Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/1-7ma84dJF4qCgvheYA0o7C8vjJc.roa
File: 1-7ma84dJF4qCgvheYA0o7C8vjJc.roa (raw, json)
Hash identifier: vMO2wjWKBgyuDmxXyqkC5BEQw3D35hbX8KERlXxLNOE=
Subject key identifier: FB:B9:9A:F3:87:49:17:8A:82:82:F8:5E:60:0D:28:EC:2F:2F:8C:97
Certificate issuer: /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial: 018D5A189F832620C3743DFB512B2032FF3E
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/1-7ma84dJF4qCgvheYA0o7C8vjJc.roa
Signing time: Tue 30 Jan 2024 11:19:39 +0000
ROA not before: Tue 30 Jan 2024 11:19:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212165
IP address blocks: 45.87.245.0/24 maxlen: 24
185.224.212.0/24 maxlen: 24
2a10:9680::/29 maxlen: 29
2a10:9680::/32 maxlen: 32
2a10:9685::/32 maxlen: 32
2a11:e140::/29 maxlen: 29
2a12:6c40::/29 maxlen: 29
2a12:7f40::/29 maxlen: 29
2a12:92c0::/29 maxlen: 29
Validation: Failed, certificate revoked on Fri 16 Feb 2024 07:35:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:5a:18:9f:83:26:20:c3:74:3d:fb:51:2b:20:32:ff:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Validity
Not Before: Jan 30 11:19:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fbb99af38749178a8282f85e600d28ec2f2f8c97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:f7:ad:2e:9c:a9:c4:8a:65:7b:14:60:7e:8a:
04:33:28:bd:eb:07:50:89:4a:f2:7e:df:6d:3e:34:
24:68:ca:56:fa:6f:48:9b:31:8e:6d:45:7a:29:15:
3e:df:90:03:77:20:8e:a2:18:0f:c6:9a:02:48:4d:
03:35:de:51:4c:b9:26:41:ec:e9:b2:2b:2d:55:03:
b4:bf:1e:89:d9:5d:d3:bf:5e:7c:00:cb:66:a6:a9:
44:49:62:b7:c3:9f:e0:24:6e:1d:44:dc:e6:e5:7c:
14:8a:71:28:f4:c3:1a:13:b8:4e:1d:55:10:69:cc:
dd:03:84:c7:59:8a:6b:00:57:5e:a3:23:a8:68:ed:
a9:8f:37:5e:d8:95:80:12:b6:bb:df:d1:04:8d:60:
d7:b6:ca:90:25:cc:b7:c1:90:b9:83:9a:9a:3a:40:
26:67:80:00:82:82:b8:6a:1e:f1:cb:a1:e1:5d:0c:
95:32:d0:97:1b:00:17:11:c0:3e:9f:54:76:d1:8b:
51:44:a0:61:e4:0a:5d:23:39:80:58:e8:a9:9e:a7:
60:37:0b:5a:fd:f0:74:ce:ef:68:76:2d:e8:7d:0e:
74:1a:3a:08:ad:2b:fc:e7:ec:b0:e6:32:98:a6:63:
a7:4a:d4:33:16:32:bd:84:c0:6a:b0:60:37:69:f3:
3b:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:B9:9A:F3:87:49:17:8A:82:82:F8:5E:60:0D:28:EC:2F:2F:8C:97
X509v3 Authority Key Identifier:
keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/1-7ma84dJF4qCgvheYA0o7C8vjJc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.245.0/24
185.224.212.0/24
IPv6:
2a10:9680::/29
2a11:e140::/29
2a12:6c40::/29
2a12:7f40::/29
2a12:92c0::/29
Signature Algorithm: sha256WithRSAEncryption
64:e3:91:cf:a5:8d:3a:1a:ca:51:a1:7c:23:73:ff:e8:30:12:
67:4e:be:8b:c1:62:0b:db:6b:91:f3:25:96:02:13:48:a3:1d:
f1:8a:b3:e5:34:18:88:32:46:c7:7e:b4:d3:44:7e:4e:8b:1e:
76:bd:d3:29:b3:45:1e:72:d4:02:ac:bc:ae:8a:38:55:90:9d:
5f:c1:7e:59:a6:63:6b:46:e8:02:6c:67:3a:a9:a2:f9:e9:e8:
eb:cb:c5:24:6c:44:cd:c6:fd:17:60:15:55:cc:fe:3b:40:71:
9d:8a:6b:71:9a:6f:82:4f:05:22:57:13:5c:1d:49:52:25:96:
0c:20:bd:80:6d:f1:c7:7a:12:a0:77:ea:df:b8:20:78:ba:10:
11:1d:88:7e:7f:fa:c9:85:9e:e5:55:b1:37:65:7a:72:a6:7d:
f1:8d:1c:4c:a5:fa:ee:56:ac:37:9f:8e:fe:b4:41:78:10:f4:
7e:91:aa:cf:db:fb:25:7e:80:dc:0b:89:4a:54:9e:a6:64:36:
2a:5f:4f:ad:0f:c8:ba:13:2d:36:5e:7b:91:4a:9a:6e:65:00:
8a:cd:0d:42:ef:c1:5e:d4:8f:60:99:40:d7:23:46:bf:0f:ea:
f9:d9:1a:9d:bf:c2:bd:67:87:8a:7d:c6:2e:41:c3:c1:6b:5e:
10:5d:b9:91
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY1aGJ+DJiDDdD37USsgMv8+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMTMwMTExOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmI5OWFmMzg3NDkxNzhhODI4MmY4NWU2MDBkMjhlYzJmMmY4Yzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7vetLpypxIplexRgfooEMyi96wdQ
iUryft9tPjQkaMpW+m9ImzGObUV6KRU+35ADdyCOohgPxpoCSE0DNd5RTLkmQezp
sistVQO0vx6J2V3Tv158AMtmpqlESWK3w5/gJG4dRNzm5XwUinEo9MMaE7hOHVUQ
aczdA4THWYprAFdeoyOoaO2pjzde2JWAEra739EEjWDXtsqQJcy3wZC5g5qaOkAm
Z4AAgoK4ah7xy6HhXQyVMtCXGwAXEcA+n1R20YtRRKBh5ApdIzmAWOipnqdgNwta
/fB0zu9odi3ofQ50GjoIrSv85+yw5jKYpmOnStQzFjK9hMBqsGA3afM7AwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFPu5mvOHSReKgoL4XmANKOwvL4yXMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvMS03bWE4NGRKRjRxQ2d2aGVZQTBvN0M4dmpKYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDkvZGQ2ZTFkLWFiYzktNDczYi1hOTFhLWQ4NzIxMzc1NjQ0
YS8xL1hnXzRxdmRGTVJRVWNDalZTdUhHazZpaFI3dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBQBggrBgEFBQcBBwEB/wRBMD8wEgQCAAEwDAMEAC1X9QME
ALng1DApBAIAAjAjAwUDKhCWgAMFAyoR4UADBQMqEmxAAwUDKhJ/QAMFAyoSksAw
DQYJKoZIhvcNAQELBQADggEBAGTjkc+ljToaylGhfCNz/+gwEmdOvovBYgvba5Hz
JZYCE0ijHfGKs+U0GIgyRsd+tNNEfk6LHna90ymzRR5y1AKsvK6KOFWQnV/Bflmm
Y2tG6AJsZzqpovnp6OvLxSRsRM3G/RdgFVXM/jtAcZ2Ka3Gab4JPBSJXE1wdSVIl
lgwgvYBt8cd6EqB36t+4IHi6EBEdiH5/+smFnuVVsTdlenKmffGNHEyl+u5WrDef
jv60QXgQ9H6Rqs/b+yV+gNwLiUpUnqZkNipfT60PyLoTLTZee5FKmm5lAIrNDULv
wV7Uj2CZQNcjRr8P6vnZGp2/wr1nh4p9xi5Bw8FrXhBduZE=
-----END CERTIFICATE-----
Generated at Mon Apr 21 15:31:53 2025 by rpki-client