:0d:9f:8a:
56:42:b4:c5:15:46:24:59:a2:ff:25:d1:88:b3:f5:e2:f2:b1:
4e:dd:fb:b6
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZOdRUSG+c4/37acUMrAINgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQxMjA2MTgzOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmNhNGI2OGJmZTlkNDBiMjVhOGZiOTQ1NmMzNWQ3ZjBkZjgyZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsm5PeDO1YC0PgYuQNaxDsuH8VOH
SImSzdL1lxOTHf1THIgTd57nv0xvWwejLABs/ErFH5J2q9dLBl5hyzbkoA7QZ+np
Ex+K5s1NP+prhJoHVF14kwodAbS1zOhhtL5sPaO4YV+175jPxIcafZCXcVPX8KSR
nJ13NNxyNweESVVO2KsX+6J6bXtckHw3mNx9WgVLrRhbHjvPHKRABBcS1hwigd3c
ugRplVu3sFROQAG3Pa5sTunPRJBJk2cf6BwZeD1+879f4C3JntXmj1mZfbgeYJQ3
nzAdB98P/edFcS43uddfZcq4oOjE0UTRbJ0dyeFudMqODJA4jKNtTRQU3QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFK/KS2i/6dQLJaj7lFbDXX8N+C31MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvcjhwTGFMX3AxQXNscVB1VVZzTmRmdzM0TGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAwXwPAwQA
wXwYAwQAwld7AwQAwodoAwQA1MEZMA0GCSqGSIb3DQEBCwUAA4IBAQBbhQO3m2oc
Gj/QMx6ZJ69a3QO/rdgxJKYL/+K/Ga4Sc8wTC7i1LaMbR9bWuRybVOi0GvGHQrf0
3Ijper8B3uo34xToBn3tI4AwcW0AmgrjK9+YOEZtSBBwAGy5iy1EDSSm2/eRXk4R
EVFMiLPmSPAhWY2eNyUF6m64IL9EiD892UaGTn95g5vspvGQfk7lfcI67n7qNl0y
8KYbh8qnqu20TPI5uSbQY2HcnQh0HIBDQ5QoctRZtGa7YiAJaztiyY0OPSOyth5n
n2R3PpNU2iaQPa7AWQuyRH1kgLmXvE/WPaalT2QhcF0Nn4pWQrTFFUYkWaL/JdGI
s/Xi8rFO3fu2
-----END CERTIFICATE-----
Generated at Tue Apr 22 11:35:26 2025 by rpki-client