Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/VVmqUxj6PV9ATNtAg7AhnGNdm4w.roa
File: VVmqUxj6PV9ATNtAg7AhnGNdm4w.roa (raw, json)
Hash identifier: APYaoOslHu1pxncu/Puo0OXgupXRPJ1hDO27feH9+co=
Subject key identifier: 55:59:AA:53:18:FA:3D:5F:40:4C:DB:40:83:B0:21:9C:63:5D:9B:8C
Certificate issuer: /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial: 0194D6A1F8768E6354EEA6197F0A1EADAF49
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/VVmqUxj6PV9ATNtAg7AhnGNdm4w.roa
Signing time: Wed 05 Feb 2025 15:02:06 +0000
ROA not before: Wed 05 Feb 2025 15:02:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49690
IP address blocks: 159.151.0.0/18 maxlen: 18
159.151.192.0/19 maxlen: 19
159.151.224.0/20 maxlen: 20
159.151.240.0/21 maxlen: 21
159.151.248.0/23 maxlen: 23
159.151.252.0/24 maxlen: 24
159.151.253.0/24 maxlen: 24
159.151.254.0/24 maxlen: 24
192.109.140.0/24 maxlen: 24
192.109.141.0/24 maxlen: 24
2a07:8140::/36 maxlen: 36
Validation: Failed, certificate revoked on Tue 18 Feb 2025 15:04:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:d6:a1:f8:76:8e:63:54:ee:a6:19:7f:0a:1e:ad:af:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Validity
Not Before: Feb 5 15:02:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5559aa5318fa3d5f404cdb4083b0219c635d9b8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:bd:05:a3:c2:e6:02:e7:40:b9:90:c8:c6:f6:
03:7f:9f:e7:59:84:8d:d6:96:79:c9:4c:63:a1:e4:
63:49:37:a4:d7:06:b4:45:92:b2:26:4f:57:1e:28:
7b:8c:33:d3:46:a4:03:bd:3c:90:be:e4:bf:91:8f:
f0:c5:ed:64:5b:6a:00:d2:cd:43:fb:e4:b1:d8:f7:
b4:a7:a1:36:7e:c3:4b:f5:a1:9f:da:ff:66:3d:d3:
da:e8:77:fb:b8:6e:f9:14:89:ef:a5:87:ef:90:26:
58:6b:b2:4e:19:af:16:8b:17:c4:f8:30:59:85:08:
6f:50:c5:d5:b1:69:a6:15:57:46:ab:71:34:5f:dc:
4b:67:52:11:40:9d:85:70:68:88:8c:81:a8:59:f3:
f5:2d:36:06:cb:07:70:99:72:09:96:b6:87:20:01:
5c:3c:fe:6e:fd:c0:1e:84:f6:5c:cf:86:10:af:7b:
c6:53:66:c4:71:20:bb:d0:dc:e1:8d:21:19:ed:63:
05:ae:e2:c6:b4:97:ab:30:c2:63:92:c5:f8:b3:cb:
27:b8:5a:f9:d7:7d:56:3f:d7:b0:a9:a4:99:61:2b:
cf:a2:14:32:97:3b:12:0d:ae:f8:a1:ed:ce:34:d6:
a2:e8:b6:79:db:8f:7f:cf:cd:75:d1:eb:b7:18:a1:
b0:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:59:AA:53:18:FA:3D:5F:40:4C:DB:40:83:B0:21:9C:63:5D:9B:8C
X509v3 Authority Key Identifier:
keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/VVmqUxj6PV9ATNtAg7AhnGNdm4w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.151.0.0/18
159.151.192.0-159.151.249.255
159.151.252.0-159.151.254.255
192.109.140.0/23
IPv6:
2a07:8140::/36
Signature Algorithm: sha256WithRSAEncryption
3a:03:5a:80:b8:0b:44:d7:18:54:24:dc:34:f6:95:9a:93:fa:
87:88:94:7d:c3:4d:af:33:fd:7f:65:ac:db:2b:97:c8:82:c7:
d5:f5:ee:d7:8b:72:7c:2e:e9:07:af:a8:a8:9f:3d:77:07:9d:
62:d8:17:90:a3:24:5c:fc:27:14:89:96:29:db:7e:fc:95:29:
b7:af:7a:0a:d8:d2:a3:45:43:fb:29:47:79:e5:c7:52:f3:59:
ea:7f:9a:8d:7f:cd:e5:5f:61:4b:8a:ab:74:18:49:1f:4f:d4:
2f:ae:f7:15:8a:71:da:53:4b:36:c1:10:2d:0f:5e:15:4b:23:
ff:35:c7:60:e6:67:e6:71:ab:09:6b:3d:e8:7b:b4:b0:89:fe:
c8:f8:e0:10:70:f2:fe:1c:5c:ac:45:f2:e6:b2:5c:05:c8:99:
b9:59:02:c1:ed:2e:c4:79:b7:32:ad:55:d5:38:16:a4:cc:61:
53:22:e9:6e:da:19:d4:8f:c3:91:67:b9:4a:bd:7b:04:34:dc:
bc:b5:c7:1b:cc:ec:55:7d:04:cd:29:9f:13:32:12:ba:d8:5a:
25:ed:a5:61:31:c9:a6:af:c9:9e:4f:e9:56:ee:2f:d8:76:d4:
36:0b:62:13:87:2e:a0:46:b9:48:7e:f6:c2:44:39:ea:cf:8f:
03:9d:57:6d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZTWofh2jmNU7qYZfwoera9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwMjA1MTUwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTU5YWE1MzE4ZmEzZDVmNDA0Y2RiNDA4M2IwMjE5YzYzNWQ5YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwb0Fo8LmAudAuZDIxvYDf5/nWYSN
1pZ5yUxjoeRjSTek1wa0RZKyJk9XHih7jDPTRqQDvTyQvuS/kY/wxe1kW2oA0s1D
++Sx2Pe0p6E2fsNL9aGf2v9mPdPa6Hf7uG75FInvpYfvkCZYa7JOGa8WixfE+DBZ
hQhvUMXVsWmmFVdGq3E0X9xLZ1IRQJ2FcGiIjIGoWfP1LTYGywdwmXIJlraHIAFc
PP5u/cAehPZcz4YQr3vGU2bEcSC70NzhjSEZ7WMFruLGtJerMMJjksX4s8snuFr5
131WP9ewqaSZYSvPohQylzsSDa74oe3ONNai6LZ5249/z8110eu3GKGwbwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFFVZqlMY+j1fQEzbQIOwIZxjXZuMMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvVlZtcVV4ajZQVjlBVE50QWc3QWhuR05kbTR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAuBAIAATAoAwQGn5cAMAwD
BAafl8ADBAGfl/gwDAMEAp+X/AMEAJ+X/gMEAcBtjDAOBAIAAjAIAwYEKgeBQAAw
DQYJKoZIhvcNAQELBQADggEBADoDWoC4C0TXGFQk3DT2lZqT+oeIlH3DTa8z/X9l
rNsrl8iCx9X17teLcnwu6QevqKifPXcHnWLYF5CjJFz8JxSJlinbfvyVKbevegrY
0qNFQ/spR3nlx1LzWep/mo1/zeVfYUuKq3QYSR9P1C+u9xWKcdpTSzbBEC0PXhVL
I/81x2DmZ+ZxqwlrPeh7tLCJ/sj44BBw8v4cXKxF8uayXAXImblZAsHtLsR5tzKt
VdU4FqTMYVMi6W7aGdSPw5FnuUq9ewQ03Ly1xxvM7FV9BM0pnxMyErrYWiXtpWEx
yaavyZ5P6VbuL9h21DYLYhOHLqBGuUh+9sJEOerPjwOdV20=
-----END CERTIFICATE-----
Generated at Mon Apr 21 05:41:10 2025 by rpki-client