Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/kfPw2eusArzCtxr1W5dxBoVY7JI.roa
File: kfPw2eusArzCtxr1W5dxBoVY7JI.roa (raw, json)
Hash identifier: jPuQPHUK3UdMP4IFnWuD6IDkJOZZ56LZGNzdUIfjkh8=
Subject key identifier: 91:F3:F0:D9:EB:AC:02:BC:C2:B7:1A:F5:5B:97:71:06:85:58:EC:92
Certificate issuer: /CN=a34f365e78064b58c44d48cfb39291d3fb1d9e10
Certificate serial: 019421B22213DB0E06985AC0F7475599F859
Authority key identifier: A3:4F:36:5E:78:06:4B:58:C4:4D:48:CF:B3:92:91:D3:FB:1D:9E:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/o082XngGS1jETUjPs5KR0_sdnhA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/kfPw2eusArzCtxr1W5dxBoVY7JI.roa
Signing time: Wed 01 Jan 2025 11:48:29 +0000
ROA not before: Wed 01 Jan 2025 11:48:29 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20694
IP address blocks: 185.166.200.0/22 maxlen: 22
188.94.24.0/21 maxlen: 21
217.114.64.0/20 maxlen: 20
2a01:688::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 08 Jan 2025 12:24:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b2:22:13:db:0e:06:98:5a:c0:f7:47:55:99:f8:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a34f365e78064b58c44d48cfb39291d3fb1d9e10
Validity
Not Before: Jan 1 11:48:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=91f3f0d9ebac02bcc2b71af55b9771068558ec92
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:b6:bd:cd:96:56:34:08:43:c9:97:a1:53:98:
5d:38:d5:b4:cb:3f:da:57:38:fd:99:f2:97:a2:aa:
10:78:03:a3:37:1b:f6:e8:4b:96:7a:44:0b:80:9d:
22:4c:86:ca:82:5c:4b:fc:55:f8:d9:fa:d4:ab:c9:
c2:a9:c0:1c:8d:fb:b0:4e:45:f4:18:3b:2c:c9:50:
c2:d6:63:91:02:bb:c3:95:e3:42:21:b9:e2:39:a3:
bd:f4:37:f4:d0:d0:e0:94:33:91:cc:06:75:2b:c4:
0c:ec:dc:fc:e3:44:59:17:06:d0:7f:80:45:9c:89:
a5:87:2b:88:d2:4e:d5:db:9c:22:3e:ad:9a:b1:55:
cc:f4:d8:46:4c:cf:c2:a2:ed:33:07:df:37:5c:7c:
78:7f:22:af:99:fb:c4:e7:ca:52:f4:0d:0b:69:05:
85:81:54:64:92:75:0c:c6:81:d0:05:04:d9:94:1a:
0d:72:39:07:7b:5f:91:cb:11:de:73:14:a8:cb:89:
39:85:46:96:b0:b3:2e:e6:7d:34:ab:d9:b8:5f:6b:
81:cd:9e:32:75:da:19:33:b0:08:23:22:78:ad:e8:
0d:99:fc:53:98:e5:b6:9f:17:c2:b9:19:bd:92:87:
b7:0f:b8:bb:e7:1a:1c:88:30:5f:08:ee:c8:a5:c6:
48:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:F3:F0:D9:EB:AC:02:BC:C2:B7:1A:F5:5B:97:71:06:85:58:EC:92
X509v3 Authority Key Identifier:
keyid:A3:4F:36:5E:78:06:4B:58:C4:4D:48:CF:B3:92:91:D3:FB:1D:9E:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o082XngGS1jETUjPs5KR0_sdnhA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/kfPw2eusArzCtxr1W5dxBoVY7JI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/84/3ee7c5-1264-47e9-8a12-041b78ada215/1/o082XngGS1jETUjPs5KR0_sdnhA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.166.200.0/22
188.94.24.0/21
217.114.64.0/20
IPv6:
2a01:688::/32
Signature Algorithm: sha256WithRSAEncryption
1f:66:99:39:b8:cb:1c:d9:7b:94:29:b6:82:bf:0d:dd:2b:3b:
3d:61:d4:2e:7d:41:98:2a:31:95:0e:51:0e:f0:11:7f:c8:5d:
82:04:57:90:34:30:14:13:ac:ec:40:1d:b9:ad:d8:11:d0:d8:
2d:ca:ca:4d:68:dc:a3:52:af:88:ee:03:14:7b:6f:e8:fe:27:
58:a6:68:75:86:bb:b6:78:dc:aa:b1:c1:13:c8:4a:c6:ac:a9:
dd:51:be:6f:e7:fa:a8:33:7b:4f:85:f9:89:c5:31:dd:b6:67:
35:68:bc:1c:34:e3:9b:40:21:c5:1e:9d:4f:fb:a0:39:8d:6e:
b9:c6:00:6a:b9:f0:23:42:76:ca:8b:85:28:bb:53:93:7c:e5:
d7:a9:43:43:c8:32:a9:4d:73:fb:fa:c2:72:55:61:c8:ae:9b:
78:0b:06:16:7e:c4:d0:a5:f4:3c:c7:fd:cc:2c:00:c6:a4:10:
23:a2:c7:de:d3:f7:1d:fb:53:c1:a1:14:0a:85:49:63:47:44:
e1:cb:e0:8d:0c:b7:08:7f:bf:75:db:6e:fd:ed:e3:dc:f3:4c:
97:fa:64:6a:a0:df:64:cd:60:80:d3:02:52:36:10:12:fa:6f:
66:89:ab:27:06:cf:1b:b3:4d:bb:46:f0:2e:68:43:05:6c:b3:
38:ea:c7:99
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAZQhsiIT2w4GmFrA90dVmfhZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNGYzNjVlNzgwNjRiNThjNDRkNDhjZmIzOTI5MWQzZmIx
ZDllMTAwHhcNMjUwMTAxMTE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWYzZjBkOWViYWMwMmJjYzJiNzFhZjU1Yjk3NzEwNjg1NThlYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApra9zZZWNAhDyZehU5hdONW0yz/a
Vzj9mfKXoqoQeAOjNxv26EuWekQLgJ0iTIbKglxL/FX42frUq8nCqcAcjfuwTkX0
GDssyVDC1mORArvDleNCIbniOaO99Df00NDglDORzAZ1K8QM7Nz840RZFwbQf4BF
nImlhyuI0k7V25wiPq2asVXM9NhGTM/Cou0zB983XHx4fyKvmfvE58pS9A0LaQWF
gVRkknUMxoHQBQTZlBoNcjkHe1+RyxHecxSoy4k5hUaWsLMu5n00q9m4X2uBzZ4y
ddoZM7AIIyJ4regNmfxTmOW2nxfCuRm9koe3D7i75xociDBfCO7IpcZIdwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJHz8NnrrAK8wrca9VuXcQaFWOySMB8GA1UdIwQY
MBaAFKNPNl54BktYxE1Iz7OSkdP7HZ4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzA4MlhuZ0dTMWpFVFVqUHM1S1IwX3NkbmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8zZWU3YzUtMTI2NC00N2U5LThhMTIt
MDQxYjc4YWRhMjE1LzEva2ZQdzJldXNBcnpDdHhyMVc1ZHhCb1ZZN0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8zZWU3YzUtMTI2NC00N2U5LThhMTItMDQxYjc4YWRhMjE1
LzEvbzA4MlhuZ0dTMWpFVFVqUHM1S1IwX3NkbmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCuabIAwQD
vF4YAwQE2XJAMA0EAgACMAcDBQAqAQaIMA0GCSqGSIb3DQEBCwUAA4IBAQAfZpk5
uMsc2XuUKbaCvw3dKzs9YdQufUGYKjGVDlEO8BF/yF2CBFeQNDAUE6zsQB25rdgR
0NgtyspNaNyjUq+I7gMUe2/o/idYpmh1hru2eNyqscETyErGrKndUb5v5/qoM3tP
hfmJxTHdtmc1aLwcNOObQCHFHp1P+6A5jW65xgBqufAjQnbKi4Uou1OTfOXXqUND
yDKpTXP7+sJyVWHIrpt4CwYWfsTQpfQ8x/3MLADGpBAjosfe0/cd+1PBoRQKhUlj
R0Thy+CNDLcIf79122797ePc80yX+mRqoN9kzWCA0wJSNhAS+m9miasnBs8bs027
RvAuaEMFbLM46seZ
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:03:32 2025 by rpki-client