Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/h9CrupbBZdI2EZHFS6xWetc4PiA.roa
File: h9CrupbBZdI2EZHFS6xWetc4PiA.roa (raw, json)
Hash identifier: 2+Fa2/nKCSg4yVwVKzrilH4WZXVMCGMew0EdaIxzVaE=
Subject key identifier: 87:D0:AB:BA:96:C1:65:D2:36:11:91:C5:4B:AC:56:7A:D7:38:3E:20
Certificate issuer: /CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Certificate serial: 018CC7274D08F56ADA3C9B33282BEBBB7236
Authority key identifier: C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/h9CrupbBZdI2EZHFS6xWetc4PiA.roa
Signing time: Mon 01 Jan 2024 22:31:30 +0000
ROA not before: Mon 01 Jan 2024 22:31:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211286
IP address blocks: 2a0d:8d04:71a::/48 maxlen: 48
2a0d:8d04:71d::/48 maxlen: 48
2a0d:8d04:5::/48 maxlen: 48
2a0d:8d04::/32 maxlen: 48
2a0d:8d04:71b::/48 maxlen: 48
Validation: Failed, certificate revoked on Fri 12 Jul 2024 11:37:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:4d:08:f5:6a:da:3c:9b:33:28:2b:eb:bb:72:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c64fa0ad8987149f05534724b45a2f4d5ebf475d
Validity
Not Before: Jan 1 22:31:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=87d0abba96c165d2361191c54bac567ad7383e20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:ab:37:1c:01:32:e5:a6:cc:8e:d7:7a:39:51:
71:27:8c:52:dc:23:07:13:96:f2:da:b9:81:06:c8:
0b:01:0c:76:70:94:07:1d:51:e9:53:3f:62:e7:7d:
d0:e5:0a:81:e9:2e:40:ff:b7:08:26:ea:94:8b:e7:
10:92:2c:e7:65:1f:6f:6c:10:fa:8c:d6:01:3b:59:
53:1a:18:39:16:74:94:e2:96:02:35:60:56:21:62:
35:17:c2:16:d1:4e:c7:62:33:6d:58:ad:09:83:66:
72:51:ef:63:eb:50:e6:93:4d:56:45:36:f8:71:f8:
13:8d:c9:23:da:5b:d2:4b:32:c4:4e:3c:9b:f6:a0:
ea:58:7a:ef:1a:0a:0d:3f:0a:5c:90:b7:88:36:e1:
7c:b9:7f:1b:33:b3:ff:b4:6a:8b:71:41:bf:b3:8d:
28:08:82:82:d5:15:3a:c6:a1:db:2a:84:fb:e6:f5:
0e:e2:0d:05:a7:5a:a3:dd:49:fc:78:20:e4:89:38:
30:71:a2:39:72:66:89:35:de:a9:7f:59:91:ba:94:
ee:e0:74:2b:73:31:44:ff:94:22:f5:9f:1f:e7:fa:
cc:ec:5a:8d:8d:35:f4:9c:7d:07:9d:97:08:fa:a0:
46:09:3e:ec:6a:89:f7:ac:1a:1b:06:f6:0c:53:2c:
38:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:D0:AB:BA:96:C1:65:D2:36:11:91:C5:4B:AC:56:7A:D7:38:3E:20
X509v3 Authority Key Identifier:
keyid:C6:4F:A0:AD:89:87:14:9F:05:53:47:24:B4:5A:2F:4D:5E:BF:47:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xk-grYmHFJ8FU0cktFovTV6_R10.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/h9CrupbBZdI2EZHFS6xWetc4PiA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/24015f-091c-4c5d-b5c1-bcf77026939d/1/xk-grYmHFJ8FU0cktFovTV6_R10.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0d:8d04::/32
Signature Algorithm: sha256WithRSAEncryption
71:f6:fc:b2:60:55:ae:d5:9a:01:9a:52:75:30:7d:e4:89:4f:
94:e3:fe:64:5b:02:ae:53:69:fb:c2:2d:d3:15:e9:81:53:7a:
4f:67:44:55:2c:f7:a5:48:f2:ff:3c:3e:d1:17:6f:f0:96:a7:
af:5c:a0:00:da:a9:06:ef:5c:72:a1:af:3f:7b:56:4b:a6:5a:
f7:c9:ea:41:41:dd:cb:d4:ce:17:7d:d0:97:47:91:f5:7c:73:
46:25:fe:0a:ad:f7:6a:34:ad:f0:36:1e:2b:2a:4c:4d:63:bd:
61:98:39:59:7d:82:73:bb:58:82:27:24:67:7e:97:02:a7:52:
f8:ce:69:43:54:d8:c9:d7:f4:8f:8f:39:03:2c:5b:5f:28:52:
0c:d1:56:dc:7b:bf:32:7e:d1:d1:5f:de:6f:86:d0:cd:d8:47:
01:b4:b7:4f:b5:0e:86:8e:d9:a2:1d:41:74:0f:55:6e:a1:04:
a8:ad:a5:b1:48:ec:da:a7:bb:1e:6e:c0:7e:6a:1c:86:ee:36:
2f:c4:c4:41:32:9c:20:5c:80:37:27:04:5e:dc:eb:4e:7d:08:
d5:64:90:e2:c3:e4:85:68:89:05:5c:d2:88:97:55:51:cc:1e:
4f:b0:b4:4e:1f:30:c8:b0:c1:c6:20:d8:f4:93:0f:02:20:1f:
97:9b:27:41
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHJ00I9WraPJszKCvru3I2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NGZhMGFkODk4NzE0OWYwNTUzNDcyNGI0NWEyZjRkNWVi
ZjQ3NWQwHhcNMjQwMTAxMjIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2QwYWJiYTk2YzE2NWQyMzYxMTkxYzU0YmFjNTY3YWQ3MzgzZTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6s3HAEy5abMjtd6OVFxJ4xS3CMH
E5by2rmBBsgLAQx2cJQHHVHpUz9i533Q5QqB6S5A/7cIJuqUi+cQkiznZR9vbBD6
jNYBO1lTGhg5FnSU4pYCNWBWIWI1F8IW0U7HYjNtWK0Jg2ZyUe9j61Dmk01WRTb4
cfgTjckj2lvSSzLETjyb9qDqWHrvGgoNPwpckLeINuF8uX8bM7P/tGqLcUG/s40o
CIKC1RU6xqHbKoT75vUO4g0Fp1qj3Un8eCDkiTgwcaI5cmaJNd6pf1mRupTu4HQr
czFE/5Qi9Z8f5/rM7FqNjTX0nH0HnZcI+qBGCT7saon3rBobBvYMUyw4nQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIfQq7qWwWXSNhGRxUusVnrXOD4gMB8GA1UdIwQY
MBaAFMZPoK2JhxSfBVNHJLRaL01ev0ddMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEt
YmNmNzcwMjY5MzlkLzEvaDlDcnVwYkJaZEkyRVpIRlM2eFdldGM0UGlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8yNDAxNWYtMDkxYy00YzVkLWI1YzEtYmNmNzcwMjY5Mzlk
LzEveGstZ3JZbUhGSjhGVTBja3RGb3ZUVjZfUjEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg2NBDAN
BgkqhkiG9w0BAQsFAAOCAQEAcfb8smBVrtWaAZpSdTB95IlPlOP+ZFsCrlNp+8It
0xXpgVN6T2dEVSz3pUjy/zw+0Rdv8Janr1ygANqpBu9ccqGvP3tWS6Za98nqQUHd
y9TOF33Ql0eR9XxzRiX+Cq33ajSt8DYeKypMTWO9YZg5WX2Cc7tYgickZ36XAqdS
+M5pQ1TYydf0j485AyxbXyhSDNFW3Hu/Mn7R0V/eb4bQzdhHAbS3T7UOho7Zoh1B
dA9VbqEEqK2lsUjs2qe7Hm7Afmochu42L8TEQTKcIFyANycEXtzrTn0I1WSQ4sPk
hWiJBVzSiJdVUcweT7C0Th8wyLDBxiDY9JMPAiAfl5snQQ==
-----END CERTIFICATE-----
Generated at Fri Mar 14 12:10:43 2025 by rpki-client