Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5UDEv8DQY58s8ezvuWrlgIW_E90.roa
File: 5UDEv8DQY58s8ezvuWrlgIW_E90.roa (raw, json)
Hash identifier: OyWnZgxFPjE1GM7v+PLCQlYSU0TDXoBjRwNtFAMWW0g=
Subject key identifier: E5:40:C4:BF:C0:D0:63:9F:2C:F1:EC:EF:B9:6A:E5:80:85:BF:13:DD
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 0194236A50DA3C4BDE06303E7D92FAA0E80C
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5UDEv8DQY58s8ezvuWrlgIW_E90.roa
Signing time: Wed 01 Jan 2025 19:49:17 +0000
ROA not before: Wed 01 Jan 2025 19:49:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 395793
IP address blocks: 163.5.17.0/24 maxlen: 24
163.5.25.0/24 maxlen: 24
163.5.35.0/24 maxlen: 24
163.5.40.0/24 maxlen: 24
163.5.44.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 24 Jan 2025 09:17:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:23:6a:50:da:3c:4b:de:06:30:3e:7d:92:fa:a0:e8:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Jan 1 19:49:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e540c4bfc0d0639f2cf1ecefb96ae58085bf13dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:3d:4f:41:a6:c4:70:b0:51:70:9d:6b:f0:2f:
26:d3:2c:c6:50:d7:e5:8f:13:0d:2b:8a:c8:bf:49:
5d:64:58:6f:b7:f2:d7:e9:78:4f:c0:f7:5e:fc:3b:
41:4d:98:3c:b9:74:e2:28:bd:70:eb:0d:6c:ce:dc:
77:34:c7:b4:3d:18:be:d2:9e:90:9f:63:d0:85:61:
fe:9f:94:f2:5a:ab:cf:74:55:7f:da:c8:ad:ae:94:
93:3d:b2:03:64:7a:86:07:83:92:64:22:6e:6b:cb:
cf:10:fe:d5:dc:74:fe:f0:88:3a:35:c6:54:51:15:
fd:a8:69:eb:e5:74:cb:9c:24:0a:4a:5c:6a:c7:01:
ed:7b:00:74:3a:76:36:4b:16:88:5c:a4:cc:e0:6c:
3e:0d:5a:56:65:fd:6f:fa:98:0a:8c:90:95:3c:04:
10:bd:31:14:a8:05:2c:92:b7:7b:56:44:0c:53:4d:
01:f7:9e:5b:9b:7b:a8:a5:b4:9d:ed:58:67:77:27:
37:41:00:30:d2:e6:e1:1f:93:1c:5b:f6:c1:7e:d1:
c7:f6:dc:28:60:ab:6e:c6:d8:96:8d:43:ec:61:00:
ef:88:89:7a:f1:f5:a9:c2:a6:95:d1:67:f9:0b:ab:
f7:0f:3e:70:1b:2d:d8:37:66:5d:64:b4:0f:e3:8b:
f2:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:40:C4:BF:C0:D0:63:9F:2C:F1:EC:EF:B9:6A:E5:80:85:BF:13:DD
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/5UDEv8DQY58s8ezvuWrlgIW_E90.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.17.0/24
163.5.25.0/24
163.5.35.0/24
163.5.40.0/24
163.5.44.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:66:2a:fe:fb:1a:92:94:b8:23:59:cf:c2:5c:aa:e6:5b:fd:
6b:dc:96:2a:07:4f:e6:a5:96:45:d8:5c:79:d3:19:5e:23:20:
d6:7a:d8:7b:a2:8f:7b:89:cd:4d:11:3e:e2:d0:a5:14:0a:1f:
ad:a8:b5:6f:5e:32:00:da:60:07:b5:50:7e:ea:53:e1:7b:89:
69:28:02:1a:7c:69:09:94:c0:c0:89:2e:21:ec:72:63:f1:40:
de:89:b8:8e:3e:96:33:17:4d:00:e1:ae:30:b2:59:55:3c:77:
c8:11:aa:8a:02:1c:04:da:c8:33:14:c2:b2:69:83:32:3e:ff:
5f:dc:93:6b:1b:f0:e9:bf:7e:01:39:75:a3:44:85:08:5a:ef:
b2:01:d7:c9:60:c2:55:22:e7:27:35:64:15:8a:fb:2c:a7:4b:
d0:d7:7e:4b:98:ba:fa:0d:96:b2:4e:84:fe:fe:c6:f1:0b:5d:
e1:a0:df:3a:51:b5:ab:f6:cf:37:f8:e4:d8:08:84:77:32:e2:
f1:7f:fe:fe:86:6e:92:d6:fc:27:2f:00:af:49:74:ea:53:4c:
82:5c:14:0c:c9:37:65:bb:61:f7:1c:28:60:8f:09:5b:b9:94:
40:8e:89:7a:a0:c7:04:30:ff:82:9d:de:a0:c5:99:90:ba:eb:
32:51:a2:66
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQjalDaPEveBjA+fZL6oOgMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjUwMTAxMTk0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTQwYzRiZmMwZDA2MzlmMmNmMWVjZWZiOTZhZTU4MDg1YmYxM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArj1PQabEcLBRcJ1r8C8m0yzGUNfl
jxMNK4rIv0ldZFhvt/LX6XhPwPde/DtBTZg8uXTiKL1w6w1sztx3NMe0PRi+0p6Q
n2PQhWH+n5TyWqvPdFV/2sitrpSTPbIDZHqGB4OSZCJua8vPEP7V3HT+8Ig6NcZU
URX9qGnr5XTLnCQKSlxqxwHtewB0OnY2SxaIXKTM4Gw+DVpWZf1v+pgKjJCVPAQQ
vTEUqAUskrd7VkQMU00B955bm3uopbSd7Vhndyc3QQAw0ubhH5McW/bBftHH9two
YKtuxtiWjUPsYQDviIl68fWpwqaV0Wf5C6v3Dz5wGy3YN2ZdZLQP44vyJwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFOVAxL/A0GOfLPHs77lq5YCFvxPdMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvNVVERXY4RFFZNThzOGV6dnVXcmxnSVdfRTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAowURAwQA
owUZAwQAowUjAwQAowUoAwQAowUsMA0GCSqGSIb3DQEBCwUAA4IBAQAMZir++xqS
lLgjWc/CXKrmW/1r3JYqB0/mpZZF2Fx50xleIyDWeth7oo97ic1NET7i0KUUCh+t
qLVvXjIA2mAHtVB+6lPhe4lpKAIafGkJlMDAiS4h7HJj8UDeibiOPpYzF00A4a4w
sllVPHfIEaqKAhwE2sgzFMKyaYMyPv9f3JNrG/Dpv34BOXWjRIUIWu+yAdfJYMJV
IucnNWQVivssp0vQ135LmLr6DZayToT+/sbxC13hoN86UbWr9s83+OTYCIR3MuLx
f/7+hm6S1vwnLwCvSXTqU0yCXBQMyTdlu2H3HChgjwlbuZRAjol6oMcEMP+Cnd6g
xZmQuusyUaJm
-----END CERTIFICATE-----
Generated at Wed Feb 5 08:43:29 2025 by rpki-client