Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/tWvFMv8df_Z8lrkvtuVR9UKKG_U.roa
File: tWvFMv8df_Z8lrkvtuVR9UKKG_U.roa (raw, json)
Hash identifier: 0NzCX0ePPmGkSxzI61CBDniTj7giq34Gfp7zgNc0R6g=
Subject key identifier: B5:6B:C5:32:FF:1D:7F:F6:7C:96:B9:2F:B6:E5:51:F5:42:8A:1B:F5
Certificate issuer: /CN=d2c2b0ee187928409065d19ee9c0858e8c17ea13
Certificate serial: 019504CB89A88DC7A36BEF7327F3347E2690
Authority key identifier: D2:C2:B0:EE:18:79:28:40:90:65:D1:9E:E9:C0:85:8E:8C:17:EA:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0sKw7hh5KECQZdGe6cCFjowX6hM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/tWvFMv8df_Z8lrkvtuVR9UKKG_U.roa
Signing time: Fri 14 Feb 2025 14:10:02 +0000
ROA not before: Fri 14 Feb 2025 14:10:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210004
IP address blocks: 194.0.5.0/24 maxlen: 24
194.0.29.0/24 maxlen: 24
2001:678:8::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 17 Feb 2025 08:44:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:04:cb:89:a8:8d:c7:a3:6b:ef:73:27:f3:34:7e:26:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d2c2b0ee187928409065d19ee9c0858e8c17ea13
Validity
Not Before: Feb 14 14:10:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b56bc532ff1d7ff67c96b92fb6e551f5428a1bf5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:3f:71:11:dd:fc:35:54:20:3b:21:2d:71:12:
e9:02:f8:05:73:66:4f:4e:7a:4c:fe:06:36:b7:a1:
c7:b9:25:a7:c8:b9:b4:3d:ac:74:ff:7a:50:a8:d5:
23:07:7b:50:47:a7:59:59:21:a8:19:41:b5:ba:6c:
b5:ca:76:4d:3a:8b:40:5f:76:75:16:f0:aa:2e:2e:
a4:f9:27:cc:ed:56:09:bd:4b:c9:24:05:44:40:eb:
ec:a2:1c:d5:1f:c4:89:53:6e:4b:22:13:d0:60:2f:
0b:85:cb:bd:60:99:da:8a:9e:c2:92:17:9a:37:c6:
44:c2:7b:64:01:9d:eb:9d:b9:f9:70:f0:0c:26:71:
50:59:29:95:c0:b7:c5:df:66:f7:b6:18:0a:ff:a4:
40:60:bd:b8:1a:88:e4:05:b0:39:35:8b:55:d6:96:
b0:7a:c3:ff:de:df:79:b8:8d:66:b6:b2:58:ee:33:
55:37:cf:38:09:86:f8:fe:67:c4:38:0a:75:ae:9f:
07:de:18:f0:7e:9f:5d:69:b1:6f:ff:33:80:dd:10:
17:d9:e8:fd:6f:c9:ef:ce:65:7a:39:b7:a3:c9:ea:
4d:7a:54:57:08:3d:be:81:45:2b:fd:2b:aa:b2:c8:
20:94:30:89:05:04:9a:17:7f:31:88:ac:4c:0d:cd:
13:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:6B:C5:32:FF:1D:7F:F6:7C:96:B9:2F:B6:E5:51:F5:42:8A:1B:F5
X509v3 Authority Key Identifier:
keyid:D2:C2:B0:EE:18:79:28:40:90:65:D1:9E:E9:C0:85:8E:8C:17:EA:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sKw7hh5KECQZdGe6cCFjowX6hM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/tWvFMv8df_Z8lrkvtuVR9UKKG_U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/abac14-6eab-4985-867a-c8e863c1a8d1/1/0sKw7hh5KECQZdGe6cCFjowX6hM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.0.5.0/24
194.0.29.0/24
IPv6:
2001:678:8::/48
Signature Algorithm: sha256WithRSAEncryption
81:ec:0a:52:23:f0:df:d7:d4:2c:49:a1:85:14:e9:16:3f:62:
aa:73:b7:62:2c:7c:dd:3f:29:fe:6e:54:23:62:a2:65:3e:eb:
2f:06:c1:5a:e3:1c:c0:c8:ec:88:a4:8b:64:27:ef:3c:a5:c1:
fe:c4:23:03:7e:64:bf:d2:bb:4b:30:12:6f:77:2f:f6:d7:bf:
6b:0a:f4:8c:aa:ac:1b:ea:26:1f:5d:0f:97:59:dd:5c:93:f4:
f8:e0:7b:5e:8a:9b:5f:d8:74:7e:aa:e5:68:c0:4f:d8:a7:7c:
9a:49:00:96:81:72:33:de:03:1b:75:52:21:e5:86:1b:0d:dc:
b1:96:ff:82:89:b8:4e:d0:46:dc:8f:a9:88:00:ab:7b:be:7f:
aa:ae:4f:02:c4:df:d5:8c:12:42:51:b5:f9:f1:0c:f0:e1:45:
d6:5c:81:83:6b:bb:85:ba:e9:e9:e6:90:78:5d:21:28:50:c5:
2f:ca:41:42:c4:f2:5b:df:50:76:21:53:85:ff:71:2d:93:a8:
61:b8:85:3f:d4:2c:50:4a:e8:94:c4:bd:e7:73:07:ea:be:c0:
41:e1:4b:00:22:95:bf:8b:76:9f:65:eb:30:fe:6d:a2:5b:d4:
25:8b:6b:60:56:de:86:52:e8:1b:c1:9f:52:0d:d8:63:b3:10:
84:d5:a7:5e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZUEy4mojceja+9zJ/M0fiaQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzJiMGVlMTg3OTI4NDA5MDY1ZDE5ZWU5YzA4NThlOGMx
N2VhMTMwHhcNMjUwMjE0MTQxMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTZiYzUzMmZmMWQ3ZmY2N2M5NmI5MmZiNmU1NTFmNTQyOGExYmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz9xEd38NVQgOyEtcRLpAvgFc2ZP
TnpM/gY2t6HHuSWnyLm0Pax0/3pQqNUjB3tQR6dZWSGoGUG1umy1ynZNOotAX3Z1
FvCqLi6k+SfM7VYJvUvJJAVEQOvsohzVH8SJU25LIhPQYC8Lhcu9YJnaip7Ckhea
N8ZEwntkAZ3rnbn5cPAMJnFQWSmVwLfF32b3thgK/6RAYL24GojkBbA5NYtV1paw
esP/3t95uI1mtrJY7jNVN884CYb4/mfEOAp1rp8H3hjwfp9dabFv/zOA3RAX2ej9
b8nvzmV6ObejyepNelRXCD2+gUUr/SuqssgglDCJBQSaF38xiKxMDc0TQQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLVrxTL/HX/2fJa5L7blUfVCihv1MB8GA1UdIwQY
MBaAFNLCsO4YeShAkGXRnunAhY6MF+oTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNLdzdoaDVLRUNRWmRHZTZjQ0Zqb3dYNmhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hYmFjMTQtNmVhYi00OTg1LTg2N2Et
YzhlODYzYzFhOGQxLzEvdFd2Rk12OGRmX1o4bHJrdnR1VlI5VUtLR19VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hYmFjMTQtNmVhYi00OTg1LTg2N2EtYzhlODYzYzFhOGQx
LzEvMHNLdzdoaDVLRUNRWmRHZTZjQ0Zqb3dYNmhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwgAFAwQA
wgAdMA8EAgACMAkDBwAgAQZ4AAgwDQYJKoZIhvcNAQELBQADggEBAIHsClIj8N/X
1CxJoYUU6RY/Yqpzt2IsfN0/Kf5uVCNiomU+6y8GwVrjHMDI7Iiki2Qn7zylwf7E
IwN+ZL/Su0swEm93L/bXv2sK9IyqrBvqJh9dD5dZ3VyT9Pjge16Km1/YdH6q5WjA
T9infJpJAJaBcjPeAxt1UiHlhhsN3LGW/4KJuE7QRtyPqYgAq3u+f6quTwLE39WM
EkJRtfnxDPDhRdZcgYNru4W66enmkHhdIShQxS/KQULE8lvfUHYhU4X/cS2TqGG4
hT/ULFBK6JTEvedzB+q+wEHhSwAilb+Ldp9l6zD+baJb1CWLa2BW3oZS6BvBn1IN
2GOzEITVp14=
-----END CERTIFICATE-----
Generated at Fri Apr 18 02:52:36 2025 by rpki-client