Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/IbFo8tN2l8yll4Q2F4B9fDRZpGc.roa
File: IbFo8tN2l8yll4Q2F4B9fDRZpGc.roa (raw, json)
Hash identifier: i1VmgEJjwB6S7uWjzsQG8mU2+0vDQHNxaHZ1DNk/9NE=
Subject key identifier: 21:B1:68:F2:D3:76:97:CC:A5:97:84:36:17:80:7D:7C:34:59:A4:67
Certificate issuer: /CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Certificate serial: 0194EBCDCCE2508945FB3EC68621AAA5226D
Authority key identifier: 31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/IbFo8tN2l8yll4Q2F4B9fDRZpGc.roa
Signing time: Sun 09 Feb 2025 17:42:00 +0000
ROA not before: Sun 09 Feb 2025 17:42:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203963
IP address blocks: 85.153.112.0/24 maxlen: 24
85.153.115.0/24 maxlen: 24
85.153.116.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 18 Feb 2025 12:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:eb:cd:cc:e2:50:89:45:fb:3e:c6:86:21:aa:a5:22:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=31a185d0eb0ca7811c586425de0e960e1cfeb61b
Validity
Not Before: Feb 9 17:42:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=21b168f2d37697cca597843617807d7c3459a467
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:2f:73:ad:47:64:2d:34:fd:de:ae:2f:5e:66:
c8:13:f2:a5:85:2e:fd:72:5a:ce:94:8f:52:e4:de:
09:c0:c7:4e:47:c6:36:f0:df:7f:f3:a9:de:a9:3f:
74:ff:a6:99:4d:48:e3:74:57:18:48:b0:cd:a9:ee:
7d:59:45:4c:0b:29:3b:3b:db:c2:82:10:96:b7:22:
fa:6c:33:4f:1c:9a:a9:65:b7:8c:91:55:cb:b8:49:
77:96:e7:cd:14:d1:90:ef:d7:8e:0d:a7:8f:76:a4:
3f:5b:6d:47:d3:a9:c7:e1:76:37:02:6f:af:4d:ca:
31:6b:3f:4c:a8:81:4e:8c:d1:5c:58:ce:74:64:31:
8d:a7:43:51:4e:18:76:f9:19:d2:47:8a:97:e7:77:
c4:a6:7d:33:a0:aa:ae:3d:8f:46:3c:72:e1:11:18:
01:1e:bc:59:55:c5:5f:ff:d0:af:ac:ad:fa:e0:13:
56:b1:b4:8b:ee:d4:f8:a3:ac:b3:f0:42:25:84:ec:
38:b6:e3:f9:0e:ab:37:8f:bf:be:48:77:1e:66:ae:
e4:0e:b1:bc:75:d7:68:82:b9:3c:82:57:8e:a4:56:
e9:a2:39:8c:f3:70:28:1f:3b:3f:ab:ce:8b:51:d0:
f4:7a:46:4c:59:49:a0:2b:d1:31:67:13:a8:ff:9a:
b0:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:B1:68:F2:D3:76:97:CC:A5:97:84:36:17:80:7D:7C:34:59:A4:67
X509v3 Authority Key Identifier:
keyid:31:A1:85:D0:EB:0C:A7:81:1C:58:64:25:DE:0E:96:0E:1C:FE:B6:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MaGF0OsMp4EcWGQl3g6WDhz-ths.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/IbFo8tN2l8yll4Q2F4B9fDRZpGc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/081c6e-1d65-4ccd-96f5-1dcc86c11e74/1/MaGF0OsMp4EcWGQl3g6WDhz-ths.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.153.112.0/24
85.153.115.0-85.153.116.255
Signature Algorithm: sha256WithRSAEncryption
4c:a6:4d:f7:7f:e9:cd:d1:cb:6f:6e:42:8d:4a:ad:a2:c1:f7:
21:b2:39:b3:87:61:bc:90:c8:25:bd:e0:c9:35:62:cf:5d:99:
53:13:92:a3:a6:b1:f0:77:0a:6a:73:d4:f5:ff:3b:a9:6f:30:
f4:c7:dc:25:f2:ea:dd:82:8a:6a:87:71:19:c4:70:5e:90:98:
ff:34:44:d0:cf:50:ca:d9:23:57:4e:af:0c:e4:e3:6c:fb:09:
a3:e1:7e:9f:fb:53:72:bf:61:7d:68:35:4c:64:19:b8:2c:3f:
9a:e8:6b:e3:b9:f1:4e:3d:fd:35:24:1e:07:ac:29:99:5a:59:
f8:c5:33:c5:e1:a6:d9:13:3e:05:29:3a:1c:dc:c1:5b:eb:c5:
e0:66:b5:36:dd:68:b6:c1:91:7a:15:ba:9b:d1:9b:59:30:34:
38:33:b8:07:7e:d0:33:d3:23:a8:50:e3:99:bd:a2:97:5b:d4:
eb:7c:dd:39:9e:27:1c:c6:61:ee:98:0f:23:72:fb:00:c6:21:
45:d7:4d:46:63:59:b3:f8:a7:24:dd:18:3d:7f:ab:6f:30:44:
2f:4f:43:b0:6a:24:bc:68:28:0b:75:1c:c6:41:75:76:4c:85:
a1:58:af:59:8f:ee:34:6c:81:4f:01:ff:e6:85:50:d7:07:cd:
4f:bf:83:6d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZTrzcziUIlF+z7GhiGqpSJtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYTE4NWQwZWIwY2E3ODExYzU4NjQyNWRlMGU5NjBlMWNm
ZWI2MWIwHhcNMjUwMjA5MTc0MjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWIxNjhmMmQzNzY5N2NjYTU5Nzg0MzYxNzgwN2Q3YzM0NTlhNDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqy9zrUdkLTT93q4vXmbIE/KlhS79
clrOlI9S5N4JwMdOR8Y28N9/86neqT90/6aZTUjjdFcYSLDNqe59WUVMCyk7O9vC
ghCWtyL6bDNPHJqpZbeMkVXLuEl3lufNFNGQ79eODaePdqQ/W21H06nH4XY3Am+v
Tcoxaz9MqIFOjNFcWM50ZDGNp0NRThh2+RnSR4qX53fEpn0zoKquPY9GPHLhERgB
HrxZVcVf/9CvrK364BNWsbSL7tT4o6yz8EIlhOw4tuP5Dqs3j7++SHceZq7kDrG8
dddogrk8gleOpFbpojmM83AoHzs/q86LUdD0ekZMWUmgK9ExZxOo/5qwyQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCGxaPLTdpfMpZeENheAfXw0WaRnMB8GA1UdIwQY
MBaAFDGhhdDrDKeBHFhkJd4Olg4c/rYbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUt
MWRjYzg2YzExZTc0LzEvSWJGbzh0TjJsOHlsbDRRMkY0QjlmRFJacEdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8wODFjNmUtMWQ2NS00Y2NkLTk2ZjUtMWRjYzg2YzExZTc0
LzEvTWFHRjBPc01wNEVjV0dRbDNnNldEaHotdGhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAVZlwMAwD
BABVmXMDBABVmXQwDQYJKoZIhvcNAQELBQADggEBAEymTfd/6c3Ry29uQo1KraLB
9yGyObOHYbyQyCW94Mk1Ys9dmVMTkqOmsfB3Cmpz1PX/O6lvMPTH3CXy6t2CimqH
cRnEcF6QmP80RNDPUMrZI1dOrwzk42z7CaPhfp/7U3K/YX1oNUxkGbgsP5roa+O5
8U49/TUkHgesKZlaWfjFM8XhptkTPgUpOhzcwVvrxeBmtTbdaLbBkXoVupvRm1kw
NDgzuAd+0DPTI6hQ45m9opdb1Ot83TmeJxzGYe6YDyNy+wDGIUXXTUZjWbP4pyTd
GD1/q28wRC9PQ7BqJLxoKAt1HMZBdXZMhaFYr1mP7jRsgU8B/+aFUNcHzU+/g20=
-----END CERTIFICATE-----
Generated at Sun Apr 20 15:34:49 2025 by rpki-client