Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/_2midcNDWWX8VfuEA2XvawTfOeE.roa
File: _2midcNDWWX8VfuEA2XvawTfOeE.roa (raw, json)
Hash identifier: XbMC0BC0cB/ITFc4PAAsAqgTIaSMHrhZIpU0+J9skNs=
Subject key identifier: FF:69:A2:75:C3:43:59:65:FC:55:FB:84:03:65:EF:6B:04:DF:39:E1
Certificate issuer: /CN=3a1935b3cbc2527eaf167d69b2078d33e4c4da20
Certificate serial: 018CC5DC093758C4E51C349B847D5D5BDDB5
Authority key identifier: 3A:19:35:B3:CB:C2:52:7E:AF:16:7D:69:B2:07:8D:33:E4:C4:DA:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ohk1s8vCUn6vFn1psgeNM-TE2iA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/_2midcNDWWX8VfuEA2XvawTfOeE.roa
Signing time: Mon 01 Jan 2024 16:29:40 +0000
ROA not before: Mon 01 Jan 2024 16:29:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34125
IP address blocks: 193.29.2.0/24 maxlen: 24
212.2.64.0/19 maxlen: 24
2a0a:ba80::/29 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 11:49:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:09:37:58:c4:e5:1c:34:9b:84:7d:5d:5b:dd:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a1935b3cbc2527eaf167d69b2078d33e4c4da20
Validity
Not Before: Jan 1 16:29:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ff69a275c3435965fc55fb840365ef6b04df39e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:00:de:d4:86:2a:4c:82:74:00:31:90:d9:63:
91:84:4e:be:e4:ed:bb:f7:7d:cf:68:1d:93:3d:78:
e3:49:82:0e:84:1e:5f:92:d8:19:a0:8b:50:ea:d1:
fa:38:31:42:42:0b:18:2b:d2:58:94:62:a5:b7:b2:
22:a2:f1:f0:b4:7b:75:5b:5c:cf:16:1f:e7:86:13:
66:ba:8d:25:3b:77:22:18:f2:cd:af:ba:ed:36:12:
df:c0:de:71:0f:66:77:10:77:68:90:fb:8e:5c:3c:
71:92:28:02:85:d9:df:df:21:ea:4c:bb:ba:79:d0:
44:92:da:df:5b:58:7b:87:47:ae:2b:ec:5d:6d:62:
df:b1:17:e1:63:30:b8:f8:b0:52:4f:e0:0f:56:97:
d8:87:ff:bf:0d:64:2d:ca:9f:13:ee:ec:dc:62:9f:
0b:b4:3b:0f:60:17:37:89:4f:db:73:96:04:0f:e8:
f0:c8:dc:66:47:44:70:ea:7e:f9:82:4e:73:40:37:
e1:8c:dd:61:e7:2f:18:89:56:38:23:90:77:3e:8b:
2c:60:e4:ed:b7:91:28:34:13:5a:c0:52:9a:3a:15:
e4:46:3a:1d:05:69:d2:69:33:69:f2:8b:fe:b3:36:
82:1a:2f:41:6a:3d:49:5f:40:6f:af:2a:b5:52:c3:
a0:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:69:A2:75:C3:43:59:65:FC:55:FB:84:03:65:EF:6B:04:DF:39:E1
X509v3 Authority Key Identifier:
keyid:3A:19:35:B3:CB:C2:52:7E:AF:16:7D:69:B2:07:8D:33:E4:C4:DA:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ohk1s8vCUn6vFn1psgeNM-TE2iA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/_2midcNDWWX8VfuEA2XvawTfOeE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/fffba4-2efa-465f-af96-abf837ace8e4/1/Ohk1s8vCUn6vFn1psgeNM-TE2iA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.29.2.0/24
212.2.64.0/19
IPv6:
2a0a:ba80::/29
Signature Algorithm: sha256WithRSAEncryption
39:7e:d0:f9:16:6d:e5:ba:de:c8:05:37:63:84:b2:76:b6:60:
14:99:35:8e:fb:95:35:a6:03:28:ca:91:3f:06:d0:d0:4d:a2:
dc:82:86:37:37:63:dd:a4:4b:c4:2f:d8:60:e2:87:17:f1:80:
43:a4:e8:af:2d:7f:9d:a0:b1:99:73:ba:ce:ff:f3:18:a0:f9:
73:ae:86:22:56:92:e8:87:bf:68:20:dc:de:fb:4f:9e:28:5d:
d1:81:c6:0d:03:c4:2d:d2:13:49:ea:46:77:2b:7f:52:26:d3:
1c:6a:3f:93:88:72:9b:a4:7d:db:a1:9c:5c:83:3b:a6:ec:67:
2d:a7:93:8e:ee:7b:8b:1a:3c:d4:ac:52:e8:a3:49:c8:d3:c1:
28:c8:fa:6b:09:6d:6d:fa:d0:86:e4:8e:40:c0:d5:5c:d8:21:
34:8b:88:e0:e4:db:99:b1:48:f3:84:6e:6b:b9:ec:94:12:33:
ee:8f:97:fe:b0:d4:18:1d:8c:87:1d:45:27:b7:d4:87:9b:85:
4a:e8:fd:cc:c2:b2:10:43:50:9d:6b:cd:b5:8b:ed:f5:1b:36:
bb:ca:0e:d3:a8:93:c1:18:8b:50:ec:58:06:78:df:e4:18:5c:
8b:97:3e:c0:0f:97:ee:bc:05:9e:62:31:2a:32:c6:1c:0a:5b:
b1:d3:cb:ff
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzF3Ak3WMTlHDSbhH1dW921MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMTkzNWIzY2JjMjUyN2VhZjE2N2Q2OWIyMDc4ZDMzZTRj
NGRhMjAwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjY5YTI3NWMzNDM1OTY1ZmM1NWZiODQwMzY1ZWY2YjA0ZGYzOWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQDe1IYqTIJ0ADGQ2WORhE6+5O27
933PaB2TPXjjSYIOhB5fktgZoItQ6tH6ODFCQgsYK9JYlGKlt7IiovHwtHt1W1zP
Fh/nhhNmuo0lO3ciGPLNr7rtNhLfwN5xD2Z3EHdokPuOXDxxkigChdnf3yHqTLu6
edBEktrfW1h7h0euK+xdbWLfsRfhYzC4+LBST+APVpfYh/+/DWQtyp8T7uzcYp8L
tDsPYBc3iU/bc5YED+jwyNxmR0Rw6n75gk5zQDfhjN1h5y8YiVY4I5B3PossYOTt
t5EoNBNawFKaOhXkRjodBWnSaTNp8ov+szaCGi9Baj1JX0Bvryq1UsOgXQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFP9ponXDQ1ll/FX7hANl72sE3znhMB8GA1UdIwQY
MBaAFDoZNbPLwlJ+rxZ9abIHjTPkxNogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2hrMXM4dkNVbjZ2Rm4xcHNnZU5NLVRFMmlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9mZmZiYTQtMmVmYS00NjVmLWFmOTYt
YWJmODM3YWNlOGU0LzEvXzJtaWRjTkRXV1g4VmZ1RUEyWHZhd1RmT2VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9mZmZiYTQtMmVmYS00NjVmLWFmOTYtYWJmODM3YWNlOGU0
LzEvT2hrMXM4dkNVbjZ2Rm4xcHNnZU5NLVRFMmlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwR0CAwQF
1AJAMA0EAgACMAcDBQMqCrqAMA0GCSqGSIb3DQEBCwUAA4IBAQA5ftD5Fm3lut7I
BTdjhLJ2tmAUmTWO+5U1pgMoypE/BtDQTaLcgoY3N2PdpEvEL9hg4ocX8YBDpOiv
LX+doLGZc7rO//MYoPlzroYiVpLoh79oINze+0+eKF3RgcYNA8Qt0hNJ6kZ3K39S
JtMcaj+TiHKbpH3boZxcgzum7Gctp5OO7nuLGjzUrFLoo0nI08EoyPprCW1t+tCG
5I5AwNVc2CE0i4jg5NuZsUjzhG5rueyUEjPuj5f+sNQYHYyHHUUnt9SHm4VK6P3M
wrIQQ1Cda821i+31Gza7yg7TqJPBGItQ7FgGeN/kGFyLlz7AD5fuvAWeYjEqMsYc
Clux08v/
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:40:38 2025 by rpki-client