Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1FD3h5R5IwAkDSxnXwSSpTEkg9s.roa
File: 1FD3h5R5IwAkDSxnXwSSpTEkg9s.roa (raw, json)
Hash identifier: ZWEzHlk/y7Uc9SO89ULgkU5KQ4avLAALWRKMiV4nR0M=
Subject key identifier: D4:50:F7:87:94:79:23:00:24:0D:2C:67:5F:04:92:A5:31:24:83:DB
Certificate issuer: /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial: 01942068533D28BCD6FC028423E8A2BEC1AA
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1FD3h5R5IwAkDSxnXwSSpTEkg9s.roa
Signing time: Wed 01 Jan 2025 05:48:15 +0000
ROA not before: Wed 01 Jan 2025 05:48:15 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 207713
IP address blocks: 147.45.48.0/24 maxlen: 24
193.233.18.0/24 maxlen: 24
193.233.48.0/24 maxlen: 24
193.233.49.0/24 maxlen: 24
193.233.84.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 21 Feb 2025 08:48:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:20:68:53:3d:28:bc:d6:fc:02:84:23:e8:a2:be:c1:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
Validity
Not Before: Jan 1 05:48:15 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d450f78794792300240d2c675f0492a5312483db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:ac:71:db:43:70:33:37:9f:09:a6:4b:88:c2:
ee:02:2f:67:7e:0a:c6:c6:93:1e:a0:71:a8:db:d9:
13:48:86:f4:78:0d:95:5f:e2:8a:45:b7:0a:f6:71:
fa:82:dd:ca:36:2f:37:73:5e:e1:fc:21:fa:92:c1:
12:33:3a:89:66:dd:22:dd:e0:f1:61:a2:69:56:7c:
61:9b:e5:a8:2e:e7:83:aa:49:b0:1d:56:5a:a7:6f:
84:df:a3:f0:67:d9:1a:e0:d9:49:94:84:20:c0:60:
88:eb:05:95:c0:91:87:f2:91:bf:36:a8:32:78:14:
23:11:14:cf:47:7d:fd:28:3c:5b:37:c7:3a:3d:bc:
9e:00:b1:8a:0a:60:34:13:ed:4c:dd:c2:a7:e6:32:
43:43:88:78:65:5b:45:ac:5c:43:a3:62:fc:87:56:
28:0f:79:0a:7d:61:38:49:b6:f7:cb:a8:38:bc:17:
68:bf:34:6a:39:5b:be:4a:f7:5c:68:cf:fc:cb:af:
f2:30:7f:1c:56:21:a8:f3:e0:42:28:75:cb:2f:d6:
07:6c:1e:eb:72:11:8f:eb:22:e5:4d:f0:a6:35:2d:
16:30:1e:23:f7:ac:c6:b6:9a:90:43:07:5d:c5:89:
5e:85:c7:3e:ad:c5:07:b3:c1:61:59:59:2e:3e:a7:
16:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:50:F7:87:94:79:23:00:24:0D:2C:67:5F:04:92:A5:31:24:83:DB
X509v3 Authority Key Identifier:
keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/1FD3h5R5IwAkDSxnXwSSpTEkg9s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.45.48.0/24
193.233.18.0/24
193.233.48.0/23
193.233.84.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:15:b5:dd:5f:49:50:d2:83:75:c4:97:bb:31:9f:71:33:de:
77:16:88:d2:d0:8e:32:c6:4a:a3:de:d2:ad:04:05:77:6d:b2:
f9:1a:f0:e4:78:bf:88:20:3a:2d:2e:cb:e4:00:f0:d1:ea:9e:
6c:08:28:f0:e3:18:87:4b:0c:bd:1b:c5:ad:e2:f4:70:73:c0:
5b:f7:af:79:cc:b4:5b:85:20:ac:04:3d:e3:07:48:56:a7:c0:
22:27:5a:9d:6e:5f:f2:1b:d0:d1:9c:21:2a:6c:a7:b8:80:c7:
ac:d1:f6:64:53:86:ad:5f:02:8e:a4:00:11:c9:ea:ab:9b:71:
9c:64:71:ef:c1:a6:f0:1e:ec:c7:f7:71:91:ae:a0:de:dd:a1:
47:c4:55:6e:9c:58:80:44:46:ab:4d:13:87:fe:2d:91:ef:91:
99:73:b9:da:98:9e:5b:49:ad:69:04:8a:77:c1:db:8a:04:23:
8e:52:57:8b:15:8a:52:b8:23:6d:5a:6f:d9:2e:70:fc:05:f4:
1b:54:c8:60:25:32:81:1b:a5:f1:32:96:d9:4c:ef:12:7b:45:
5c:ac:6d:04:ee:ce:77:70:4d:04:ae:c9:60:93:de:4d:5d:e3:
c8:b4:a6:2a:be:86:e6:ab:a3:96:bf:8f:1d:f6:fb:d5:b1:8c:
18:8f:16:6d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQgaFM9KLzW/AKEI+iivsGqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTAxMDU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDUwZjc4Nzk0NzkyMzAwMjQwZDJjNjc1ZjA0OTJhNTMxMjQ4M2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Kxx20NwMzefCaZLiMLuAi9nfgrG
xpMeoHGo29kTSIb0eA2VX+KKRbcK9nH6gt3KNi83c17h/CH6ksESMzqJZt0i3eDx
YaJpVnxhm+WoLueDqkmwHVZap2+E36PwZ9ka4NlJlIQgwGCI6wWVwJGH8pG/Nqgy
eBQjERTPR339KDxbN8c6PbyeALGKCmA0E+1M3cKn5jJDQ4h4ZVtFrFxDo2L8h1Yo
D3kKfWE4Sbb3y6g4vBdovzRqOVu+SvdcaM/8y6/yMH8cViGo8+BCKHXLL9YHbB7r
chGP6yLlTfCmNS0WMB4j96zGtpqQQwddxYlehcc+rcUHs8FhWVkuPqcWjwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNRQ94eUeSMAJA0sZ18EkqUxJIPbMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvMUZEM2g1UjVJd0FrRFN4blh3U1NwVEVrZzlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAky0wAwQA
wekSAwQBwekwAwQAwelUMA0GCSqGSIb3DQEBCwUAA4IBAQAdFbXdX0lQ0oN1xJe7
MZ9xM953FojS0I4yxkqj3tKtBAV3bbL5GvDkeL+IIDotLsvkAPDR6p5sCCjw4xiH
Swy9G8Wt4vRwc8Bb9695zLRbhSCsBD3jB0hWp8AiJ1qdbl/yG9DRnCEqbKe4gMes
0fZkU4atXwKOpAARyeqrm3GcZHHvwabwHuzH93GRrqDe3aFHxFVunFiAREarTROH
/i2R75GZc7namJ5bSa1pBIp3wduKBCOOUleLFYpSuCNtWm/ZLnD8BfQbVMhgJTKB
G6XxMpbZTO8Se0VcrG0E7s53cE0Erslgk95NXePItKYqvobmq6OWv48d9vvVsYwY
jxZt
-----END CERTIFICATE-----
Generated at Wed Apr 9 03:07:32 2025 by rpki-client