Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/QKX3stdYL38ye_KwxiYHCrJwR1A.roa
File: QKX3stdYL38ye_KwxiYHCrJwR1A.roa (raw, json)
Hash identifier: Jk0neLqr0mOaVZAfl3Q0lDkPfDKEJP1GwqCEOX5rhv8=
Subject key identifier: 40:A5:F7:B2:D7:58:2F:7F:32:7B:F2:B0:C6:26:07:0A:B2:70:47:50
Certificate issuer: /CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Certificate serial: 018CC86F4A248BFF7784AA3E173B82C2B42C
Authority key identifier: 66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/QKX3stdYL38ye_KwxiYHCrJwR1A.roa
Signing time: Tue 02 Jan 2024 04:29:45 +0000
ROA not before: Tue 02 Jan 2024 04:29:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34783
IP address blocks: 85.118.48.0/23 maxlen: 23
85.118.60.0/22 maxlen: 22
Validation: Failed, certificate revoked on Thu 02 Jan 2025 15:50:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:4a:24:8b:ff:77:84:aa:3e:17:3b:82:c2:b4:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=66de1d9dcdb25c1e532c5c9b69dfa757e306210e
Validity
Not Before: Jan 2 04:29:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=40a5f7b2d7582f7f327bf2b0c626070ab2704750
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:9f:6d:e4:ef:6f:6f:9f:fb:be:04:58:10:9f:
28:4e:36:14:ee:96:b0:1c:37:c8:c4:5c:19:0b:b8:
da:1a:de:1a:54:3e:72:40:06:81:b0:45:0a:58:e9:
e9:9f:64:00:30:b2:a5:4b:af:73:0e:3c:18:3d:62:
4e:0a:b8:bf:ad:bf:51:a7:b5:f5:c5:f8:74:04:59:
79:b9:7a:5d:cd:f6:d0:e9:92:c7:55:50:2e:9e:d9:
e3:ba:fd:97:81:cf:14:eb:19:20:39:4a:6c:03:80:
93:57:18:86:df:70:f3:f4:00:98:01:6c:67:44:e8:
18:92:e6:fc:4e:c0:8f:a2:71:35:c1:e2:51:5d:39:
99:ba:0d:c9:ed:cc:98:63:a5:4c:45:57:bf:00:8d:
5e:de:1f:45:a0:86:f8:cd:be:3b:d4:8d:e7:32:f2:
d5:d1:47:40:b0:5c:dc:39:fd:3d:86:8e:3a:36:7b:
ab:fd:94:0c:a5:de:74:15:36:2c:55:97:5f:da:10:
a3:2e:4c:5c:1d:44:0e:83:46:33:fd:2f:be:84:23:
70:f7:88:62:85:3d:02:06:58:75:ac:ea:67:ae:73:
59:46:3f:b7:a5:04:c9:bc:09:db:fd:53:57:54:78:
b4:1e:46:de:db:b8:6b:6c:69:2f:d1:bb:ff:32:62:
37:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:A5:F7:B2:D7:58:2F:7F:32:7B:F2:B0:C6:26:07:0A:B2:70:47:50
X509v3 Authority Key Identifier:
keyid:66:DE:1D:9D:CD:B2:5C:1E:53:2C:5C:9B:69:DF:A7:57:E3:06:21:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zt4dnc2yXB5TLFybad-nV-MGIQ4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/QKX3stdYL38ye_KwxiYHCrJwR1A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/60fcfe-7b2c-4672-bc2f-40479870976e/1/Zt4dnc2yXB5TLFybad-nV-MGIQ4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.118.48.0/23
85.118.60.0/22
Signature Algorithm: sha256WithRSAEncryption
44:24:00:33:fd:6c:e0:1b:1b:61:13:3f:3c:ae:89:3c:c5:60:
d0:41:83:ae:c8:89:8f:4a:a3:77:25:96:01:8b:30:b2:0c:df:
10:58:b5:e9:b9:46:13:1e:be:07:e7:f9:76:79:f4:6d:b7:85:
c0:fe:3f:f9:03:fd:2e:f7:3a:5e:0c:79:bc:94:07:ba:0a:d9:
b2:81:83:b6:6d:d7:1e:52:fd:1f:97:1a:30:20:45:1a:77:a0:
2b:9b:64:16:39:1e:72:38:1b:a0:ee:aa:32:ec:45:40:bc:52:
b9:a2:0e:70:6d:35:80:59:3b:4f:18:9c:bb:35:a2:68:25:a5:
e7:70:85:ea:ca:77:2f:a2:fa:06:a1:79:c3:f0:9c:53:8e:17:
f8:2d:6a:93:fc:4e:89:05:73:5d:43:f3:07:64:3f:c7:7b:bc:
3a:74:cd:50:aa:23:54:8a:72:94:e4:f7:40:6f:8f:33:ca:48:
da:f5:ab:5c:4c:1d:df:c6:20:62:d9:a8:1d:fd:31:c8:5b:d5:
a4:f8:e1:92:54:f6:08:92:b0:b3:58:44:fe:6c:18:b2:db:6a:
5c:fc:89:8d:5f:4c:fd:73:87:9a:e6:02:ee:f8:e3:9f:1c:24:
84:38:b3:07:16:a1:3e:dc:a1:cd:c1:a1:aa:13:12:85:91:73:
7f:ef:d2:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIb0oki/93hKo+FzuCwrQsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZGUxZDlkY2RiMjVjMWU1MzJjNWM5YjY5ZGZhNzU3ZTMw
NjIxMGUwHhcNMjQwMTAyMDQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE1ZjdiMmQ3NTgyZjdmMzI3YmYyYjBjNjI2MDcwYWIyNzA0NzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA259t5O9vb5/7vgRYEJ8oTjYU7paw
HDfIxFwZC7jaGt4aVD5yQAaBsEUKWOnpn2QAMLKlS69zDjwYPWJOCri/rb9Rp7X1
xfh0BFl5uXpdzfbQ6ZLHVVAuntnjuv2Xgc8U6xkgOUpsA4CTVxiG33Dz9ACYAWxn
ROgYkub8TsCPonE1weJRXTmZug3J7cyYY6VMRVe/AI1e3h9FoIb4zb471I3nMvLV
0UdAsFzcOf09ho46Nnur/ZQMpd50FTYsVZdf2hCjLkxcHUQOg0Yz/S++hCNw94hi
hT0CBlh1rOpnrnNZRj+3pQTJvAnb/VNXVHi0Hkbe27hrbGkv0bv/MmI3FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFECl97LXWC9/MnvysMYmBwqycEdQMB8GA1UdIwQY
MBaAFGbeHZ3NslweUyxcm2nfp1fjBiEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYt
NDA0Nzk4NzA5NzZlLzEvUUtYM3N0ZFlMMzh5ZV9Ld3hpWUhDckp3UjFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC82MGZjZmUtN2IyYy00NjcyLWJjMmYtNDA0Nzk4NzA5NzZl
LzEvWnQ0ZG5jMnlYQjVUTEZ5YmFkLW5WLU1HSVE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBVXYwAwQC
VXY8MA0GCSqGSIb3DQEBCwUAA4IBAQBEJAAz/WzgGxthEz88rok8xWDQQYOuyImP
SqN3JZYBizCyDN8QWLXpuUYTHr4H5/l2efRtt4XA/j/5A/0u9zpeDHm8lAe6Ctmy
gYO2bdceUv0flxowIEUad6Arm2QWOR5yOBug7qoy7EVAvFK5og5wbTWAWTtPGJy7
NaJoJaXncIXqyncvovoGoXnD8JxTjhf4LWqT/E6JBXNdQ/MHZD/He7w6dM1QqiNU
inKU5PdAb48zykja9atcTB3fxiBi2agd/THIW9Wk+OGSVPYIkrCzWET+bBiy22pc
/ImNX0z9c4ea5gLu+OOfHCSEOLMHFqE+3KHNwaGqExKFkXN/79Kt
-----END CERTIFICATE-----
Generated at Tue Apr 8 09:55:34 2025 by rpki-client