Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/NznzSb7aKbjUYV52LjCgii7DLjc.roa
File: NznzSb7aKbjUYV52LjCgii7DLjc.roa (raw, json)
Hash identifier: aPQfZSKFxC+5fOz44n93e1srn6iwVi1xDP2I5+cyslY=
Subject key identifier: 37:39:F3:49:BE:DA:29:B8:D4:61:5E:76:2E:30:A0:8A:2E:C3:2E:37
Certificate issuer: /CN=6b423b29a182936b22df8f9826dd583a0059134a
Certificate serial: 018D3AC258E3EA07E1EF1FDF33D8374E7165
Authority key identifier: 6B:42:3B:29:A1:82:93:6B:22:DF:8F:98:26:DD:58:3A:00:59:13:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a0I7KaGCk2si34-YJt1YOgBZE0o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/NznzSb7aKbjUYV52LjCgii7DLjc.roa
Signing time: Wed 24 Jan 2024 09:17:11 +0000
ROA not before: Wed 24 Jan 2024 09:17:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 5089
IP address blocks: 94.101.100.0/24 maxlen: 24
198.205.102.0/24 maxlen: 24
2a0b:eb00::/32 maxlen: 32
Validation: Failed, certificate revoked on Tue 19 Mar 2024 08:57:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3a:c2:58:e3:ea:07:e1:ef:1f:df:33:d8:37:4e:71:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b423b29a182936b22df8f9826dd583a0059134a
Validity
Not Before: Jan 24 09:17:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3739f349beda29b8d4615e762e30a08a2ec32e37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:e2:be:da:80:b9:17:4c:2c:55:92:67:78:61:
90:04:79:dc:5d:71:0e:6d:ea:23:40:32:43:26:fe:
75:5b:61:2a:b4:5f:3b:4a:70:27:94:ae:2e:40:44:
eb:65:e6:66:38:0b:2b:bf:bb:42:a9:a8:d5:d1:3c:
e2:5c:47:15:af:e4:79:df:5e:54:f0:eb:71:c5:9c:
ea:92:4d:bc:f3:ee:22:8e:80:23:61:dd:60:95:d2:
8a:5f:02:d5:e4:e5:2c:87:a0:e1:be:a7:3e:65:47:
ad:04:e9:45:50:6a:3b:86:76:06:40:16:3d:bb:5b:
d0:dc:c0:42:14:76:66:89:ba:2b:77:4d:e5:d4:51:
d0:9a:67:76:3c:2b:5f:2d:85:72:79:45:90:41:38:
39:e9:97:ee:ac:dd:a3:0b:d8:73:cf:10:0a:86:ef:
c1:d8:6a:7f:6d:b3:db:34:2a:f1:13:ce:c2:01:7c:
63:94:70:d8:e1:ee:1e:3c:ad:14:e2:ac:65:e8:49:
9a:a0:6f:16:02:a5:7d:b7:d6:e9:29:01:ab:a3:df:
8b:24:f0:b9:0e:34:e6:a9:96:8b:d9:b1:0c:4b:b4:
f1:a7:29:aa:b3:52:04:32:c1:1f:c6:c0:68:c8:89:
fb:9a:2a:dc:ca:9c:b5:62:53:d9:29:28:be:9c:60:
80:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:39:F3:49:BE:DA:29:B8:D4:61:5E:76:2E:30:A0:8A:2E:C3:2E:37
X509v3 Authority Key Identifier:
keyid:6B:42:3B:29:A1:82:93:6B:22:DF:8F:98:26:DD:58:3A:00:59:13:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0I7KaGCk2si34-YJt1YOgBZE0o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/NznzSb7aKbjUYV52LjCgii7DLjc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/ba0ff0-2be2-4286-a2d7-58a8a33d54a6/1/a0I7KaGCk2si34-YJt1YOgBZE0o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.101.100.0/24
198.205.102.0/24
IPv6:
2a0b:eb00::/32
Signature Algorithm: sha256WithRSAEncryption
7b:8e:2d:cf:92:e2:ae:7a:64:d9:af:fd:04:48:b3:d7:b4:92:
92:24:63:c9:0a:40:d4:e2:d8:cc:31:72:ef:cf:78:f3:04:ba:
29:6b:25:4f:2c:fd:ad:dc:a7:27:55:4f:2b:57:6c:be:4e:b2:
48:6f:4f:1a:fb:be:e7:0b:16:d5:87:e1:4e:43:52:58:0a:7a:
9e:04:e8:5e:73:59:a9:b3:7f:93:fd:8a:45:f4:08:f8:b5:ae:
20:a3:ca:71:c4:af:1d:60:5e:c2:d2:9a:bb:45:ae:b7:df:71:
1a:b1:32:7f:ee:ae:bf:59:42:f4:02:35:30:51:3c:92:01:14:
e6:8a:31:20:26:78:0f:0a:fa:6c:73:26:e9:dd:58:36:18:0e:
7b:45:0c:51:a1:07:f5:6d:dc:3f:8b:b1:69:d9:23:9f:6b:93:
3e:df:f1:c5:64:08:dc:cc:d1:41:88:b0:86:80:69:f5:42:5f:
64:3f:69:2b:78:44:df:73:84:9b:cf:1a:2f:a2:f5:21:d3:57:
6e:a9:fe:08:6f:88:1d:c2:25:df:12:3d:cc:21:a7:33:1a:63:
ea:33:7b:c1:12:00:6c:c9:fb:94:3e:d3:d0:8b:cd:f6:70:ef:
ad:6e:1d:f3:13:b2:b7:28:77:f8:43:71:c9:2a:7d:18:90:d9:
22:76:ed:89
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY06wljj6gfh7x/fM9g3TnFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNDIzYjI5YTE4MjkzNmIyMmRmOGY5ODI2ZGQ1ODNhMDA1
OTEzNGEwHhcNMjQwMTI0MDkxNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzM5ZjM0OWJlZGEyOWI4ZDQ2MTVlNzYyZTMwYTA4YTJlYzMyZTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAneK+2oC5F0wsVZJneGGQBHncXXEO
beojQDJDJv51W2EqtF87SnAnlK4uQETrZeZmOAsrv7tCqajV0TziXEcVr+R5315U
8OtxxZzqkk288+4ijoAjYd1gldKKXwLV5OUsh6Dhvqc+ZUetBOlFUGo7hnYGQBY9
u1vQ3MBCFHZmibord03l1FHQmmd2PCtfLYVyeUWQQTg56ZfurN2jC9hzzxAKhu/B
2Gp/bbPbNCrxE87CAXxjlHDY4e4ePK0U4qxl6EmaoG8WAqV9t9bpKQGro9+LJPC5
DjTmqZaL2bEMS7Txpymqs1IEMsEfxsBoyIn7mircypy1YlPZKSi+nGCA/wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDc580m+2im41GFedi4woIouwy43MB8GA1UdIwQY
MBaAFGtCOymhgpNrIt+PmCbdWDoAWRNKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBJN0thR0NrMnNpMzQtWUp0MVlPZ0JaRTBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9iYTBmZjAtMmJlMi00Mjg2LWEyZDct
NThhOGEzM2Q1NGE2LzEvTnpuelNiN2FLYmpVWVY1MkxqQ2dpaTdETGpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9iYTBmZjAtMmJlMi00Mjg2LWEyZDctNThhOGEzM2Q1NGE2
LzEvYTBJN0thR0NrMnNpMzQtWUp0MVlPZ0JaRTBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAXmVkAwQA
xs1mMA0EAgACMAcDBQAqC+sAMA0GCSqGSIb3DQEBCwUAA4IBAQB7ji3PkuKuemTZ
r/0ESLPXtJKSJGPJCkDU4tjMMXLvz3jzBLopayVPLP2t3KcnVU8rV2y+TrJIb08a
+77nCxbVh+FOQ1JYCnqeBOhec1mps3+T/YpF9Aj4ta4go8pxxK8dYF7C0pq7Ra63
33EasTJ/7q6/WUL0AjUwUTySARTmijEgJngPCvpscybp3Vg2GA57RQxRoQf1bdw/
i7Fp2SOfa5M+3/HFZAjczNFBiLCGgGn1Ql9kP2kreETfc4SbzxovovUh01duqf4I
b4gdwiXfEj3MIaczGmPqM3vBEgBsyfuUPtPQi832cO+tbh3zE7K3KHf4Q3HJKn0Y
kNkidu2J
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:46:00 2025 by rpki-client