Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/KfOnbA-lMSA7WMZ4PX91iW3QKNs.roa
File: KfOnbA-lMSA7WMZ4PX91iW3QKNs.roa (raw, json)
Hash identifier: lEyTZhmixSANZjAmZ7tgduu3oBYnI+CfEDyYUvTvW30=
Subject key identifier: 29:F3:A7:6C:0F:A5:31:20:3B:58:C6:78:3D:7F:75:89:6D:D0:28:DB
Certificate issuer: /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial: 0194A2AC46D8A9B897B3EEB7BA3F90A13C72
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/KfOnbA-lMSA7WMZ4PX91iW3QKNs.roa
Signing time: Sun 26 Jan 2025 12:53:06 +0000
ROA not before: Sun 26 Jan 2025 12:53:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 137897
IP address blocks: 213.18.196.0/22 maxlen: 22
Validation: Failed, certificate revoked on Wed 12 Feb 2025 11:52:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:a2:ac:46:d8:a9:b8:97:b3:ee:b7:ba:3f:90:a1:3c:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Validity
Not Before: Jan 26 12:53:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=29f3a76c0fa531203b58c6783d7f75896dd028db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:b4:1f:d2:49:fa:b5:7c:94:70:27:4d:4f:89:
b3:17:cf:6b:92:26:aa:6f:53:4c:64:f0:72:5d:db:
0a:1b:6d:7e:27:a5:0f:04:7b:6d:1a:fd:22:2f:cd:
9b:1a:89:32:46:0e:bb:31:9d:1f:c1:fc:49:c0:e7:
24:90:84:53:55:72:bc:bd:e0:21:b8:ac:c2:a8:33:
c2:c7:94:67:9e:96:2b:98:38:51:1c:3f:13:bc:56:
19:c9:f3:f7:12:85:aa:73:11:e0:b8:37:06:2c:b3:
97:06:12:52:9b:d0:cd:ac:f6:93:79:97:eb:25:ad:
2c:d0:3c:1d:4e:d5:0d:3f:25:d7:6e:2e:25:ce:c3:
83:61:c7:d6:29:09:45:70:ac:33:04:d7:f2:3e:0a:
13:b5:cc:ba:41:81:7b:9b:48:b5:68:31:90:e3:45:
ce:6e:1d:fa:da:30:11:b9:76:b2:c5:ec:80:95:bd:
ee:b0:35:d6:f7:4e:cc:c2:c9:9a:8a:1b:8d:8f:99:
7d:7f:1d:df:ae:dd:3d:91:d2:6c:bf:29:ac:b1:50:
65:ef:3e:30:08:45:43:33:71:ea:a3:96:7f:57:73:
d3:81:04:76:54:f8:ac:e6:a0:4b:e6:fa:3e:c5:ac:
ae:a0:24:5e:82:5d:02:64:0b:45:c9:55:15:7d:a5:
04:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:F3:A7:6C:0F:A5:31:20:3B:58:C6:78:3D:7F:75:89:6D:D0:28:DB
X509v3 Authority Key Identifier:
keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/KfOnbA-lMSA7WMZ4PX91iW3QKNs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.18.196.0/22
Signature Algorithm: sha256WithRSAEncryption
32:04:27:4c:f7:c8:c9:b1:43:32:0b:4a:db:2e:42:f4:84:a9:
57:e4:ff:a9:17:e3:c8:53:51:a6:52:97:a5:a4:8e:64:d2:9f:
8c:2e:05:cd:84:e4:56:ea:c5:f2:a6:a1:e2:da:3c:2f:49:17:
6f:e3:4d:16:07:cf:dd:4b:95:8e:5f:66:f6:e2:28:4b:94:1d:
af:86:a8:70:bd:02:9a:2a:7c:6a:55:d6:e0:ac:ba:e3:05:36:
ac:cc:82:2c:49:ae:9c:89:0e:16:37:a1:de:13:5a:a3:e3:c1:
e4:58:84:b7:e6:ca:03:7f:9d:c9:f9:34:68:0b:bf:07:e1:64:
e1:f9:2c:20:4d:0d:91:e7:bf:47:33:f0:37:e5:1d:61:4f:c0:
3b:0f:5b:e5:58:8c:55:fa:92:6c:f0:92:bf:bc:d1:01:5c:1e:
03:99:80:39:3d:b8:fb:c0:8e:38:2f:fd:a5:d1:4a:d2:79:b7:
2c:53:b3:b8:8e:5e:32:e6:f9:33:f6:6b:d2:15:8e:ed:aa:d4:
29:46:cf:d4:db:a5:c6:e6:6e:ad:1a:dd:a5:c6:ff:d6:e8:38:
de:64:9e:a3:ee:6d:45:aa:b5:e9:45:c1:9c:a9:db:f4:9c:dd:
b2:e4:0d:b1:5f:5b:e6:b9:35:16:01:20:92:b7:a4:f0:0b:7b:
b5:98:ea:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSirEbYqbiXs+63uj+QoTxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMTI2MTI1MzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWYzYTc2YzBmYTUzMTIwM2I1OGM2NzgzZDdmNzU4OTZkZDAyOGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7Qf0kn6tXyUcCdNT4mzF89rkiaq
b1NMZPByXdsKG21+J6UPBHttGv0iL82bGokyRg67MZ0fwfxJwOckkIRTVXK8veAh
uKzCqDPCx5RnnpYrmDhRHD8TvFYZyfP3EoWqcxHguDcGLLOXBhJSm9DNrPaTeZfr
Ja0s0DwdTtUNPyXXbi4lzsODYcfWKQlFcKwzBNfyPgoTtcy6QYF7m0i1aDGQ40XO
bh362jARuXayxeyAlb3usDXW907MwsmaihuNj5l9fx3frt09kdJsvymssVBl7z4w
CEVDM3Hqo5Z/V3PTgQR2VPis5qBL5vo+xayuoCRegl0CZAtFyVUVfaUEyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCnzp2wPpTEgO1jGeD1/dYlt0CjbMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvS2ZPbmJBLWxNU0E3V01aNFBYOTFpVzNRS05zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1RLEMA0G
CSqGSIb3DQEBCwUAA4IBAQAyBCdM98jJsUMyC0rbLkL0hKlX5P+pF+PIU1GmUpel
pI5k0p+MLgXNhORW6sXypqHi2jwvSRdv400WB8/dS5WOX2b24ihLlB2vhqhwvQKa
KnxqVdbgrLrjBTaszIIsSa6ciQ4WN6HeE1qj48HkWIS35soDf53J+TRoC78H4WTh
+SwgTQ2R579HM/A35R1hT8A7D1vlWIxV+pJs8JK/vNEBXB4DmYA5Pbj7wI44L/2l
0UrSebcsU7O4jl4y5vkz9mvSFY7tqtQpRs/U26XG5m6tGt2lxv/W6DjeZJ6j7m1F
qrXpRcGcqdv0nN2y5A2xX1vmuTUWASCSt6TwC3u1mOqo
-----END CERTIFICATE-----
Generated at Sat Apr 5 10:54:34 2025 by rpki-client