Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/NqDKNL-isTZ-wWyfDswPlCRiVT8.roa
File: NqDKNL-isTZ-wWyfDswPlCRiVT8.roa (raw, json)
Hash identifier: AeyMzF0Rd7T964kWDaQ5vkoNyQF00AxrTLAxW4N9s7k=
Subject key identifier: 36:A0:CA:34:BF:A2:B1:36:7E:C1:6C:9F:0E:CC:0F:94:24:62:55:3F
Certificate issuer: /CN=a52fc60d36e28bb8df145c84acab19cfa53b025a
Certificate serial: 018CCA2B98D18A63997C23076920B960CF42
Authority key identifier: A5:2F:C6:0D:36:E2:8B:B8:DF:14:5C:84:AC:AB:19:CF:A5:3B:02:5A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/NqDKNL-isTZ-wWyfDswPlCRiVT8.roa
Signing time: Tue 02 Jan 2024 12:35:03 +0000
ROA not before: Tue 02 Jan 2024 12:35:03 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1921
IP address blocks: 176.97.158.0/24 maxlen: 24
192.174.68.0/24 maxlen: 24
2001:67c:10b8::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 09:50:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2b:98:d1:8a:63:99:7c:23:07:69:20:b9:60:cf:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a52fc60d36e28bb8df145c84acab19cfa53b025a
Validity
Not Before: Jan 2 12:35:03 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=36a0ca34bfa2b1367ec16c9f0ecc0f942462553f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:de:dd:2a:b9:b0:85:8f:a2:27:5e:ff:40:36:
62:0a:c4:ce:cf:8b:c4:86:3e:78:98:74:c8:f9:d6:
4b:cd:c0:9e:63:9e:3f:bf:38:57:72:0d:40:af:7a:
70:cc:ac:2a:9d:36:3f:17:e1:3e:28:1d:a6:50:dc:
cb:fc:13:de:9c:53:7a:62:6a:45:83:b4:ef:93:77:
26:9c:c4:48:97:40:7f:f0:4c:ca:90:a0:06:1b:a3:
66:bb:41:5f:ae:c8:f1:13:54:64:4a:08:c3:c6:67:
08:ac:24:a6:da:cf:3a:96:35:99:ad:8d:2f:64:62:
36:53:9f:e6:c5:d4:ff:a8:a8:3a:84:b8:59:6d:59:
20:96:49:53:7a:28:d5:6e:19:6a:5e:35:0c:e5:67:
66:bb:7e:b6:59:4e:4a:7f:d8:60:c4:08:1a:1c:2b:
88:e1:e4:da:8c:22:20:52:a5:0c:a3:1c:d7:e1:9a:
59:d5:45:eb:98:61:f7:21:e2:e0:e5:2c:3f:a6:cd:
92:16:86:7e:59:ca:28:3f:62:44:a5:f6:37:2c:3d:
d4:42:58:f1:67:4d:f7:9a:22:f8:c2:8d:5e:a6:e4:
1d:b8:2c:c8:4c:8a:cf:a0:f3:21:09:c9:db:bd:77:
d3:46:54:11:f7:dd:04:42:4e:81:13:07:b4:c4:d1:
f2:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:A0:CA:34:BF:A2:B1:36:7E:C1:6C:9F:0E:CC:0F:94:24:62:55:3F
X509v3 Authority Key Identifier:
keyid:A5:2F:C6:0D:36:E2:8B:B8:DF:14:5C:84:AC:AB:19:CF:A5:3B:02:5A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pS_GDTbii7jfFFyErKsZz6U7Alo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/NqDKNL-isTZ-wWyfDswPlCRiVT8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/f0b960-86d8-4062-a597-9b4a2d5f3a76/1/pS_GDTbii7jfFFyErKsZz6U7Alo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.97.158.0/24
192.174.68.0/24
IPv6:
2001:67c:10b8::/48
Signature Algorithm: sha256WithRSAEncryption
34:3c:f8:1e:19:13:32:28:e2:de:eb:87:8d:0c:89:d3:4b:6f:
42:e3:36:22:e1:7e:bc:47:ae:9a:ef:14:86:ce:2e:58:de:e2:
c2:21:05:cf:5a:3b:97:a8:63:42:48:ec:a3:d8:2f:52:bd:df:
9c:e6:57:e1:4e:e3:24:f5:b6:e5:5c:db:b6:48:aa:9a:84:85:
1e:e6:37:d5:58:68:da:6c:60:e0:26:eb:d0:4b:74:a0:82:b9:
0f:85:ea:30:24:a9:24:0a:18:fd:34:29:19:25:e9:68:47:d9:
c2:b7:d9:ee:24:da:cc:da:3d:41:ae:df:18:9f:55:fc:df:fb:
ce:4a:7c:d5:16:2d:fc:eb:73:57:25:96:4e:94:59:c6:f4:73:
cc:7f:c6:11:d0:6a:65:12:02:1b:13:0b:ba:a3:93:65:67:fe:
0d:73:20:cf:14:f4:9c:5d:89:ad:a4:39:86:95:68:ba:63:8e:
ba:5c:35:cb:bf:5c:ad:9c:c7:b0:9b:68:f2:49:f2:e2:37:b0:
6f:6c:a3:19:5f:5d:01:12:0e:ee:89:c4:ce:d1:65:59:13:89:
b9:00:cf:88:d3:38:b4:ad:47:cd:e7:9e:ef:ed:0a:32:95:cd:
b6:d0:73:a6:4b:be:07:42:cc:3e:be:98:6b:86:17:93:b4:da:
b7:09:a0:53
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzKK5jRimOZfCMHaSC5YM9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MmZjNjBkMzZlMjhiYjhkZjE0NWM4NGFjYWIxOWNmYTUz
YjAyNWEwHhcNMjQwMTAyMTIzNTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmEwY2EzNGJmYTJiMTM2N2VjMTZjOWYwZWNjMGY5NDI0NjI1NTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjt7dKrmwhY+iJ17/QDZiCsTOz4vE
hj54mHTI+dZLzcCeY54/vzhXcg1Ar3pwzKwqnTY/F+E+KB2mUNzL/BPenFN6YmpF
g7Tvk3cmnMRIl0B/8EzKkKAGG6Nmu0FfrsjxE1RkSgjDxmcIrCSm2s86ljWZrY0v
ZGI2U5/mxdT/qKg6hLhZbVkglklTeijVbhlqXjUM5Wdmu362WU5Kf9hgxAgaHCuI
4eTajCIgUqUMoxzX4ZpZ1UXrmGH3IeLg5Sw/ps2SFoZ+WcooP2JEpfY3LD3UQljx
Z033miL4wo1epuQduCzITIrPoPMhCcnbvXfTRlQR990EQk6BEwe0xNHyRQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFDagyjS/orE2fsFsnw7MD5QkYlU/MB8GA1UdIwQY
MBaAFKUvxg024ou43xRchKyrGc+lOwJaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFNfR0RUYmlpN2pmRkZ5RXJLc1p6NlU3QWxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9mMGI5NjAtODZkOC00MDYyLWE1OTct
OWI0YTJkNWYzYTc2LzEvTnFES05MLWlzVFotd1d5ZkRzd1BsQ1JpVlQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9mMGI5NjAtODZkOC00MDYyLWE1OTctOWI0YTJkNWYzYTc2
LzEvcFNfR0RUYmlpN2pmRkZ5RXJLc1p6NlU3QWxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAsGGeAwQA
wK5EMA8EAgACMAkDBwAgAQZ8ELgwDQYJKoZIhvcNAQELBQADggEBADQ8+B4ZEzIo
4t7rh40MidNLb0LjNiLhfrxHrprvFIbOLlje4sIhBc9aO5eoY0JI7KPYL1K935zm
V+FO4yT1tuVc27ZIqpqEhR7mN9VYaNpsYOAm69BLdKCCuQ+F6jAkqSQKGP00KRkl
6WhH2cK32e4k2szaPUGu3xifVfzf+85KfNUWLfzrc1cllk6UWcb0c8x/xhHQamUS
AhsTC7qjk2Vn/g1zIM8U9Jxdia2kOYaVaLpjjrpcNcu/XK2cx7CbaPJJ8uI3sG9s
oxlfXQESDu6JxM7RZVkTibkAz4jTOLStR83nnu/tCjKVzbbQc6ZLvgdCzD6+mGuG
F5O02rcJoFM=
-----END CERTIFICATE-----
Generated at Sat Apr 19 12:20:01 2025 by rpki-client