Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/hpaXRE_0azOU1LKEQkK78GPR-tY.roa
File: hpaXRE_0azOU1LKEQkK78GPR-tY.roa (raw, json)
Hash identifier: 70kD5SfEebFsJSzMJiLMVSM9MeAZbqsUZuTvwJ5UBbE=
Subject key identifier: 86:96:97:44:4F:F4:6B:33:94:D4:B2:84:42:42:BB:F0:63:D1:FA:D6
Certificate issuer: /CN=b05442c4ffe9c1d761e7c569360ead042438f903
Certificate serial: 01957B2559ABF503B3BE44DDF43C2E44B530
Authority key identifier: B0:54:42:C4:FF:E9:C1:D7:61:E7:C5:69:36:0E:AD:04:24:38:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/hpaXRE_0azOU1LKEQkK78GPR-tY.roa
Signing time: Sun 09 Mar 2025 13:43:20 +0000
ROA not before: Sun 09 Mar 2025 13:43:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 50533
IP address blocks: 134.101.64.0/18 maxlen: 18
134.101.64.0/19 maxlen: 19
134.101.64.0/24 maxlen: 24
134.101.126.0/24 maxlen: 24
134.101.127.0/24 maxlen: 24
145.14.224.0/20 maxlen: 20
145.14.224.0/23 maxlen: 23
185.160.248.0/22 maxlen: 22
2a00:17f1::/32 maxlen: 32
Validation: Failed, certificate revoked on Sun 16 Mar 2025 20:28:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:7b:25:59:ab:f5:03:b3:be:44:dd:f4:3c:2e:44:b5:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b05442c4ffe9c1d761e7c569360ead042438f903
Validity
Not Before: Mar 9 13:43:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=869697444ff46b3394d4b2844242bbf063d1fad6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:05:a9:f7:0d:ec:6c:60:82:2e:de:2a:c8:61:
17:73:67:f5:bb:98:dc:71:be:76:94:50:9f:50:19:
60:a1:81:84:02:89:9d:26:b6:6d:2a:98:5e:b8:75:
e3:c8:f4:7c:fa:d7:df:30:31:fa:b3:43:f4:3c:42:
60:e9:c7:22:91:d3:fb:df:4b:c2:55:ee:bf:dc:a9:
a5:a7:2b:b7:91:17:38:39:79:ce:1c:cb:9e:28:da:
8c:8f:e7:00:56:a5:a4:1d:bd:03:ab:03:4a:ef:fe:
9a:78:fb:fb:24:74:bc:42:63:49:5c:70:26:5a:a1:
e8:7e:bd:dc:88:9a:fb:fa:73:6a:54:9a:54:ff:bf:
34:26:85:54:a3:09:ce:72:52:4a:31:39:f2:ae:eb:
dc:ea:25:46:24:e7:ab:18:37:76:26:b9:a0:97:90:
5d:8e:4a:f4:a7:03:7c:f1:05:b2:6b:c6:27:4f:eb:
11:b9:f6:cf:32:15:89:d9:5b:4d:f5:ea:06:1e:9f:
f9:e3:f3:32:c9:2f:65:c5:39:aa:a1:df:b7:ab:94:
b2:b2:11:14:07:18:2e:97:d8:31:26:c2:0f:5d:4e:
e4:98:05:ad:71:8f:92:60:15:7c:32:df:cb:12:42:
45:4d:ed:39:19:dc:8b:e4:2d:b1:95:2c:6e:85:5d:
a6:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:96:97:44:4F:F4:6B:33:94:D4:B2:84:42:42:BB:F0:63:D1:FA:D6
X509v3 Authority Key Identifier:
keyid:B0:54:42:C4:FF:E9:C1:D7:61:E7:C5:69:36:0E:AD:04:24:38:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFRCxP_pwddh58VpNg6tBCQ4-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/hpaXRE_0azOU1LKEQkK78GPR-tY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/4b77e7-347c-49fa-808b-6ed331f31e09/1/sFRCxP_pwddh58VpNg6tBCQ4-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
134.101.64.0/18
145.14.224.0/20
185.160.248.0/22
IPv6:
2a00:17f1::/32
Signature Algorithm: sha256WithRSAEncryption
44:0c:a7:23:3e:98:9d:df:97:72:12:3e:97:c5:bb:d9:c5:4a:
e1:fb:6c:61:03:ba:c2:70:c7:4b:d9:d6:84:e6:a1:31:2f:f5:
65:64:93:17:0a:eb:c2:6f:5f:e6:d5:76:86:46:07:28:b9:e4:
6b:61:2b:87:a4:ac:53:8c:f4:bf:0b:29:28:0a:4b:dc:a7:c0:
c2:36:aa:ac:c5:ad:f3:08:b7:4a:fe:e3:73:fb:3f:ac:8a:2d:
32:b5:83:f9:bf:44:4b:36:cb:50:c1:27:6f:3a:5a:c4:21:4c:
47:4e:8c:e5:e5:a8:2a:34:2e:90:8f:f3:98:e7:a9:80:8a:d2:
91:e4:a9:3f:8c:c3:4f:e7:de:bc:c3:ad:34:4c:95:4f:43:c3:
67:9b:4d:bc:6e:12:39:0b:84:6c:82:de:c0:e5:9b:e0:a5:63:
92:05:f3:25:f1:e1:1d:c4:d8:87:58:67:5c:e7:82:30:be:e5:
fc:fc:cf:ef:bc:4e:55:ce:c1:d1:df:58:b2:98:a5:84:2c:d9:
4d:4a:05:d1:6d:72:52:54:f6:57:17:ba:a8:ce:4c:91:6e:bb:
ac:57:f9:df:d9:b5:10:47:34:88:1a:3d:96:9d:26:db:6f:30:
88:87:ce:c3:c3:5d:31:26:a3:ec:f1:9b:fc:8f:71:93:d2:96:
80:21:aa:62
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZV7JVmr9QOzvkTd9DwuRLUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTQ0MmM0ZmZlOWMxZDc2MWU3YzU2OTM2MGVhZDA0MjQz
OGY5MDMwHhcNMjUwMzA5MTM0MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Njk2OTc0NDRmZjQ2YjMzOTRkNGIyODQ0MjQyYmJmMDYzZDFmYWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QWp9w3sbGCCLt4qyGEXc2f1u5jc
cb52lFCfUBlgoYGEAomdJrZtKpheuHXjyPR8+tffMDH6s0P0PEJg6ccikdP730vC
Ve6/3Kmlpyu3kRc4OXnOHMueKNqMj+cAVqWkHb0DqwNK7/6aePv7JHS8QmNJXHAm
WqHofr3ciJr7+nNqVJpU/780JoVUownOclJKMTnyruvc6iVGJOerGDd2Jrmgl5Bd
jkr0pwN88QWya8YnT+sRufbPMhWJ2VtN9eoGHp/54/MyyS9lxTmqod+3q5SyshEU
Bxgul9gxJsIPXU7kmAWtcY+SYBV8Mt/LEkJFTe05GdyL5C2xlSxuhV2mfwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIaWl0RP9GszlNSyhEJCu/Bj0frWMB8GA1UdIwQY
MBaAFLBUQsT/6cHXYefFaTYOrQQkOPkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZSQ3hQX3B3ZGRoNThWcE5nNnRCQ1E0LVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS80Yjc3ZTctMzQ3Yy00OWZhLTgwOGIt
NmVkMzMxZjMxZTA5LzEvaHBhWFJFXzBhek9VMUxLRVFrSzc4R1BSLXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS80Yjc3ZTctMzQ3Yy00OWZhLTgwOGItNmVkMzMxZjMxZTA5
LzEvc0ZSQ3hQX3B3ZGRoNThWcE5nNnRCQ1E0LVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQGhmVAAwQE
kQ7gAwQCuaD4MA0EAgACMAcDBQAqABfxMA0GCSqGSIb3DQEBCwUAA4IBAQBEDKcj
Ppid35dyEj6XxbvZxUrh+2xhA7rCcMdL2daE5qExL/VlZJMXCuvCb1/m1XaGRgco
ueRrYSuHpKxTjPS/CykoCkvcp8DCNqqsxa3zCLdK/uNz+z+sii0ytYP5v0RLNstQ
wSdvOlrEIUxHTozl5agqNC6Qj/OY56mAitKR5Kk/jMNP5968w600TJVPQ8Nnm028
bhI5C4Rsgt7A5ZvgpWOSBfMl8eEdxNiHWGdc54IwvuX8/M/vvE5VzsHR31iymKWE
LNlNSgXRbXJSVPZXF7qozkyRbrusV/nf2bUQRzSIGj2WnSbbbzCIh87Dw10xJqPs
8Zv8j3GT0paAIapi
-----END CERTIFICATE-----
Generated at Mon Apr 21 04:04:03 2025 by rpki-client