Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/Z3OfWKzA8WyzVL4CUYAUCsxKr1U.roa
File: Z3OfWKzA8WyzVL4CUYAUCsxKr1U.roa (raw, json)
Hash identifier: Mvr+pTcuJ7CE/HkZfDJegUZlLR0gVnDNRHQ6nV8b400=
Subject key identifier: 67:73:9F:58:AC:C0:F1:6C:B3:54:BE:02:51:80:14:0A:CC:4A:AF:55
Certificate issuer: /CN=bf107e07952c069358cd3f82aaeceb4c69483ca9
Certificate serial: 018E1525C94933F4FCF5BB3E88F8B7D7C61A
Authority key identifier: BF:10:7E:07:95:2C:06:93:58:CD:3F:82:AA:EC:EB:4C:69:48:3C:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/vxB-B5UsBpNYzT-CquzrTGlIPKk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/Z3OfWKzA8WyzVL4CUYAUCsxKr1U.roa
Signing time: Wed 06 Mar 2024 19:03:01 +0000
ROA not before: Wed 06 Mar 2024 19:03:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209835
IP address blocks: 45.149.182.0/23 maxlen: 24
151.248.20.0/22 maxlen: 24
185.185.92.0/22 maxlen: 24
Validation: Failed, certificate revoked on Mon 11 Mar 2024 07:18:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:15:25:c9:49:33:f4:fc:f5:bb:3e:88:f8:b7:d7:c6:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf107e07952c069358cd3f82aaeceb4c69483ca9
Validity
Not Before: Mar 6 19:03:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67739f58acc0f16cb354be025180140acc4aaf55
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:d6:b0:b8:75:a0:a5:5f:04:89:a8:e2:26:8c:
ad:03:ef:10:a3:e2:98:a2:6e:6f:15:fd:97:14:6b:
be:25:5c:49:74:b3:e0:01:0b:5a:d9:b0:fc:2f:70:
3f:9e:82:21:fe:37:96:00:50:80:21:d1:59:3a:44:
42:b2:78:fd:6d:ef:0f:b0:c9:ab:e6:e6:03:4f:02:
f7:6c:b3:73:5f:57:ca:c3:81:c3:09:7d:02:0a:20:
6e:d7:84:49:af:aa:00:73:9e:f1:27:98:0c:5b:c0:
de:24:84:8b:35:a7:84:c3:b8:22:a4:de:86:b8:1a:
ec:58:86:dc:8b:43:ee:36:16:63:3b:ba:77:51:2a:
7b:1d:5a:59:30:36:e5:17:b7:c0:e4:85:1d:94:f8:
cd:75:87:22:cd:70:cf:95:7b:89:a7:38:87:db:c6:
20:62:87:e9:13:ca:f3:cb:87:d9:5a:57:83:b7:58:
4f:e6:af:5a:07:f7:af:9f:d1:bc:c1:06:59:82:c6:
d8:f9:91:4d:17:1d:9e:5a:e1:b5:d3:96:46:f1:b2:
3e:38:8e:38:85:af:2b:b5:c5:44:41:5e:af:c2:64:
7b:4d:41:fd:ad:e5:f8:2c:2d:f2:4a:75:ae:3e:28:
6f:24:1d:ae:6f:64:dd:0f:fe:82:44:6e:3c:28:48:
43:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:73:9F:58:AC:C0:F1:6C:B3:54:BE:02:51:80:14:0A:CC:4A:AF:55
X509v3 Authority Key Identifier:
keyid:BF:10:7E:07:95:2C:06:93:58:CD:3F:82:AA:EC:EB:4C:69:48:3C:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vxB-B5UsBpNYzT-CquzrTGlIPKk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/Z3OfWKzA8WyzVL4CUYAUCsxKr1U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/7e28ee-c65d-4529-a47b-48633d718590/1/vxB-B5UsBpNYzT-CquzrTGlIPKk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.182.0/23
151.248.20.0/22
185.185.92.0/22
Signature Algorithm: sha256WithRSAEncryption
7c:16:8f:97:d7:d6:b9:78:fb:18:0d:17:58:15:de:cb:a7:a6:
52:13:56:65:e5:16:73:9d:5c:c0:24:e8:32:dd:cc:51:68:25:
7c:b2:bf:0d:0c:40:67:35:98:4b:66:e9:60:ce:bc:3a:77:dc:
79:bc:2c:5c:c1:48:e2:0a:f9:dc:42:49:16:e1:01:4b:80:e0:
17:c7:be:d8:34:47:1b:cb:91:e5:9d:0e:ea:ff:a4:5f:1f:01:
c7:29:de:91:02:7d:23:15:2f:7a:64:96:39:ac:83:8f:20:15:
2a:99:37:b0:cd:d7:a6:d0:85:85:10:74:79:c6:0a:86:4e:ef:
a6:c6:52:17:2e:6f:25:0f:d3:d5:78:ff:80:00:31:a3:ee:a3:
14:62:0b:d9:5e:24:7a:22:97:dc:b6:3b:31:45:4d:d3:76:be:
4e:dd:5f:47:29:d9:42:a7:15:9c:9e:03:ba:e7:d2:2e:30:32:
d4:60:fe:2e:09:09:64:6d:b2:d0:90:a5:74:5f:0e:d7:2e:10:
76:a3:8c:dd:f9:4a:e4:9c:2a:2b:9e:14:2a:4b:2b:fd:65:d4:
b2:9f:4a:bc:4c:db:0e:6c:57:96:6b:4c:8b:d3:1b:fb:54:e9:
8e:20:99:fc:77:c7:58:b4:cc:bf:b6:db:59:c0:e6:5d:a4:9d:
41:bc:90:45
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY4VJclJM/T89bs+iPi318YaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMTA3ZTA3OTUyYzA2OTM1OGNkM2Y4MmFhZWNlYjRjNjk0
ODNjYTkwHhcNMjQwMzA2MTkwMzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzczOWY1OGFjYzBmMTZjYjM1NGJlMDI1MTgwMTQwYWNjNGFhZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdawuHWgpV8EiajiJoytA+8Qo+KY
om5vFf2XFGu+JVxJdLPgAQta2bD8L3A/noIh/jeWAFCAIdFZOkRCsnj9be8PsMmr
5uYDTwL3bLNzX1fKw4HDCX0CCiBu14RJr6oAc57xJ5gMW8DeJISLNaeEw7gipN6G
uBrsWIbci0PuNhZjO7p3USp7HVpZMDblF7fA5IUdlPjNdYcizXDPlXuJpziH28Yg
YofpE8rzy4fZWleDt1hP5q9aB/evn9G8wQZZgsbY+ZFNFx2eWuG105ZG8bI+OI44
ha8rtcVEQV6vwmR7TUH9reX4LC3ySnWuPihvJB2ub2TdD/6CRG48KEhDnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGdzn1iswPFss1S+AlGAFArMSq9VMB8GA1UdIwQY
MBaAFL8QfgeVLAaTWM0/gqrs60xpSDypMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnhCLUI1VXNCcE5ZelQtQ3F1enJUR2xJUEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi83ZTI4ZWUtYzY1ZC00NTI5LWE0N2It
NDg2MzNkNzE4NTkwLzEvWjNPZldLekE4V3l6Vkw0Q1VZQVVDc3hLcjFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi83ZTI4ZWUtYzY1ZC00NTI5LWE0N2ItNDg2MzNkNzE4NTkw
LzEvdnhCLUI1VXNCcE5ZelQtQ3F1enJUR2xJUEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLZW2AwQC
l/gUAwQCublcMA0GCSqGSIb3DQEBCwUAA4IBAQB8Fo+X19a5ePsYDRdYFd7Lp6ZS
E1Zl5RZznVzAJOgy3cxRaCV8sr8NDEBnNZhLZulgzrw6d9x5vCxcwUjiCvncQkkW
4QFLgOAXx77YNEcby5HlnQ7q/6RfHwHHKd6RAn0jFS96ZJY5rIOPIBUqmTewzdem
0IWFEHR5xgqGTu+mxlIXLm8lD9PVeP+AADGj7qMUYgvZXiR6IpfctjsxRU3Tdr5O
3V9HKdlCpxWcngO659IuMDLUYP4uCQlkbbLQkKV0Xw7XLhB2o4zd+UrknCornhQq
Syv9ZdSyn0q8TNsObFeWa0yL0xv7VOmOIJn8d8dYtMy/tttZwOZdpJ1BvJBF
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:11:48 2025 by rpki-client