Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/TfknibkGXTdv-ZXRCrEsyWCOQrQ.roa
File: TfknibkGXTdv-ZXRCrEsyWCOQrQ.roa (raw, json)
Hash identifier: l44KSPePfIYpCtbJbI4WM1n47KCbP4f67oJVYGeA1ok=
Subject key identifier: 4D:F9:27:89:B9:06:5D:37:6F:F9:95:D1:0A:B1:2C:C9:60:8E:42:B4
Certificate issuer: /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial: 019492D91113F68721FEC9DB279A5B9C521D
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/TfknibkGXTdv-ZXRCrEsyWCOQrQ.roa
Signing time: Thu 23 Jan 2025 11:08:06 +0000
ROA not before: Thu 23 Jan 2025 11:08:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49581
IP address blocks: 2a12:bec4:1651::/48 maxlen: 48
2a12:bec4:1751::/48 maxlen: 48
2a12:bec4:1752::/48 maxlen: 48
2a12:bec4:1753::/48 maxlen: 48
2a12:bec4:1754::/48 maxlen: 48
2a12:bec4:1755::/48 maxlen: 48
2a12:bec4:1756::/48 maxlen: 48
2a12:bec4:1757::/48 maxlen: 48
2a12:bec4:1758::/48 maxlen: 48
2a12:bec4:1759::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 11 Feb 2025 17:37:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:92:d9:11:13:f6:87:21:fe:c9:db:27:9a:5b:9c:52:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Validity
Not Before: Jan 23 11:08:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4df92789b9065d376ff995d10ab12cc9608e42b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:e8:2f:02:ba:bd:11:ad:84:4d:a7:3a:31:f7:
43:31:ab:17:e2:51:43:54:cc:03:c2:53:c4:1f:77:
3d:25:76:36:bd:52:1b:33:b1:1b:cd:c2:ad:25:1d:
c3:3e:26:3a:b8:18:1f:7f:bf:28:e4:3c:ee:3b:4e:
06:47:9e:82:63:7b:f3:fe:24:df:6b:79:4e:42:7f:
1e:84:cb:c3:0f:72:12:31:8b:45:03:82:48:e2:30:
da:65:db:48:33:98:08:cf:76:2d:4f:c9:42:4a:48:
bc:91:2b:0b:c0:13:05:66:70:06:e3:d7:58:c1:77:
9e:8d:a8:46:ca:33:fe:61:b5:a6:fd:3a:df:ee:21:
d9:bd:e2:71:e5:fc:fd:02:ba:56:34:cf:4d:18:0f:
0a:08:e4:f6:39:95:17:41:a8:24:74:52:c9:2c:2c:
26:7b:5e:e0:5d:db:31:33:c8:3d:8f:5f:70:45:0b:
18:fd:2e:dc:9f:99:dd:41:64:f1:93:ea:0c:af:42:
ce:92:6a:39:b1:84:f0:a8:df:83:5d:a1:94:97:7f:
c9:61:50:00:92:c1:38:28:6f:ad:68:47:c9:a5:42:
62:61:c7:ed:02:20:d0:23:eb:5c:f8:c4:28:16:34:
38:ba:8f:51:1d:6f:f9:cd:38:d8:48:5c:7a:94:cc:
54:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:F9:27:89:B9:06:5D:37:6F:F9:95:D1:0A:B1:2C:C9:60:8E:42:B4
X509v3 Authority Key Identifier:
keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/TfknibkGXTdv-ZXRCrEsyWCOQrQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a12:bec4:1651::/48
2a12:bec4:1751::-2a12:bec4:1759:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
20:de:0d:20:a8:af:f3:c7:13:e7:29:b8:cf:a8:cf:d5:d0:56:
fb:d5:04:5f:3f:ea:b4:65:41:4b:98:98:74:41:55:bf:83:29:
74:f1:c4:a8:34:df:36:32:28:78:5f:61:2c:aa:a5:9f:da:fe:
97:50:6b:47:0c:5a:05:4b:50:89:00:3a:e9:52:87:3f:c2:67:
26:3d:13:0f:dc:22:19:27:2f:1a:8d:71:9d:1d:67:84:89:d1:
1b:2e:e8:eb:14:9a:7d:f3:7d:95:00:e9:07:23:45:86:05:55:
02:e1:a3:27:2b:0f:e9:af:66:3a:f5:33:a8:07:e6:dd:77:6b:
a0:54:65:79:a2:73:71:f8:50:92:58:8e:ed:e2:4c:54:0d:f6:
b0:bd:cb:bf:42:64:e4:80:78:50:7a:e0:8b:75:6c:ab:2f:51:
84:28:f7:50:b4:9e:0c:d6:7e:26:8b:59:f0:41:49:24:70:5c:
c0:04:b1:d4:4d:32:9b:25:47:9b:80:e9:a9:36:05:68:b8:02:
f0:71:54:87:59:7f:d4:4b:0d:e3:79:46:30:fb:88:5c:95:a9:
3d:f2:3e:0d:6c:22:c0:77:8b:9c:db:95:05:6b:bb:1a:0e:35:
d4:a9:2b:af:bd:58:92:79:83:49:7c:dc:4b:8c:8c:d6:d4:ec:
26:06:95:5e
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZSS2RET9och/snbJ5pbnFIdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjUwMTIzMTEwODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGY5Mjc4OWI5MDY1ZDM3NmZmOTk1ZDEwYWIxMmNjOTYwOGU0MmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkugvArq9Ea2ETac6MfdDMasX4lFD
VMwDwlPEH3c9JXY2vVIbM7EbzcKtJR3DPiY6uBgff78o5DzuO04GR56CY3vz/iTf
a3lOQn8ehMvDD3ISMYtFA4JI4jDaZdtIM5gIz3YtT8lCSki8kSsLwBMFZnAG49dY
wXeejahGyjP+YbWm/Trf7iHZveJx5fz9ArpWNM9NGA8KCOT2OZUXQagkdFLJLCwm
e17gXdsxM8g9j19wRQsY/S7cn5ndQWTxk+oMr0LOkmo5sYTwqN+DXaGUl3/JYVAA
ksE4KG+taEfJpUJiYcftAiDQI+tc+MQoFjQ4uo9RHW/5zTjYSFx6lMxUewIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFE35J4m5Bl03b/mV0QqxLMlgjkK0MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVGZrbmlia0dYVGR2LVpYUkNyRXN5V0NPUXJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwcAKhK+xBZR
MBIDBwAqEr7EF1EDBwEqEr7EF1gwDQYJKoZIhvcNAQELBQADggEBACDeDSCor/PH
E+cpuM+oz9XQVvvVBF8/6rRlQUuYmHRBVb+DKXTxxKg03zYyKHhfYSyqpZ/a/pdQ
a0cMWgVLUIkAOulShz/CZyY9Ew/cIhknLxqNcZ0dZ4SJ0Rsu6OsUmn3zfZUA6Qcj
RYYFVQLhoycrD+mvZjr1M6gH5t13a6BUZXmic3H4UJJYju3iTFQN9rC9y79CZOSA
eFB64It1bKsvUYQo91C0ngzWfiaLWfBBSSRwXMAEsdRNMpslR5uA6ak2BWi4AvBx
VIdZf9RLDeN5RjD7iFyVqT3yPg1sIsB3i5zblQVruxoONdSpK6+9WJJ5g0l83EuM
jNbU7CYGlV4=
-----END CERTIFICATE-----
Generated at Mon Apr 7 05:11:00 2025 by rpki-client