Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/NH7Q-GkSSe-JI4WpKy3ObSAIPnY.roa
File: NH7Q-GkSSe-JI4WpKy3ObSAIPnY.roa (raw, json)
Hash identifier: 4yXzMifE4ikZsK3z81G0Bet/aht7oP2Xs7sqd3MPMI4=
Subject key identifier: 34:7E:D0:F8:69:12:49:EF:89:23:85:A9:2B:2D:CE:6D:20:08:3E:76
Certificate issuer: /CN=a7d78de0234e6f99701592f536e45f5f5594eec3
Certificate serial: 018E9E9E678D0A5944B6E16FB3E3071E70DD
Authority key identifier: A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/NH7Q-GkSSe-JI4WpKy3ObSAIPnY.roa
Signing time: Tue 02 Apr 2024 11:42:45 +0000
ROA not before: Tue 02 Apr 2024 11:42:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207348
IP address blocks: 45.142.8.0/22 maxlen: 24
85.222.168.0/22 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 03:47:53 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:9e:9e:67:8d:0a:59:44:b6:e1:6f:b3:e3:07:1e:70:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a7d78de0234e6f99701592f536e45f5f5594eec3
Validity
Not Before: Apr 2 11:42:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=347ed0f8691249ef892385a92b2dce6d20083e76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:f7:61:37:d8:03:e3:2c:e8:5a:f7:79:02:ab:
8a:30:79:6d:39:1b:3e:c7:45:0b:7a:38:6c:7d:93:
a1:67:cb:80:54:5a:6b:ab:3e:35:80:12:39:1e:cd:
54:47:9e:6f:d9:5d:03:b6:21:7a:db:ba:37:48:b9:
a6:cd:ad:4c:c8:7a:c5:fd:08:06:94:56:1a:96:68:
17:8f:9f:08:11:5c:cc:f3:09:af:86:5f:8c:00:89:
61:17:fa:43:e8:8b:77:ba:42:0b:2d:31:6b:5f:67:
ba:e9:bf:2f:41:f6:df:5c:d1:44:3d:8e:a0:00:76:
c4:fd:4b:da:56:4e:e8:b2:ce:e0:57:b6:b7:2f:18:
c5:c5:25:18:46:38:73:34:84:55:34:8f:03:17:34:
7f:a4:65:9d:73:8f:36:4a:9e:2d:88:8d:cd:76:e4:
32:2b:87:7e:2c:80:d4:d8:17:92:35:cf:6d:92:79:
e3:15:1c:aa:1c:e9:cf:7e:9e:2b:12:81:f0:a9:ee:
49:97:d4:36:cc:9b:28:a5:1a:13:4c:03:db:8c:7b:
e9:62:f5:b6:7e:01:ea:d8:11:5c:9b:29:d2:cf:b6:
f5:c3:51:7e:aa:61:c4:21:61:5c:11:60:a4:d9:39:
2e:e2:65:05:09:61:a5:0d:f3:be:b8:ac:7e:7f:95:
aa:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:7E:D0:F8:69:12:49:EF:89:23:85:A9:2B:2D:CE:6D:20:08:3E:76
X509v3 Authority Key Identifier:
keyid:A7:D7:8D:E0:23:4E:6F:99:70:15:92:F5:36:E4:5F:5F:55:94:EE:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p9eN4CNOb5lwFZL1NuRfX1WU7sM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/NH7Q-GkSSe-JI4WpKy3ObSAIPnY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/43/31aaba-ac7e-489f-877c-28d5b607a47f/1/p9eN4CNOb5lwFZL1NuRfX1WU7sM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.142.8.0/22
85.222.168.0/22
Signature Algorithm: sha256WithRSAEncryption
7d:a0:85:36:b8:7f:90:21:06:61:6a:9b:79:8c:97:cf:2d:4a:
d1:12:37:0f:89:52:1b:14:11:f6:8e:97:1b:b1:b8:00:e8:03:
b0:7e:c5:af:cf:fc:be:f5:ad:94:0b:b4:dc:f6:e5:aa:5f:8b:
df:b9:38:0b:4b:73:ff:10:10:3f:ba:0d:6a:49:b1:84:25:e2:
aa:14:c3:f3:3f:ec:0e:c9:4f:63:c1:1d:cd:86:75:c4:56:ee:
db:98:86:6c:76:3a:75:b3:bd:8b:a6:4c:42:91:02:fe:78:5e:
1d:e6:6d:32:dc:df:8c:c4:33:76:d0:e6:1c:78:85:35:b8:fa:
cf:95:79:e2:7c:89:62:14:40:37:84:fe:43:81:2c:63:07:05:
58:2f:fd:ed:d9:ea:1f:1d:30:e2:fa:2e:52:66:ef:3d:a5:18:
21:c1:bb:e0:25:4e:f7:a9:c2:b9:da:18:fe:3a:6f:3a:3e:bc:
3f:d2:20:c4:3e:0f:bc:c5:de:8d:33:7c:49:16:2b:96:91:eb:
2d:87:84:b0:57:36:c2:60:36:3b:9a:f7:a1:ea:3c:23:f3:89:
6e:a2:84:6d:a4:ac:4d:6e:2b:48:f9:18:1f:3e:03:8c:4f:64:
27:b1:f7:69:e8:57:34:29:ba:e6:08:c3:1f:57:e2:a5:d6:33:
f5:52:84:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY6enmeNCllEtuFvs+MHHnDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZDc4ZGUwMjM0ZTZmOTk3MDE1OTJmNTM2ZTQ1ZjVmNTU5
NGVlYzMwHhcNMjQwNDAyMTE0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDdlZDBmODY5MTI0OWVmODkyMzg1YTkyYjJkY2U2ZDIwMDgzZTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvdhN9gD4yzoWvd5AquKMHltORs+
x0ULejhsfZOhZ8uAVFprqz41gBI5Hs1UR55v2V0DtiF627o3SLmmza1MyHrF/QgG
lFYalmgXj58IEVzM8wmvhl+MAIlhF/pD6It3ukILLTFrX2e66b8vQfbfXNFEPY6g
AHbE/UvaVk7oss7gV7a3LxjFxSUYRjhzNIRVNI8DFzR/pGWdc482Sp4tiI3NduQy
K4d+LIDU2BeSNc9tknnjFRyqHOnPfp4rEoHwqe5Jl9Q2zJsopRoTTAPbjHvpYvW2
fgHq2BFcmynSz7b1w1F+qmHEIWFcEWCk2Tku4mUFCWGlDfO+uKx+f5WqjQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDR+0PhpEknviSOFqSstzm0gCD52MB8GA1UdIwQY
MBaAFKfXjeAjTm+ZcBWS9TbkX19VlO7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDllTjRDTk9iNWx3RlpMMU51UmZYMVdVN3NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My8zMWFhYmEtYWM3ZS00ODlmLTg3N2Mt
MjhkNWI2MDdhNDdmLzEvTkg3US1Ha1NTZS1KSTRXcEt5M09iU0FJUG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My8zMWFhYmEtYWM3ZS00ODlmLTg3N2MtMjhkNWI2MDdhNDdm
LzEvcDllTjRDTk9iNWx3RlpMMU51UmZYMVdVN3NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLY4IAwQC
Vd6oMA0GCSqGSIb3DQEBCwUAA4IBAQB9oIU2uH+QIQZhapt5jJfPLUrREjcPiVIb
FBH2jpcbsbgA6AOwfsWvz/y+9a2UC7Tc9uWqX4vfuTgLS3P/EBA/ug1qSbGEJeKq
FMPzP+wOyU9jwR3NhnXEVu7bmIZsdjp1s72LpkxCkQL+eF4d5m0y3N+MxDN20OYc
eIU1uPrPlXnifIliFEA3hP5DgSxjBwVYL/3t2eofHTDi+i5SZu89pRghwbvgJU73
qcK52hj+Om86Prw/0iDEPg+8xd6NM3xJFiuWkesth4SwVzbCYDY7mveh6jwj84lu
ooRtpKxNbitI+RgfPgOMT2Qnsfdp6Fc0KbrmCMMfV+Kl1jP1UoTB
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:19:23 2025 by rpki-client