Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/6efd1b-3e10-4446-92c7-b92cb6113035/1/QKjL7c8aw4P0vsZdcQq-PPUzYTw.roa
File: QKjL7c8aw4P0vsZdcQq-PPUzYTw.roa (raw, json)
Hash identifier: PGNVDC77WjV4vz5ZxuBC2ntRUiArKxehwhqNnskrQWw=
Subject key identifier: 40:A8:CB:ED:CF:1A:C3:83:F4:BE:C6:5D:71:0A:BE:3C:F5:33:61:3C
Certificate issuer: /CN=aa88fae35b66b4de2e41ca5ee077b5ef0b4ab649
Certificate serial: 018D0D8D668BE5224EA1240455DB5A82FB93
Authority key identifier: AA:88:FA:E3:5B:66:B4:DE:2E:41:CA:5E:E0:77:B5:EF:0B:4A:B6:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qoj641tmtN4uQcpe4He17wtKtkk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/69/6efd1b-3e10-4446-92c7-b92cb6113035/1/QKjL7c8aw4P0vsZdcQq-PPUzYTw.roa
Signing time: Mon 15 Jan 2024 14:36:27 +0000
ROA not before: Mon 15 Jan 2024 14:36:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59545
IP address blocks: 185.159.250.0/23 maxlen: 24
185.159.248.0/23 maxlen: 24
185.159.248.0/22 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 19:48:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:0d:8d:66:8b:e5:22:4e:a1:24:04:55:db:5a:82:fb:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa88fae35b66b4de2e41ca5ee077b5ef0b4ab649
Validity
Not Before: Jan 15 14:36:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=40a8cbedcf1ac383f4bec65d710abe3cf533613c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:3f:9f:22:ee:f6:1d:01:09:d7:81:37:b7:c7:
82:af:1a:b9:1e:f1:ba:4d:ea:50:bd:51:31:84:61:
6d:2a:cd:c3:b7:d5:e4:67:85:0e:a2:65:7d:e1:b0:
92:d1:52:b6:0f:cd:0c:db:10:ea:8f:59:d2:0b:cb:
95:0c:79:14:c1:d8:5a:50:6d:94:9b:dd:4e:b2:f3:
c2:c6:99:46:10:dd:66:56:d3:be:86:05:9f:d6:30:
e1:f9:8a:2e:3d:0c:f1:8a:31:7c:e8:c1:a6:a1:bb:
f1:a4:3c:f5:c5:62:3d:6a:36:c3:b7:e9:24:71:5e:
bc:9d:6d:41:d2:34:85:76:d1:de:bd:cd:b4:94:2a:
63:b3:9a:5e:bc:f7:b0:df:99:4a:fd:da:e9:a6:0f:
24:2a:8d:76:bd:1e:f2:7f:9f:cd:22:b7:f2:3a:0c:
37:c5:af:65:dc:a3:46:51:a3:b8:97:41:35:c0:69:
da:38:09:d0:70:fd:de:25:25:cb:a1:50:e9:8a:2e:
66:21:40:d7:a9:6e:bb:49:5a:59:da:7d:4f:c7:c3:
21:20:82:55:83:6d:21:4d:20:fc:7c:ef:08:a9:96:
68:0a:61:fe:29:ec:1f:94:0c:15:cb:6e:af:3e:62:
8f:fc:c9:40:a5:2f:63:c3:31:93:d8:1b:e7:e5:a9:
57:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:A8:CB:ED:CF:1A:C3:83:F4:BE:C6:5D:71:0A:BE:3C:F5:33:61:3C
X509v3 Authority Key Identifier:
keyid:AA:88:FA:E3:5B:66:B4:DE:2E:41:CA:5E:E0:77:B5:EF:0B:4A:B6:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qoj641tmtN4uQcpe4He17wtKtkk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/6efd1b-3e10-4446-92c7-b92cb6113035/1/QKjL7c8aw4P0vsZdcQq-PPUzYTw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/69/6efd1b-3e10-4446-92c7-b92cb6113035/1/qoj641tmtN4uQcpe4He17wtKtkk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.159.248.0/22
Signature Algorithm: sha256WithRSAEncryption
55:52:e6:46:d6:90:7b:f9:a1:f8:f4:00:7a:7b:34:9a:1f:22:
7a:0a:86:19:20:11:70:f0:cf:ef:eb:dd:35:3a:83:a4:32:40:
98:64:92:bc:ee:cc:40:62:fa:b1:fc:ff:92:8c:c2:92:d6:70:
2d:3e:d5:94:ca:24:a0:70:2e:73:1f:6f:db:14:6b:fd:98:a6:
85:a8:c1:60:cd:86:8e:3e:58:f2:1d:ab:2d:4a:68:8e:3d:9d:
87:53:d8:5d:64:4d:57:d2:83:5f:59:ca:31:94:fe:9c:c3:a1:
a3:b6:d3:d3:83:fb:29:5b:07:80:17:9e:e3:f5:8d:bf:8d:5e:
8a:a1:56:ca:3d:d2:32:cf:76:e0:e7:5c:0e:d8:37:7b:c9:54:
f6:1a:b9:04:d5:d5:e5:fc:0f:a0:10:0b:0f:ca:8d:f7:21:2e:
9e:40:4e:56:62:b6:ca:9e:cf:15:55:e5:e9:34:a1:4f:62:2a:
82:da:72:a1:28:25:83:ea:c8:29:03:ac:ac:0b:ea:bc:54:b4:
fe:10:c9:cc:93:01:2d:06:33:11:30:c6:ac:c1:84:57:82:0f:
01:22:69:db:8c:d6:6e:db:ab:cf:ff:1a:0d:a2:ed:4c:f9:88:
ac:34:09:d7:d0:fc:fd:80:55:23:06:27:0c:d9:bc:e7:25:9f:
c5:d5:d1:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0NjWaL5SJOoSQEVdtagvuTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhODhmYWUzNWI2NmI0ZGUyZTQxY2E1ZWUwNzdiNWVmMGI0
YWI2NDkwHhcNMjQwMTE1MTQzNjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGE4Y2JlZGNmMWFjMzgzZjRiZWM2NWQ3MTBhYmUzY2Y1MzM2MTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsj+fIu72HQEJ14E3t8eCrxq5HvG6
TepQvVExhGFtKs3Dt9XkZ4UOomV94bCS0VK2D80M2xDqj1nSC8uVDHkUwdhaUG2U
m91OsvPCxplGEN1mVtO+hgWf1jDh+YouPQzxijF86MGmobvxpDz1xWI9ajbDt+kk
cV68nW1B0jSFdtHevc20lCpjs5pevPew35lK/drppg8kKo12vR7yf5/NIrfyOgw3
xa9l3KNGUaO4l0E1wGnaOAnQcP3eJSXLoVDpii5mIUDXqW67SVpZ2n1Px8MhIIJV
g20hTSD8fO8IqZZoCmH+KewflAwVy26vPmKP/MlApS9jwzGT2Bvn5alXUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECoy+3PGsOD9L7GXXEKvjz1M2E8MB8GA1UdIwQY
MBaAFKqI+uNbZrTeLkHKXuB3te8LSrZJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW9qNjQxdG10TjR1UWNwZTRIZTE3d3RLdGtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS82ZWZkMWItM2UxMC00NDQ2LTkyYzct
YjkyY2I2MTEzMDM1LzEvUUtqTDdjOGF3NFAwdnNaZGNRcS1QUFV6WVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS82ZWZkMWItM2UxMC00NDQ2LTkyYzctYjkyY2I2MTEzMDM1
LzEvcW9qNjQxdG10TjR1UWNwZTRIZTE3d3RLdGtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZ/4MA0G
CSqGSIb3DQEBCwUAA4IBAQBVUuZG1pB7+aH49AB6ezSaHyJ6CoYZIBFw8M/v6901
OoOkMkCYZJK87sxAYvqx/P+SjMKS1nAtPtWUyiSgcC5zH2/bFGv9mKaFqMFgzYaO
PljyHastSmiOPZ2HU9hdZE1X0oNfWcoxlP6cw6GjttPTg/spWweAF57j9Y2/jV6K
oVbKPdIyz3bg51wO2Dd7yVT2GrkE1dXl/A+gEAsPyo33IS6eQE5WYrbKns8VVeXp
NKFPYiqC2nKhKCWD6sgpA6ysC+q8VLT+EMnMkwEtBjMRMMaswYRXgg8BImnbjNZu
26vP/xoNou1M+YisNAnX0Pz9gFUjBicM2bznJZ/F1dES
-----END CERTIFICATE-----
Generated at Mon Apr 21 10:51:26 2025 by rpki-client