Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/81rjONRwMp8L40MubGxKIHJVDk0.roa
File: 81rjONRwMp8L40MubGxKIHJVDk0.roa (raw, json)
Hash identifier: w9PXA5NPQyKACXiBgdXvOvPpsqUdvfGpke3R/3HBD3U=
Subject key identifier: F3:5A:E3:38:D4:70:32:9F:0B:E3:43:2E:6C:6C:4A:20:72:55:0E:4D
Certificate issuer: /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial: 0194316AA0F6B1D677FA06110450973E22A2
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/81rjONRwMp8L40MubGxKIHJVDk0.roa
Signing time: Sat 04 Jan 2025 13:04:19 +0000
ROA not before: Sat 04 Jan 2025 13:04:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 5.102.116.0/22 maxlen: 24
5.102.124.0/22 maxlen: 24
37.34.88.0/21 maxlen: 24
46.20.210.0/23 maxlen: 24
Validation: Failed, certificate revoked on Wed 29 Jan 2025 07:15:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:31:6a:a0:f6:b1:d6:77:fa:06:11:04:50:97:3e:22:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Validity
Not Before: Jan 4 13:04:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f35ae338d470329f0be3432e6c6c4a2072550e4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:11:83:b9:53:d0:31:6d:1a:cf:c6:84:ea:c9:
a1:0e:22:76:d1:f4:a4:d9:17:2f:b3:c8:fe:0c:18:
4a:64:20:19:10:e9:c6:75:a4:2a:ae:9c:97:b2:62:
c3:98:ea:c2:50:c0:ad:1f:e3:4c:09:33:33:2a:99:
34:2d:87:e5:dd:ee:e2:a4:8a:7c:b4:1b:a1:b9:fb:
0f:b8:7c:e8:24:9a:75:6d:1f:b9:a5:c5:a2:20:d4:
9e:bf:cb:8c:1a:20:97:78:53:42:b6:fc:e7:2e:30:
ef:81:51:5b:e9:d0:16:47:be:75:6d:b2:46:63:6d:
64:26:cb:69:c2:22:09:54:75:4e:cc:b0:0e:82:e1:
cf:39:17:cf:91:a0:d6:d6:ee:71:9e:c0:6b:57:8a:
23:04:22:c7:40:fd:53:70:95:96:4a:31:7a:71:38:
5a:48:46:52:ba:98:01:19:d4:17:26:44:91:c7:54:
9b:b9:21:f3:58:f3:7d:1b:21:78:50:10:d1:1d:00:
28:c3:8b:4b:0a:32:f5:51:85:04:db:a9:8f:c6:0b:
ef:26:3f:54:f3:9a:20:41:97:b8:1e:32:9b:ad:9c:
3e:fa:e2:aa:50:3b:57:5e:87:87:cc:1b:0d:f5:b5:
71:c6:8b:0c:65:8a:66:d6:45:f1:b7:6d:9a:13:79:
78:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:5A:E3:38:D4:70:32:9F:0B:E3:43:2E:6C:6C:4A:20:72:55:0E:4D
X509v3 Authority Key Identifier:
keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/81rjONRwMp8L40MubGxKIHJVDk0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.116.0/22
5.102.124.0/22
37.34.88.0/21
46.20.210.0/23
Signature Algorithm: sha256WithRSAEncryption
12:28:62:e1:2b:58:cb:f5:6d:8f:62:d1:49:63:ed:e7:43:e8:
7e:ad:79:06:5d:85:5b:da:b0:18:b4:ab:3e:05:2d:21:7e:0c:
9a:0a:a4:38:aa:45:1e:25:45:49:97:ff:3f:66:57:77:bb:6f:
b4:3a:a1:06:cc:ab:ef:57:93:b4:2a:db:a1:75:e3:a3:00:6e:
72:72:bf:dc:11:06:68:9f:03:ff:cc:51:b6:44:3a:57:04:68:
d3:a2:99:52:42:06:5c:61:d8:fc:aa:30:e1:23:1f:e6:d0:2e:
e4:e0:9b:7d:57:70:cc:15:80:89:43:87:17:83:1f:ad:90:44:
f2:37:fd:3a:74:6a:04:63:b3:c1:ec:bb:9e:17:54:3a:11:66:
e5:55:42:25:60:d9:ef:ec:07:25:78:23:f1:c4:a3:86:af:9e:
e9:31:43:4d:1c:7a:e4:1a:97:ea:12:40:f2:b1:89:29:b9:97:
ae:70:33:da:b8:37:08:32:f8:01:99:54:cd:89:a4:15:ad:19:
e4:49:a2:e8:20:10:25:ca:63:4b:58:a2:d5:0a:b4:64:02:2e:
67:d9:4c:1b:0c:dd:a8:73:43:4e:b3:04:3d:67:9b:6b:ca:b5:
16:d3:77:9c:88:fb:4e:1d:d7:de:53:6f:ff:e6:0a:da:32:90:
c5:7a:98:fc
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQxaqD2sdZ3+gYRBFCXPiKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTA0MTMwNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzVhZTMzOGQ0NzAzMjlmMGJlMzQzMmU2YzZjNGEyMDcyNTUwZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BGDuVPQMW0az8aE6smhDiJ20fSk
2Rcvs8j+DBhKZCAZEOnGdaQqrpyXsmLDmOrCUMCtH+NMCTMzKpk0LYfl3e7ipIp8
tBuhufsPuHzoJJp1bR+5pcWiINSev8uMGiCXeFNCtvznLjDvgVFb6dAWR751bbJG
Y21kJstpwiIJVHVOzLAOguHPORfPkaDW1u5xnsBrV4ojBCLHQP1TcJWWSjF6cTha
SEZSupgBGdQXJkSRx1SbuSHzWPN9GyF4UBDRHQAow4tLCjL1UYUE26mPxgvvJj9U
85ogQZe4HjKbrZw++uKqUDtXXoeHzBsN9bVxxosMZYpm1kXxt22aE3l4iwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPNa4zjUcDKfC+NDLmxsSiByVQ5NMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvODFyak9OUndNcDhMNDBNdWJHeEtJSEpWRGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCBWZ0AwQC
BWZ8AwQDJSJYAwQBLhTSMA0GCSqGSIb3DQEBCwUAA4IBAQASKGLhK1jL9W2PYtFJ
Y+3nQ+h+rXkGXYVb2rAYtKs+BS0hfgyaCqQ4qkUeJUVJl/8/Zld3u2+0OqEGzKvv
V5O0KtuhdeOjAG5ycr/cEQZonwP/zFG2RDpXBGjToplSQgZcYdj8qjDhIx/m0C7k
4Jt9V3DMFYCJQ4cXgx+tkETyN/06dGoEY7PB7LueF1Q6EWblVUIlYNnv7AcleCPx
xKOGr57pMUNNHHrkGpfqEkDysYkpuZeucDPauDcIMvgBmVTNiaQVrRnkSaLoIBAl
ymNLWKLVCrRkAi5n2UwbDN2oc0NOswQ9Z5tryrUW03eciPtOHdfeU2//5graMpDF
epj8
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:57:52 2025 by rpki-client