Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nkREzfkIPmGKheQLbjGakcgaAVw.roa
File: nkREzfkIPmGKheQLbjGakcgaAVw.roa (raw, json)
Hash identifier: HubgSVb5f5UJj9J89HoR17P9v9qaGHlGxBZlBLpAhEU=
Subject key identifier: 9E:44:44:CD:F9:08:3E:61:8A:85:E4:0B:6E:31:9A:91:C8:1A:01:5C
Certificate issuer: /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial: 018CC42569213DF79F6DC4C86BA0EEB1F773
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nkREzfkIPmGKheQLbjGakcgaAVw.roa
Signing time: Mon 01 Jan 2024 08:30:35 +0000
ROA not before: Mon 01 Jan 2024 08:30:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205749
IP address blocks: 2a0f:8ac1:d452::/48 maxlen: 48
2a0f:8ac1:a0a::/48 maxlen: 48
2a0b:b86:fe00::/40 maxlen: 48
2a0f:8ac1:574b::/48 maxlen: 48
2a0f:8ac1:d9a3::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 13:50:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:25:69:21:3d:f7:9f:6d:c4:c8:6b:a0:ee:b1:f7:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Validity
Not Before: Jan 1 08:30:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9e4444cdf9083e618a85e40b6e319a91c81a015c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:12:73:6b:67:69:3d:90:8d:99:32:2c:a2:3a:
48:9f:f1:c4:9a:18:78:7d:b9:8a:7b:d4:ae:d0:86:
e4:52:f0:83:13:d5:d8:ab:14:1f:ff:05:ac:fd:f8:
ff:7e:7e:fb:8d:0b:5a:3f:e9:2b:63:17:90:e5:0f:
5f:18:f9:71:09:e0:eb:f9:35:66:0e:db:1f:c6:d8:
03:f4:8c:be:45:c5:04:df:33:fa:3c:a3:de:fc:55:
f5:63:38:29:38:d7:27:e3:ca:74:8d:28:ca:11:d0:
ee:c8:f9:18:b5:0c:9d:5c:27:39:35:e0:87:78:9c:
ce:a3:52:4b:34:4a:11:26:f0:b6:f6:31:5b:7a:46:
11:01:26:f3:8b:7d:51:84:45:15:a9:b7:18:ac:d0:
e5:85:78:4e:b5:f9:d6:82:41:4c:1e:76:7d:34:e3:
2d:55:32:2c:6d:95:21:ec:53:dc:99:3a:fe:6e:99:
da:27:f6:0c:cf:3e:2a:5f:54:d2:f3:ff:bd:fa:70:
fb:ba:bd:a8:b3:df:ed:7e:aa:24:e5:93:5c:48:fa:
49:9b:89:8e:41:2e:75:80:2a:75:53:d2:79:6e:47:
de:1b:c7:0a:a1:aa:95:39:77:ad:b1:a0:e5:35:ac:
6b:d7:8a:20:50:78:2f:80:dd:af:64:40:e0:15:76:
36:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:44:44:CD:F9:08:3E:61:8A:85:E4:0B:6E:31:9A:91:C8:1A:01:5C
X509v3 Authority Key Identifier:
keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/nkREzfkIPmGKheQLbjGakcgaAVw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0b:b86:fe00::/40
2a0f:8ac1:a0a::/48
2a0f:8ac1:574b::/48
2a0f:8ac1:d452::/48
2a0f:8ac1:d9a3::/48
Signature Algorithm: sha256WithRSAEncryption
29:41:a3:be:28:ae:e4:e1:43:d6:7b:a6:53:95:cb:86:24:4d:
53:be:00:c8:86:df:4e:ec:96:7a:c8:14:e6:78:a5:fa:90:7f:
9d:94:6f:8f:94:ec:5b:f8:d2:2d:cf:50:2f:91:9b:bf:87:bf:
17:78:db:c4:86:27:11:6c:64:ca:75:28:b3:a7:aa:f7:bb:64:
81:8c:da:e7:85:48:bc:65:4d:60:34:1b:1a:41:e8:73:65:d7:
fd:de:b5:43:91:85:f9:ab:00:10:ab:ed:a6:fb:23:cd:f9:b9:
5d:29:f3:99:0c:b2:98:ea:13:5c:51:cd:1f:de:b8:cc:3b:bb:
bb:cd:08:47:5d:3b:8d:77:78:1f:14:21:2b:94:d3:18:4b:8e:
b9:5a:1a:a7:50:ce:c4:01:c2:80:a8:50:7a:a9:a7:15:7d:5a:
ae:b5:67:c2:e7:e0:9a:03:4c:07:e8:55:ce:9d:d6:d8:76:ff:
11:0d:58:83:64:e2:29:81:e7:ad:62:37:6a:04:fe:7c:94:ab:
b8:40:fa:fb:ac:4b:f1:8c:d7:fb:7d:da:fe:b4:22:f0:89:f4:
d7:43:38:17:3a:38:9a:0a:1a:43:99:93:cd:e7:06:47:89:90:
fe:50:15:8e:bf:d2:15:1a:ef:8e:bb:be:d9:f8:e1:5b:c6:17:
9e:d2:fd:f0
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzEJWkhPfefbcTIa6DusfdzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQwMTAxMDgzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTQ0NDRjZGY5MDgzZTYxOGE4NWU0MGI2ZTMxOWE5MWM4MWEwMTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhJza2dpPZCNmTIsojpIn/HEmhh4
fbmKe9Su0IbkUvCDE9XYqxQf/wWs/fj/fn77jQtaP+krYxeQ5Q9fGPlxCeDr+TVm
DtsfxtgD9Iy+RcUE3zP6PKPe/FX1YzgpONcn48p0jSjKEdDuyPkYtQydXCc5NeCH
eJzOo1JLNEoRJvC29jFbekYRASbzi31RhEUVqbcYrNDlhXhOtfnWgkFMHnZ9NOMt
VTIsbZUh7FPcmTr+bpnaJ/YMzz4qX1TS8/+9+nD7ur2os9/tfqok5ZNcSPpJm4mO
QS51gCp1U9J5bkfeG8cKoaqVOXetsaDlNaxr14ogUHgvgN2vZEDgFXY2pQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFJ5ERM35CD5hioXkC24xmpHIGgFcMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbmtSRXpma0lQbUdLaGVRTGJqR2FrY2dhQVZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAAjAsAwYAKgsLhv4D
BwAqD4rBCgoDBwAqD4rBV0sDBwAqD4rB1FIDBwAqD4rB2aMwDQYJKoZIhvcNAQEL
BQADggEBAClBo74oruThQ9Z7plOVy4YkTVO+AMiG307slnrIFOZ4pfqQf52Ub4+U
7Fv40i3PUC+Rm7+Hvxd428SGJxFsZMp1KLOnqve7ZIGM2ueFSLxlTWA0GxpB6HNl
1/3etUORhfmrABCr7ab7I835uV0p85kMspjqE1xRzR/euMw7u7vNCEddO413eB8U
ISuU0xhLjrlaGqdQzsQBwoCoUHqppxV9Wq61Z8Ln4JoDTAfoVc6d1th2/xENWINk
4imB561iN2oE/nyUq7hA+vusS/GM1/t92v60IvCJ9NdDOBc6OJoKGkOZk83nBkeJ
kP5QFY6/0hUa7467vtn44VvGF57S/fA=
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:36:00 2025 by rpki-client