Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IFlqr8uHRV6P6DP9X4kaqzxJQqw.roa
File: IFlqr8uHRV6P6DP9X4kaqzxJQqw.roa (raw, json)
Hash identifier: 7Oa0++fSquCQlA22NurkpNdyjZhxmWnc0XjTnasQysc=
Subject key identifier: 20:59:6A:AF:CB:87:45:5E:8F:E8:33:FD:5F:89:1A:AB:3C:49:42:AC
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01944F6001D71C9DFD30D1237AD55DE63909
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IFlqr8uHRV6P6DP9X4kaqzxJQqw.roa
Signing time: Fri 10 Jan 2025 08:41:19 +0000
ROA not before: Fri 10 Jan 2025 08:41:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214417
IP address blocks: 87.121.221.0/24 maxlen: 24
176.125.254.0/24 maxlen: 24
194.48.250.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 23 Jan 2025 10:32:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:4f:60:01:d7:1c:9d:fd:30:d1:23:7a:d5:5d:e6:39:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 10 08:41:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=20596aafcb87455e8fe833fd5f891aab3c4942ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:cb:e1:6a:d8:8c:ee:47:f0:84:0b:65:f4:28:
32:63:6d:89:b1:7e:20:ec:21:82:f8:52:71:7b:5a:
db:b3:77:ea:3b:57:50:9f:45:d9:a3:cc:d0:5c:61:
b5:d7:e7:53:8d:71:18:a2:d4:bc:2c:ea:f2:7d:8f:
3c:2d:21:d6:cd:ab:08:68:f0:fd:04:d8:fb:27:e6:
1f:44:53:5e:42:41:1c:9d:ba:d1:73:85:50:c8:e4:
ce:c9:84:28:fd:fe:12:d6:29:f2:af:01:3f:35:7b:
ac:e8:d7:4a:1a:b8:1b:ce:11:76:32:83:06:24:bd:
89:22:09:9b:cc:45:d5:84:e7:d4:84:54:3e:85:f7:
bd:d8:5d:ca:3e:ea:10:73:8e:49:19:e7:14:fc:8a:
e3:2e:ec:e5:fa:f8:ea:02:7d:eb:7a:e4:bd:18:90:
28:09:d5:3a:ff:88:5f:51:77:df:c6:7a:44:b5:dd:
d8:94:ac:80:bd:7a:f0:1a:cc:ca:e2:24:5a:fa:5c:
75:cf:8b:fa:85:67:95:ab:29:94:96:24:ad:ce:69:
ad:3b:3d:91:ce:c2:3c:b3:81:63:7f:a7:c7:0d:a3:
58:7f:c4:6d:c6:20:01:c0:a6:5d:bc:22:ff:b7:9f:
b7:58:72:82:02:be:f7:f1:86:d9:09:6a:4d:2d:1e:
74:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:59:6A:AF:CB:87:45:5E:8F:E8:33:FD:5F:89:1A:AB:3C:49:42:AC
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IFlqr8uHRV6P6DP9X4kaqzxJQqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.221.0/24
176.125.254.0/24
194.48.250.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:18:9f:cd:53:70:0e:d5:23:e0:9d:97:61:89:7e:b0:ee:76:
e3:03:74:f3:23:c0:3c:3d:4f:5c:a0:59:24:6e:f2:5b:bb:3e:
ac:f2:8e:8a:90:e1:3a:75:34:df:e7:18:5f:51:c2:03:a3:cb:
e9:e0:d5:0b:cd:62:d4:3b:2c:f9:0f:ed:98:bd:43:3c:d1:bf:
90:52:79:cb:a4:a6:1f:d2:58:dc:c4:da:89:9c:97:79:d2:18:
10:f1:90:13:b8:e7:ca:d1:7a:63:35:b9:58:9a:f6:17:88:ed:
61:ce:44:6e:b5:be:e2:1c:44:0c:70:93:6d:6e:69:b4:45:04:
bc:8e:15:c6:72:75:f1:84:b6:d5:6a:79:62:a9:9c:da:43:3a:
f9:9a:71:ee:43:2a:8e:54:fa:bf:13:3b:9b:77:55:eb:5d:c1:
8b:71:5e:37:37:a1:3d:5e:b6:78:c1:d4:6f:af:79:29:59:12:
8a:f7:82:32:30:49:35:a4:17:a1:a9:e1:e2:7c:11:97:4d:74:
8b:69:bc:c5:da:f8:00:8f:d7:38:e7:12:db:16:ac:de:9b:e0:
9e:b3:47:43:e9:b7:23:bd:20:5c:c3:61:1f:d8:af:45:6e:91:
1e:7f:fc:53:f4:e2:48:a7:7f:3f:51:67:b1:67:df:85:4e:2a:
0c:92:df:ea
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRPYAHXHJ39MNEjetVd5jkJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTEwMDg0MTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDU5NmFhZmNiODc0NTVlOGZlODMzZmQ1Zjg5MWFhYjNjNDk0MmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcvhatiM7kfwhAtl9CgyY22JsX4g
7CGC+FJxe1rbs3fqO1dQn0XZo8zQXGG11+dTjXEYotS8LOryfY88LSHWzasIaPD9
BNj7J+YfRFNeQkEcnbrRc4VQyOTOyYQo/f4S1inyrwE/NXus6NdKGrgbzhF2MoMG
JL2JIgmbzEXVhOfUhFQ+hfe92F3KPuoQc45JGecU/IrjLuzl+vjqAn3reuS9GJAo
CdU6/4hfUXffxnpEtd3YlKyAvXrwGszK4iRa+lx1z4v6hWeVqymUliStzmmtOz2R
zsI8s4Fjf6fHDaNYf8RtxiABwKZdvCL/t5+3WHKCAr738YbZCWpNLR50ZwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCBZaq/Lh0Vej+gz/V+JGqs8SUKsMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSUZscXI4dUhSVjZQNkRQOVg0a2FxenhKUXF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV3ndAwQA
sH3+AwQAwjD6MA0GCSqGSIb3DQEBCwUAA4IBAQCPGJ/NU3AO1SPgnZdhiX6w7nbj
A3TzI8A8PU9coFkkbvJbuz6s8o6KkOE6dTTf5xhfUcIDo8vp4NULzWLUOyz5D+2Y
vUM80b+QUnnLpKYf0ljcxNqJnJd50hgQ8ZATuOfK0XpjNblYmvYXiO1hzkRutb7i
HEQMcJNtbmm0RQS8jhXGcnXxhLbVanliqZzaQzr5mnHuQyqOVPq/Ezubd1XrXcGL
cV43N6E9XrZ4wdRvr3kpWRKK94IyMEk1pBehqeHifBGXTXSLabzF2vgAj9c45xLb
Fqzem+Ces0dD6bcjvSBcw2Ef2K9FbpEef/xT9OJIp38/UWexZ9+FTioMkt/q
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:20:25 2025 by rpki-client