Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/0TtPz-8AdbNhMtYvQm7PEWw5qEU.roa
File: 0TtPz-8AdbNhMtYvQm7PEWw5qEU.roa (raw, json)
Hash identifier: +3rwyI/yV3EWAsP7/UTyLFUHbibgGpsJylgzK8nYm5g=
Subject key identifier: D1:3B:4F:CF:EF:00:75:B3:61:32:D6:2F:42:6E:CF:11:6C:39:A8:45
Certificate issuer: /CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
Certificate serial: 018CC26D7166EAE2DDABBCB1357D23B74357
Authority key identifier: 42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/0TtPz-8AdbNhMtYvQm7PEWw5qEU.roa
Signing time: Mon 01 Jan 2024 00:30:01 +0000
ROA not before: Mon 01 Jan 2024 00:30:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209380
IP address blocks: 45.67.152.0/24 maxlen: 24
45.67.155.0/24 maxlen: 24
45.67.153.0/24 maxlen: 24
45.67.154.0/24 maxlen: 24
91.247.168.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 29 Oct 2024 19:35:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:71:66:ea:e2:dd:ab:bc:b1:35:7d:23:b7:43:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
Validity
Not Before: Jan 1 00:30:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d13b4fcfef0075b36132d62f426ecf116c39a845
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:dc:3f:09:57:c0:68:57:f5:cb:5d:f3:10:ff:
25:75:78:b8:9e:b2:e3:8a:29:85:78:2a:00:0f:86:
d0:2a:7e:36:5b:04:3a:21:3f:cf:76:24:12:d0:c0:
c5:19:d2:e8:14:8f:80:bc:33:7d:3d:10:e1:19:6c:
ec:20:65:d5:27:22:02:3b:cb:db:fd:23:b6:62:03:
31:62:4c:73:12:ac:05:0e:e5:e1:90:5b:46:c4:49:
9d:2d:fb:f1:85:01:5e:22:c5:32:29:85:c0:39:fe:
41:77:24:02:44:31:08:d2:21:05:cd:1b:6f:32:e6:
a3:3b:18:e5:06:41:e6:fa:f9:26:be:f8:bf:61:e8:
81:a3:f0:f1:50:7e:fd:95:03:f5:c5:65:d3:f5:58:
6d:32:e7:d3:5c:9f:74:7c:8b:fc:40:9c:9a:ed:0d:
5a:b0:8b:c5:1b:7a:fe:d7:f9:03:c2:91:7d:49:24:
48:df:55:64:18:cc:42:93:92:b4:07:ef:88:c3:91:
66:58:29:37:62:90:d6:14:05:dc:e7:3b:98:c3:14:
93:15:25:6c:90:0f:d1:aa:da:38:00:0c:eb:40:2a:
dd:b0:6f:0f:cf:da:fa:f8:b6:95:71:45:1e:4d:29:
af:29:75:7a:a9:88:57:b7:3e:b8:1e:3f:92:83:ed:
94:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:3B:4F:CF:EF:00:75:B3:61:32:D6:2F:42:6E:CF:11:6C:39:A8:45
X509v3 Authority Key Identifier:
keyid:42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/0TtPz-8AdbNhMtYvQm7PEWw5qEU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.152.0/22
91.247.168.0/24
Signature Algorithm: sha256WithRSAEncryption
03:96:f9:42:68:15:f5:59:e8:bf:d6:6e:bb:6a:3b:8c:ad:c6:
2f:89:18:60:ae:e2:c8:da:b8:c8:44:28:c6:dc:de:3a:c7:e7:
04:6f:7d:73:bc:63:c1:fe:21:f6:1a:ce:41:3c:17:e8:37:ab:
68:b7:9f:b1:46:af:44:4b:58:ca:83:cb:7b:cb:46:04:94:bd:
49:d3:53:ff:07:87:3d:67:a5:86:6e:47:33:e3:db:5f:f6:3b:
6c:66:b0:89:3f:27:1c:7c:07:eb:f6:22:b1:48:33:d4:f3:85:
a3:9e:84:07:eb:59:8c:5a:57:a3:e6:05:9f:50:bb:d3:6e:0f:
78:0c:a5:3e:5d:3d:98:db:b3:26:ab:0d:ce:5d:f1:bc:f6:11:
94:04:ba:9c:c1:1e:a8:51:9e:cb:98:90:f4:8a:59:61:a1:89:
2e:be:ca:e7:a9:b2:54:18:b5:39:8a:1b:5f:56:1a:3e:0c:74:
dd:3d:1a:cf:c3:71:22:aa:92:a9:96:70:a4:c4:81:d5:70:f2:
b5:e2:d7:65:03:9c:1b:28:af:22:08:e5:01:0e:88:48:02:94:
e7:f9:72:d4:5b:c9:93:bc:23:0b:74:e3:49:bd:ff:89:70:d8:
4b:c0:70:cd:ab:72:66:6a:85:3c:e1:2c:a6:28:1a:32:a2:6e:
37:0a:8a:1c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbXFm6uLdq7yxNX0jt0NXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2Y0YTEyOGQwOWRmYzRiOGIwMzVhMTJjZDgzMWY5Zjdi
MDE0NjkwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTNiNGZjZmVmMDA3NWIzNjEzMmQ2MmY0MjZlY2YxMTZjMzlhODQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNw/CVfAaFf1y13zEP8ldXi4nrLj
iimFeCoAD4bQKn42WwQ6IT/PdiQS0MDFGdLoFI+AvDN9PRDhGWzsIGXVJyICO8vb
/SO2YgMxYkxzEqwFDuXhkFtGxEmdLfvxhQFeIsUyKYXAOf5BdyQCRDEI0iEFzRtv
MuajOxjlBkHm+vkmvvi/YeiBo/DxUH79lQP1xWXT9VhtMufTXJ90fIv8QJya7Q1a
sIvFG3r+1/kDwpF9SSRI31VkGMxCk5K0B++Iw5FmWCk3YpDWFAXc5zuYwxSTFSVs
kA/Rqto4AAzrQCrdsG8Pz9r6+LaVcUUeTSmvKXV6qYhXtz64Hj+Sg+2U1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNE7T8/vAHWzYTLWL0JuzxFsOahFMB8GA1UdIwQY
MBaAFELPShKNCd/EuLA1oSzYMfn3sBRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEt
MGIwNDM3NWY5YjM2LzEvMFR0UHotOEFkYk5oTXRZdlFtN1BFV3c1cUVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEtMGIwNDM3NWY5YjM2
LzEvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLUOYAwQA
W/eoMA0GCSqGSIb3DQEBCwUAA4IBAQADlvlCaBX1Wei/1m67ajuMrcYviRhgruLI
2rjIRCjG3N46x+cEb31zvGPB/iH2Gs5BPBfoN6tot5+xRq9ES1jKg8t7y0YElL1J
01P/B4c9Z6WGbkcz49tf9jtsZrCJPyccfAfr9iKxSDPU84WjnoQH61mMWlej5gWf
ULvTbg94DKU+XT2Y27Mmqw3OXfG89hGUBLqcwR6oUZ7LmJD0illhoYkuvsrnqbJU
GLU5ihtfVho+DHTdPRrPw3EiqpKplnCkxIHVcPK14tdlA5wbKK8iCOUBDohIApTn
+XLUW8mTvCMLdONJvf+JcNhLwHDNq3JmaoU84SymKBoyom43Cooc
-----END CERTIFICATE-----
Generated at Fri Apr 18 00:48:12 2025 by rpki-client