Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/TkKpqKpwdWeK67A2J-mkQJgvyjc.roa
File: TkKpqKpwdWeK67A2J-mkQJgvyjc.roa (raw, json)
Hash identifier: wfSt8rEgzwFqlbsaRCIg5yJBHQ+Xlc1ojm2lQ0pgsW4=
Subject key identifier: 4E:42:A9:A8:AA:70:75:67:8A:EB:B0:36:27:E9:A4:40:98:2F:CA:37
Certificate issuer: /CN=60fcd55b9130858d8ea583c0987dad00f614db39
Certificate serial: 0193F8CA4289E59FFC7FF396609B65D2A8CF
Authority key identifier: 60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/TkKpqKpwdWeK67A2J-mkQJgvyjc.roa
Signing time: Tue 24 Dec 2024 13:10:25 +0000
ROA not before: Tue 24 Dec 2024 13:10:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 398464
IP address blocks: 195.64.122.0/24 maxlen: 24
2a14:2500::/29 maxlen: 29
2a14:2700::/29 maxlen: 29
2a14:2b00::/29 maxlen: 29
2a14:2d00::/29 maxlen: 29
2a14:2f00::/29 maxlen: 29
2a14:3300::/29 maxlen: 29
2a14:3500::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 24 Dec 2024 14:53:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:f8:ca:42:89:e5:9f:fc:7f:f3:96:60:9b:65:d2:a8:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60fcd55b9130858d8ea583c0987dad00f614db39
Validity
Not Before: Dec 24 13:10:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4e42a9a8aa7075678aebb03627e9a440982fca37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:bd:8b:db:75:db:12:84:64:8e:0b:df:04:7f:
56:00:27:24:90:b1:5a:eb:e0:6f:67:b2:db:0b:ca:
db:92:6f:2d:bf:df:8f:35:21:5a:fa:01:46:eb:c1:
84:a7:cc:b1:ab:00:47:06:dd:5e:7f:56:0e:32:96:
93:72:73:ed:31:b9:33:9e:62:2a:80:9c:a7:07:5e:
9c:cb:c3:68:e2:84:fb:73:8a:7a:8a:25:bb:40:78:
63:64:c1:70:d6:75:10:4b:84:0b:92:28:9e:ba:fb:
dd:5e:4c:54:0b:e7:8c:85:87:29:bb:22:f8:37:74:
3b:af:40:1a:c3:fa:5f:11:49:9c:8b:23:07:f6:3a:
14:f1:13:25:01:ec:3e:29:95:af:87:c9:cc:fb:7c:
74:2b:69:44:14:91:86:e1:95:8b:94:21:a1:4c:27:
c6:a1:65:6b:81:e3:3b:f2:07:e6:f7:34:d7:33:2d:
a5:b3:3d:9b:6f:08:a2:d7:86:2d:e2:dd:1b:a7:6b:
48:21:35:c3:e6:45:3f:7c:6a:24:cd:67:9a:8d:34:
e8:f0:15:3b:30:70:dc:c8:ab:fd:33:6a:80:53:22:
6d:5b:cd:e8:fd:48:0e:22:83:bb:23:1e:43:f1:0c:
76:82:e3:19:be:a0:a8:e4:d5:f4:3d:f6:c7:5e:3d:
be:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:42:A9:A8:AA:70:75:67:8A:EB:B0:36:27:E9:A4:40:98:2F:CA:37
X509v3 Authority Key Identifier:
keyid:60:FC:D5:5B:91:30:85:8D:8E:A5:83:C0:98:7D:AD:00:F6:14:DB:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YPzVW5EwhY2OpYPAmH2tAPYU2zk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/TkKpqKpwdWeK67A2J-mkQJgvyjc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/82233d-ec07-42fb-8799-ed30b9bb12d5/1/YPzVW5EwhY2OpYPAmH2tAPYU2zk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.64.122.0/24
IPv6:
2a14:2500::/29
2a14:2700::/29
2a14:2b00::/29
2a14:2d00::/29
2a14:2f00::/29
2a14:3300::/29
2a14:3500::/29
Signature Algorithm: sha256WithRSAEncryption
c6:19:70:90:1a:34:95:a6:08:df:ee:05:60:cf:28:1b:3c:bf:
90:f2:01:e5:3e:58:9c:30:80:d6:c1:fd:8a:f4:7b:14:19:0c:
56:0d:31:ec:38:7d:ff:32:08:16:14:54:46:ea:82:7c:47:7c:
1d:7e:8e:23:ad:3f:d5:34:60:bc:cd:5d:dd:06:1c:22:3d:cf:
ef:ab:54:e5:6a:14:bb:68:a3:03:e1:43:ae:1e:b8:6a:d3:d8:
fd:3c:a1:52:56:b9:56:e1:b4:db:e2:05:a5:c9:67:6f:26:a7:
a9:7d:07:94:83:45:c1:12:71:c9:28:55:67:ce:db:a7:3d:36:
f0:a0:4a:77:08:dd:b3:9e:2e:fa:7b:54:66:21:fb:19:b8:e4:
97:8e:4c:ca:74:b6:fc:2f:a8:58:3e:a7:30:cd:76:90:03:f2:
24:04:86:e8:55:6c:ae:c8:48:48:42:7d:6b:50:3e:18:30:a3:
56:f6:bf:a1:d7:a9:8e:02:5c:f6:ee:42:fe:ba:e0:33:6b:82:
5c:f4:36:c8:d9:db:90:90:d8:13:aa:f6:e7:6d:69:e4:4b:f2:
54:0b:2b:2b:8a:32:a1:4b:f9:e6:c3:d2:d8:65:10:eb:23:ac:
80:8b:fa:0e:00:f8:c0:13:ad:68:ea:58:a7:11:1f:20:04:cd:
67:1d:9c:e1
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAZP4ykKJ5Z/8f/OWYJtl0qjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZmNkNTViOTEzMDg1OGQ4ZWE1ODNjMDk4N2RhZDAwZjYx
NGRiMzkwHhcNMjQxMjI0MTMxMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQyYTlhOGFhNzA3NTY3OGFlYmIwMzYyN2U5YTQ0MDk4MmZjYTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAub2L23XbEoRkjgvfBH9WACckkLFa
6+BvZ7LbC8rbkm8tv9+PNSFa+gFG68GEp8yxqwBHBt1ef1YOMpaTcnPtMbkznmIq
gJynB16cy8No4oT7c4p6iiW7QHhjZMFw1nUQS4QLkiieuvvdXkxUC+eMhYcpuyL4
N3Q7r0Aaw/pfEUmciyMH9joU8RMlAew+KZWvh8nM+3x0K2lEFJGG4ZWLlCGhTCfG
oWVrgeM78gfm9zTXMy2lsz2bbwii14Yt4t0bp2tIITXD5kU/fGokzWeajTTo8BU7
MHDcyKv9M2qAUyJtW83o/UgOIoO7Ix5D8Qx2guMZvqCo5NX0PfbHXj2+dQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFE5CqaiqcHVniuuwNifppECYL8o3MB8GA1UdIwQY
MBaAFGD81VuRMIWNjqWDwJh9rQD2FNs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTkt
ZWQzMGI5YmIxMmQ1LzEvVGtLcHFLcHdkV2VLNjdBMkotbWtRSmd2eWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MjIzM2QtZWMwNy00MmZiLTg3OTktZWQzMGI5YmIxMmQ1
LzEvWVB6Vlc1RXdoWTJPcFlQQW1IMnRBUFlVMnprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzAMBAIAATAGAwQAw0B6MDcE
AgACMDEDBQMqFCUAAwUDKhQnAAMFAyoUKwADBQMqFC0AAwUDKhQvAAMFAyoUMwAD
BQMqFDUAMA0GCSqGSIb3DQEBCwUAA4IBAQDGGXCQGjSVpgjf7gVgzygbPL+Q8gHl
PlicMIDWwf2K9HsUGQxWDTHsOH3/MggWFFRG6oJ8R3wdfo4jrT/VNGC8zV3dBhwi
Pc/vq1TlahS7aKMD4UOuHrhq09j9PKFSVrlW4bTb4gWlyWdvJqepfQeUg0XBEnHJ
KFVnztunPTbwoEp3CN2zni76e1RmIfsZuOSXjkzKdLb8L6hYPqcwzXaQA/IkBIbo
VWyuyEhIQn1rUD4YMKNW9r+h16mOAlz27kL+uuAza4Jc9DbI2duQkNgTqvbnbWnk
S/JUCysrijKhS/nmw9LYZRDrI6yAi/oOAPjAE61o6linER8gBM1nHZzh
-----END CERTIFICATE-----
Generated at Fri Apr 11 21:00:11 2025 by rpki-client