Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/1faa3e-884c-445f-845d-79b3db659dfc/1/haKRGK5aCIkuEWf9uj0pMDaQT1g.roa
File: haKRGK5aCIkuEWf9uj0pMDaQT1g.roa (raw, json)
Hash identifier: +/3qkJuNcYQHE6kRd1K5dkxpeX275w5NHfqwE11y/pU=
Subject key identifier: 85:A2:91:18:AE:5A:08:89:2E:11:67:FD:BA:3D:29:30:36:90:4F:58
Certificate issuer: /CN=5188dedacdc240b4b2f786f12342e0a83d8ae80f
Certificate serial: 01941F8C2B50BC91A79CD77A29A97C5EDC78
Authority key identifier: 51:88:DE:DA:CD:C2:40:B4:B2:F7:86:F1:23:42:E0:A8:3D:8A:E8:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UYje2s3CQLSy94bxI0LgqD2K6A8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/1faa3e-884c-445f-845d-79b3db659dfc/1/haKRGK5aCIkuEWf9uj0pMDaQT1g.roa
Signing time: Wed 01 Jan 2025 01:47:47 +0000
ROA not before: Wed 01 Jan 2025 01:47:47 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 31529
IP address blocks: 45.142.220.0/24 maxlen: 24
45.142.221.0/24 maxlen: 24
45.142.222.0/24 maxlen: 24
45.142.223.0/24 maxlen: 24
2a0e:dbc0::/48 maxlen: 48
2a0e:dbc0:1::/48 maxlen: 48
2a0e:dbc0:2::/48 maxlen: 48
2a0e:dbc0:3::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 06 Jan 2025 10:21:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1f:8c:2b:50:bc:91:a7:9c:d7:7a:29:a9:7c:5e:dc:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5188dedacdc240b4b2f786f12342e0a83d8ae80f
Validity
Not Before: Jan 1 01:47:47 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=85a29118ae5a08892e1167fdba3d293036904f58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:ca:7d:f2:03:90:d3:4b:a2:0c:56:8f:fe:8b:
11:51:4d:4d:72:ca:ec:70:0f:7b:44:1a:b3:6a:44:
87:f8:f8:6b:60:df:de:ce:ca:34:1c:3c:2b:4d:3f:
30:fa:80:c8:ac:15:6c:a3:40:62:ac:43:e9:dd:cd:
df:2d:90:fb:bc:96:b2:62:50:04:7c:4b:4a:57:5b:
e1:56:62:57:83:63:ae:6a:76:fe:44:b9:34:5f:f8:
09:7e:e3:d3:3b:61:75:b3:7a:d4:80:e1:a1:16:c2:
43:85:db:fe:88:8c:e0:bc:fe:a0:41:2f:90:33:ab:
5c:c4:c8:83:5a:17:67:a8:e0:9c:28:62:f8:97:b4:
ad:f5:83:22:f8:45:e9:08:27:b4:85:c8:6b:51:c7:
34:c0:5d:71:b5:23:78:62:b1:06:77:c0:ce:aa:51:
c9:3f:43:cc:37:87:cd:8c:4f:31:7d:1d:50:b9:81:
e9:31:a5:41:06:fc:f8:52:a5:ef:6f:c2:df:ad:f2:
e5:53:08:6c:0f:73:fb:4c:d2:54:3b:eb:1b:83:0b:
70:77:b2:e2:a0:86:1d:86:b1:c8:d9:29:65:56:80:
ad:91:7d:72:9f:70:29:40:8b:5e:69:88:c1:b0:dd:
25:83:23:b9:44:5d:ab:f3:e5:08:cc:fe:f0:97:b6:
13:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:A2:91:18:AE:5A:08:89:2E:11:67:FD:BA:3D:29:30:36:90:4F:58
X509v3 Authority Key Identifier:
keyid:51:88:DE:DA:CD:C2:40:B4:B2:F7:86:F1:23:42:E0:A8:3D:8A:E8:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UYje2s3CQLSy94bxI0LgqD2K6A8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1faa3e-884c-445f-845d-79b3db659dfc/1/haKRGK5aCIkuEWf9uj0pMDaQT1g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/1faa3e-884c-445f-845d-79b3db659dfc/1/UYje2s3CQLSy94bxI0LgqD2K6A8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.142.220.0/22
IPv6:
2a0e:dbc0::/46
Signature Algorithm: sha256WithRSAEncryption
43:74:77:b0:04:c6:df:c7:a8:1d:17:5c:e3:9d:9e:48:9e:91:
00:ca:89:c7:34:4c:7c:65:be:d1:62:09:ae:3b:1b:d1:3f:db:
32:23:22:a5:8a:6a:27:ae:e1:f5:3f:9b:5f:95:25:b3:0e:5f:
b3:ab:63:36:6e:4f:c2:1c:f6:50:43:9d:b4:61:00:26:8b:28:
fa:92:9d:36:fc:eb:ee:19:d6:30:c5:7e:a5:a7:2b:c2:fa:8e:
90:d2:9b:06:9d:6d:1f:3b:46:74:44:af:ed:51:fa:4d:87:c4:
c6:ba:54:32:c6:7a:7b:78:60:10:6a:33:dd:d7:43:7b:3e:f9:
c7:1c:d9:d5:53:25:f0:5b:c3:9d:2a:b2:cd:5d:f2:fd:5a:0d:
9a:f0:70:ba:e1:e3:f2:c6:70:87:b1:8c:f7:41:ef:32:b6:5a:
e8:dc:54:d9:b7:b0:8a:97:cc:2c:24:db:b5:95:1d:61:c8:87:
e3:53:91:ef:55:7c:0a:de:1d:7e:f2:24:46:f5:d0:95:fa:55:
a3:73:58:02:ca:aa:2b:b1:43:8d:ad:39:30:f3:02:a7:01:0c:
fa:8f:46:30:fb:cf:fa:77:4d:a6:2c:88:93:65:e8:92:17:74:
f2:0d:c9:2b:d0:fc:7e:c0:b6:34:37:23:bd:f6:66:f6:b9:39:
c3:70:5b:0c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjCtQvJGnnNd6Kal8Xtx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxODhkZWRhY2RjMjQwYjRiMmY3ODZmMTIzNDJlMGE4M2Q4
YWU4MGYwHhcNMjUwMTAxMDE0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWEyOTExOGFlNWEwODg5MmUxMTY3ZmRiYTNkMjkzMDM2OTA0ZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38p98gOQ00uiDFaP/osRUU1Ncsrs
cA97RBqzakSH+PhrYN/ezso0HDwrTT8w+oDIrBVso0BirEPp3c3fLZD7vJayYlAE
fEtKV1vhVmJXg2Ouanb+RLk0X/gJfuPTO2F1s3rUgOGhFsJDhdv+iIzgvP6gQS+Q
M6tcxMiDWhdnqOCcKGL4l7St9YMi+EXpCCe0hchrUcc0wF1xtSN4YrEGd8DOqlHJ
P0PMN4fNjE8xfR1QuYHpMaVBBvz4UqXvb8LfrfLlUwhsD3P7TNJUO+sbgwtwd7Li
oIYdhrHI2SllVoCtkX1yn3ApQIteaYjBsN0lgyO5RF2r8+UIzP7wl7YTtwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIWikRiuWgiJLhFn/bo9KTA2kE9YMB8GA1UdIwQY
MBaAFFGI3trNwkC0sveG8SNC4Kg9iugPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVlqZTJzM0NRTFN5OTRieEkwTGdxRDJLNkE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8xZmFhM2UtODg0Yy00NDVmLTg0NWQt
NzliM2RiNjU5ZGZjLzEvaGFLUkdLNWFDSWt1RVdmOXVqMHBNRGFRVDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8xZmFhM2UtODg0Yy00NDVmLTg0NWQtNzliM2RiNjU5ZGZj
LzEvVVlqZTJzM0NRTFN5OTRieEkwTGdxRDJLNkE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLY7cMA8E
AgACMAkDBwIqDtvAAAAwDQYJKoZIhvcNAQELBQADggEBAEN0d7AExt/HqB0XXOOd
nkiekQDKicc0THxlvtFiCa47G9E/2zIjIqWKaieu4fU/m1+VJbMOX7OrYzZuT8Ic
9lBDnbRhACaLKPqSnTb86+4Z1jDFfqWnK8L6jpDSmwadbR87RnREr+1R+k2HxMa6
VDLGent4YBBqM93XQ3s++ccc2dVTJfBbw50qss1d8v1aDZrwcLrh4/LGcIexjPdB
7zK2WujcVNm3sIqXzCwk27WVHWHIh+NTke9VfAreHX7yJEb10JX6VaNzWALKqiux
Q42tOTDzAqcBDPqPRjD7z/p3TaYsiJNl6JIXdPINySvQ/H7AtjQ3I732Zva5OcNw
Www=
-----END CERTIFICATE-----
Generated at Mon Apr 21 02:53:30 2025 by rpki-client