Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/oXcX9D4k42NpvCRoichFsmBQ478.roa
File: oXcX9D4k42NpvCRoichFsmBQ478.roa (raw, json)
Hash identifier: IU9rxEzxu8tn1VXxypkVKhTlLSzr3SvcRIsh/REqx78=
Subject key identifier: A1:77:17:F4:3E:24:E3:63:69:BC:24:68:89:C8:45:B2:60:50:E3:BF
Certificate issuer: /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial: 01935562AB93AA0B4704509F53747917C70D
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/oXcX9D4k42NpvCRoichFsmBQ478.roa
Signing time: Fri 22 Nov 2024 19:39:09 +0000
ROA not before: Fri 22 Nov 2024 19:39:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 215427
IP address blocks: 2a07:f580::/29 maxlen: 29
2a0d:38c0::/29 maxlen: 29
2a14:41c0::/29 maxlen: 29
2a14:4240::/29 maxlen: 29
2a14:42c0::/29 maxlen: 29
2a14:6240::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 01 Jan 2025 19:48:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:55:62:ab:93:aa:0b:47:04:50:9f:53:74:79:17:c7:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Validity
Not Before: Nov 22 19:39:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a17717f43e24e36369bc246889c845b26050e3bf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:8c:45:16:5d:5d:dd:91:81:16:52:fd:85:99:
2c:f0:21:52:93:bf:0e:32:e8:f5:97:f7:d0:bc:fd:
fb:e6:ac:2d:1d:a6:52:1b:4d:0e:6e:2e:f5:13:3e:
03:b9:1d:d1:58:76:cf:4c:a6:81:2c:3e:54:a3:7d:
7f:13:1a:7e:03:c1:cb:ba:2b:49:8a:9b:f8:85:36:
e2:a7:f1:40:b1:11:8e:9e:3b:81:52:d2:f2:56:71:
ec:3b:fc:92:4a:ec:5d:3c:b4:5a:66:ff:4f:46:fd:
65:94:48:46:b8:b5:36:c6:55:8a:03:02:d7:b8:d9:
3a:f5:58:4d:ae:de:84:32:ad:dd:cf:66:75:7a:e5:
b4:bc:6f:a5:06:82:f6:20:91:50:63:e0:e0:ab:a5:
95:c9:95:2a:95:bf:5c:91:e4:5f:be:98:ae:fd:9f:
de:17:f6:5f:41:16:77:7a:89:db:4c:7b:59:14:ed:
f7:d6:2a:6a:b0:39:55:97:21:f1:4f:1e:69:bd:db:
a2:aa:a3:6a:3d:3c:3c:e4:f4:de:b8:4e:aa:de:fd:
69:8d:76:df:78:56:36:be:2d:05:30:d9:45:95:0c:
9b:f7:9a:6d:b4:61:7c:cb:33:16:ba:f8:84:4e:7e:
ac:30:b4:72:fc:ac:c2:08:7e:40:34:44:18:86:90:
c8:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:77:17:F4:3E:24:E3:63:69:BC:24:68:89:C8:45:B2:60:50:E3:BF
X509v3 Authority Key Identifier:
keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/oXcX9D4k42NpvCRoichFsmBQ478.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a07:f580::/29
2a0d:38c0::/29
2a14:41c0::/29
2a14:4240::/29
2a14:42c0::/29
2a14:6240::/29
Signature Algorithm: sha256WithRSAEncryption
2d:db:0c:db:a4:8e:a6:38:f9:94:68:47:c6:1d:aa:00:7a:fa:
a0:63:4e:3e:9d:a9:c5:58:fc:11:b4:be:d7:19:36:d6:57:63:
83:09:3a:7d:b2:25:73:1b:86:9b:0d:ff:61:5c:a1:52:d8:f8:
94:72:fe:74:fc:b3:34:f7:7e:43:e8:80:3d:3d:cd:a9:c0:c5:
a4:ec:99:15:0e:d1:d2:31:73:09:bf:96:89:30:72:c2:f5:9f:
19:8a:eb:97:32:b9:93:1f:70:32:6d:cb:95:24:fa:48:f7:20:
11:ce:0d:39:7f:b0:03:a7:4b:06:c6:32:94:d0:03:fa:c9:d3:
4c:0a:bf:54:76:d6:99:63:92:52:6f:7b:7b:54:b2:b2:20:68:
1b:43:45:94:34:99:8b:1d:85:a0:98:fb:f4:60:54:14:d5:90:
aa:fe:8e:a0:89:88:13:15:ca:5f:97:1e:7a:7a:f7:c6:25:5c:
bf:ba:cc:57:26:a7:49:6b:b8:6d:bc:5d:5e:c1:18:f4:a2:65:
a6:89:c5:cb:27:92:37:f8:b9:e5:05:bc:b2:d2:14:0d:a8:ad:
f6:e5:88:96:df:a6:f7:34:0f:f1:5c:f3:4e:4d:44:be:3c:02:
ab:e2:a8:4b:fb:fb:d2:86:66:cb:87:58:7c:b1:7d:d5:41:4c:
3a:f0:92:bb
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZNVYquTqgtHBFCfU3R5F8cNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQxMTIyMTkzOTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTc3MTdmNDNlMjRlMzYzNjliYzI0Njg4OWM4NDViMjYwNTBlM2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloxFFl1d3ZGBFlL9hZks8CFSk78O
Muj1l/fQvP375qwtHaZSG00Obi71Ez4DuR3RWHbPTKaBLD5Uo31/Exp+A8HLuitJ
ipv4hTbip/FAsRGOnjuBUtLyVnHsO/ySSuxdPLRaZv9PRv1llEhGuLU2xlWKAwLX
uNk69VhNrt6EMq3dz2Z1euW0vG+lBoL2IJFQY+Dgq6WVyZUqlb9ckeRfvpiu/Z/e
F/ZfQRZ3eonbTHtZFO331ipqsDlVlyHxTx5pvduiqqNqPTw85PTeuE6q3v1pjXbf
eFY2vi0FMNlFlQyb95pttGF8yzMWuviETn6sMLRy/KzCCH5ANEQYhpDIvwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKF3F/Q+JONjabwkaInIRbJgUOO/MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvb1hjWDlENGs0Mk5wdkNSb2ljaEZzbUJRNDc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKgf1gAMF
AyoNOMADBQMqFEHAAwUDKhRCQAMFAyoUQsADBQMqFGJAMA0GCSqGSIb3DQEBCwUA
A4IBAQAt2wzbpI6mOPmUaEfGHaoAevqgY04+nanFWPwRtL7XGTbWV2ODCTp9siVz
G4abDf9hXKFS2PiUcv50/LM0935D6IA9Pc2pwMWk7JkVDtHSMXMJv5aJMHLC9Z8Z
iuuXMrmTH3AybcuVJPpI9yARzg05f7ADp0sGxjKU0AP6ydNMCr9UdtaZY5JSb3t7
VLKyIGgbQ0WUNJmLHYWgmPv0YFQU1ZCq/o6giYgTFcpflx56evfGJVy/usxXJqdJ
a7htvF1ewRj0omWmicXLJ5I3+LnlBbyy0hQNqK325YiW36b3NA/xXPNOTUS+PAKr
4qhL+/vShmbLh1h8sX3VQUw68JK7
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:21:06 2025 by rpki-client