Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/2F7-kRsYmBDcrKClbKSu24pA4ik.roa
File: 2F7-kRsYmBDcrKClbKSu24pA4ik.roa (raw, json)
Hash identifier: jYRxSf3FI0oGBU2pL9yKL/VZdn6Hdbqs+FtlqNIxXyg=
Subject key identifier: D8:5E:FE:91:1B:18:98:10:DC:AC:A0:A5:6C:A4:AE:DB:8A:40:E2:29
Certificate issuer: /CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Certificate serial: 01930AB394D4666583F11F0FE0BB921C2BBC
Authority key identifier: 45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/2F7-kRsYmBDcrKClbKSu24pA4ik.roa
Signing time: Fri 08 Nov 2024 07:36:01 +0000
ROA not before: Fri 08 Nov 2024 07:36:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35590
IP address blocks: 178.239.37.0/24 maxlen: 24
178.239.38.0/24 maxlen: 24
178.239.39.0/24 maxlen: 24
2a09:3fc0::/29 maxlen: 29
Validation: Failed, certificate revoked on Thu 02 Jan 2025 09:49:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:0a:b3:94:d4:66:65:83:f1:1f:0f:e0:bb:92:1c:2b:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=45f9e32ff6af3d5e5d77bdbb98da37d0b8e44519
Validity
Not Before: Nov 8 07:36:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d85efe911b189810dcaca0a56ca4aedb8a40e229
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:02:d9:a0:d5:f6:35:2c:9d:61:f6:eb:ef:05:
f8:d1:d5:84:4d:1c:69:81:2f:17:31:a3:50:8e:55:
05:35:4f:40:3e:15:98:b3:3a:54:7f:92:9a:21:3e:
1f:3d:02:5f:27:09:2d:99:46:fe:99:c6:33:89:f8:
e6:fb:af:1a:85:97:ea:3b:58:06:f3:46:4c:de:13:
92:e4:1c:2c:26:4e:2d:44:93:82:33:e1:ba:da:3c:
23:57:b2:56:87:44:d4:84:64:b6:aa:de:86:57:0d:
0d:ed:f5:ad:43:55:49:df:00:55:ae:0d:7d:f5:a4:
f6:c4:00:9e:f6:f7:0b:fa:65:7f:80:fa:d5:81:b6:
ab:23:78:3e:37:4c:80:cf:e2:1c:81:8a:cf:cc:ed:
ce:e2:01:e5:8c:bf:27:12:a2:b1:0c:03:7f:a3:3f:
42:14:ca:a6:a6:02:09:0b:d8:76:17:c2:fc:5c:28:
28:7b:32:31:bf:12:21:76:07:ee:9b:f9:ec:9c:4f:
ef:c5:66:32:d9:c0:e3:81:12:a4:7b:89:ba:48:b3:
d9:15:7a:4e:3b:c6:7c:94:ce:71:79:f2:39:c1:17:
11:c1:0e:25:25:66:8f:43:35:35:2d:aa:1a:13:7b:
76:18:9f:14:eb:2d:7e:eb:fe:97:78:2d:c0:1f:7f:
d7:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:5E:FE:91:1B:18:98:10:DC:AC:A0:A5:6C:A4:AE:DB:8A:40:E2:29
X509v3 Authority Key Identifier:
keyid:45:F9:E3:2F:F6:AF:3D:5E:5D:77:BD:BB:98:DA:37:D0:B8:E4:45:19
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RfnjL_avPV5dd727mNo30LjkRRk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/2F7-kRsYmBDcrKClbKSu24pA4ik.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/9def08-7552-4b5a-966f-8ee0a12a359b/1/RfnjL_avPV5dd727mNo30LjkRRk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.239.37.0-178.239.39.255
IPv6:
2a09:3fc0::/29
Signature Algorithm: sha256WithRSAEncryption
06:00:8b:19:59:71:aa:b1:c7:a0:63:ca:b4:67:8a:89:8a:28:
b8:ee:3f:5c:0c:1f:16:06:52:65:63:55:05:f9:aa:c5:79:27:
23:b8:d7:3d:84:fa:9d:30:e9:e4:b9:2a:78:8c:8e:32:72:c4:
2f:79:8a:32:0d:f8:22:d3:4f:84:56:72:cf:b8:8e:ac:75:43:
c7:6e:45:ac:b8:57:ac:18:ed:a5:5d:e1:c6:9c:30:bf:42:b8:
a2:e5:12:0e:ac:ad:fb:1d:8d:6e:0d:c1:71:85:29:8c:6c:53:
46:fd:7e:7e:ba:18:9a:09:3c:81:99:41:90:af:98:64:a3:51:
89:fb:31:9f:81:b1:0a:e4:fc:d8:6f:9a:a6:6c:3f:10:13:24:
a1:07:29:03:46:91:7f:69:94:f1:d5:0a:9a:d7:f9:7f:bb:55:
98:15:32:66:df:bd:c3:9c:15:2c:e3:d5:44:eb:de:0e:7e:11:
50:d2:15:fd:78:69:d3:0b:5a:f7:bd:30:12:86:d0:6f:8e:79:
73:6a:a1:22:d7:db:92:fc:48:1d:56:a2:59:4a:a5:b7:6a:77:
39:d9:8e:29:b1:9f:ce:4e:e3:40:b6:e2:f9:62:33:22:b5:e1:
5d:10:2c:49:7e:3d:ba:09:cb:ae:93:fa:e7:7a:0f:59:bf:99:
8c:a2:93:34
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZMKs5TUZmWD8R8P4LuSHCu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZjllMzJmZjZhZjNkNWU1ZDc3YmRiYjk4ZGEzN2QwYjhl
NDQ1MTkwHhcNMjQxMTA4MDczNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODVlZmU5MTFiMTg5ODEwZGNhY2EwYTU2Y2E0YWVkYjhhNDBlMjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQLZoNX2NSydYfbr7wX40dWETRxp
gS8XMaNQjlUFNU9APhWYszpUf5KaIT4fPQJfJwktmUb+mcYzifjm+68ahZfqO1gG
80ZM3hOS5BwsJk4tRJOCM+G62jwjV7JWh0TUhGS2qt6GVw0N7fWtQ1VJ3wBVrg19
9aT2xACe9vcL+mV/gPrVgbarI3g+N0yAz+IcgYrPzO3O4gHljL8nEqKxDAN/oz9C
FMqmpgIJC9h2F8L8XCgoezIxvxIhdgfum/nsnE/vxWYy2cDjgRKke4m6SLPZFXpO
O8Z8lM5xefI5wRcRwQ4lJWaPQzU1LaoaE3t2GJ8U6y1+6/6XeC3AH3/XgwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNhe/pEbGJgQ3KygpWykrtuKQOIpMB8GA1UdIwQY
MBaAFEX54y/2rz1eXXe9u5jaN9C45EUZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYt
OGVlMGExMmEzNTliLzEvMkY3LWtSc1ltQkRjcktDbGJLU3UyNHBBNGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC85ZGVmMDgtNzU1Mi00YjVhLTk2NmYtOGVlMGExMmEzNTli
LzEvUmZuakxfYXZQVjVkZDcyN21ObzMwTGprUlJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBACy7yUD
BAOy7yAwDQQCAAIwBwMFAyoJP8AwDQYJKoZIhvcNAQELBQADggEBAAYAixlZcaqx
x6BjyrRniomKKLjuP1wMHxYGUmVjVQX5qsV5JyO41z2E+p0w6eS5KniMjjJyxC95
ijIN+CLTT4RWcs+4jqx1Q8duRay4V6wY7aVd4cacML9CuKLlEg6srfsdjW4NwXGF
KYxsU0b9fn66GJoJPIGZQZCvmGSjUYn7MZ+BsQrk/NhvmqZsPxATJKEHKQNGkX9p
lPHVCprX+X+7VZgVMmbfvcOcFSzj1UTr3g5+EVDSFf14adMLWve9MBKG0G+OeXNq
oSLX25L8SB1WollKpbdqdznZjimxn85O40C24vliMyK14V0QLEl+PboJy66T+ud6
D1m/mYyikzQ=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:11:33 2025 by rpki-client