Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/frcfhXu9AP7T-8UBJAjFbJybS5Q.roa
File: frcfhXu9AP7T-8UBJAjFbJybS5Q.roa (raw, json)
Hash identifier: O41dyTB6/iIdOJLov6EWad3L4b92jgC0wjM72AOBP6I=
Subject key identifier: 7E:B7:1F:85:7B:BD:00:FE:D3:FB:C5:01:24:08:C5:6C:9C:9B:4B:94
Certificate issuer: /CN=a09cd8c71a6e33282c045d8f88c3b378acf41bd9
Certificate serial: 0195189351C9CEEE8325E6A9D05D44D96372
Authority key identifier: A0:9C:D8:C7:1A:6E:33:28:2C:04:5D:8F:88:C3:B3:78:AC:F4:1B:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oJzYxxpuMygsBF2PiMOzeKz0G9k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/frcfhXu9AP7T-8UBJAjFbJybS5Q.roa
Signing time: Tue 18 Feb 2025 10:21:02 +0000
ROA not before: Tue 18 Feb 2025 10:21:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 21419
IP address blocks: 178.21.160.0/21 maxlen: 21
178.21.161.0/24 maxlen: 24
178.21.162.0/24 maxlen: 24
178.21.163.0/24 maxlen: 24
178.21.164.0/24 maxlen: 24
178.21.166.0/24 maxlen: 24
178.21.167.0/24 maxlen: 26
185.4.1.0/24 maxlen: 24
185.4.2.0/24 maxlen: 24
185.4.3.0/24 maxlen: 24
2a02:6440::/32 maxlen: 32
Validation: Failed, certificate revoked on Tue 25 Feb 2025 06:50:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:18:93:51:c9:ce:ee:83:25:e6:a9:d0:5d:44:d9:63:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a09cd8c71a6e33282c045d8f88c3b378acf41bd9
Validity
Not Before: Feb 18 10:21:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=7eb71f857bbd00fed3fbc5012408c56c9c9b4b94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:2d:73:1c:1e:bb:87:2f:4c:86:ad:b4:86:41:
f2:68:d7:16:2b:8a:40:e2:73:14:04:fb:30:80:07:
54:86:a0:38:dc:15:40:43:a5:94:d3:8b:45:30:b8:
e3:ca:e0:09:8d:84:35:03:66:70:bd:ad:4d:03:57:
86:f7:7d:b7:59:10:d9:d8:b2:f3:70:9e:d7:2d:5f:
51:66:a4:5a:25:8f:d8:de:de:be:5b:2c:0c:88:58:
87:65:09:0b:3f:64:10:82:0c:93:8d:ab:bc:e5:e0:
ae:67:fc:09:ce:02:36:45:36:76:a2:4d:19:a2:be:
02:f6:b6:c3:a1:cb:04:8b:b8:d0:9b:ef:0c:e6:82:
ea:01:a7:bc:bc:ba:74:99:ef:8d:ce:87:ee:3b:e6:
ba:b8:ae:a7:ce:eb:56:99:30:69:7e:e3:8e:09:98:
25:d4:c3:32:a9:8c:c2:c1:a2:75:bd:e8:3a:46:77:
ca:4b:91:62:34:26:de:7d:21:8e:71:71:34:12:c3:
66:f9:da:32:4f:70:60:80:6e:df:8d:19:37:5c:98:
ff:62:e6:16:ba:7c:00:8a:42:5d:c8:36:f6:ab:f3:
6b:65:7d:1a:06:89:f2:25:94:f9:70:2c:25:55:a5:
d9:ea:36:a6:51:8b:a7:39:2d:dd:47:68:e7:00:a4:
f9:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:B7:1F:85:7B:BD:00:FE:D3:FB:C5:01:24:08:C5:6C:9C:9B:4B:94
X509v3 Authority Key Identifier:
keyid:A0:9C:D8:C7:1A:6E:33:28:2C:04:5D:8F:88:C3:B3:78:AC:F4:1B:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oJzYxxpuMygsBF2PiMOzeKz0G9k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/frcfhXu9AP7T-8UBJAjFbJybS5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/0d6375-4765-4e0e-9363-6e8e07d66c9b/1/oJzYxxpuMygsBF2PiMOzeKz0G9k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
178.21.160.0/21
185.4.1.0-185.4.3.255
IPv6:
2a02:6440::/32
Signature Algorithm: sha256WithRSAEncryption
35:54:b2:80:46:a9:e9:80:a5:62:3d:a9:3b:38:4f:59:1d:8d:
38:7a:9f:7d:a8:94:82:06:2f:82:c0:f7:60:65:a0:67:2e:66:
c2:be:96:82:0a:5a:60:c7:13:f2:a0:5f:ae:38:1a:22:49:d6:
11:63:91:a3:a0:c8:9c:8e:c5:dc:dc:65:de:02:22:54:b9:48:
98:1e:d8:1a:ec:a0:df:03:d2:e0:6c:61:4c:64:96:fa:96:1a:
15:34:db:32:1f:25:72:40:4d:1f:48:b3:3e:1b:36:9c:ac:a5:
e4:6a:60:51:cb:49:21:a3:7a:4a:ab:d1:aa:a8:98:e9:e2:ee:
1c:0b:68:50:2b:92:5d:01:5f:7a:51:ef:a8:c4:a7:a3:a9:81:
05:b4:a7:b6:ee:44:cc:2f:5d:1a:21:28:fb:05:cd:f1:6c:6c:
0b:a2:91:cb:19:de:2b:b2:64:0c:65:68:10:3e:bd:d9:74:9c:
f5:0f:1b:e8:b7:0a:de:71:4c:e9:6f:32:7d:59:b9:81:c9:d0:
7a:89:02:79:fc:f7:ac:4e:69:58:72:2b:c2:2f:8c:01:d7:89:
c4:1e:4c:c9:c4:f8:21:ab:46:71:4a:0e:07:9a:97:52:14:1c:
a3:ef:98:6f:a5:17:cc:01:ba:f0:83:e6:61:c5:7d:84:f2:f9:
56:1a:13:94
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAZUYk1HJzu6DJeap0F1E2WNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOWNkOGM3MWE2ZTMzMjgyYzA0NWQ4Zjg4YzNiMzc4YWNm
NDFiZDkwHhcNMjUwMjE4MTAyMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZWI3MWY4NTdiYmQwMGZlZDNmYmM1MDEyNDA4YzU2YzljOWI0Yjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS1zHB67hy9Mhq20hkHyaNcWK4pA
4nMUBPswgAdUhqA43BVAQ6WU04tFMLjjyuAJjYQ1A2Zwva1NA1eG9323WRDZ2LLz
cJ7XLV9RZqRaJY/Y3t6+WywMiFiHZQkLP2QQggyTjau85eCuZ/wJzgI2RTZ2ok0Z
or4C9rbDocsEi7jQm+8M5oLqAae8vLp0me+NzofuO+a6uK6nzutWmTBpfuOOCZgl
1MMyqYzCwaJ1veg6RnfKS5FiNCbefSGOcXE0EsNm+doyT3BggG7fjRk3XJj/YuYW
unwAikJdyDb2q/NrZX0aBonyJZT5cCwlVaXZ6jamUYunOS3dR2jnAKT5rQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFH63H4V7vQD+0/vFASQIxWycm0uUMB8GA1UdIwQY
MBaAFKCc2McabjMoLARdj4jDs3is9BvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0p6WXh4cHVNeWdzQkYyUGlNT3plS3owRzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wZDYzNzUtNDc2NS00ZTBlLTkzNjMt
NmU4ZTA3ZDY2YzliLzEvZnJjZmhYdTlBUDdULThVQkpBakZiSnliUzVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wZDYzNzUtNDc2NS00ZTBlLTkzNjMtNmU4ZTA3ZDY2Yzli
LzEvb0p6WXh4cHVNeWdzQkYyUGlNT3plS3owRzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQDshWgMAwD
BAC5BAEDBAK5BAAwDQQCAAIwBwMFACoCZEAwDQYJKoZIhvcNAQELBQADggEBADVU
soBGqemApWI9qTs4T1kdjTh6n32olIIGL4LA92BloGcuZsK+loIKWmDHE/KgX644
GiJJ1hFjkaOgyJyOxdzcZd4CIlS5SJge2BrsoN8D0uBsYUxklvqWGhU02zIfJXJA
TR9Isz4bNpyspeRqYFHLSSGjekqr0aqomOni7hwLaFArkl0BX3pR76jEp6OpgQW0
p7buRMwvXRohKPsFzfFsbAuikcsZ3iuyZAxlaBA+vdl0nPUPG+i3Ct5xTOlvMn1Z
uYHJ0HqJAnn896xOaVhyK8IvjAHXicQeTMnE+CGrRnFKDgeal1IUHKPvmG+lF8wB
uvCD5mHFfYTy+VYaE5Q=
-----END CERTIFICATE-----
Generated at Tue Apr 8 11:24:39 2025 by rpki-client