Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/fe276f-946a-446b-8453-170eb1c9fec8/1/dFxUltnquX2999BasDEAwhHFZ4c.roa
File: dFxUltnquX2999BasDEAwhHFZ4c.roa (raw, json)
Hash identifier: MGm1v+/ibTErPHjTBSZKeEum8DdHBTPAZqGOa7LeItI=
Subject key identifier: 74:5C:54:96:D9:EA:B9:7D:BD:F7:D0:5A:B0:31:00:C2:11:C5:67:87
Certificate issuer: /CN=b4a5be3307120e65e3c4165c9c8e748c1c12a7a2
Certificate serial: 018E0963859B411036546126CBF0C1A6BA89
Authority key identifier: B4:A5:BE:33:07:12:0E:65:E3:C4:16:5C:9C:8E:74:8C:1C:12:A7:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tKW-MwcSDmXjxBZcnI50jBwSp6I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/fe276f-946a-446b-8453-170eb1c9fec8/1/dFxUltnquX2999BasDEAwhHFZ4c.roa
Signing time: Mon 04 Mar 2024 12:15:00 +0000
ROA not before: Mon 04 Mar 2024 12:15:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49115
IP address blocks: 185.70.0.0/22 maxlen: 22
188.120.0.0/19 maxlen: 19
2a03:2760::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 01 Jan 2025 09:48:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:09:63:85:9b:41:10:36:54:61:26:cb:f0:c1:a6:ba:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4a5be3307120e65e3c4165c9c8e748c1c12a7a2
Validity
Not Before: Mar 4 12:15:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=745c5496d9eab97dbdf7d05ab03100c211c56787
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:2e:f4:6c:44:34:1c:29:3b:f3:e1:e2:c7:3b:
fd:8d:bd:74:49:11:a0:c1:2d:b6:84:ca:41:ff:3f:
81:0a:ac:b2:71:77:e6:3b:46:77:08:4d:61:4a:af:
e1:0b:98:17:59:f0:ea:bf:1c:83:93:70:3f:27:8e:
f0:44:23:b5:e1:6d:79:4a:cb:b2:5e:17:5c:3b:be:
d3:16:4d:99:41:0f:ea:a3:60:1f:a5:80:18:fc:35:
d9:1d:0c:c1:44:80:6d:54:22:01:56:2b:4f:eb:85:
25:8f:ba:b9:7f:42:49:5c:48:1a:2b:43:ac:6f:06:
24:0d:c9:90:9d:a8:fe:0c:8c:f2:25:ce:1c:c7:9b:
c0:aa:21:dd:b4:b0:1b:5c:26:4f:ad:5c:67:9b:d4:
c9:90:0b:e9:5f:e5:5f:a5:91:62:ab:c2:b0:b1:a8:
4a:93:30:22:5a:e6:7c:61:09:22:13:33:bc:2a:58:
75:f8:8b:1a:e6:7e:db:40:e8:a7:9a:15:51:a6:d0:
e7:e2:8d:d2:bb:ac:23:c4:74:83:39:40:2a:4f:13:
d3:19:09:fa:bc:6c:3a:95:41:e1:ff:e2:ab:ed:db:
1c:fc:9d:2b:53:64:c9:97:e9:2d:3d:cf:da:b2:2c:
82:88:1e:f9:4f:23:43:4f:89:96:ce:02:b8:63:ad:
a1:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:5C:54:96:D9:EA:B9:7D:BD:F7:D0:5A:B0:31:00:C2:11:C5:67:87
X509v3 Authority Key Identifier:
keyid:B4:A5:BE:33:07:12:0E:65:E3:C4:16:5C:9C:8E:74:8C:1C:12:A7:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tKW-MwcSDmXjxBZcnI50jBwSp6I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/fe276f-946a-446b-8453-170eb1c9fec8/1/dFxUltnquX2999BasDEAwhHFZ4c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/fe276f-946a-446b-8453-170eb1c9fec8/1/tKW-MwcSDmXjxBZcnI50jBwSp6I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.70.0.0/22
188.120.0.0/19
IPv6:
2a03:2760::/32
Signature Algorithm: sha256WithRSAEncryption
53:47:f6:ac:6c:0d:69:9d:37:08:dc:da:bf:31:94:79:13:5b:
d5:04:16:9a:bf:b7:de:e9:03:72:a4:b4:f5:b7:c5:c1:05:e0:
b8:2e:f3:64:4a:35:08:5f:2b:fd:d6:28:b4:91:70:38:a6:a8:
b4:01:44:ed:83:5a:53:b4:5c:cf:10:c1:ee:26:c6:a0:ae:61:
f5:2b:18:57:3a:5b:4f:84:e4:a1:5a:6e:87:35:f8:75:f0:e8:
70:f4:98:2b:9c:d6:d4:24:1d:84:ff:5c:bb:c9:d3:61:90:ac:
45:d3:88:b0:1e:0e:fd:9a:6a:fe:58:a8:3b:bd:4b:a8:d3:48:
f0:cf:06:66:94:7b:5c:92:70:73:e7:4a:73:aa:af:af:1b:e2:
18:d9:7a:44:08:3b:ad:7b:5f:c0:44:52:86:2e:78:14:d9:12:
9e:fb:86:f5:0f:f4:d2:10:a8:fc:d7:77:27:e5:54:d1:ff:fa:
4b:d2:53:92:79:4c:2a:9f:6b:3a:0f:a9:28:2d:eb:fb:03:3b:
0e:a6:aa:a7:3d:73:f2:76:fc:99:ff:b0:02:9e:e8:fa:df:a7:
b5:2a:cf:f4:7a:80:f8:4b:09:50:d0:1a:c3:92:a0:d2:ea:f1:
87:c1:de:9d:5b:e7:7c:4f:db:f2:9f:2a:18:9d:b0:4d:0a:84:
26:d3:b3:2e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY4JY4WbQRA2VGEmy/DBprqJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YTViZTMzMDcxMjBlNjVlM2M0MTY1YzljOGU3NDhjMWMx
MmE3YTIwHhcNMjQwMzA0MTIxNTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDVjNTQ5NmQ5ZWFiOTdkYmRmN2QwNWFiMDMxMDBjMjExYzU2Nzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S70bEQ0HCk78+Hixzv9jb10SRGg
wS22hMpB/z+BCqyycXfmO0Z3CE1hSq/hC5gXWfDqvxyDk3A/J47wRCO14W15Ssuy
XhdcO77TFk2ZQQ/qo2AfpYAY/DXZHQzBRIBtVCIBVitP64Ulj7q5f0JJXEgaK0Os
bwYkDcmQnaj+DIzyJc4cx5vAqiHdtLAbXCZPrVxnm9TJkAvpX+VfpZFiq8KwsahK
kzAiWuZ8YQkiEzO8Klh1+Isa5n7bQOinmhVRptDn4o3Su6wjxHSDOUAqTxPTGQn6
vGw6lUHh/+Kr7dsc/J0rU2TJl+ktPc/asiyCiB75TyNDT4mWzgK4Y62hxQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHRcVJbZ6rl9vffQWrAxAMIRxWeHMB8GA1UdIwQY
MBaAFLSlvjMHEg5l48QWXJyOdIwcEqeiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEtXLU13Y1NEbVhqeEJaY25JNTBqQndTcDZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9mZTI3NmYtOTQ2YS00NDZiLTg0NTMt
MTcwZWIxYzlmZWM4LzEvZEZ4VWx0bnF1WDI5OTlCYXNERUF3aEhGWjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9mZTI3NmYtOTQ2YS00NDZiLTg0NTMtMTcwZWIxYzlmZWM4
LzEvdEtXLU13Y1NEbVhqeEJaY25JNTBqQndTcDZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuUYAAwQF
vHgAMA0EAgACMAcDBQAqAydgMA0GCSqGSIb3DQEBCwUAA4IBAQBTR/asbA1pnTcI
3Nq/MZR5E1vVBBaav7fe6QNypLT1t8XBBeC4LvNkSjUIXyv91ii0kXA4pqi0AUTt
g1pTtFzPEMHuJsagrmH1KxhXOltPhOShWm6HNfh18Ohw9JgrnNbUJB2E/1y7ydNh
kKxF04iwHg79mmr+WKg7vUuo00jwzwZmlHtcknBz50pzqq+vG+IY2XpECDute1/A
RFKGLngU2RKe+4b1D/TSEKj813cn5VTR//pL0lOSeUwqn2s6D6koLev7AzsOpqqn
PXPydvyZ/7ACnuj636e1Ks/0eoD4SwlQ0BrDkqDS6vGHwd6dW+d8T9vynyoYnbBN
CoQm07Mu
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:25:51 2025 by rpki-client