Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KU-yIco_wtvhajveuedffOH5TY0.roa
File: KU-yIco_wtvhajveuedffOH5TY0.roa (raw, json)
Hash identifier: 909h3ILlTM8HX/mHMtLAzLvU3v8hyVspdHhp/4XZWNs=
Subject key identifier: 29:4F:B2:21:CA:3F:C2:DB:E1:6A:3B:DE:B9:E7:5F:7C:E1:F9:4D:8D
Certificate issuer: /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial: 0195D336AAF5EDA084D0F26D94B0524A91DB
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KU-yIco_wtvhajveuedffOH5TY0.roa
Signing time: Wed 26 Mar 2025 16:08:50 +0000
ROA not before: Wed 26 Mar 2025 16:08:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.10.213.0/24 maxlen: 24
5.10.214.0/24 maxlen: 24
5.10.215.0/24 maxlen: 24
5.10.216.0/24 maxlen: 24
5.10.217.0/24 maxlen: 24
5.10.218.0/24 maxlen: 24
5.10.219.0/24 maxlen: 24
5.10.220.0/24 maxlen: 24
5.10.221.0/24 maxlen: 24
5.10.222.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 26 Mar 2025 18:51:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d3:36:aa:f5:ed:a0:84:d0:f2:6d:94:b0:52:4a:91:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Validity
Not Before: Mar 26 16:08:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=294fb221ca3fc2dbe16a3bdeb9e75f7ce1f94d8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:48:4c:9a:aa:4d:25:ec:04:03:19:fe:fa:7c:
de:64:32:67:d5:ae:b6:b6:ef:80:09:e6:f7:87:eb:
b9:e7:28:69:b4:ad:f0:ff:66:28:76:bb:51:58:04:
77:4d:35:51:9e:09:1d:97:ba:8d:de:b0:af:3a:e4:
b9:bb:7e:d5:1b:26:d1:84:d8:96:33:0f:9d:06:48:
65:4a:e3:e3:a9:ac:a8:1c:5c:be:60:83:fd:32:ed:
2f:68:2a:93:ea:cd:99:18:cc:41:27:4e:3f:cd:70:
07:a6:da:c1:01:87:c4:5f:79:a8:a0:47:a4:db:33:
32:b4:1d:9a:0f:17:b8:30:5a:e9:5b:04:e2:82:f3:
91:51:4f:08:11:de:5b:fc:53:88:09:d9:52:53:84:
08:2f:19:c1:7c:53:2f:81:c5:9e:a4:b4:a0:e0:a8:
87:89:b1:c9:0f:30:78:c6:e9:20:9a:dd:67:62:ae:
70:bb:d0:13:a6:14:ab:c5:fb:14:03:cc:ca:9b:19:
b5:88:a9:61:d3:70:5a:3d:0a:24:8e:a2:e1:33:b6:
77:13:87:0c:4d:9d:7c:47:b6:83:26:2f:8b:1d:fc:
fb:6b:e0:36:89:e1:81:9c:b7:8e:73:6e:c7:45:8c:
9c:da:67:9d:e3:c5:c6:11:74:c5:d0:d4:97:8e:b5:
7b:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:4F:B2:21:CA:3F:C2:DB:E1:6A:3B:DE:B9:E7:5F:7C:E1:F9:4D:8D
X509v3 Authority Key Identifier:
keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KU-yIco_wtvhajveuedffOH5TY0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.10.213.0-5.10.222.255
Signature Algorithm: sha256WithRSAEncryption
50:5c:43:89:a8:3d:21:35:d2:10:f5:68:e4:57:1a:d0:e5:50:
29:53:57:cb:61:bd:8f:b8:6d:11:6c:b1:f1:d2:57:16:4a:a1:
e7:29:ab:11:76:0d:61:f1:a1:55:14:8d:e1:88:2a:88:b0:83:
b2:a0:88:1a:3b:84:81:29:32:29:35:55:d2:3d:ef:94:3c:f1:
c5:aa:a7:7e:73:bb:0d:e2:2a:67:4b:15:53:f3:3f:77:01:2e:
03:15:46:14:69:d2:0d:93:03:f3:67:8c:8a:2f:79:9e:cb:c2:
eb:94:fa:45:5f:9e:49:ae:3e:de:b0:2a:05:26:f1:28:62:2e:
a2:47:70:08:80:6b:27:f0:ae:89:0c:88:ec:b2:fa:9c:2b:a6:
f8:bc:04:ef:79:5a:74:b2:0f:14:ab:61:0c:57:c7:d5:b1:b4:
56:40:6d:31:90:d4:fc:18:27:bb:28:62:d4:da:1a:88:a5:c0:
c3:74:ca:f7:a9:12:1d:c3:0d:51:3e:06:79:e1:06:8b:fb:23:
78:4c:53:0f:91:a1:8a:a1:ed:b7:04:dd:22:f9:e6:2e:fd:05:
14:28:4a:2d:f7:41:33:b9:bd:f1:a5:92:6f:d6:0e:58:61:db:
b3:86:c7:97:44:a4:f8:1f:dd:0d:9a:4f:c8:41:2d:cd:dd:21:
f5:47:52:44
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZXTNqr17aCE0PJtlLBSSpHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwMzI2MTYwODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRmYjIyMWNhM2ZjMmRiZTE2YTNiZGViOWU3NWY3Y2UxZjk0ZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskhMmqpNJewEAxn++nzeZDJn1a62
tu+ACeb3h+u55yhptK3w/2YodrtRWAR3TTVRngkdl7qN3rCvOuS5u37VGybRhNiW
Mw+dBkhlSuPjqayoHFy+YIP9Mu0vaCqT6s2ZGMxBJ04/zXAHptrBAYfEX3mooEek
2zMytB2aDxe4MFrpWwTigvORUU8IEd5b/FOICdlSU4QILxnBfFMvgcWepLSg4KiH
ibHJDzB4xukgmt1nYq5wu9ATphSrxfsUA8zKmxm1iKlh03BaPQokjqLhM7Z3E4cM
TZ18R7aDJi+LHfz7a+A2ieGBnLeOc27HRYyc2med48XGEXTF0NSXjrV7MwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFClPsiHKP8Lb4Wo73rnnX3zh+U2NMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvS1UteUljb193dHZoYWp2ZXVlZGZmT0g1VFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAFCtUD
BAAFCt4wDQYJKoZIhvcNAQELBQADggEBAFBcQ4moPSE10hD1aORXGtDlUClTV8th
vY+4bRFssfHSVxZKoecpqxF2DWHxoVUUjeGIKoiwg7KgiBo7hIEpMik1VdI975Q8
8cWqp35zuw3iKmdLFVPzP3cBLgMVRhRp0g2TA/NnjIoveZ7LwuuU+kVfnkmuPt6w
KgUm8ShiLqJHcAiAayfwrokMiOyy+pwrpvi8BO95WnSyDxSrYQxXx9WxtFZAbTGQ
1PwYJ7soYtTaGoilwMN0yvepEh3DDVE+BnnhBov7I3hMUw+RoYqh7bcE3SL55i79
BRQoSi33QTO5vfGlkm/WDlhh27OGx5dEpPgf3Q2aT8hBLc3dIfVHUkQ=
-----END CERTIFICATE-----
Generated at Wed Apr 16 06:37:41 2025 by rpki-client