Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/hNERMhmh2s2GSseLRMGI8xsRWFk.roa
File: hNERMhmh2s2GSseLRMGI8xsRWFk.roa (raw, json)
Hash identifier: M0B84QE8uwuuxYL4FxmcjaRR5qXH8QgUGeN8v4zecqo=
Subject key identifier: 84:D1:11:32:19:A1:DA:CD:86:4A:C7:8B:44:C1:88:F3:1B:11:58:59
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 01948DB2B49B37AFB05C41CBC8FE3A7F8714
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/hNERMhmh2s2GSseLRMGI8xsRWFk.roa
Signing time: Wed 22 Jan 2025 11:08:06 +0000
ROA not before: Wed 22 Jan 2025 11:08:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214940
IP address blocks: 195.211.191.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 22 Jan 2025 12:48:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8d:b2:b4:9b:37:af:b0:5c:41:cb:c8:fe:3a:7f:87:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Jan 22 11:08:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=84d1113219a1dacd864ac78b44c188f31b115859
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:d8:af:2e:6a:ba:c5:b4:cd:bf:44:8c:20:7b:
5d:af:b7:5e:88:97:d0:33:4a:5a:e8:73:33:60:4d:
6b:12:2b:7d:4c:3b:3a:73:2e:a9:79:bc:2a:36:76:
55:5d:7a:e5:11:c0:c7:9c:ba:0c:d4:9d:c7:02:59:
aa:42:94:3a:57:5f:0e:3c:2a:fc:d3:b4:f1:3f:36:
dd:a1:9b:fb:2b:9e:9b:77:95:85:88:cf:8d:f5:e1:
83:cd:94:e2:6b:70:11:1e:14:b4:61:c6:08:a1:97:
06:3a:95:84:81:0f:25:67:fc:99:56:ee:b7:6e:58:
e3:a4:27:0d:71:4e:57:37:36:f7:c2:56:0a:e7:d1:
82:52:85:60:f4:ab:e0:c3:37:29:e1:6d:e2:8c:ba:
97:9c:29:78:fd:38:cf:43:22:25:8c:e2:25:ba:eb:
45:35:86:7a:bd:9e:cb:84:87:30:69:3e:83:7f:97:
5f:c0:76:28:d4:ac:3b:6f:02:be:ff:9f:13:6e:b0:
cd:83:47:e7:15:44:73:db:72:3d:ee:18:c3:c2:80:
7f:84:5a:0d:e5:6c:3d:25:8a:95:7e:25:5f:f4:7d:
b9:3d:31:2d:6f:b6:d1:4c:7a:43:28:c4:8b:b3:45:
a8:cc:14:76:44:d6:f8:98:84:9f:22:02:d5:a9:51:
1a:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:D1:11:32:19:A1:DA:CD:86:4A:C7:8B:44:C1:88:F3:1B:11:58:59
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/hNERMhmh2s2GSseLRMGI8xsRWFk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.211.191.0/24
Signature Algorithm: sha256WithRSAEncryption
32:60:50:04:65:01:d6:29:04:2d:3f:47:f5:70:81:69:f6:82:
4d:a7:b6:b2:a8:2d:9a:1e:ec:cd:73:35:02:4a:6b:0b:f0:b9:
eb:40:2a:ab:ce:72:b0:61:d1:46:2b:64:20:80:91:d4:7f:13:
f7:bf:94:d6:10:6a:e7:ed:50:03:db:86:02:e9:95:ef:ff:c1:
52:bd:e0:9c:8f:55:9f:8f:72:d7:77:22:c5:54:77:9b:71:e9:
e8:99:f0:a9:50:2b:1d:11:a2:ce:cf:49:2b:48:b8:2b:c7:d6:
60:b6:a5:44:ee:85:50:71:25:dd:7c:d9:a1:6a:f3:ab:1e:70:
23:0c:b2:69:57:81:5c:4c:09:23:d8:4d:2a:26:87:ea:93:2c:
b7:3b:d8:00:f1:46:0d:f1:a3:5b:6e:b3:54:dd:75:31:a1:41:
0b:d3:60:f1:28:d0:76:c0:79:6c:59:a3:55:75:fd:96:53:a6:
01:e0:b7:8e:b3:2f:32:d8:69:c7:45:d5:58:7f:91:86:e4:0a:
38:48:64:8e:aa:f0:1e:bf:65:d6:c9:58:89:56:fc:37:f9:26:
d2:88:81:25:c1:6a:37:07:28:b8:46:16:79:2e:29:63:c2:9a:
cd:ec:14:c3:f4:eb:f9:98:5b:32:c0:58:d4:8e:73:9f:0d:6c:
d5:c0:44:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSNsrSbN6+wXEHLyP46f4cUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTIyMTEwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGQxMTEzMjE5YTFkYWNkODY0YWM3OGI0NGMxODhmMzFiMTE1ODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdivLmq6xbTNv0SMIHtdr7deiJfQ
M0pa6HMzYE1rEit9TDs6cy6pebwqNnZVXXrlEcDHnLoM1J3HAlmqQpQ6V18OPCr8
07TxPzbdoZv7K56bd5WFiM+N9eGDzZTia3ARHhS0YcYIoZcGOpWEgQ8lZ/yZVu63
bljjpCcNcU5XNzb3wlYK59GCUoVg9Kvgwzcp4W3ijLqXnCl4/TjPQyIljOIluutF
NYZ6vZ7LhIcwaT6Df5dfwHYo1Kw7bwK+/58TbrDNg0fnFURz23I97hjDwoB/hFoN
5Ww9JYqVfiVf9H25PTEtb7bRTHpDKMSLs0WozBR2RNb4mISfIgLVqVEaUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITRETIZodrNhkrHi0TBiPMbEVhZMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvaE5FUk1obWgyczJHU3NlTFJNR0k4eHNSV0ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9O/MA0G
CSqGSIb3DQEBCwUAA4IBAQAyYFAEZQHWKQQtP0f1cIFp9oJNp7ayqC2aHuzNczUC
SmsL8LnrQCqrznKwYdFGK2QggJHUfxP3v5TWEGrn7VAD24YC6ZXv/8FSveCcj1Wf
j3LXdyLFVHebcenomfCpUCsdEaLOz0krSLgrx9ZgtqVE7oVQcSXdfNmhavOrHnAj
DLJpV4FcTAkj2E0qJofqkyy3O9gA8UYN8aNbbrNU3XUxoUEL02DxKNB2wHlsWaNV
df2WU6YB4LeOsy8y2GnHRdVYf5GG5Ao4SGSOqvAev2XWyViJVvw3+SbSiIElwWo3
Byi4RhZ5LiljwprN7BTD9Ov5mFsywFjUjnOfDWzVwESZ
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:10:31 2025 by rpki-client