Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/tm2kj5JXnZUotb6EUO8uv0xImxA.roa
File: tm2kj5JXnZUotb6EUO8uv0xImxA.roa (raw, json)
Hash identifier: Y9YofSqLZ3u4LxVxTXQoMXiinTgrwGkj/e7TT7EPlas=
Subject key identifier: B6:6D:A4:8F:92:57:9D:95:28:B5:BE:84:50:EF:2E:BF:4C:48:9B:10
Certificate issuer: /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial: 0193CE706743D8A92574DD0F437810EA1239
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/tm2kj5JXnZUotb6EUO8uv0xImxA.roa
Signing time: Mon 16 Dec 2024 07:48:13 +0000
ROA not before: Mon 16 Dec 2024 07:48:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 174
IP address blocks: 5.102.124.0/22 maxlen: 24
37.34.88.0/21 maxlen: 24
46.20.210.0/23 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 17:50:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:ce:70:67:43:d8:a9:25:74:dd:0f:43:78:10:ea:12:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Validity
Not Before: Dec 16 07:48:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b66da48f92579d9528b5be8450ef2ebf4c489b10
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:f8:c5:d8:ed:c4:cc:3b:dd:7a:f1:4c:66:3f:
bc:c2:06:71:bc:49:d2:d2:3b:91:34:9d:c4:94:ca:
76:cc:b0:d2:01:71:55:ab:8e:ae:52:0f:47:74:3f:
d7:1d:53:49:30:88:9e:22:e3:46:18:20:68:80:2e:
4b:a0:61:6e:3a:d0:cd:07:7d:7a:80:21:f8:60:ca:
59:28:f3:70:f6:84:31:e9:22:5a:12:44:84:f3:7f:
8c:bf:97:35:a6:1e:d8:38:99:1c:95:59:7f:fd:dd:
49:8d:1b:40:5f:a6:3a:73:13:82:55:e0:fa:7f:c2:
aa:59:b5:0c:5e:7b:b5:6b:10:bb:fc:3b:15:2f:36:
c2:10:87:74:ec:d7:ea:d6:0b:3d:f7:b9:50:3a:36:
aa:1f:bb:1d:7c:0b:12:75:a2:1b:84:e9:7e:e7:f5:
77:f1:58:87:05:fa:68:4d:50:a2:f5:60:fe:67:38:
ac:17:65:13:67:64:8c:d1:a1:81:fc:fe:16:5f:a3:
96:89:9c:fb:a9:29:3b:ee:a2:49:66:f3:9a:6d:47:
0a:07:fa:61:03:c1:5b:ec:a8:f9:96:11:95:b3:83:
38:2c:c2:8e:79:25:c5:df:32:b5:02:af:5b:a4:27:
72:5a:d0:c0:6a:63:67:b1:aa:64:fc:d8:0d:f2:1c:
66:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:6D:A4:8F:92:57:9D:95:28:B5:BE:84:50:EF:2E:BF:4C:48:9B:10
X509v3 Authority Key Identifier:
keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/tm2kj5JXnZUotb6EUO8uv0xImxA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.124.0/22
37.34.88.0/21
46.20.210.0/23
Signature Algorithm: sha256WithRSAEncryption
51:2a:66:b9:a3:61:5f:ee:16:e0:ae:0d:d1:23:ca:e2:e9:4b:
ae:1c:ab:fc:99:c6:6e:ae:fb:65:9c:73:6d:0d:3d:a0:1b:26:
9a:11:38:3f:73:31:a6:bd:d7:0b:5c:69:e1:90:ec:bd:bb:bc:
63:b1:f5:a1:fd:f8:0f:e1:56:1f:d7:46:ea:5d:07:eb:6c:ae:
07:13:8b:dc:82:4b:ee:3c:f4:52:b1:7c:fd:9d:97:66:3f:ae:
20:d0:7a:eb:b1:28:bf:d1:4c:00:23:50:1f:aa:79:19:78:fe:
95:93:e9:4a:d3:2a:0e:5e:13:c0:92:58:e5:f5:5c:c4:ce:21:
82:c2:9f:98:3c:c4:55:04:ea:6a:be:ab:44:83:c0:9f:ae:0d:
b9:3c:5b:1b:45:20:86:6b:8e:4a:6d:8d:c2:14:78:fc:0f:dc:
16:9d:15:eb:83:16:01:09:69:43:ea:2a:39:6f:53:d1:92:cf:
69:a1:20:38:c2:32:7c:58:60:92:a9:e5:ed:34:c4:c3:5e:95:
64:63:3d:b9:e3:7d:58:5b:98:bc:1d:c5:a3:04:66:92:c7:8b:
a1:a2:10:22:ec:35:b5:bb:58:d3:cd:34:0e:44:4e:5b:eb:6a:
dd:48:26:45:9a:b8:3c:b4:9c:7e:22:d1:cd:78:b5:a8:ce:19:
a4:fc:5a:3e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZPOcGdD2KkldN0PQ3gQ6hI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQxMjE2MDc0ODEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjZkYTQ4ZjkyNTc5ZDk1MjhiNWJlODQ1MGVmMmViZjRjNDg5YjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vjF2O3EzDvdevFMZj+8wgZxvEnS
0juRNJ3ElMp2zLDSAXFVq46uUg9HdD/XHVNJMIieIuNGGCBogC5LoGFuOtDNB316
gCH4YMpZKPNw9oQx6SJaEkSE83+Mv5c1ph7YOJkclVl//d1JjRtAX6Y6cxOCVeD6
f8KqWbUMXnu1axC7/DsVLzbCEId07Nfq1gs997lQOjaqH7sdfAsSdaIbhOl+5/V3
8ViHBfpoTVCi9WD+ZzisF2UTZ2SM0aGB/P4WX6OWiZz7qSk77qJJZvOabUcKB/ph
A8Fb7Kj5lhGVs4M4LMKOeSXF3zK1Aq9bpCdyWtDAamNnsapk/NgN8hxmMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLZtpI+SV52VKLW+hFDvLr9MSJsQMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvdG0ya2o1SlhuWlVvdGI2RVVPOHV2MHhJbXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCBWZ8AwQD
JSJYAwQBLhTSMA0GCSqGSIb3DQEBCwUAA4IBAQBRKma5o2Ff7hbgrg3RI8ri6Uuu
HKv8mcZurvtlnHNtDT2gGyaaETg/czGmvdcLXGnhkOy9u7xjsfWh/fgP4VYf10bq
XQfrbK4HE4vcgkvuPPRSsXz9nZdmP64g0HrrsSi/0UwAI1AfqnkZeP6Vk+lK0yoO
XhPAkljl9VzEziGCwp+YPMRVBOpqvqtEg8Cfrg25PFsbRSCGa45KbY3CFHj8D9wW
nRXrgxYBCWlD6io5b1PRks9poSA4wjJ8WGCSqeXtNMTDXpVkYz25431YW5i8HcWj
BGaSx4uhohAi7DW1u1jTzTQORE5b62rdSCZFmrg8tJx+ItHNeLWozhmk/Fo+
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:53:14 2025 by rpki-client