Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/0NhR5aqtZKyS7qt0qlNagMjymA0.roa
File: 0NhR5aqtZKyS7qt0qlNagMjymA0.roa (raw, json)
Hash identifier: PYatS+aLQ/c82T/auPLupV3zP9xEVd9hidT67UazqzY=
Subject key identifier: D0:D8:51:E5:AA:AD:64:AC:92:EE:AB:74:AA:53:5A:80:C8:F2:98:0D
Certificate issuer: /CN=65a665b90069bd71850602e7400c529793269e39
Certificate serial: 0194A8A18A208CF2AE80DC26CF04C79344AC
Authority key identifier: 65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/0NhR5aqtZKyS7qt0qlNagMjymA0.roa
Signing time: Mon 27 Jan 2025 16:39:06 +0000
ROA not before: Mon 27 Jan 2025 16:39:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 57027
IP address blocks: 2a09:2b80:2::/48 maxlen: 48
2a09:2b80:3::/48 maxlen: 48
2a09:2b80:4::/48 maxlen: 48
2a09:2b80:5::/48 maxlen: 48
2a09:2b80:6::/48 maxlen: 48
2a09:2b80:7::/48 maxlen: 48
2a09:2b80:8::/48 maxlen: 48
2a09:2b80:9::/48 maxlen: 48
Validation: Failed, certificate revoked on Sat 01 Feb 2025 18:02:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:a8:a1:8a:20:8c:f2:ae:80:dc:26:cf:04:c7:93:44:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=65a665b90069bd71850602e7400c529793269e39
Validity
Not Before: Jan 27 16:39:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d0d851e5aaad64ac92eeab74aa535a80c8f2980d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:33:73:40:d2:34:a3:e6:5c:62:fb:f9:26:04:
d3:5b:2f:7c:86:82:fa:60:d7:e2:74:c8:c2:73:99:
1c:23:5d:f7:1f:03:a9:ef:9d:19:a3:d4:34:c7:eb:
72:9b:3e:f8:a8:64:8f:a6:a0:af:40:ad:b2:c8:de:
d2:59:45:47:bb:45:51:5b:b9:66:4a:e4:32:a8:62:
f6:bd:36:5b:41:c1:00:5e:f3:f0:a1:ea:da:62:41:
68:3d:d9:c1:d6:e7:dc:d4:95:b0:1f:0d:5f:93:b8:
23:9d:33:c3:0f:0a:20:0a:c0:b8:31:00:61:26:db:
60:81:76:a3:0e:3e:41:9e:3d:c9:2c:58:e6:fd:12:
72:0b:1c:1d:de:dc:d0:50:e6:07:03:ab:cc:c5:da:
fc:d1:8a:c0:fb:9a:71:2c:8a:72:03:11:29:58:8e:
9e:30:e6:b1:54:93:55:af:ac:f1:49:24:67:38:57:
45:61:7a:33:e0:16:3d:a1:5a:11:30:98:7e:f8:db:
a7:99:03:94:82:39:45:c9:2b:e6:ae:04:28:ff:70:
6b:55:dc:34:54:24:17:85:64:63:75:7c:fe:a6:1d:
2d:ba:21:af:cb:1b:52:c2:4b:67:bf:23:07:89:3d:
35:19:32:1c:1a:3c:cb:bc:2b:44:63:02:55:9a:89:
68:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:D8:51:E5:AA:AD:64:AC:92:EE:AB:74:AA:53:5A:80:C8:F2:98:0D
X509v3 Authority Key Identifier:
keyid:65:A6:65:B9:00:69:BD:71:85:06:02:E7:40:0C:52:97:93:26:9E:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/0NhR5aqtZKyS7qt0qlNagMjymA0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/e6d880-3903-4a11-ba27-c9457ec81151/1/ZaZluQBpvXGFBgLnQAxSl5Mmnjk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:2b80:2::-2a09:2b80:9:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
0b:b3:38:a9:70:5d:f7:8f:ed:45:d9:b7:12:9b:5b:94:a8:8c:
d4:05:66:df:0e:a2:13:bb:a6:f9:98:e6:6e:80:58:8c:a0:3c:
68:e3:ec:b3:28:10:66:ec:2b:02:99:44:02:ee:f8:74:88:47:
99:3c:71:bd:24:fd:3f:85:22:aa:3e:af:2c:50:8f:7e:d1:7e:
62:96:89:f2:a6:1a:4d:15:2c:0b:ac:1a:2f:cb:25:56:cd:88:
96:4e:26:12:a3:31:5a:ce:36:43:ef:0b:17:77:05:c8:82:ea:
c1:97:64:6d:c7:34:02:d5:c0:fa:09:b1:24:45:3b:67:e8:f2:
31:44:bc:70:99:15:22:0d:c9:0c:3c:ef:09:96:b3:6b:01:b2:
b8:47:88:c6:81:69:da:0e:5f:6e:4b:c1:c9:b6:a2:68:6b:09:
05:69:6c:35:1c:1d:d6:65:a7:b3:8c:08:db:a3:bb:0c:17:02:
b8:05:a2:40:f8:61:58:07:31:c1:94:8b:dc:72:50:df:cc:ac:
81:b3:44:85:15:6d:84:e3:45:f0:20:35:48:01:01:03:f1:de:
e4:43:da:a6:44:24:2e:99:62:b1:03:68:2f:23:aa:d0:21:0c:
6c:e9:13:7b:32:6d:b5:f9:83:e4:72:73:77:22:31:94:07:d8:
7f:86:c0:ee
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZSooYogjPKugNwmzwTHk0SsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YTY2NWI5MDA2OWJkNzE4NTA2MDJlNzQwMGM1Mjk3OTMy
NjllMzkwHhcNMjUwMTI3MTYzOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGQ4NTFlNWFhYWQ2NGFjOTJlZWFiNzRhYTUzNWE4MGM4ZjI5ODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjNzQNI0o+ZcYvv5JgTTWy98hoL6
YNfidMjCc5kcI133HwOp750Zo9Q0x+tymz74qGSPpqCvQK2yyN7SWUVHu0VRW7lm
SuQyqGL2vTZbQcEAXvPwoeraYkFoPdnB1ufc1JWwHw1fk7gjnTPDDwogCsC4MQBh
JttggXajDj5Bnj3JLFjm/RJyCxwd3tzQUOYHA6vMxdr80YrA+5pxLIpyAxEpWI6e
MOaxVJNVr6zxSSRnOFdFYXoz4BY9oVoRMJh++NunmQOUgjlFySvmrgQo/3BrVdw0
VCQXhWRjdXz+ph0tuiGvyxtSwktnvyMHiT01GTIcGjzLvCtEYwJVmolofwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFNDYUeWqrWSsku6rdKpTWoDI8pgNMB8GA1UdIwQY
MBaAFGWmZbkAab1xhQYC50AMUpeTJp45MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjct
Yzk0NTdlYzgxMTUxLzEvME5oUjVhcXRaS3lTN3F0MHFsTmFnTWp5bUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lNmQ4ODAtMzkwMy00YTExLWJhMjctYzk0NTdlYzgxMTUx
LzEvWmFabHVRQnB2WEdGQmdMblFBeFNsNU1tbmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwEqCSuA
AAIDBwEqCSuAAAgwDQYJKoZIhvcNAQELBQADggEBAAuzOKlwXfeP7UXZtxKbW5So
jNQFZt8OohO7pvmY5m6AWIygPGjj7LMoEGbsKwKZRALu+HSIR5k8cb0k/T+FIqo+
ryxQj37RfmKWifKmGk0VLAusGi/LJVbNiJZOJhKjMVrONkPvCxd3BciC6sGXZG3H
NALVwPoJsSRFO2fo8jFEvHCZFSINyQw87wmWs2sBsrhHiMaBadoOX25Lwcm2omhr
CQVpbDUcHdZlp7OMCNujuwwXArgFokD4YVgHMcGUi9xyUN/MrIGzRIUVbYTjRfAg
NUgBAQPx3uRD2qZEJC6ZYrEDaC8jqtAhDGzpE3sybbX5g+Ryc3ciMZQH2H+GwO4=
-----END CERTIFICATE-----
Generated at Tue Apr 8 18:00:06 2025 by rpki-client