Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/OkbZgJPCQxDb1--q3xGN1sqR_6I.roa
File: OkbZgJPCQxDb1--q3xGN1sqR_6I.roa (raw, json)
Hash identifier: XAiMwPx1+3DCVEVY7fNY1GbfTBaB8krEAYwY92F1OOY=
Subject key identifier: 3A:46:D9:80:93:C2:43:10:DB:D7:EF:AA:DF:11:8D:D6:CA:91:FF:A2
Certificate issuer: /CN=71601c0b8b13cc121017f6d25117ac1fd0664344
Certificate serial: 01938D4AC82DB3BC8359E238B7F76C01B335
Authority key identifier: 71:60:1C:0B:8B:13:CC:12:10:17:F6:D2:51:17:AC:1F:D0:66:43:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cWAcC4sTzBIQF_bSUResH9BmQ0Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/OkbZgJPCQxDb1--q3xGN1sqR_6I.roa
Signing time: Tue 03 Dec 2024 16:11:48 +0000
ROA not before: Tue 03 Dec 2024 16:11:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49540
IP address blocks: 37.114.64.0/21 maxlen: 21
78.152.128.0/19 maxlen: 19
185.147.228.0/22 maxlen: 22
2a00:b180::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 01 Jan 2025 13:48:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:8d:4a:c8:2d:b3:bc:83:59:e2:38:b7:f7:6c:01:b3:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=71601c0b8b13cc121017f6d25117ac1fd0664344
Validity
Not Before: Dec 3 16:11:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3a46d98093c24310dbd7efaadf118dd6ca91ffa2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:7c:4f:4d:b0:f5:50:f3:a9:4c:4e:94:ee:1e:
67:ba:f1:77:82:ef:9c:1b:09:96:c1:c4:ec:3b:84:
64:40:50:64:2a:89:cb:6d:88:e1:71:44:18:70:08:
f7:0b:96:35:2b:60:7e:78:8c:25:d6:05:30:5a:2f:
0e:7e:17:42:c9:c8:23:78:b9:53:2a:6c:2c:87:8d:
51:47:02:15:00:74:40:1e:eb:89:13:56:b6:43:df:
92:4a:ef:85:02:3e:c4:70:c2:50:6b:57:76:d9:89:
db:f6:f3:46:8c:83:5e:c2:d0:09:a3:ab:4c:77:84:
c0:f8:e0:74:9f:73:96:f4:4b:fc:36:b1:e9:52:1a:
6f:9e:46:9d:5e:e1:b6:33:ea:20:7a:28:60:ce:ce:
c8:72:fc:c3:1d:09:1a:d8:9a:05:54:f9:70:f6:fb:
03:1b:9d:22:74:f3:76:f0:73:8a:07:67:2f:51:89:
21:b3:d9:7f:c0:5b:f8:87:07:e4:75:04:e0:7d:1e:
c9:13:1b:98:d5:89:72:60:ee:5e:5b:58:b4:a0:9e:
00:9f:1e:cb:7c:35:e5:c0:0d:a5:7b:72:4f:b5:8d:
b9:d6:79:0e:2f:c1:55:65:a1:7e:f5:c5:17:b8:ee:
17:18:c9:c9:73:23:4f:81:f9:87:28:97:d6:1d:4d:
eb:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:46:D9:80:93:C2:43:10:DB:D7:EF:AA:DF:11:8D:D6:CA:91:FF:A2
X509v3 Authority Key Identifier:
keyid:71:60:1C:0B:8B:13:CC:12:10:17:F6:D2:51:17:AC:1F:D0:66:43:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cWAcC4sTzBIQF_bSUResH9BmQ0Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/OkbZgJPCQxDb1--q3xGN1sqR_6I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/d5a49a-4f1a-4961-9c1f-76b0325c3b07/1/cWAcC4sTzBIQF_bSUResH9BmQ0Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.114.64.0/21
78.152.128.0/19
185.147.228.0/22
IPv6:
2a00:b180::/32
Signature Algorithm: sha256WithRSAEncryption
7d:0d:95:e6:e8:57:35:1c:2b:dc:9c:d9:3d:36:7a:83:c2:30:
3f:34:0a:da:b7:53:7e:ba:db:e3:f3:55:60:02:05:64:8b:7f:
e1:7d:d0:9c:7f:e5:29:6e:2a:5e:f9:c1:77:4f:72:3a:f5:54:
01:9a:64:d8:2b:89:49:0e:00:0d:c8:0a:5a:21:c7:b5:6c:62:
24:8b:28:ed:5b:77:8c:e2:80:d0:36:04:db:ca:f9:cf:89:12:
f2:f4:3f:6f:d0:a5:77:f3:32:80:9f:36:1c:1a:06:f7:6c:1d:
21:65:3d:fb:96:df:dd:54:77:85:f4:db:71:df:e5:1f:55:5a:
4d:91:5c:1f:b1:08:44:d8:e0:61:c3:0d:b0:37:f8:93:17:4f:
78:47:b0:45:27:7a:b7:ed:e7:c5:80:eb:32:0c:0a:f6:6f:b9:
8b:c7:79:d8:3f:09:86:46:8c:39:d0:df:73:7f:54:7e:c2:29:
f9:68:7f:9c:41:03:3c:17:9f:a4:c1:f8:03:7f:64:c2:34:6c:
42:26:0f:12:b3:5d:f6:28:a1:b2:07:44:14:05:4a:42:d5:19:
b7:79:39:d8:3d:a5:f8:51:9a:bf:de:33:ac:7d:d9:1a:49:1f:
bb:c9:3d:a3:0a:a8:30:21:03:81:d9:37:1a:53:e1:ca:d0:56:
01:81:a1:37
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZONSsgts7yDWeI4t/dsAbM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxNjAxYzBiOGIxM2NjMTIxMDE3ZjZkMjUxMTdhYzFmZDA2
NjQzNDQwHhcNMjQxMjAzMTYxMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQ2ZDk4MDkzYzI0MzEwZGJkN2VmYWFkZjExOGRkNmNhOTFmZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArXxPTbD1UPOpTE6U7h5nuvF3gu+c
GwmWwcTsO4RkQFBkKonLbYjhcUQYcAj3C5Y1K2B+eIwl1gUwWi8OfhdCycgjeLlT
Kmwsh41RRwIVAHRAHuuJE1a2Q9+SSu+FAj7EcMJQa1d22Ynb9vNGjINewtAJo6tM
d4TA+OB0n3OW9Ev8NrHpUhpvnkadXuG2M+ogeihgzs7IcvzDHQka2JoFVPlw9vsD
G50idPN28HOKB2cvUYkhs9l/wFv4hwfkdQTgfR7JExuY1YlyYO5eW1i0oJ4Anx7L
fDXlwA2le3JPtY251nkOL8FVZaF+9cUXuO4XGMnJcyNPgfmHKJfWHU3r1wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFDpG2YCTwkMQ29fvqt8RjdbKkf+iMB8GA1UdIwQY
MBaAFHFgHAuLE8wSEBf20lEXrB/QZkNEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1dBY0M0c1R6QklRRl9iU1VSZXNIOUJtUTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9kNWE0OWEtNGYxYS00OTYxLTljMWYt
NzZiMDMyNWMzYjA3LzEvT2tiWmdKUENReERiMS0tcTN4R04xc3FSXzZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9kNWE0OWEtNGYxYS00OTYxLTljMWYtNzZiMDMyNWMzYjA3
LzEvY1dBY0M0c1R6QklRRl9iU1VSZXNIOUJtUTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDJXJAAwQF
TpiAAwQCuZPkMA0EAgACMAcDBQAqALGAMA0GCSqGSIb3DQEBCwUAA4IBAQB9DZXm
6Fc1HCvcnNk9NnqDwjA/NArat1N+utvj81VgAgVki3/hfdCcf+Upbipe+cF3T3I6
9VQBmmTYK4lJDgANyApaIce1bGIkiyjtW3eM4oDQNgTbyvnPiRLy9D9v0KV38zKA
nzYcGgb3bB0hZT37lt/dVHeF9Ntx3+UfVVpNkVwfsQhE2OBhww2wN/iTF094R7BF
J3q37efFgOsyDAr2b7mLx3nYPwmGRow50N9zf1R+win5aH+cQQM8F5+kwfgDf2TC
NGxCJg8Ss132KKGyB0QUBUpC1Rm3eTnYPaX4UZq/3jOsfdkaSR+7yT2jCqgwIQOB
2TcaU+HK0FYBgaE3
-----END CERTIFICATE-----
Generated at Mon Apr 21 19:19:13 2025 by rpki-client