Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/PZruzG5HSipCA8QM6idVJLvPQd4.roa
File: PZruzG5HSipCA8QM6idVJLvPQd4.roa (raw, json)
Hash identifier: qGaFS+XPjw5WuWdLceDum2gsmRgyAUof3ZYZ+OylMxw=
Subject key identifier: 3D:9A:EE:CC:6E:47:4A:2A:42:03:C4:0C:EA:27:55:24:BB:CF:41:DE
Certificate issuer: /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial: 01951D6489991D7CB187A56D54E1D36354B3
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/PZruzG5HSipCA8QM6idVJLvPQd4.roa
Signing time: Wed 19 Feb 2025 08:48:02 +0000
ROA not before: Wed 19 Feb 2025 08:48:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215245
IP address blocks: 46.247.108.0/24 maxlen: 24
46.247.109.0/24 maxlen: 24
62.169.152.0/24 maxlen: 24
86.54.5.0/24 maxlen: 24
185.144.70.0/24 maxlen: 24
185.144.71.0/24 maxlen: 24
194.46.60.0/24 maxlen: 24
194.117.225.0/24 maxlen: 24
2a14:6780:4::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 17 Mar 2025 11:52:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:1d:64:89:99:1d:7c:b1:87:a5:6d:54:e1:d3:63:54:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Validity
Not Before: Feb 19 08:48:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3d9aeecc6e474a2a4203c40cea275524bbcf41de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f5:3a:65:1d:8a:18:96:ff:f7:0f:60:6b:9d:39:
7e:97:95:f4:ed:39:c1:e7:c7:db:0d:82:a0:62:aa:
92:3b:aa:36:c3:53:73:88:00:c0:3e:73:a6:11:8e:
c2:ce:cf:23:cd:81:5d:6a:a7:95:e0:e3:9d:df:9d:
13:ab:78:4e:d7:60:96:d8:13:1e:81:1f:8b:6e:2a:
a5:c5:42:04:50:f4:26:a1:b2:50:d9:f5:15:74:02:
d2:6f:ac:0d:c4:b2:27:37:11:88:a7:a9:96:a4:ad:
5d:1f:08:1f:49:38:5b:0c:8c:ce:c8:4b:11:a1:56:
a5:d6:54:3e:31:82:58:2f:35:d7:7c:26:0a:d6:eb:
ef:e6:24:d7:cb:5c:bc:aa:9a:3b:4f:c4:49:06:6c:
93:df:13:ff:da:c6:9d:02:55:9b:9a:5e:43:05:63:
07:0b:5f:64:08:1c:80:31:15:d0:23:a4:2f:7f:2b:
80:59:13:d5:83:af:ce:0a:09:a2:e5:b2:7b:2c:5f:
86:8d:53:fc:8e:5e:86:3a:b0:3f:92:95:c7:35:65:
ef:75:ef:88:d1:45:82:8c:37:57:8a:81:08:24:62:
83:31:89:4e:56:e0:b3:21:7b:8b:11:4e:99:de:c6:
41:ae:49:cf:2d:0c:d9:32:d0:a7:d3:1e:df:a7:4d:
de:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:9A:EE:CC:6E:47:4A:2A:42:03:C4:0C:EA:27:55:24:BB:CF:41:DE
X509v3 Authority Key Identifier:
keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/PZruzG5HSipCA8QM6idVJLvPQd4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.247.108.0/23
62.169.152.0/24
86.54.5.0/24
185.144.70.0/23
194.46.60.0/24
194.117.225.0/24
IPv6:
2a14:6780:4::/48
Signature Algorithm: sha256WithRSAEncryption
50:bd:47:de:78:01:5b:fc:73:c4:ac:46:39:f5:00:38:68:76:
e5:8b:6a:5d:a3:9d:56:6e:02:18:00:1b:c6:0b:17:64:2d:b1:
a6:a0:32:b6:fe:9d:9b:4c:87:c2:c6:ad:f9:d1:24:89:c2:6a:
29:ca:de:0d:3b:50:31:b0:c4:c7:b6:9c:ca:a1:a1:9c:41:cb:
9e:b1:ee:9c:6f:a4:13:a0:99:86:72:59:2c:73:8f:ca:c4:00:
b2:bb:87:c7:76:9e:d0:f5:4c:72:99:04:14:89:54:cc:fa:b7:
7d:26:8b:b2:41:75:59:32:6c:41:34:61:41:da:e1:2d:b6:7e:
96:87:90:a2:b6:ea:e6:ec:9f:3b:49:a0:71:a6:30:b1:f2:73:
47:d0:a9:f8:4b:99:ad:2b:9e:48:3c:ee:c2:ce:a6:b0:ae:94:
e1:4e:0e:cb:8e:8d:8f:55:48:44:1a:2f:1c:e5:b3:3c:49:55:
2c:9f:ea:ee:36:94:78:a0:13:06:d8:c7:2e:c2:7c:07:28:41:
ba:01:80:fc:88:f4:b5:90:97:e3:6e:53:cc:55:8c:1a:2d:d0:
ac:aa:19:6c:84:1b:02:89:0a:11:eb:25:61:34:4c:e4:df:45:
72:0e:81:83:91:f8:bf:04:df:3a:39:a8:ab:0c:58:a1:67:f1:
f6:72:eb:55
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAZUdZImZHXyxh6VtVOHTY1SzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUwMjE5MDg0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDlhZWVjYzZlNDc0YTJhNDIwM2M0MGNlYTI3NTUyNGJiY2Y0MWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9TplHYoYlv/3D2BrnTl+l5X07TnB
58fbDYKgYqqSO6o2w1NziADAPnOmEY7Czs8jzYFdaqeV4OOd350Tq3hO12CW2BMe
gR+LbiqlxUIEUPQmobJQ2fUVdALSb6wNxLInNxGIp6mWpK1dHwgfSThbDIzOyEsR
oVal1lQ+MYJYLzXXfCYK1uvv5iTXy1y8qpo7T8RJBmyT3xP/2sadAlWbml5DBWMH
C19kCByAMRXQI6QvfyuAWRPVg6/OCgmi5bJ7LF+GjVP8jl6GOrA/kpXHNWXvde+I
0UWCjDdXioEIJGKDMYlOVuCzIXuLEU6Z3sZBrknPLQzZMtCn0x7fp03eGwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFD2a7sxuR0oqQgPEDOonVSS7z0HeMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvUFpydXpHNUhTaXBDQThRTTZpZFZKTHZQUWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAqBAIAATAkAwQBLvdsAwQA
PqmYAwQAVjYFAwQBuZBGAwQAwi48AwQAwnXhMA8EAgACMAkDBwAqFGeAAAQwDQYJ
KoZIhvcNAQELBQADggEBAFC9R954AVv8c8SsRjn1ADhoduWLal2jnVZuAhgAG8YL
F2QtsaagMrb+nZtMh8LGrfnRJInCainK3g07UDGwxMe2nMqhoZxBy56x7pxvpBOg
mYZyWSxzj8rEALK7h8d2ntD1THKZBBSJVMz6t30mi7JBdVkybEE0YUHa4S22fpaH
kKK26ubsnztJoHGmMLHyc0fQqfhLma0rnkg87sLOprCulOFODsuOjY9VSEQaLxzl
szxJVSyf6u42lHigEwbYxy7CfAcoQboBgPyI9LWQl+NuU8xVjBot0KyqGWyEGwKJ
ChHrJWE0TOTfRXIOgYOR+L8E3zo5qKsMWKFn8fZy61U=
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:32:31 2025 by rpki-client