Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/2YpAtcpTP5sjiINFeZnT0_UGjwM.roa
File: 2YpAtcpTP5sjiINFeZnT0_UGjwM.roa (raw, json)
Hash identifier: 7jAXsBYaQg+p0Rzw2HKiG3mVuUxSu1W2sTVs4PLonnI=
Subject key identifier: D9:8A:40:B5:CA:53:3F:9B:23:88:83:45:79:99:D3:D3:F5:06:8F:03
Certificate issuer: /CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Certificate serial: 018CC6B8128D4CB9DBD82FE794A82B13DC7C
Authority key identifier: AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/2YpAtcpTP5sjiINFeZnT0_UGjwM.roa
Signing time: Mon 01 Jan 2024 20:30:01 +0000
ROA not before: Mon 01 Jan 2024 20:30:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 13174
IP address blocks: 213.87.0.0/19 maxlen: 19
213.87.32.0/21 maxlen: 21
213.87.44.0/22 maxlen: 22
213.87.48.0/21 maxlen: 21
Validation: Failed, certificate revoked on Tue 17 Dec 2024 07:04:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:b8:12:8d:4c:b9:db:d8:2f:e7:94:a8:2b:13:dc:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aefe1c859409ac5de7414c48f86739913be6b7e5
Validity
Not Before: Jan 1 20:30:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d98a40b5ca533f9b238883457999d3d3f5068f03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:3a:f5:bc:04:ca:7c:70:c4:d9:84:a8:d9:88:
65:60:af:26:f9:b1:5f:33:b1:21:5f:1c:10:1f:1a:
db:91:ef:95:4b:93:3e:34:60:a3:74:29:1f:a2:0c:
69:2e:e3:89:93:f3:4c:73:02:fd:64:2a:50:aa:1e:
a5:24:14:a3:db:9a:79:66:e9:7f:5f:a4:1f:8e:78:
1c:9b:f1:92:9b:fa:7a:51:29:05:f1:96:11:d4:bd:
09:d7:f2:53:a3:7d:bd:ad:93:bf:8d:ca:c4:a7:9d:
41:ff:db:af:ef:78:b8:9e:d0:c7:0d:95:d1:71:ee:
61:15:a0:5c:ae:6f:81:27:69:23:6d:a1:94:31:e2:
99:63:d8:ff:76:eb:bf:73:7d:39:95:a8:8f:a1:ff:
2b:d7:27:2c:84:b2:69:84:c6:5d:b1:96:81:42:1e:
c0:7f:74:d2:cb:8e:2e:1a:ac:8d:57:d6:b6:93:62:
7d:58:ea:e2:bb:cd:57:91:d0:4b:f7:a7:53:26:82:
9a:98:9b:69:aa:1c:e9:a5:8e:80:0b:d0:7b:87:67:
7e:39:94:8b:9a:24:44:fb:eb:d3:b5:b0:27:b8:dc:
a7:43:c0:af:34:9a:66:da:f9:e0:d1:d7:84:1f:c0:
79:a8:9e:94:23:31:b7:8b:ea:77:10:4c:8a:c8:04:
f9:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:8A:40:B5:CA:53:3F:9B:23:88:83:45:79:99:D3:D3:F5:06:8F:03
X509v3 Authority Key Identifier:
keyid:AE:FE:1C:85:94:09:AC:5D:E7:41:4C:48:F8:67:39:91:3B:E6:B7:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rv4chZQJrF3nQUxI-Gc5kTvmt-U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/2YpAtcpTP5sjiINFeZnT0_UGjwM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/451f04-e3c9-44ea-a6a1-428458679ce4/1/rv4chZQJrF3nQUxI-Gc5kTvmt-U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.87.0.0-213.87.39.255
213.87.44.0-213.87.55.255
Signature Algorithm: sha256WithRSAEncryption
3a:99:f3:13:b5:65:50:2f:0d:d4:7f:c0:de:27:fa:bc:eb:f0:
fc:c2:36:dc:2a:41:94:43:d1:27:fc:33:14:80:01:d6:9a:63:
4b:06:2f:36:ad:18:b6:3d:d3:63:59:0c:4b:f9:36:bd:29:0a:
7e:56:56:ad:23:09:0a:52:92:c4:49:f0:20:be:7f:13:df:da:
6d:5d:e4:06:0f:02:c6:70:88:f7:67:97:72:90:93:c1:13:b8:
5a:98:12:1d:41:5c:91:8d:7c:55:90:b6:66:21:35:69:74:23:
91:39:93:38:15:d0:68:57:e0:02:b8:e3:85:d1:a4:79:dc:57:
cf:45:2c:64:fb:48:f3:21:4e:eb:36:27:73:d8:7c:17:2b:00:
9f:a2:d3:a9:be:c0:34:3c:d9:ee:ed:e3:37:7a:83:b2:18:50:
84:49:e2:b9:c5:f0:be:0e:f9:4c:0f:56:62:89:76:8b:5f:b2:
2c:f9:7e:d8:a9:c9:97:c9:9e:1a:b6:c2:a7:1e:90:ac:df:43:
b9:66:e4:60:8b:0e:ce:81:7e:eb:d0:da:d2:28:16:06:37:04:
62:18:9b:5d:06:6a:51:1a:9c:93:10:15:c6:61:91:ae:a8:65:
a3:a7:80:41:96:73:1b:28:33:28:5a:3f:df:24:bd:6c:b1:e9:
ac:31:d7:e2
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGuBKNTLnb2C/nlKgrE9x8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZmUxYzg1OTQwOWFjNWRlNzQxNGM0OGY4NjczOTkxM2Jl
NmI3ZTUwHhcNMjQwMTAxMjAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOThhNDBiNWNhNTMzZjliMjM4ODgzNDU3OTk5ZDNkM2Y1MDY4ZjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDr1vATKfHDE2YSo2YhlYK8m+bFf
M7EhXxwQHxrbke+VS5M+NGCjdCkfogxpLuOJk/NMcwL9ZCpQqh6lJBSj25p5Zul/
X6Qfjngcm/GSm/p6USkF8ZYR1L0J1/JTo329rZO/jcrEp51B/9uv73i4ntDHDZXR
ce5hFaBcrm+BJ2kjbaGUMeKZY9j/duu/c305laiPof8r1ycshLJphMZdsZaBQh7A
f3TSy44uGqyNV9a2k2J9WOriu81XkdBL96dTJoKamJtpqhzppY6AC9B7h2d+OZSL
miRE++vTtbAnuNynQ8CvNJpm2vng0deEH8B5qJ6UIzG3i+p3EEyKyAT5hQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNmKQLXKUz+bI4iDRXmZ09P1Bo8DMB8GA1UdIwQY
MBaAFK7+HIWUCaxd50FMSPhnOZE75rflMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEt
NDI4NDU4Njc5Y2U0LzEvMllwQXRjcFRQNXNqaUlORmVablQwX1VHandNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS80NTFmMDQtZTNjOS00NGVhLWE2YTEtNDI4NDU4Njc5Y2U0
LzEvcnY0Y2haUUpyRjNuUVV4SS1HYzVrVHZtdC1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAATAbMAsDAwDVVwME
A9VXIDAMAwQC1VcsAwQD1VcwMA0GCSqGSIb3DQEBCwUAA4IBAQA6mfMTtWVQLw3U
f8DeJ/q86/D8wjbcKkGUQ9En/DMUgAHWmmNLBi82rRi2PdNjWQxL+Ta9KQp+Vlat
IwkKUpLESfAgvn8T39ptXeQGDwLGcIj3Z5dykJPBE7hamBIdQVyRjXxVkLZmITVp
dCOROZM4FdBoV+ACuOOF0aR53FfPRSxk+0jzIU7rNidz2HwXKwCfotOpvsA0PNnu
7eM3eoOyGFCESeK5xfC+DvlMD1ZiiXaLX7Is+X7YqcmXyZ4atsKnHpCs30O5ZuRg
iw7OgX7r0NrSKBYGNwRiGJtdBmpRGpyTEBXGYZGuqGWjp4BBlnMbKDMoWj/fJL1s
semsMdfi
-----END CERTIFICATE-----
Generated at Mon Apr 21 10:51:22 2025 by rpki-client