Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/NQv7xG2HegsRAk0B3c4ktJo8JxQ.roa
File: NQv7xG2HegsRAk0B3c4ktJo8JxQ.roa (raw, json)
Hash identifier: WDmosHq+aj8SIOcSac5TwyKVIhb26O55aRX+Q1tovh0=
Subject key identifier: 35:0B:FB:C4:6D:87:7A:0B:11:02:4D:01:DD:CE:24:B4:9A:3C:27:14
Certificate issuer: /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial: 019421B1707E66BA3E7B7E245311C5DF3830
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/NQv7xG2HegsRAk0B3c4ktJo8JxQ.roa
Signing time: Wed 01 Jan 2025 11:47:44 +0000
ROA not before: Wed 01 Jan 2025 11:47:44 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 203926
IP address blocks: 159.151.128.0/18 maxlen: 18
192.109.143.0/24 maxlen: 24
2a07:8144::/36 maxlen: 36
Validation: Failed, certificate revoked on Tue 18 Feb 2025 15:15:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:b1:70:7e:66:ba:3e:7b:7e:24:53:11:c5:df:38:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Validity
Not Before: Jan 1 11:47:44 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=350bfbc46d877a0b11024d01ddce24b49a3c2714
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:83:bd:d6:16:f3:a9:de:59:3e:33:c1:68:c6:
70:b7:01:a8:68:e5:1c:94:3e:3a:c6:86:d5:d9:81:
24:04:e9:66:9a:ed:68:be:c3:1b:aa:3c:00:7e:d8:
fe:9b:ad:59:3a:e5:6b:bd:87:66:ec:6b:0a:a1:78:
97:97:b2:f8:e6:4d:d5:76:22:c8:c2:bd:e0:85:93:
dc:12:d0:56:da:46:c4:f4:ee:38:ac:8d:3b:14:f3:
88:e8:36:50:00:63:8f:65:7c:32:e7:a5:c0:5c:71:
d3:ec:53:40:80:5e:3f:e5:ef:be:23:69:e2:a4:e0:
ff:87:ac:22:5c:56:8e:e6:18:8e:4f:88:a0:4a:23:
4b:50:95:bf:04:91:cc:63:43:e9:5d:06:a9:30:1c:
e5:bd:f6:f1:77:ab:d3:66:d0:85:85:26:1e:16:84:
b8:b3:a0:ab:4a:a1:b0:e1:ad:cd:03:4e:04:e2:4d:
18:0b:4b:4a:1d:5b:a3:24:86:30:1c:a1:70:10:4e:
64:bb:f3:9d:84:08:f6:47:9b:ae:19:c1:e2:3f:b9:
ad:2d:d6:f2:54:02:e2:82:20:bf:7a:d5:b9:90:48:
c0:94:16:14:9a:a4:71:12:21:59:19:1e:94:d6:a9:
bf:a8:00:e0:af:86:f7:38:d9:16:78:5b:53:f3:69:
6d:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:0B:FB:C4:6D:87:7A:0B:11:02:4D:01:DD:CE:24:B4:9A:3C:27:14
X509v3 Authority Key Identifier:
keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/NQv7xG2HegsRAk0B3c4ktJo8JxQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.151.128.0/18
192.109.143.0/24
IPv6:
2a07:8144::/36
Signature Algorithm: sha256WithRSAEncryption
17:1d:d5:5a:98:c0:41:07:4d:c0:9a:c3:eb:c3:3e:f8:ca:5a:
a2:2d:09:f9:7c:e9:0e:9d:28:e6:65:c1:52:85:50:ad:b8:58:
ac:de:79:26:89:ce:4e:61:99:5c:e4:16:b3:5f:12:16:81:e8:
e6:03:f4:d3:b7:a1:31:0d:e4:71:df:ab:cf:a1:34:a3:87:54:
e4:69:fc:6c:f9:04:d4:b4:d3:51:74:23:4e:c1:0e:24:8e:fd:
f7:d3:41:76:55:fa:f5:17:ee:c0:4e:50:69:7d:c4:51:d8:74:
12:3b:08:1d:fa:c5:f4:13:e5:89:15:18:28:a2:21:a4:0b:75:
5e:f9:fe:b1:b3:d1:f1:ee:b5:23:26:a3:ef:ce:83:a4:cb:c7:
ca:85:ab:cd:04:38:0e:78:29:58:3d:d1:6b:1b:47:4b:78:cb:
9e:09:1e:56:ce:d9:aa:6a:0d:b6:ce:c5:00:a9:96:84:7f:c1:
ca:e1:45:4d:a1:fc:53:04:e8:fa:86:6f:11:91:c6:95:eb:9e:
01:6a:13:a7:ef:92:c0:ca:08:f5:20:25:8b:e7:bb:f8:da:e1:
1c:02:f5:db:c2:41:c6:96:3b:0c:ea:ff:e0:cc:41:ca:86:ff:
0e:7e:56:14:cb:e2:a3:35:05:a3:81:56:97:67:f8:94:27:de:
f7:bf:f2:32
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQhsXB+Zro+e34kUxHF3zgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwMTAxMTE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTBiZmJjNDZkODc3YTBiMTEwMjRkMDFkZGNlMjRiNDlhM2MyNzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAooO91hbzqd5ZPjPBaMZwtwGoaOUc
lD46xobV2YEkBOlmmu1ovsMbqjwAftj+m61ZOuVrvYdm7GsKoXiXl7L45k3VdiLI
wr3ghZPcEtBW2kbE9O44rI07FPOI6DZQAGOPZXwy56XAXHHT7FNAgF4/5e++I2ni
pOD/h6wiXFaO5hiOT4igSiNLUJW/BJHMY0PpXQapMBzlvfbxd6vTZtCFhSYeFoS4
s6CrSqGw4a3NA04E4k0YC0tKHVujJIYwHKFwEE5ku/OdhAj2R5uuGcHiP7mtLdby
VALigiC/etW5kEjAlBYUmqRxEiFZGR6U1qm/qADgr4b3ONkWeFtT82ltBQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFDUL+8Rth3oLEQJNAd3OJLSaPCcUMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvTlF2N3hHMkhlZ3NSQWswQjNjNGt0Sm84SnhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDASBAIAATAMAwQGn5eAAwQA
wG2PMA4EAgACMAgDBgQqB4FEADANBgkqhkiG9w0BAQsFAAOCAQEAFx3VWpjAQQdN
wJrD68M++Mpaoi0J+XzpDp0o5mXBUoVQrbhYrN55JonOTmGZXOQWs18SFoHo5gP0
07ehMQ3kcd+rz6E0o4dU5Gn8bPkE1LTTUXQjTsEOJI7999NBdlX69RfuwE5QaX3E
Udh0EjsIHfrF9BPliRUYKKIhpAt1Xvn+sbPR8e61Iyaj786DpMvHyoWrzQQ4Dngp
WD3RaxtHS3jLngkeVs7ZqmoNts7FAKmWhH/ByuFFTaH8UwTo+oZvEZHGleueAWoT
p++SwMoI9SAli+e7+NrhHAL128JBxpY7DOr/4MxByob/Dn5WFMviozUFo4FWl2f4
lCfe97/yMg==
-----END CERTIFICATE-----
Generated at Tue Apr 22 12:01:26 2025 by rpki-client