Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/NTg9OXL0K1q6oIphLyEzaDGfQCY.roa
File: NTg9OXL0K1q6oIphLyEzaDGfQCY.roa (raw, json)
Hash identifier: JPGRMPCgNa0qX2FCRDdYUj8vtmsY21KyuXO1oToaMRc=
Subject key identifier: 35:38:3D:39:72:F4:2B:5A:BA:A0:8A:61:2F:21:33:68:31:9F:40:26
Certificate issuer: /CN=935c42857e302feb14017301e43c39fe45e7f629
Certificate serial: 01942143CE6D4D5320A116982750102ECFCB
Authority key identifier: 93:5C:42:85:7E:30:2F:EB:14:01:73:01:E4:3C:39:FE:45:E7:F6:29
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/k1xChX4wL-sUAXMB5Dw5_kXn9ik.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/NTg9OXL0K1q6oIphLyEzaDGfQCY.roa
Signing time: Wed 01 Jan 2025 09:47:59 +0000
ROA not before: Wed 01 Jan 2025 09:47:59 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 34766
IP address blocks: 185.214.24.0/22 maxlen: 22
185.214.24.0/24 maxlen: 24
185.214.25.0/24 maxlen: 24
185.214.26.0/24 maxlen: 24
2a0b:9440::/29 maxlen: 29
Validation: Failed, certificate revoked on Sat 19 Apr 2025 06:31:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:43:ce:6d:4d:53:20:a1:16:98:27:50:10:2e:cf:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=935c42857e302feb14017301e43c39fe45e7f629
Validity
Not Before: Jan 1 09:47:59 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35383d3972f42b5abaa08a612f213368319f4026
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ca:5c:f4:78:e8:42:ab:cc:74:6f:2d:30:08:
8f:7e:c5:62:c4:90:05:c1:06:61:e9:d8:13:d9:1f:
ba:2f:46:78:f0:1c:06:26:60:3e:b7:c5:63:a3:b7:
d7:94:00:c7:c7:be:d5:1e:b9:8a:ed:22:97:7f:13:
01:60:4b:f2:71:a5:e3:70:fd:c8:72:ad:d4:60:77:
64:9d:bf:8a:f0:59:fa:1d:79:3b:79:d6:38:11:53:
e9:07:fa:54:a7:ed:87:f8:af:51:3a:98:ca:3e:60:
68:51:f2:9c:cf:64:6a:91:a1:b6:30:27:29:15:27:
2b:f2:83:20:bb:e2:2c:38:95:0f:e0:c5:ed:36:20:
c7:ca:98:8f:1b:ac:d4:17:be:7a:5b:18:78:1a:60:
f8:d4:c8:34:be:4b:60:0c:c5:d0:e4:42:e9:ec:02:
33:4f:c3:df:a6:9c:40:17:dd:19:89:65:26:f4:fa:
c1:5f:9e:18:11:28:aa:e2:e6:5b:b7:e0:48:86:d5:
79:76:a3:90:2a:9f:2a:a8:58:bb:3a:af:82:9b:ef:
29:0a:15:51:9b:89:1e:be:f0:55:5c:f7:00:65:98:
3f:4f:6e:78:d6:56:c7:23:e9:11:57:f2:dd:f7:06:
cd:a9:8a:b8:de:06:20:f9:e6:8e:0f:5f:c6:4e:2e:
b1:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:38:3D:39:72:F4:2B:5A:BA:A0:8A:61:2F:21:33:68:31:9F:40:26
X509v3 Authority Key Identifier:
keyid:93:5C:42:85:7E:30:2F:EB:14:01:73:01:E4:3C:39:FE:45:E7:F6:29
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k1xChX4wL-sUAXMB5Dw5_kXn9ik.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/NTg9OXL0K1q6oIphLyEzaDGfQCY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/55e529-b839-444f-872d-1bfd10a8845a/1/k1xChX4wL-sUAXMB5Dw5_kXn9ik.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.214.24.0/22
IPv6:
2a0b:9440::/29
Signature Algorithm: sha256WithRSAEncryption
28:1d:3d:c2:5b:32:57:7a:b5:25:e0:09:26:4e:04:04:59:36:
50:22:31:54:7f:d3:a6:36:91:53:f8:0c:d3:6a:a1:cd:28:f3:
82:9e:7b:77:53:86:c9:21:76:99:fb:7d:53:d8:4d:02:f5:4b:
78:53:90:1f:8c:b7:7f:cd:32:ab:13:b1:02:80:49:d3:1b:34:
6f:ce:c8:f4:78:9f:34:49:2e:01:7e:79:49:0a:30:ae:a3:53:
28:6b:1e:ca:17:3b:9a:69:45:6c:7e:10:c1:88:3c:cb:f3:6b:
10:98:ae:ad:06:22:af:fd:e6:e6:fb:2c:ae:bf:f5:2f:2e:86:
8e:f3:ac:e5:9d:0c:60:b2:c4:0c:dd:63:b4:15:33:29:4d:ca:
ec:30:09:9e:39:48:6f:a2:92:bb:a7:44:2c:49:30:a2:08:09:
f9:07:7a:4d:6e:eb:f6:2d:7e:62:9c:b1:08:8a:5b:9c:24:05:
b4:57:7c:f7:9e:e5:8d:70:ae:20:74:bf:f8:6a:dd:f9:99:18:
98:30:81:e2:a0:fd:12:39:2e:24:b0:f8:94:e4:3b:8f:e6:ca:
50:fa:07:25:0a:7f:27:b9:39:24:5b:93:0e:c9:af:90:b6:d7:
f3:7f:62:36:4b:46:1d:10:87:67:0b:a7:a6:12:28:ff:9a:f6:
17:82:47:58
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ85tTVMgoRaYJ1AQLs/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNWM0Mjg1N2UzMDJmZWIxNDAxNzMwMWU0M2MzOWZlNDVl
N2Y2MjkwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTM4M2QzOTcyZjQyYjVhYmFhMDhhNjEyZjIxMzM2ODMxOWY0MDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcpc9HjoQqvMdG8tMAiPfsVixJAF
wQZh6dgT2R+6L0Z48BwGJmA+t8Vjo7fXlADHx77VHrmK7SKXfxMBYEvycaXjcP3I
cq3UYHdknb+K8Fn6HXk7edY4EVPpB/pUp+2H+K9ROpjKPmBoUfKcz2RqkaG2MCcp
FScr8oMgu+IsOJUP4MXtNiDHypiPG6zUF756Wxh4GmD41Mg0vktgDMXQ5ELp7AIz
T8PfppxAF90ZiWUm9PrBX54YESiq4uZbt+BIhtV5dqOQKp8qqFi7Oq+Cm+8pChVR
m4kevvBVXPcAZZg/T2541lbHI+kRV/Ld9wbNqYq43gYg+eaOD1/GTi6xlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDU4PTly9CtauqCKYS8hM2gxn0AmMB8GA1UdIwQY
MBaAFJNcQoV+MC/rFAFzAeQ8Of5F5/YpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazF4Q2hYNHdMLXNVQVhNQjVEdzVfa1huOWlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS81NWU1MjktYjgzOS00NDRmLTg3MmQt
MWJmZDEwYTg4NDVhLzEvTlRnOU9YTDBLMXE2b0lwaEx5RXphREdmUUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS81NWU1MjktYjgzOS00NDRmLTg3MmQtMWJmZDEwYTg4NDVh
LzEvazF4Q2hYNHdMLXNVQVhNQjVEdzVfa1huOWlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudYYMA0E
AgACMAcDBQMqC5RAMA0GCSqGSIb3DQEBCwUAA4IBAQAoHT3CWzJXerUl4AkmTgQE
WTZQIjFUf9OmNpFT+AzTaqHNKPOCnnt3U4bJIXaZ+31T2E0C9Ut4U5AfjLd/zTKr
E7ECgEnTGzRvzsj0eJ80SS4BfnlJCjCuo1Moax7KFzuaaUVsfhDBiDzL82sQmK6t
BiKv/ebm+yyuv/UvLoaO86zlnQxgssQM3WO0FTMpTcrsMAmeOUhvopK7p0QsSTCi
CAn5B3pNbuv2LX5inLEIilucJAW0V3z3nuWNcK4gdL/4at35mRiYMIHioP0SOS4k
sPiU5DuP5spQ+gclCn8nuTkkW5MOya+Qttfzf2I2S0YdEIdnC6emEij/mvYXgkdY
-----END CERTIFICATE-----
Generated at Tue Apr 22 04:07:41 2025 by rpki-client