Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/3bPOoAKvXwUuvSsCWE906BkkNrw.roa
File: 3bPOoAKvXwUuvSsCWE906BkkNrw.roa (raw, json)
Hash identifier: 9aa2UD2K+krwyXAfpe1xqdzCvWmIZ2tLkV3mS4NfNJU=
Subject key identifier: DD:B3:CE:A0:02:AF:5F:05:2E:BD:2B:02:58:4F:74:E8:19:24:36:BC
Certificate issuer: /CN=edf54be1b5ed5fd592faca468df1110095f3ea0a
Certificate serial: 018CC9BA65F0FCE3A31657833D2EA4A340B3
Authority key identifier: ED:F5:4B:E1:B5:ED:5F:D5:92:FA:CA:46:8D:F1:11:00:95:F3:EA:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7fVL4bXtX9WS-spGjfERAJXz6go.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/3bPOoAKvXwUuvSsCWE906BkkNrw.roa
Signing time: Tue 02 Jan 2024 10:31:25 +0000
ROA not before: Tue 02 Jan 2024 10:31:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 45.129.55.0/24 maxlen: 32
45.129.52.0/24 maxlen: 32
45.129.54.0/24 maxlen: 32
45.129.53.0/24 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 Jan 2025 11:49:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:ba:65:f0:fc:e3:a3:16:57:83:3d:2e:a4:a3:40:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=edf54be1b5ed5fd592faca468df1110095f3ea0a
Validity
Not Before: Jan 2 10:31:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ddb3cea002af5f052ebd2b02584f74e8192436bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:0e:41:b3:d2:6a:95:61:2b:e5:b5:55:20:29:
24:7f:99:b5:6b:e7:f3:fa:66:c0:19:ef:72:61:26:
97:5f:9c:a0:1f:0d:a9:be:96:ff:6c:9f:93:0a:b1:
5d:b7:90:23:82:e2:7e:f5:1e:29:40:c5:78:f2:15:
a1:ac:0c:b8:b0:b5:62:88:8e:c6:cf:e4:0b:51:0c:
ba:b8:ef:31:8c:f5:ae:bc:b5:f2:58:15:9a:0f:b5:
c6:51:3f:ec:ee:30:96:80:88:6e:cd:2a:1f:d2:c0:
96:10:fe:48:f8:23:e0:09:d1:e3:5a:de:54:63:3e:
9a:51:fa:37:48:ad:a3:9a:3d:3d:ed:0d:03:fc:94:
41:46:cd:c1:72:86:60:34:e5:63:eb:9a:c7:9a:e9:
dd:28:8e:e2:7b:bd:f5:e8:e8:1c:fb:5a:bb:ca:cc:
66:aa:43:01:9a:ed:1e:6d:f6:dd:e5:d8:66:97:e7:
0f:2e:64:72:d1:e4:02:0c:2d:b8:ac:32:41:c7:87:
c0:32:9d:5a:48:01:78:bc:18:8a:65:99:d0:d4:8b:
b5:f7:18:7c:1d:ee:8f:4e:77:8b:c1:ce:58:70:af:
12:7a:84:47:1a:f0:76:5e:40:9a:2b:4c:6b:a1:88:
05:95:7c:dc:60:08:de:f1:d4:63:fc:37:0f:a5:19:
47:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:B3:CE:A0:02:AF:5F:05:2E:BD:2B:02:58:4F:74:E8:19:24:36:BC
X509v3 Authority Key Identifier:
keyid:ED:F5:4B:E1:B5:ED:5F:D5:92:FA:CA:46:8D:F1:11:00:95:F3:EA:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7fVL4bXtX9WS-spGjfERAJXz6go.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/3bPOoAKvXwUuvSsCWE906BkkNrw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/40d893-e099-4148-b28e-9e614f4466c5/1/7fVL4bXtX9WS-spGjfERAJXz6go.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.52.0/22
Signature Algorithm: sha256WithRSAEncryption
67:88:b7:f0:64:1c:3f:d3:4f:64:cd:7d:e3:14:04:2a:9f:ea:
a6:c9:c1:2c:49:c0:63:06:5e:a3:63:16:80:56:f6:15:22:83:
7d:d9:66:36:31:84:a9:50:66:d1:c1:0d:3e:84:c1:de:6d:fb:
17:b9:24:08:12:a2:46:fc:78:f1:38:be:a9:33:b7:9d:ac:b0:
15:40:44:a0:06:1a:02:fc:f6:11:a9:02:a9:fa:34:2f:b9:40:
64:2e:d1:2c:fa:21:7b:34:e1:aa:72:ce:7f:32:1b:b1:ba:ad:
2b:4a:b2:13:ae:cc:a4:aa:a3:ec:a7:18:57:f2:7a:13:fa:dd:
7f:d9:fa:9a:9c:ec:cd:15:07:0b:a3:41:71:86:ff:a3:b5:be:
32:60:b4:e8:fb:b6:a4:32:b0:24:a7:8d:56:47:de:c7:4c:be:
6a:40:90:28:08:cf:1d:cc:57:e7:d4:92:05:7b:82:ff:45:b1:
aa:c9:1d:b1:47:ad:2f:bf:0b:d4:f8:71:c9:08:54:4d:84:c3:
b2:de:d3:1c:a6:e5:2c:05:a5:aa:e5:64:9f:9a:26:fe:b7:e2:
39:39:1c:80:87:31:43:5a:0d:d7:fe:ac:20:29:1a:3d:85:e4:
3b:9a:6d:89:50:96:7b:79:87:93:bc:54:d3:e3:01:de:ab:e6:
71:15:b7:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJumXw/OOjFleDPS6ko0CzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkZjU0YmUxYjVlZDVmZDU5MmZhY2E0NjhkZjExMTAwOTVm
M2VhMGEwHhcNMjQwMTAyMTAzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGIzY2VhMDAyYWY1ZjA1MmViZDJiMDI1ODRmNzRlODE5MjQzNmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQ5Bs9JqlWEr5bVVICkkf5m1a+fz
+mbAGe9yYSaXX5ygHw2pvpb/bJ+TCrFdt5AjguJ+9R4pQMV48hWhrAy4sLViiI7G
z+QLUQy6uO8xjPWuvLXyWBWaD7XGUT/s7jCWgIhuzSof0sCWEP5I+CPgCdHjWt5U
Yz6aUfo3SK2jmj097Q0D/JRBRs3BcoZgNOVj65rHmundKI7ie7316Ogc+1q7ysxm
qkMBmu0ebfbd5dhml+cPLmRy0eQCDC24rDJBx4fAMp1aSAF4vBiKZZnQ1Iu19xh8
He6PTneLwc5YcK8SeoRHGvB2XkCaK0xroYgFlXzcYAje8dRj/DcPpRlHDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN2zzqACr18FLr0rAlhPdOgZJDa8MB8GA1UdIwQY
MBaAFO31S+G17V/VkvrKRo3xEQCV8+oKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2ZWTDRiWHRYOVdTLXNwR2pmRVJBSlh6NmdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy80MGQ4OTMtZTA5OS00MTQ4LWIyOGUt
OWU2MTRmNDQ2NmM1LzEvM2JQT29BS3ZYd1V1dlNzQ1dFOTA2QmtrTnJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy80MGQ4OTMtZTA5OS00MTQ4LWIyOGUtOWU2MTRmNDQ2NmM1
LzEvN2ZWTDRiWHRYOVdTLXNwR2pmRVJBSlh6NmdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYE0MA0G
CSqGSIb3DQEBCwUAA4IBAQBniLfwZBw/009kzX3jFAQqn+qmycEsScBjBl6jYxaA
VvYVIoN92WY2MYSpUGbRwQ0+hMHebfsXuSQIEqJG/HjxOL6pM7edrLAVQESgBhoC
/PYRqQKp+jQvuUBkLtEs+iF7NOGqcs5/Mhuxuq0rSrITrsykqqPspxhX8noT+t1/
2fqanOzNFQcLo0Fxhv+jtb4yYLTo+7akMrAkp41WR97HTL5qQJAoCM8dzFfn1JIF
e4L/RbGqyR2xR60vvwvU+HHJCFRNhMOy3tMcpuUsBaWq5WSfmib+t+I5ORyAhzFD
Wg3X/qwgKRo9heQ7mm2JUJZ7eYeTvFTT4wHeq+ZxFbcl
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:07:49 2025 by rpki-client