Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/rZhAWgHe-aq6MlntV38aYTKCGTU.roa
File: rZhAWgHe-aq6MlntV38aYTKCGTU.roa (raw, json)
Hash identifier: RAVJl8ej3hgoqq51zi96I6X65p3VrjebH63tUOWAo7w=
Subject key identifier: AD:98:40:5A:01:DE:F9:AA:BA:32:59:ED:57:7F:1A:61:32:82:19:35
Certificate issuer: /CN=eed5b3af0064981e96bb5e27d8f04d86e6306cfa
Certificate serial: 018CC94E450D2B44CD1BC0901A0B528BB05B
Authority key identifier: EE:D5:B3:AF:00:64:98:1E:96:BB:5E:27:D8:F0:4D:86:E6:30:6C:FA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7tWzrwBkmB6Wu14n2PBNhuYwbPo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/rZhAWgHe-aq6MlntV38aYTKCGTU.roa
Signing time: Tue 02 Jan 2024 08:33:19 +0000
ROA not before: Tue 02 Jan 2024 08:33:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198089
IP address blocks: 46.31.8.0/22 maxlen: 22
46.31.8.0/21 maxlen: 21
46.31.12.0/22 maxlen: 22
2a02:4980::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 Jan 2025 13:50:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4e:45:0d:2b:44:cd:1b:c0:90:1a:0b:52:8b:b0:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eed5b3af0064981e96bb5e27d8f04d86e6306cfa
Validity
Not Before: Jan 2 08:33:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ad98405a01def9aaba3259ed577f1a6132821935
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ff:52:83:1a:16:cc:36:9d:54:46:70:ec:d0:1a:
da:a3:dd:5c:ed:40:d2:04:dd:db:a2:da:8a:fb:27:
2b:40:19:e7:e6:a6:48:6c:9e:bb:11:78:a2:77:4c:
47:2c:54:b4:f0:9e:77:8c:8e:00:af:b6:16:84:9a:
6f:02:45:b8:eb:ff:c5:5d:95:07:6e:2e:12:a8:d2:
94:45:79:93:6c:60:c5:5d:1b:83:aa:cc:fc:91:c2:
c2:77:d6:ad:8e:59:e4:85:d8:c3:76:80:ee:bd:21:
af:d4:2c:63:09:98:99:72:c0:ce:7f:7b:a1:53:3c:
c9:bc:fc:e7:81:92:14:a6:f2:19:06:c5:28:ec:b4:
64:ff:e0:74:35:f9:d4:2b:3b:42:3f:6f:8c:f1:b8:
d6:5a:a1:fe:60:f8:d9:50:51:c3:9a:bd:09:8f:9b:
03:60:ed:66:72:42:ba:18:db:3d:43:05:eb:13:af:
8f:13:58:58:3c:bf:a2:9e:ec:2a:6d:c5:66:b5:4f:
62:69:ba:fe:99:c5:2d:e2:b7:5b:11:1a:92:8b:8e:
e3:15:50:66:3f:f0:53:7d:80:e6:0b:7e:ed:4c:81:
ae:8f:43:a7:04:db:50:4e:b9:7e:98:da:5f:fe:61:
bb:b2:2d:68:c1:7d:ba:f7:dd:b1:7e:3d:b1:c8:f2:
5d:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:98:40:5A:01:DE:F9:AA:BA:32:59:ED:57:7F:1A:61:32:82:19:35
X509v3 Authority Key Identifier:
keyid:EE:D5:B3:AF:00:64:98:1E:96:BB:5E:27:D8:F0:4D:86:E6:30:6C:FA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tWzrwBkmB6Wu14n2PBNhuYwbPo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/rZhAWgHe-aq6MlntV38aYTKCGTU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/7tWzrwBkmB6Wu14n2PBNhuYwbPo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.31.8.0/21
IPv6:
2a02:4980::/32
Signature Algorithm: sha256WithRSAEncryption
c4:0a:be:92:97:a5:e7:6f:d5:c5:53:cd:8c:7c:75:d2:9b:30:
eb:ae:de:89:85:7a:3b:d2:b0:04:c0:f3:ce:2e:67:70:dd:7f:
5e:f3:89:d9:ae:16:9a:d8:e6:70:d1:f3:6c:f8:96:02:43:26:
35:dd:73:53:66:78:d2:c1:85:21:38:c0:0a:cb:e6:ac:7c:8a:
34:3e:0e:48:2e:1e:f3:d9:69:73:b5:f0:83:b0:8d:60:95:92:
29:25:70:ca:26:31:8e:a3:0b:64:ed:48:aa:86:75:15:33:80:
06:f7:78:9d:e0:2f:e0:3a:07:fc:bd:0b:d6:34:f3:6a:77:4f:
92:e5:de:4d:25:43:d7:e4:75:b4:51:9f:67:5a:e4:62:e0:24:
25:3d:50:33:2e:5c:3f:c3:35:d0:29:5a:c9:21:42:1e:46:5c:
56:9d:0a:99:71:10:09:af:e4:9e:2e:d4:ce:89:b5:58:60:80:
97:07:27:b0:a7:a7:cb:d9:d9:54:dd:37:09:c3:4f:0e:7d:ab:
de:fe:42:15:7e:27:46:e8:cd:21:a0:91:f8:40:71:57:63:89:
96:97:8f:cd:78:61:d3:be:b7:8e:92:a2:05:e0:90:97:d4:95:
d3:09:96:be:33:66:6b:fe:44:41:f4:69:16:3c:2a:4e:65:60:
e4:e9:fa:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTkUNK0TNG8CQGgtSi7BbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDViM2FmMDA2NDk4MWU5NmJiNWUyN2Q4ZjA0ZDg2ZTYz
MDZjZmEwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDk4NDA1YTAxZGVmOWFhYmEzMjU5ZWQ1NzdmMWE2MTMyODIxOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/1KDGhbMNp1URnDs0Brao91c7UDS
BN3botqK+ycrQBnn5qZIbJ67EXiid0xHLFS08J53jI4Ar7YWhJpvAkW46//FXZUH
bi4SqNKURXmTbGDFXRuDqsz8kcLCd9atjlnkhdjDdoDuvSGv1CxjCZiZcsDOf3uh
UzzJvPzngZIUpvIZBsUo7LRk/+B0NfnUKztCP2+M8bjWWqH+YPjZUFHDmr0Jj5sD
YO1mckK6GNs9QwXrE6+PE1hYPL+inuwqbcVmtU9iabr+mcUt4rdbERqSi47jFVBm
P/BTfYDmC37tTIGuj0OnBNtQTrl+mNpf/mG7si1owX26992xfj2xyPJd3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK2YQFoB3vmqujJZ7Vd/GmEyghk1MB8GA1UdIwQY
MBaAFO7Vs68AZJgelrteJ9jwTYbmMGz6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RXenJ3QmttQjZXdTE0bjJQQk5odVl3YlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8zYWFiZTAtOWU1Zi00OThkLWI1NTAt
MDMwYWNkM2FlMzM2LzEvclpoQVdnSGUtYXE2TWxudFYzOGFZVEtDR1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8zYWFiZTAtOWU1Zi00OThkLWI1NTAtMDMwYWNkM2FlMzM2
LzEvN3RXenJ3QmttQjZXdTE0bjJQQk5odVl3YlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLh8IMA0E
AgACMAcDBQAqAkmAMA0GCSqGSIb3DQEBCwUAA4IBAQDECr6Sl6Xnb9XFU82MfHXS
mzDrrt6JhXo70rAEwPPOLmdw3X9e84nZrhaa2OZw0fNs+JYCQyY13XNTZnjSwYUh
OMAKy+asfIo0Pg5ILh7z2WlztfCDsI1glZIpJXDKJjGOowtk7UiqhnUVM4AG93id
4C/gOgf8vQvWNPNqd0+S5d5NJUPX5HW0UZ9nWuRi4CQlPVAzLlw/wzXQKVrJIUIe
RlxWnQqZcRAJr+SeLtTOibVYYICXByewp6fL2dlU3TcJw08Ofave/kIVfidG6M0h
oJH4QHFXY4mWl4/NeGHTvreOkqIF4JCX1JXTCZa+M2Zr/kRB9GkWPCpOZWDk6fpI
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:40:44 2025 by rpki-client