Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/XF4YHUxkSpm1Al1sQ_CuDTD9hoE.roa
File: XF4YHUxkSpm1Al1sQ_CuDTD9hoE.roa (raw, json)
Hash identifier: Z951Er3xaNrNEdvJoN6wBrOSq5DIAJZeaLgYiJTg4Xo=
Subject key identifier: 5C:5E:18:1D:4C:64:4A:99:B5:02:5D:6C:43:F0:AE:0D:30:FD:86:81
Certificate issuer: /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial: 018F390FA0FCDDA0F67282EBA5E654786306
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/XF4YHUxkSpm1Al1sQ_CuDTD9hoE.roa
Signing time: Thu 02 May 2024 11:27:56 +0000
ROA not before: Thu 02 May 2024 11:27:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209236
IP address blocks: 171.25.128.0/21 maxlen: 21
193.221.28.0/24 maxlen: 24
193.221.36.0/24 maxlen: 24
193.221.37.0/24 maxlen: 24
193.221.38.0/24 maxlen: 24
193.221.47.0/24 maxlen: 24
193.221.52.0/24 maxlen: 24
193.221.53.0/24 maxlen: 24
193.221.59.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 11 Nov 2024 08:23:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:39:0f:a0:fc:dd:a0:f6:72:82:eb:a5:e6:54:78:63:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Validity
Not Before: May 2 11:27:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5c5e181d4c644a99b5025d6c43f0ae0d30fd8681
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:88:7a:8d:72:8e:be:4a:2b:46:1a:a0:b4:ff:
84:7d:1d:fc:dc:d6:9b:e8:89:e5:b5:81:20:03:1d:
6c:ee:50:19:bf:b1:74:67:bd:97:5f:d0:67:71:f8:
b0:d7:11:5f:e5:cd:91:7e:f0:0b:6d:bf:51:c3:7f:
6b:8a:8c:7d:ec:b5:93:63:03:8b:98:52:82:3b:70:
d9:8d:7e:28:eb:43:6c:5a:e0:8f:e7:b2:af:83:8c:
0c:eb:7b:bf:0f:bb:f2:8d:6a:a4:7a:ef:78:95:a5:
5c:da:a3:bd:95:a9:87:71:2e:bf:0d:10:12:be:ba:
0f:86:83:a4:7b:65:c1:f2:04:f5:fd:12:a7:29:d2:
5b:09:09:71:ee:b2:8e:ad:86:fd:f6:e8:3a:d6:8c:
36:d4:c1:98:ec:f1:d3:85:31:ee:a5:36:9e:9d:d8:
52:42:70:64:e6:88:70:d8:fe:b1:ac:31:b4:2d:91:
c0:69:8d:48:2a:66:6a:c1:89:b3:2d:0a:45:73:6b:
20:b9:4f:5f:ed:a2:38:df:2f:67:3b:dd:7c:bd:95:
ad:ac:c0:85:42:ba:a0:60:25:25:d0:52:f7:7d:0b:
14:5e:46:c9:b1:ba:80:b5:64:c1:0a:5d:24:f8:7f:
74:ca:7d:ff:79:c8:34:bb:46:c8:64:2a:af:2a:b3:
dc:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:5E:18:1D:4C:64:4A:99:B5:02:5D:6C:43:F0:AE:0D:30:FD:86:81
X509v3 Authority Key Identifier:
keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/XF4YHUxkSpm1Al1sQ_CuDTD9hoE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.25.128.0/21
193.221.28.0/24
193.221.36.0-193.221.38.255
193.221.47.0/24
193.221.52.0/23
193.221.59.0/24
Signature Algorithm: sha256WithRSAEncryption
50:8c:93:ef:51:d2:98:67:a9:53:ac:7a:3e:75:3f:58:9e:b0:
a0:99:83:a4:7c:21:1d:9d:4d:13:3d:2b:c9:6e:ee:86:00:f5:
d3:fa:d5:64:28:a7:73:c1:6e:0e:55:fb:88:5d:44:ea:03:a5:
ef:df:42:ee:d7:25:fc:69:7d:f3:4f:ec:2b:67:97:31:73:3a:
b8:98:ce:90:a7:30:cf:ba:df:f2:55:1c:78:35:96:9a:5f:9d:
57:88:ab:44:a5:4e:12:25:77:82:a3:12:c8:3f:23:b3:be:23:
8f:15:1b:69:3e:e6:8c:07:d9:cf:df:d8:7a:19:40:3c:8c:13:
7b:28:64:d7:e4:15:00:e0:4c:38:18:cf:1e:3e:e5:1f:19:ad:
26:e6:30:26:27:c6:7b:b9:c7:c0:a3:d0:2e:7a:22:1a:1d:a6:
bf:2c:fc:c8:a3:83:e8:66:3d:15:34:55:ac:66:f0:20:63:c5:
8a:1b:f7:f9:07:af:5c:f1:93:fa:a4:b3:80:71:27:e0:02:4a:
d1:46:40:f9:12:12:58:b3:11:6b:2f:8a:f8:9b:cb:85:97:b0:
15:f4:95:3f:3f:8d:bc:a7:7f:6d:9d:f2:0b:83:78:69:bc:5e:
68:39:e8:22:44:9b:16:1b:da:98:d0:ce:7d:e8:88:f5:88:74:
2c:d2:2f:36
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAY85D6D83aD2coLrpeZUeGMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTRhYjJkNDgxY2YxNjIyYTJjNTIxODNhYjRmNWE5MzBh
NGFlNDEwHhcNMjQwNTAyMTEyNzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzVlMTgxZDRjNjQ0YTk5YjUwMjVkNmM0M2YwYWUwZDMwZmQ4NjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYh6jXKOvkorRhqgtP+EfR383Nab
6InltYEgAx1s7lAZv7F0Z72XX9Bncfiw1xFf5c2RfvALbb9Rw39riox97LWTYwOL
mFKCO3DZjX4o60NsWuCP57Kvg4wM63u/D7vyjWqkeu94laVc2qO9lamHcS6/DRAS
vroPhoOke2XB8gT1/RKnKdJbCQlx7rKOrYb99ug61ow21MGY7PHThTHupTaendhS
QnBk5ohw2P6xrDG0LZHAaY1IKmZqwYmzLQpFc2sguU9f7aI43y9nO918vZWtrMCF
QrqgYCUl0FL3fQsUXkbJsbqAtWTBCl0k+H90yn3/ecg0u0bIZCqvKrPc3wIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFFxeGB1MZEqZtQJdbEPwrg0w/YaBMB8GA1UdIwQY
MBaAFP5Uqy1IHPFiKixSGDq09akwpK5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYt
MWIxMzYyYjliNmEyLzEvWEY0WUhVeGtTcG0xQWwxc1FfQ3VEVEQ5aG9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYtMWIxMzYyYjliNmEy
LzEvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQDqxmAAwQA
wd0cMAwDBALB3SQDBADB3SYDBADB3S8DBAHB3TQDBADB3TswDQYJKoZIhvcNAQEL
BQADggEBAFCMk+9R0phnqVOsej51P1iesKCZg6R8IR2dTRM9K8lu7oYA9dP61WQo
p3PBbg5V+4hdROoDpe/fQu7XJfxpffNP7CtnlzFzOriYzpCnMM+63/JVHHg1lppf
nVeIq0SlThIld4KjEsg/I7O+I48VG2k+5owH2c/f2HoZQDyME3soZNfkFQDgTDgY
zx4+5R8ZrSbmMCYnxnu5x8Cj0C56Ihodpr8s/Mijg+hmPRU0Vaxm8CBjxYob9/kH
r1zxk/qks4BxJ+ACStFGQPkSElizEWsviviby4WXsBX0lT8/jbynf22d8guDeGm8
Xmg56CJEmxYb2pjQzn3oiPWIdCzSLzY=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:10 2025 by rpki-client