Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q32CG3qd7dSYMuHpAelK38-9b5w.roa
File: Q32CG3qd7dSYMuHpAelK38-9b5w.roa (raw, json)
Hash identifier: 3zJ+IdIY5KcVe4AwMgkJ7v/DVCm/nwfyLGeNkbcEmyo=
Subject key identifier: 43:7D:82:1B:7A:9D:ED:D4:98:32:E1:E9:01:E9:4A:DF:CF:BD:6F:9C
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 01942521FCFB965459238D9317AB9E5DE833
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q32CG3qd7dSYMuHpAelK38-9b5w.roa
Signing time: Thu 02 Jan 2025 03:49:31 +0000
ROA not before: Thu 02 Jan 2025 03:49:31 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200237
IP address blocks: 2a06:de01:f0::/48 maxlen: 48
2a06:de01:f1::/48 maxlen: 48
2a06:de01:fd::/48 maxlen: 48
Validation: Failed, certificate revoked on Fri 17 Jan 2025 18:55:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:fc:fb:96:54:59:23:8d:93:17:ab:9e:5d:e8:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Jan 2 03:49:31 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=437d821b7a9dedd49832e1e901e94adfcfbd6f9c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:97:9f:1d:3a:82:e0:57:a7:71:39:b1:7b:0b:
8b:e0:ac:42:b6:fe:82:b2:3d:5a:e9:62:18:e4:9c:
67:7c:9c:06:f5:43:7e:40:de:03:cd:b8:1a:8e:df:
92:f9:68:e4:54:fa:61:83:d2:29:9c:8d:b1:99:85:
69:85:80:7e:d3:89:e7:c9:91:a8:12:09:29:0d:b3:
65:34:06:76:2c:d1:d6:b3:bc:f2:ad:a0:42:b1:4b:
ca:c3:6d:6c:53:31:4d:92:6d:26:42:95:0b:1a:2a:
ea:9b:95:71:c9:4e:d3:10:2c:51:9d:ca:4c:58:15:
f5:a5:1f:aa:a9:c0:6c:ad:ff:00:db:0e:77:17:b4:
56:83:2b:13:7d:5c:0e:8c:5e:f8:2b:b4:8d:1d:9b:
b8:fc:e0:31:c5:33:e8:79:6f:53:35:23:f9:72:72:
18:28:2b:65:fc:ce:ec:ad:70:51:00:ab:f2:12:a5:
9f:d9:f3:35:ac:30:66:f6:3f:fc:40:d6:58:7b:2e:
38:ed:fd:f8:1a:79:a3:38:47:4c:ef:64:d2:5e:cf:
df:65:3c:c9:34:31:92:87:5a:f1:33:07:d4:53:f4:
8b:e6:f3:25:0f:36:3d:fa:8d:bd:ea:59:64:b7:30:
2b:e9:52:97:b1:68:2f:94:20:5a:44:4a:a7:42:d8:
4d:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:7D:82:1B:7A:9D:ED:D4:98:32:E1:E9:01:E9:4A:DF:CF:BD:6F:9C
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q32CG3qd7dSYMuHpAelK38-9b5w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a06:de01:f0::/47
2a06:de01:fd::/48
Signature Algorithm: sha256WithRSAEncryption
8c:ff:3d:f3:3b:78:cc:e5:44:b4:15:04:05:36:74:86:17:2a:
df:85:d3:63:ad:1c:21:ed:11:81:39:d7:aa:1d:a0:d8:1d:9d:
d2:d1:0b:ce:33:d4:a0:b0:fa:0c:a4:02:bb:49:78:4e:d1:57:
fd:7a:57:ef:4f:19:fe:e3:aa:ba:eb:c9:40:e2:bd:2c:d7:df:
60:a3:49:f1:c5:e4:98:39:db:d7:7b:4d:b7:24:4d:d6:f8:38:
00:ac:f7:07:c4:98:72:3f:fe:fc:7f:e1:8b:34:62:ba:8a:6a:
3d:e3:bc:b0:c8:fe:56:42:d2:30:c4:08:d6:b5:30:c0:67:c6:
b1:83:61:49:e3:d1:7d:78:98:85:e3:ed:bd:25:4f:d7:41:d5:
89:ea:59:64:f5:51:e9:8f:8e:69:60:51:5e:b7:28:64:8f:cd:
60:c1:94:dc:e3:5d:24:97:d8:db:f4:b8:3c:0a:d3:9a:b4:b8:
dc:fb:5c:21:e1:0b:03:f3:9d:0e:af:8b:67:02:db:7b:13:7c:
a0:c6:f1:e1:a0:fe:ef:0e:13:c3:72:ea:06:c5:4b:2a:3e:69:
7f:bf:e7:76:33:72:d9:aa:de:e2:61:e8:7a:29:4e:fe:dc:3b:
58:95:0a:4a:4c:f5:38:49:9e:1c:98:4d:4b:6a:5f:5b:06:3e:
0a:02:b5:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIfz7llRZI42TF6ueXegzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzdkODIxYjdhOWRlZGQ0OTgzMmUxZTkwMWU5NGFkZmNmYmQ2ZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxpefHTqC4FencTmxewuL4KxCtv6C
sj1a6WIY5JxnfJwG9UN+QN4Dzbgajt+S+WjkVPphg9IpnI2xmYVphYB+04nnyZGo
EgkpDbNlNAZ2LNHWs7zyraBCsUvKw21sUzFNkm0mQpULGirqm5VxyU7TECxRncpM
WBX1pR+qqcBsrf8A2w53F7RWgysTfVwOjF74K7SNHZu4/OAxxTPoeW9TNSP5cnIY
KCtl/M7srXBRAKvyEqWf2fM1rDBm9j/8QNZYey447f34GnmjOEdM72TSXs/fZTzJ
NDGSh1rxMwfUU/SL5vMlDzY9+o296llktzAr6VKXsWgvlCBaREqnQthNcQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEN9ght6ne3UmDLh6QHpSt/PvW+cMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUTMyQ0czcWQ3ZFNZTXVIcEFlbEszOC05YjV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKgbeAQDw
AwcAKgbeAQD9MA0GCSqGSIb3DQEBCwUAA4IBAQCM/z3zO3jM5US0FQQFNnSGFyrf
hdNjrRwh7RGBOdeqHaDYHZ3S0QvOM9SgsPoMpAK7SXhO0Vf9elfvTxn+46q668lA
4r0s199go0nxxeSYOdvXe023JE3W+DgArPcHxJhyP/78f+GLNGK6imo947ywyP5W
QtIwxAjWtTDAZ8axg2FJ49F9eJiF4+29JU/XQdWJ6llk9VHpj45pYFFetyhkj81g
wZTc410kl9jb9Lg8CtOatLjc+1wh4QsD850Or4tnAtt7E3ygxvHhoP7vDhPDcuoG
xUsqPml/v+d2M3LZqt7iYeh6KU7+3DtYlQpKTPU4SZ4cmE1Lal9bBj4KArXQ
-----END CERTIFICATE-----
Generated at Tue Apr 22 05:08:42 2025 by rpki-client