Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/i43sZMdMaysQR7HV23YykPFJZFQ.roa
File: i43sZMdMaysQR7HV23YykPFJZFQ.roa (raw, json)
Hash identifier: laeb7UjPYx6hAiWqRS1hr4JTUhH+11cbXfbZyz9mTig=
Subject key identifier: 8B:8D:EC:64:C7:4C:6B:2B:10:47:B1:D5:DB:76:32:90:F1:49:64:54
Certificate issuer: /CN=2b46c9ccf7ff7bdccf837762a0e157bdc13570e0
Certificate serial: 018CC4246DF2685F2DB24CF1AE75674E9221
Authority key identifier: 2B:46:C9:CC:F7:FF:7B:DC:CF:83:77:62:A0:E1:57:BD:C1:35:70:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/K0bJzPf_e9zPg3dioOFXvcE1cOA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/i43sZMdMaysQR7HV23YykPFJZFQ.roa
Signing time: Mon 01 Jan 2024 08:29:30 +0000
ROA not before: Mon 01 Jan 2024 08:29:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 57333
IP address blocks: 176.97.160.0/19 maxlen: 19
176.97.160.0/21 maxlen: 21
176.97.168.0/21 maxlen: 21
176.97.176.0/21 maxlen: 21
176.97.184.0/21 maxlen: 21
Validation: Failed, certificate revoked on Wed 01 Jan 2025 21:47:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:24:6d:f2:68:5f:2d:b2:4c:f1:ae:75:67:4e:92:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2b46c9ccf7ff7bdccf837762a0e157bdc13570e0
Validity
Not Before: Jan 1 08:29:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8b8dec64c74c6b2b1047b1d5db763290f1496454
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:e2:e9:05:0c:74:62:c8:df:ed:aa:e4:e8:7c:
53:2a:5b:49:cf:90:8d:b4:6b:30:3b:8f:c1:73:0f:
28:6a:20:72:c5:9f:2b:83:b4:c5:ab:a9:68:2a:2b:
aa:be:fe:d9:76:76:1a:a8:3c:c7:86:7e:04:ff:0a:
d3:73:2c:22:2c:bb:27:04:c4:ec:78:cf:a4:e3:cd:
01:35:5b:cc:98:d7:94:81:c3:08:8b:54:ea:51:7c:
7c:08:1a:cd:24:d1:20:13:fb:64:c0:81:12:ac:c8:
33:14:6a:2a:55:ba:7d:6e:2e:8e:fe:62:6d:c0:14:
b0:27:85:0b:1b:dc:3e:63:d0:42:b9:a1:e4:82:e6:
4d:f3:f0:d1:44:78:24:22:a6:79:17:38:84:30:ac:
79:4d:ba:ca:35:4e:fb:af:26:e5:f6:4d:b3:aa:a1:
84:53:0e:da:0d:07:91:97:2a:2a:e0:68:6e:b3:6f:
78:81:f2:3b:45:62:29:e1:1f:18:9b:af:88:dc:0a:
f2:73:45:98:85:69:05:a0:27:ab:b0:d6:22:71:24:
e1:e6:8f:3d:32:48:82:26:5f:7a:e0:8a:4b:00:d9:
c2:fb:f6:41:c2:fb:f1:92:81:3d:14:f5:46:fa:f2:
05:b7:59:dd:0f:6f:0b:5d:95:8a:f3:e1:0e:3d:9b:
0d:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:8D:EC:64:C7:4C:6B:2B:10:47:B1:D5:DB:76:32:90:F1:49:64:54
X509v3 Authority Key Identifier:
keyid:2B:46:C9:CC:F7:FF:7B:DC:CF:83:77:62:A0:E1:57:BD:C1:35:70:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K0bJzPf_e9zPg3dioOFXvcE1cOA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/i43sZMdMaysQR7HV23YykPFJZFQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/34ccfe-80e6-4d96-b968-c7a2d5f9fd60/1/K0bJzPf_e9zPg3dioOFXvcE1cOA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.97.160.0/19
Signature Algorithm: sha256WithRSAEncryption
00:0f:eb:5d:fb:6a:1b:ad:3c:ae:4c:50:ee:97:aa:b5:76:b6:
fb:f9:8a:b1:27:9a:84:5d:85:04:68:8d:0a:32:22:c8:7b:7d:
6a:5f:86:e4:d5:1c:ff:0c:b9:81:eb:da:62:a1:11:5a:f8:3a:
d6:21:c9:97:3f:00:2c:b3:83:84:9c:87:1d:80:78:b6:7a:36:
a0:61:95:f6:5f:cb:c0:cc:05:5b:c2:b2:ef:40:cd:c8:49:31:
84:62:8f:4d:b7:d5:f7:4e:12:85:a3:b9:c5:78:1a:f1:4d:90:
1f:1e:2d:a3:da:1a:02:d6:6c:b1:27:f8:c9:f7:33:80:dc:b4:
43:49:9f:03:44:e1:a4:d0:e7:00:fb:5c:4a:a0:2c:37:4e:b5:
73:1f:ea:f3:cc:a5:bc:d5:e0:ec:35:e7:6d:9f:a4:b4:fe:7a:
cd:57:a8:7d:7a:ea:30:1a:c1:ec:e6:c7:b7:c1:5f:ac:b4:8f:
50:72:95:8b:0a:60:58:a2:2c:68:4f:d0:a4:3e:5b:dd:31:5a:
bb:0c:8d:d6:30:f7:ef:ad:bb:30:5c:82:ae:35:ee:b6:21:eb:
d3:9c:ec:8a:34:c5:70:2d:c6:9a:4e:eb:9d:23:c8:63:a5:a4:
81:65:ef:7e:33:ce:71:68:6f:57:34:ea:54:9d:71:82:fd:d1:
f6:97:8d:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJG3yaF8tskzxrnVnTpIhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNDZjOWNjZjdmZjdiZGNjZjgzNzc2MmEwZTE1N2JkYzEz
NTcwZTAwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjhkZWM2NGM3NGM2YjJiMTA0N2IxZDVkYjc2MzI5MGYxNDk2NDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eLpBQx0Ysjf7ark6HxTKltJz5CN
tGswO4/Bcw8oaiByxZ8rg7TFq6loKiuqvv7ZdnYaqDzHhn4E/wrTcywiLLsnBMTs
eM+k480BNVvMmNeUgcMIi1TqUXx8CBrNJNEgE/tkwIESrMgzFGoqVbp9bi6O/mJt
wBSwJ4ULG9w+Y9BCuaHkguZN8/DRRHgkIqZ5FziEMKx5TbrKNU77rybl9k2zqqGE
Uw7aDQeRlyoq4Ghus294gfI7RWIp4R8Ym6+I3Aryc0WYhWkFoCersNYicSTh5o89
MkiCJl964IpLANnC+/ZBwvvxkoE9FPVG+vIFt1ndD28LXZWK8+EOPZsNDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuN7GTHTGsrEEex1dt2MpDxSWRUMB8GA1UdIwQY
MBaAFCtGycz3/3vcz4N3YqDhV73BNXDgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzBiSnpQZl9lOXpQZzNkaW9PRlh2Y0UxY09BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zNGNjZmUtODBlNi00ZDk2LWI5Njgt
YzdhMmQ1ZjlmZDYwLzEvaTQzc1pNZE1heXNRUjdIVjIzWXlrUEZKWkZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zNGNjZmUtODBlNi00ZDk2LWI5NjgtYzdhMmQ1ZjlmZDYw
LzEvSzBiSnpQZl9lOXpQZzNkaW9PRlh2Y0UxY09BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFsGGgMA0G
CSqGSIb3DQEBCwUAA4IBAQAAD+td+2obrTyuTFDul6q1drb7+YqxJ5qEXYUEaI0K
MiLIe31qX4bk1Rz/DLmB69pioRFa+DrWIcmXPwAss4OEnIcdgHi2ejagYZX2X8vA
zAVbwrLvQM3ISTGEYo9Nt9X3ThKFo7nFeBrxTZAfHi2j2hoC1myxJ/jJ9zOA3LRD
SZ8DROGk0OcA+1xKoCw3TrVzH+rzzKW81eDsNedtn6S0/nrNV6h9euowGsHs5se3
wV+stI9QcpWLCmBYoixoT9CkPlvdMVq7DI3WMPfvrbswXIKuNe62IevTnOyKNMVw
LcaaTuudI8hjpaSBZe9+M85xaG9XNOpUnXGC/dH2l42w
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:07:48 2025 by rpki-client