Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/CKrcaV20tbY2MWzIHcBUct8vm3o.roa
File: CKrcaV20tbY2MWzIHcBUct8vm3o.roa (raw, json)
Hash identifier: 1wRs9pvUXnoaPVm2hE/p/NhUASsq+CVH/x6oXNhlB8M=
Subject key identifier: 08:AA:DC:69:5D:B4:B5:B6:36:31:6C:C8:1D:C0:54:72:DF:2F:9B:7A
Certificate issuer: /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial: 018CC86FEED2697E61D8DC50612914306481
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/CKrcaV20tbY2MWzIHcBUct8vm3o.roa
Signing time: Tue 02 Jan 2024 04:30:27 +0000
ROA not before: Tue 02 Jan 2024 04:30:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43391
IP address blocks: 212.252.24.0/24 maxlen: 24
212.252.25.0/24 maxlen: 24
213.74.4.0/24 maxlen: 24
212.252.27.0/24 maxlen: 24
212.252.26.0/24 maxlen: 24
212.252.36.0/24 maxlen: 24
212.252.46.0/24 maxlen: 24
212.252.45.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 15:48:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:ee:d2:69:7e:61:d8:dc:50:61:29:14:30:64:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Validity
Not Before: Jan 2 04:30:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=08aadc695db4b5b636316cc81dc05472df2f9b7a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:f9:5c:f1:2a:bc:00:8a:f3:4e:93:fc:97:9e:
af:9c:f3:b9:9c:1b:35:60:e5:b3:81:17:91:8b:52:
94:33:f8:2a:a1:52:f0:fe:4f:f5:77:75:b4:00:bd:
47:2e:d7:02:60:f5:5b:35:54:2a:c2:ec:77:d0:5a:
0d:13:fb:73:2e:34:6d:2d:b2:f6:02:74:fb:96:e4:
9c:70:c3:b4:ef:7d:84:7d:00:8b:8f:45:f8:f1:dd:
2b:e7:73:56:e4:b2:95:f4:74:f8:47:4c:42:22:84:
12:78:e3:a8:b2:49:e2:5d:e3:78:80:1e:81:6e:1e:
38:4d:df:63:14:48:a2:e8:c4:32:80:28:1d:d4:5f:
0c:c1:22:bf:bd:21:90:d1:a4:c1:2e:49:b5:cb:88:
39:d9:2a:29:6d:39:a5:e5:a4:1e:0d:a1:8e:39:9d:
fc:1a:0f:46:79:46:0d:aa:18:05:cd:c0:5b:a3:e5:
96:bd:a9:da:1d:e1:65:0b:c4:41:f7:9b:3e:14:fb:
0a:a4:9f:d3:03:0f:01:e1:c5:37:8d:a7:66:d5:2a:
6c:e3:45:6e:e5:c4:bb:2e:82:5b:3c:9e:41:b5:9d:
a1:e9:fc:0b:1f:e5:ae:c5:78:e3:da:fa:19:60:35:
6c:94:99:a3:5c:e5:b4:b6:06:f9:d6:78:ff:a0:eb:
df:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:AA:DC:69:5D:B4:B5:B6:36:31:6C:C8:1D:C0:54:72:DF:2F:9B:7A
X509v3 Authority Key Identifier:
keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/CKrcaV20tbY2MWzIHcBUct8vm3o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.252.24.0/22
212.252.36.0/24
212.252.45.0-212.252.46.255
213.74.4.0/24
Signature Algorithm: sha256WithRSAEncryption
41:8d:7a:23:80:61:18:9b:6a:20:1f:d0:17:de:69:b7:82:e5:
29:7c:cb:0a:8c:0d:bd:b5:39:1d:13:74:1a:1e:8a:00:b2:02:
d9:e6:79:28:87:c1:94:9a:7d:27:ea:26:16:b6:b1:1b:33:e3:
9f:7a:e5:8b:d7:fd:06:cc:8d:43:74:ae:27:69:49:5f:ab:0a:
c3:82:4c:5a:45:08:6c:0e:47:52:77:fc:fe:2c:d9:9b:e8:7f:
29:10:78:f6:4f:af:7d:4a:a6:2e:5b:74:f5:d0:5a:5c:5f:ea:
3c:ee:4d:59:f9:51:dd:df:58:10:43:ac:07:05:93:76:72:f7:
b3:39:9c:06:1b:a5:df:82:f3:20:72:fa:5d:1c:28:c9:7c:56:
72:3d:3c:3b:d5:65:cd:3b:22:b7:aa:06:3f:b7:04:10:62:2e:
bc:6f:52:c0:58:37:a4:4e:81:05:e0:c3:e3:17:bf:15:e6:51:
63:9b:3f:1b:48:42:59:a3:29:56:2b:d9:2c:6e:f4:cf:87:8c:
00:f3:df:ff:78:f0:a3:8c:6d:b7:de:d7:c9:9c:d4:6f:88:20:
e4:f1:1a:22:34:88:fd:b3:bf:2d:6d:0d:1f:c0:ed:98:4f:59:
21:fc:c4:d3:45:1c:1b:a4:36:37:da:a8:2c:ce:01:03:c7:68:
bb:e9:00:a1
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzIb+7SaX5h2NxQYSkUMGSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjQwMTAyMDQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGFhZGM2OTVkYjRiNWI2MzYzMTZjYzgxZGMwNTQ3MmRmMmY5YjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8flc8Sq8AIrzTpP8l56vnPO5nBs1
YOWzgReRi1KUM/gqoVLw/k/1d3W0AL1HLtcCYPVbNVQqwux30FoNE/tzLjRtLbL2
AnT7luSccMO0732EfQCLj0X48d0r53NW5LKV9HT4R0xCIoQSeOOoskniXeN4gB6B
bh44Td9jFEii6MQygCgd1F8MwSK/vSGQ0aTBLkm1y4g52SopbTml5aQeDaGOOZ38
Gg9GeUYNqhgFzcBbo+WWvanaHeFlC8RB95s+FPsKpJ/TAw8B4cU3jadm1Sps40Vu
5cS7LoJbPJ5BtZ2h6fwLH+WuxXjj2voZYDVslJmjXOW0tgb51nj/oOvfCQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFAiq3GldtLW2NjFsyB3AVHLfL5t6MB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvQ0tyY2FWMjB0YlkyTVd6SUhjQlVjdDh2bTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQC1PwYAwQA
1PwkMAwDBADU/C0DBADU/C4DBADVSgQwDQYJKoZIhvcNAQELBQADggEBAEGNeiOA
YRibaiAf0BfeabeC5Sl8ywqMDb21OR0TdBoeigCyAtnmeSiHwZSafSfqJha2sRsz
45965YvX/QbMjUN0ridpSV+rCsOCTFpFCGwOR1J3/P4s2ZvofykQePZPr31Kpi5b
dPXQWlxf6jzuTVn5Ud3fWBBDrAcFk3Zy97M5nAYbpd+C8yBy+l0cKMl8VnI9PDvV
Zc07IreqBj+3BBBiLrxvUsBYN6ROgQXgw+MXvxXmUWObPxtIQlmjKVYr2Sxu9M+H
jADz3/948KOMbbfe18mc1G+IIOTxGiI0iP2zvy1tDR/A7ZhPWSH8xNNFHBukNjfa
qCzOAQPHaLvpAKE=
-----END CERTIFICATE-----
Generated at Sun Feb 16 21:37:43 2025 by rpki-client