Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/QYqbLgad3AdYF4YlQQuW5GaoQ8M.roa
File: QYqbLgad3AdYF4YlQQuW5GaoQ8M.roa (raw, json)
Hash identifier: TJ+s4GaTTXhTUhtcTdBD8w8Hd3Cf9TYxzZq6vUM3p88=
Subject key identifier: 41:8A:9B:2E:06:9D:DC:07:58:17:86:25:41:0B:96:E4:66:A8:43:C3
Certificate issuer: /CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
Certificate serial: 018CC94E6647B29E2B39F6F587263B656950
Authority key identifier: E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/QYqbLgad3AdYF4YlQQuW5GaoQ8M.roa
Signing time: Tue 02 Jan 2024 08:33:27 +0000
ROA not before: Tue 02 Jan 2024 08:33:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48045
IP address blocks: 46.46.64.0/18 maxlen: 18
94.240.128.0/19 maxlen: 24
94.240.128.0/22 maxlen: 22
2a09:65c0::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 22 Apr 2024 07:47:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4e:66:47:b2:9e:2b:39:f6:f5:87:26:3b:65:69:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e5825fbee7c43a29838eabe4fc87d794349c0c80
Validity
Not Before: Jan 2 08:33:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=418a9b2e069ddc0758178625410b96e466a843c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:e4:e8:08:95:2f:c0:03:ba:cc:76:ff:69:63:
cb:e6:e2:e7:cf:18:73:91:9b:40:3b:4e:e3:f9:a6:
05:70:cc:91:0b:06:29:72:04:07:2d:c9:67:c2:bb:
5d:7e:72:a1:7c:2c:00:94:08:3e:bd:64:b9:77:29:
31:40:b7:3f:85:8c:9f:a1:fa:82:bf:1a:2b:3b:e1:
fc:58:50:31:2e:a1:90:a4:67:f1:9c:dc:0d:bc:20:
65:c8:09:f8:a7:72:56:05:f1:1a:de:af:5d:97:93:
b5:d1:50:95:6f:ee:42:89:f4:dc:81:aa:13:a6:d4:
f6:21:85:25:72:97:07:06:1a:ea:b7:9a:e7:9d:40:
76:da:9e:f5:a9:49:ef:95:ab:e6:49:68:96:37:0c:
c7:d8:83:f0:aa:48:36:be:81:e0:01:43:07:4a:c7:
0e:79:0e:fd:a1:8d:48:4a:1f:6e:90:af:81:58:2d:
e9:fe:70:00:23:8a:cb:0f:9f:53:82:48:5e:55:5e:
45:19:fa:88:34:51:23:bd:6e:14:3d:9c:41:71:b2:
79:90:e0:2e:f9:2f:fe:06:0f:1c:00:1e:df:63:49:
c3:52:ef:b8:14:0f:74:c5:b7:17:2a:ff:37:a0:5c:
39:49:8d:cc:61:68:c1:16:0f:69:d0:23:08:22:9d:
3a:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:8A:9B:2E:06:9D:DC:07:58:17:86:25:41:0B:96:E4:66:A8:43:C3
X509v3 Authority Key Identifier:
keyid:E5:82:5F:BE:E7:C4:3A:29:83:8E:AB:E4:FC:87:D7:94:34:9C:0C:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5YJfvufEOimDjqvk_IfXlDScDIA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/QYqbLgad3AdYF4YlQQuW5GaoQ8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/758c96-611d-4167-80cd-041ab302c2f9/1/5YJfvufEOimDjqvk_IfXlDScDIA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.46.64.0/18
94.240.128.0/19
IPv6:
2a09:65c0::/32
Signature Algorithm: sha256WithRSAEncryption
09:6b:5e:58:c1:11:05:ac:7a:6c:a0:8f:7b:2e:0b:30:e4:d1:
12:70:69:79:a7:c4:27:03:1b:e8:f5:3f:75:26:81:4d:f0:17:
44:fc:3c:27:36:78:84:62:3c:40:e4:1e:38:e5:d6:fc:dd:de:
72:9b:10:f5:f7:b8:cd:e6:91:5c:cb:b6:6b:c1:f7:cb:3d:ff:
18:42:0f:44:14:de:e4:8f:cd:87:3c:bc:5f:85:59:2f:74:96:
ce:f0:eb:2c:12:82:48:b8:17:fa:7e:bb:ba:13:05:d3:71:e0:
b1:89:0b:db:21:f7:ce:8c:db:69:78:1c:93:3e:76:8e:4d:11:
42:aa:02:ed:48:4a:de:59:a5:da:57:6b:41:27:e9:c0:fd:79:
93:5e:f8:7d:10:e5:47:b5:ff:48:cb:d0:96:52:80:d6:e5:8f:
f0:05:4a:5f:dc:f7:ed:e7:f5:db:5b:fe:8e:ff:05:b6:c9:8a:
ed:75:d6:07:dc:b3:e1:7c:8c:4d:19:e0:3b:b0:a4:25:e6:c7:
65:22:60:87:8d:ee:f5:cf:28:1a:f9:9c:df:d0:11:ff:33:14:
49:93:a6:03:87:dc:e2:71:14:dc:68:36:d6:5b:97:de:51:8e:
38:ed:8c:96:0d:e4:a5:aa:e2:8a:f2:83:0b:d4:33:d9:61:79:
fe:c0:1d:a1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzJTmZHsp4rOfb1hyY7ZWlQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ODI1ZmJlZTdjNDNhMjk4MzhlYWJlNGZjODdkNzk0MzQ5
YzBjODAwHhcNMjQwMTAyMDgzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MThhOWIyZTA2OWRkYzA3NTgxNzg2MjU0MTBiOTZlNDY2YTg0M2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeToCJUvwAO6zHb/aWPL5uLnzxhz
kZtAO07j+aYFcMyRCwYpcgQHLclnwrtdfnKhfCwAlAg+vWS5dykxQLc/hYyfofqC
vxorO+H8WFAxLqGQpGfxnNwNvCBlyAn4p3JWBfEa3q9dl5O10VCVb+5CifTcgaoT
ptT2IYUlcpcHBhrqt5rnnUB22p71qUnvlavmSWiWNwzH2IPwqkg2voHgAUMHSscO
eQ79oY1ISh9ukK+BWC3p/nAAI4rLD59TgkheVV5FGfqINFEjvW4UPZxBcbJ5kOAu
+S/+Bg8cAB7fY0nDUu+4FA90xbcXKv83oFw5SY3MYWjBFg9p0CMIIp06OQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFEGKmy4GndwHWBeGJUELluRmqEPDMB8GA1UdIwQY
MBaAFOWCX77nxDopg46r5PyH15Q0nAyAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2Qt
MDQxYWIzMDJjMmY5LzEvUVlxYkxnYWQzQWRZRjRZbFFRdVc1R2FvUThNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83NThjOTYtNjExZC00MTY3LTgwY2QtMDQxYWIzMDJjMmY5
LzEvNVlKZnZ1ZkVPaW1EanF2a19JZlhsRFNjRElBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGLi5AAwQF
XvCAMA0EAgACMAcDBQAqCWXAMA0GCSqGSIb3DQEBCwUAA4IBAQAJa15YwREFrHps
oI97Lgsw5NEScGl5p8QnAxvo9T91JoFN8BdE/DwnNniEYjxA5B445db83d5ymxD1
97jN5pFcy7ZrwffLPf8YQg9EFN7kj82HPLxfhVkvdJbO8OssEoJIuBf6fru6EwXT
ceCxiQvbIffOjNtpeByTPnaOTRFCqgLtSEreWaXaV2tBJ+nA/XmTXvh9EOVHtf9I
y9CWUoDW5Y/wBUpf3Pft5/XbW/6O/wW2yYrtddYH3LPhfIxNGeA7sKQl5sdlImCH
je71zyga+Zzf0BH/MxRJk6YDh9zicRTcaDbWW5feUY447YyWDeSlquKK8oML1DPZ
YXn+wB2h
-----END CERTIFICATE-----
Generated at Tue Apr 22 18:43:43 2025 by rpki-client