Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/XzLrchhC5D2vVJP3YAIaxOjvAJw.roa
File: XzLrchhC5D2vVJP3YAIaxOjvAJw.roa (raw, json)
Hash identifier: ZueqqSrkLOat2+SoDPmzQ/x+ylW1XC+IkGLKHtCwFV8=
Subject key identifier: 5F:32:EB:72:18:42:E4:3D:AF:54:93:F7:60:02:1A:C4:E8:EF:00:9C
Certificate issuer: /CN=864b0e13cf27aff66be730bece98e04b00fdfb9e
Certificate serial: 018CC6B7BE0D95A1675DD862EEADB0450402
Authority key identifier: 86:4B:0E:13:CF:27:AF:F6:6B:E7:30:BE:CE:98:E0:4B:00:FD:FB:9E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/XzLrchhC5D2vVJP3YAIaxOjvAJw.roa
Signing time: Mon 01 Jan 2024 20:29:39 +0000
ROA not before: Mon 01 Jan 2024 20:29:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20495
IP address blocks: 77.74.48.0/21 maxlen: 32
195.210.56.0/23 maxlen: 32
193.189.149.0/24 maxlen: 32
185.58.56.0/22 maxlen: 32
193.16.154.0/24 maxlen: 32
2a01:310::/32 maxlen: 128
Validation: Failed, certificate revoked on Wed 01 Jan 2025 03:48:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b7:be:0d:95:a1:67:5d:d8:62:ee:ad:b0:45:04:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=864b0e13cf27aff66be730bece98e04b00fdfb9e
Validity
Not Before: Jan 1 20:29:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5f32eb721842e43daf5493f760021ac4e8ef009c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:ce:bb:be:03:a0:36:fd:73:a8:63:c8:4e:bf:
57:d3:5c:f6:60:45:7c:d1:e5:67:0c:1e:fc:12:7e:
8c:67:61:0d:4a:f9:4c:42:db:23:d1:c9:9a:33:6a:
e0:47:bf:bf:ad:e4:63:23:8a:19:80:78:0c:d1:54:
02:35:13:0a:d0:54:40:f6:d9:50:a4:74:3f:9e:25:
c2:91:3f:c1:1e:81:6a:5a:40:b9:7a:37:ef:13:be:
55:b7:3b:c0:fc:30:69:70:f5:c3:93:e3:fc:b0:bc:
bd:b8:5f:32:31:03:12:c5:e9:2d:ae:27:fb:10:3b:
2a:18:70:ba:d5:3e:98:3f:d7:7d:87:78:ba:27:2d:
a9:47:1e:4f:11:2c:25:44:97:0c:fc:3a:38:13:51:
d3:6f:eb:94:b1:0b:e6:27:f2:81:41:6b:cc:7d:b4:
d9:ef:c9:11:93:ee:a3:59:e1:1e:01:dc:f0:0b:8a:
35:9d:ab:43:2a:ba:cd:d9:93:08:8b:39:2a:9a:bd:
8d:11:d6:54:83:07:b0:3e:de:2b:0a:97:94:9b:ea:
31:60:ba:ab:b1:a6:89:8c:7c:17:a4:9f:fd:36:b1:
92:0d:c0:9f:51:cc:8c:26:54:9d:d4:2d:ee:11:4f:
4e:27:7f:d7:4e:23:01:9d:5c:57:17:43:6f:05:e0:
ee:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:32:EB:72:18:42:E4:3D:AF:54:93:F7:60:02:1A:C4:E8:EF:00:9C
X509v3 Authority Key Identifier:
keyid:86:4B:0E:13:CF:27:AF:F6:6B:E7:30:BE:CE:98:E0:4B:00:FD:FB:9E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hksOE88nr_Zr5zC-zpjgSwD9-54.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/XzLrchhC5D2vVJP3YAIaxOjvAJw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/302863-5689-43fc-872f-fc44a8ace370/1/hksOE88nr_Zr5zC-zpjgSwD9-54.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.74.48.0/21
185.58.56.0/22
193.16.154.0/24
193.189.149.0/24
195.210.56.0/23
IPv6:
2a01:310::/32
Signature Algorithm: sha256WithRSAEncryption
01:35:f3:f5:c6:33:94:4c:e8:8d:5c:b2:0d:68:95:80:50:35:
96:89:a8:c3:29:35:26:8e:4d:1b:21:08:6c:09:b9:7a:56:2d:
27:60:b4:e3:3a:a8:1b:86:fb:12:72:f0:3e:c1:7b:76:a6:a9:
1f:67:ca:19:96:ac:11:be:f0:f2:27:0d:86:05:f2:40:56:bc:
12:88:65:ac:c5:95:5c:22:39:b5:a9:ed:0c:b4:cb:27:8e:ce:
12:16:21:6a:94:05:3a:e0:f0:cc:92:bd:8c:ba:39:cc:ae:ff:
46:c5:67:b4:dc:84:1a:74:f0:cb:fe:13:78:45:b2:6d:63:fa:
55:9d:e5:ab:c6:5c:37:7b:b2:c1:22:31:f3:0d:87:d7:c5:03:
1b:b0:62:73:74:8c:32:70:61:6b:2a:78:1d:80:38:33:66:5c:
2e:87:a8:cb:52:72:ff:9c:1a:89:97:69:53:d3:35:d8:04:a7:
9a:a2:a9:c3:2b:28:a3:ee:33:b7:3b:cc:43:b0:96:65:f1:2d:
4e:2f:6d:aa:55:17:c7:ae:ba:e7:c6:7f:d4:4c:6d:0a:06:2f:
cd:50:a8:7e:e6:72:4e:3d:67:8a:ed:47:a7:77:e8:b8:5f:8f:
52:5b:14:f2:8d:8d:cc:fe:3f:df:11:3b:dd:b8:28:4a:4d:ba:
c1:53:f4:60
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzGt74NlaFnXdhi7q2wRQQCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2NGIwZTEzY2YyN2FmZjY2YmU3MzBiZWNlOThlMDRiMDBm
ZGZiOWUwHhcNMjQwMTAxMjAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjMyZWI3MjE4NDJlNDNkYWY1NDkzZjc2MDAyMWFjNGU4ZWYwMDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc67vgOgNv1zqGPITr9X01z2YEV8
0eVnDB78En6MZ2ENSvlMQtsj0cmaM2rgR7+/reRjI4oZgHgM0VQCNRMK0FRA9tlQ
pHQ/niXCkT/BHoFqWkC5ejfvE75VtzvA/DBpcPXDk+P8sLy9uF8yMQMSxektrif7
EDsqGHC61T6YP9d9h3i6Jy2pRx5PESwlRJcM/Do4E1HTb+uUsQvmJ/KBQWvMfbTZ
78kRk+6jWeEeAdzwC4o1natDKrrN2ZMIizkqmr2NEdZUgwewPt4rCpeUm+oxYLqr
saaJjHwXpJ/9NrGSDcCfUcyMJlSd1C3uEU9OJ3/XTiMBnVxXF0NvBeDuCQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFF8y63IYQuQ9r1ST92ACGsTo7wCcMB8GA1UdIwQY
MBaAFIZLDhPPJ6/2a+cwvs6Y4EsA/fueMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGtzT0U4OG5yX1pyNXpDLXpwamdTd0Q5LTU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8zMDI4NjMtNTY4OS00M2ZjLTg3MmYt
ZmM0NGE4YWNlMzcwLzEvWHpMcmNoaEM1RDJ2VkpQM1lBSWF4T2p2QUp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8zMDI4NjMtNTY4OS00M2ZjLTg3MmYtZmM0NGE4YWNlMzcw
LzEvaGtzT0U4OG5yX1pyNXpDLXpwamdTd0Q5LTU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDTUowAwQC
uTo4AwQAwRCaAwQAwb2VAwQBw9I4MA0EAgACMAcDBQAqAQMQMA0GCSqGSIb3DQEB
CwUAA4IBAQABNfP1xjOUTOiNXLINaJWAUDWWiajDKTUmjk0bIQhsCbl6Vi0nYLTj
OqgbhvsScvA+wXt2pqkfZ8oZlqwRvvDyJw2GBfJAVrwSiGWsxZVcIjm1qe0MtMsn
js4SFiFqlAU64PDMkr2MujnMrv9GxWe03IQadPDL/hN4RbJtY/pVneWrxlw3e7LB
IjHzDYfXxQMbsGJzdIwycGFrKngdgDgzZlwuh6jLUnL/nBqJl2lT0zXYBKeaoqnD
Kyij7jO3O8xDsJZl8S1OL22qVRfHrrrnxn/UTG0KBi/NUKh+5nJOPWeK7Uend+i4
X49SWxTyjY3M/j/fETvduChKTbrBU/Rg
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:39:48 2025 by rpki-client