Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9FbYUtvhSiGnwkgWnPEe8LBbWTE.roa
File: 9FbYUtvhSiGnwkgWnPEe8LBbWTE.roa (raw, json)
Hash identifier: VH+23ZEyZD/zIeAjQCb1brr5cQuLUhCHdf4WE3EDIV0=
Subject key identifier: F4:56:D8:52:DB:E1:4A:21:A7:C2:48:16:9C:F1:1E:F0:B0:5B:59:31
Certificate issuer: /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial: 018CC6B94D2AFB0BB8B37AC6DA68A513D479
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9FbYUtvhSiGnwkgWnPEe8LBbWTE.roa
Signing time: Mon 01 Jan 2024 20:31:21 +0000
ROA not before: Mon 01 Jan 2024 20:31:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59692
IP address blocks: 2a03:f86:3::/48 maxlen: 48
2a03:f86:2::/48 maxlen: 48
2a03:f86:4::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 11:50:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b9:4d:2a:fb:0b:b8:b3:7a:c6:da:68:a5:13:d4:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Validity
Not Before: Jan 1 20:31:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f456d852dbe14a21a7c248169cf11ef0b05b5931
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:31:82:86:0f:df:94:7d:e9:7b:5a:14:5b:01:
fc:74:cf:5c:e3:4f:63:c6:a9:e1:9a:c6:c5:06:12:
fd:b8:24:0d:08:82:c8:b0:0d:73:2a:c8:da:ba:e4:
f7:2c:cd:84:e8:75:05:61:f5:31:c4:8f:35:6c:7c:
55:a1:14:77:ba:f4:56:1b:86:87:46:92:ab:50:24:
dc:79:fd:c0:99:55:c1:16:3d:9d:8d:77:2c:ea:6d:
e3:2d:89:64:92:04:1f:29:62:38:a3:ce:69:f1:e6:
b7:cf:cc:7d:5e:f8:cb:a3:94:5e:af:08:b3:32:92:
6b:a2:99:ad:2c:ff:98:47:69:4a:c2:d3:d6:60:d2:
fe:dd:75:e0:ac:93:97:90:7d:a1:f4:28:2d:73:af:
ee:0c:65:c3:2d:08:b5:5d:a0:0b:01:3e:dd:ad:d6:
be:f9:48:da:c0:23:0b:53:c7:00:6d:62:32:8d:d3:
88:3d:3e:b9:e3:d5:a7:8b:25:73:29:88:e4:03:9f:
04:d1:fe:8f:a7:6a:78:ed:3c:8b:23:ab:36:f0:1c:
08:3e:60:e3:b5:04:0d:9d:13:33:0d:c9:55:bf:9e:
48:d1:ab:a0:44:12:65:28:26:4c:89:4b:dd:a8:bb:
57:5e:e3:a8:2d:f7:20:b5:27:85:15:8e:d1:f9:77:
f0:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:56:D8:52:DB:E1:4A:21:A7:C2:48:16:9C:F1:1E:F0:B0:5B:59:31
X509v3 Authority Key Identifier:
keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/9FbYUtvhSiGnwkgWnPEe8LBbWTE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a03:f86:2::-2a03:f86:4:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
3f:b4:ea:f3:6c:0d:86:93:ac:5a:37:f5:f7:26:0a:de:d0:d7:
a8:1e:18:9f:2c:a5:a2:24:66:d2:c8:de:b1:ad:16:58:bf:51:
30:a0:36:05:05:2c:a4:43:33:bf:8a:6b:03:d0:31:c2:58:7b:
be:e5:64:48:fa:18:0b:86:5e:e0:96:05:30:89:be:e3:bf:56:
cd:29:41:9c:20:dc:eb:54:ed:44:a5:5d:a7:a5:f6:fd:dc:f9:
57:d2:cb:2a:01:73:33:aa:4b:13:14:b3:73:07:c6:d2:2d:fe:
a8:de:42:f6:6a:2e:77:93:4b:62:1c:68:12:bc:08:c4:47:52:
df:cb:9a:03:44:f4:09:7f:c5:6a:93:15:7d:fb:b3:c4:22:1d:
f2:05:a6:e0:bb:22:5f:2d:87:85:2d:ff:17:e9:39:f4:b0:bb:
86:8e:71:d9:76:d0:63:59:80:28:0e:a4:67:1d:cc:6b:b5:3e:
34:e1:7d:74:43:33:a7:21:4b:85:dd:4f:33:fc:3a:e8:72:4c:
0b:1d:33:77:e6:2f:0a:f3:02:b7:dc:d6:86:50:d0:2b:dd:a7:
a7:95:05:b4:6f:f1:d4:13:eb:7c:36:83:1d:35:22:1e:69:65:
21:47:9a:7f:55:3b:f8:21:2d:bb:3a:32:e6:09:5e:58:7d:26:
15:25:c6:9f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzGuU0q+wu4s3rG2milE9R5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQwMTAxMjAzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDU2ZDg1MmRiZTE0YTIxYTdjMjQ4MTY5Y2YxMWVmMGIwNWI1OTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqzGChg/flH3pe1oUWwH8dM9c409j
xqnhmsbFBhL9uCQNCILIsA1zKsjauuT3LM2E6HUFYfUxxI81bHxVoRR3uvRWG4aH
RpKrUCTcef3AmVXBFj2djXcs6m3jLYlkkgQfKWI4o85p8ea3z8x9XvjLo5Rerwiz
MpJropmtLP+YR2lKwtPWYNL+3XXgrJOXkH2h9Cgtc6/uDGXDLQi1XaALAT7drda+
+UjawCMLU8cAbWIyjdOIPT6549WniyVzKYjkA58E0f6Pp2p47TyLI6s28BwIPmDj
tQQNnRMzDclVv55I0augRBJlKCZMiUvdqLtXXuOoLfcgtSeFFY7R+XfwjwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFPRW2FLb4Uohp8JIFpzxHvCwW1kxMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvOUZiWVV0dmhTaUdud2tnV25QRWU4TEJiV1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwEqAw+G
AAIDBwAqAw+GAAQwDQYJKoZIhvcNAQELBQADggEBAD+06vNsDYaTrFo39fcmCt7Q
16geGJ8spaIkZtLI3rGtFli/UTCgNgUFLKRDM7+KawPQMcJYe77lZEj6GAuGXuCW
BTCJvuO/Vs0pQZwg3OtU7USlXael9v3c+VfSyyoBczOqSxMUs3MHxtIt/qjeQvZq
LneTS2IcaBK8CMRHUt/LmgNE9Al/xWqTFX37s8QiHfIFpuC7Il8th4Ut/xfpOfSw
u4aOcdl20GNZgCgOpGcdzGu1PjThfXRDM6chS4XdTzP8OuhyTAsdM3fmLwrzArfc
1oZQ0Cvdp6eVBbRv8dQT63w2gx01Ih5pZSFHmn9VO/ghLbs6MuYJXlh9JhUlxp8=
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:38:26 2025 by rpki-client