Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/O4XDYtzvLxpjFnPULFm61wD2Vnk.roa
File: O4XDYtzvLxpjFnPULFm61wD2Vnk.roa (raw, json)
Hash identifier: X4+0CGxhumba5lgs+50RAracc81zEtJkpKBaidCaWBU=
Subject key identifier: 3B:85:C3:62:DC:EF:2F:1A:63:16:73:D4:2C:59:BA:D7:00:F6:56:79
Certificate issuer: /CN=20aa60cb0024332a2db68993f3357158af60c8de
Certificate serial: 0191B2B6FDF445270C28378469C1218985D4
Authority key identifier: 20:AA:60:CB:00:24:33:2A:2D:B6:89:93:F3:35:71:58:AF:60:C8:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/O4XDYtzvLxpjFnPULFm61wD2Vnk.roa
Signing time: Mon 02 Sep 2024 12:30:22 +0000
ROA not before: Mon 02 Sep 2024 12:30:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 14618
IP address blocks: 2a02:3040:43:ff00::/56 maxlen: 56
2a02:3040:4d::/48 maxlen: 48
2a02:3040:4e::/48 maxlen: 48
2a02:3040:4f::/50 maxlen: 50
2a02:3040:4f:8000::/50 maxlen: 50
2a02:3040:4f:c000::/50 maxlen: 50
2a02:3040:50::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 03 Sep 2024 06:24:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:b2:b6:fd:f4:45:27:0c:28:37:84:69:c1:21:89:85:d4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20aa60cb0024332a2db68993f3357158af60c8de
Validity
Not Before: Sep 2 12:30:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3b85c362dcef2f1a631673d42c59bad700f65679
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:9e:53:fb:cd:bf:7a:8a:fc:a4:6e:10:21:0e:
ea:ea:8e:0b:d0:e6:f6:20:03:40:91:03:af:9f:e3:
ee:0a:5a:66:c5:49:d6:fd:27:49:23:e8:d0:99:7a:
6c:e6:ba:ff:a9:56:d3:d5:2a:e6:97:9a:e3:95:74:
f9:8b:f3:e5:c4:f1:30:64:08:ff:12:39:a9:8c:57:
18:1a:40:55:1e:88:2e:d1:28:c7:90:3e:bd:db:e2:
bf:7e:17:3f:89:d5:c2:8b:82:7a:93:de:c6:60:7e:
c1:b3:2d:6c:8f:3f:59:49:fe:ed:f3:fa:54:27:15:
5c:9e:fe:c2:fe:59:b1:3e:45:a5:be:01:5a:c7:c2:
15:82:a7:74:69:16:a9:51:90:21:a7:d0:e5:8e:c2:
e8:e2:7c:91:0f:ba:8e:15:11:0c:27:5a:fc:4a:27:
04:60:c2:0d:f4:fc:b8:36:94:03:83:b7:c1:6d:02:
c7:39:4e:5e:06:43:23:e6:33:ab:36:c4:57:25:39:
a4:ef:88:7f:47:fa:95:22:1b:aa:ec:a0:e2:bf:b8:
3a:3d:ca:60:85:13:c0:77:9a:90:6d:4d:70:9e:92:
84:16:63:ac:6d:b2:ee:85:35:8c:44:d4:00:32:2c:
a5:15:da:d4:88:a8:20:66:6a:21:f3:ee:48:75:a9:
e0:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:85:C3:62:DC:EF:2F:1A:63:16:73:D4:2C:59:BA:D7:00:F6:56:79
X509v3 Authority Key Identifier:
keyid:20:AA:60:CB:00:24:33:2A:2D:B6:89:93:F3:35:71:58:AF:60:C8:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IKpgywAkMyottomT8zVxWK9gyN4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/O4XDYtzvLxpjFnPULFm61wD2Vnk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/352431-e694-4412-a766-73f7d110b82a/1/IKpgywAkMyottomT8zVxWK9gyN4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a02:3040:43:ff00::/56
2a02:3040:4d::-2a02:3040:4f:3fff:ffff:ffff:ffff:ffff
2a02:3040:4f:8000::-2a02:3040:50:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
b3:91:5e:bb:c5:02:c8:ca:0a:fb:17:3a:60:5a:2f:45:cd:a0:
e3:21:a6:96:a9:e6:9e:30:06:38:33:10:df:79:1a:1f:da:6c:
45:0f:6d:07:25:4f:2e:ff:94:b8:05:83:9a:70:9a:2f:0f:00:
94:64:c3:df:94:61:ec:74:5a:a5:ba:37:66:c1:df:03:be:49:
8e:8a:6e:d4:06:ac:1e:20:34:f5:13:e8:14:1e:98:54:dd:eb:
2e:29:23:32:09:8e:59:82:2a:03:7b:9e:f2:69:3d:0f:6b:75:
5b:14:2b:8e:f1:06:96:27:6d:20:72:38:9b:c1:c7:2f:09:c7:
67:8f:6b:41:2a:b3:17:d8:d0:ee:c8:5e:0b:71:57:40:66:71:
39:ee:dd:51:32:3e:8f:a4:58:d0:5c:0a:6a:96:36:0b:e9:fe:
95:45:74:85:0d:c3:f1:f4:35:49:5f:42:93:29:3b:78:8e:75:
f8:9a:d8:05:db:45:c2:15:72:0c:31:ba:c7:da:e0:a5:d2:30:
aa:64:bf:b4:b9:f2:21:99:7d:d2:d7:0a:be:8f:5b:95:77:08:
5d:78:63:09:a1:7d:11:ef:32:cc:fa:48:59:46:00:6e:c0:99:
71:3f:17:05:a0:89:b1:ab:d4:42:45:83:7b:89:7e:7b:00:d4:
d4:ef:b3:cc
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZGytv30RScMKDeEacEhiYXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYWE2MGNiMDAyNDMzMmEyZGI2ODk5M2YzMzU3MTU4YWY2
MGM4ZGUwHhcNMjQwOTAyMTIzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg1YzM2MmRjZWYyZjFhNjMxNjczZDQyYzU5YmFkNzAwZjY1Njc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJ5T+82/eor8pG4QIQ7q6o4L0Ob2
IANAkQOvn+PuClpmxUnW/SdJI+jQmXps5rr/qVbT1Srml5rjlXT5i/PlxPEwZAj/
EjmpjFcYGkBVHogu0SjHkD692+K/fhc/idXCi4J6k97GYH7Bsy1sjz9ZSf7t8/pU
JxVcnv7C/lmxPkWlvgFax8IVgqd0aRapUZAhp9DljsLo4nyRD7qOFREMJ1r8SicE
YMIN9Py4NpQDg7fBbQLHOU5eBkMj5jOrNsRXJTmk74h/R/qVIhuq7KDiv7g6Pcpg
hRPAd5qQbU1wnpKEFmOsbbLuhTWMRNQAMiylFdrUiKggZmoh8+5IdangHQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFDuFw2Lc7y8aYxZz1CxZutcA9lZ5MB8GA1UdIwQY
MBaAFCCqYMsAJDMqLbaJk/M1cVivYMjeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUtwZ3l3QWtNeW90dG9tVDh6VnhXSzlneU40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi8zNTI0MzEtZTY5NC00NDEyLWE3NjYt
NzNmN2QxMTBiODJhLzEvTzRYRFl0enZMeHBqRm5QVUxGbTYxd0QyVm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi8zNTI0MzEtZTY5NC00NDEyLWE3NjYtNzNmN2QxMTBiODJh
LzEvSUtwZ3l3QWtNeW90dG9tVDh6VnhXSzlneU40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDA6BAIAAjA0AwgAKgIwQABD
/zATAwcAKgIwQABNAwgGKgIwQABPADATAwgHKgIwQABPgAMHACoCMEAAUDANBgkq
hkiG9w0BAQsFAAOCAQEAs5Feu8UCyMoK+xc6YFovRc2g4yGmlqnmnjAGODMQ33ka
H9psRQ9tByVPLv+UuAWDmnCaLw8AlGTD35Rh7HRapbo3ZsHfA75Jjopu1AasHiA0
9RPoFB6YVN3rLikjMgmOWYIqA3ue8mk9D2t1WxQrjvEGlidtIHI4m8HHLwnHZ49r
QSqzF9jQ7sheC3FXQGZxOe7dUTI+j6RY0FwKapY2C+n+lUV0hQ3D8fQ1SV9Ckyk7
eI51+JrYBdtFwhVyDDG6x9rgpdIwqmS/tLnyIZl90tcKvo9blXcIXXhjCaF9Ee8y
zPpIWUYAbsCZcT8XBaCJsavUQkWDe4l+ewDU1O+zzA==
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:26:40 2025 by rpki-client