Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/45YKdcok9nAW6lNTcO7AvKd_xdg.roa
File: 45YKdcok9nAW6lNTcO7AvKd_xdg.roa (raw, json)
Hash identifier: vG6MYrx84UI/gw35q1gQPwtZYVrhGgT0yrXdQrEuAqc=
Subject key identifier: E3:96:0A:75:CA:24:F6:70:16:EA:53:53:70:EE:C0:BC:A7:7F:C5:D8
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 019421441E298EB5849CB0142B0A93EC324D
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/45YKdcok9nAW6lNTcO7AvKd_xdg.roa
Signing time: Wed 01 Jan 2025 09:48:19 +0000
ROA not before: Wed 01 Jan 2025 09:48:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214083
IP address blocks: 80.240.86.0/24 maxlen: 24
82.153.207.0/24 maxlen: 24
212.38.89.0/24 maxlen: 24
213.218.209.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 27 Jan 2025 09:20:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:1e:29:8e:b5:84:9c:b0:14:2b:0a:93:ec:32:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jan 1 09:48:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e3960a75ca24f67016ea535370eec0bca77fc5d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:f5:e6:58:a9:6c:74:04:f6:e8:ac:d1:49:d3:
07:d0:f0:75:f2:1b:c6:b6:9c:3b:fa:35:c4:cd:d1:
3a:dc:ac:cd:8a:77:9d:40:63:ef:5b:eb:66:54:28:
56:53:77:f2:11:5b:91:17:34:d1:9d:ca:f8:4a:bf:
e3:d2:33:e1:83:25:d3:f1:0f:14:b3:eb:6d:94:52:
3c:10:a0:ef:c3:08:3c:b6:fc:1a:22:76:d4:0b:9f:
8a:fd:99:6b:6b:0b:aa:42:f1:6a:2f:a3:4e:8b:9e:
f0:fb:0f:dd:33:af:0b:29:fc:09:68:89:0e:67:14:
af:77:b8:e3:a6:3b:f9:ab:a4:6a:a8:57:04:2a:86:
02:91:b5:8b:36:5c:fb:3d:97:c0:96:fd:c3:61:a5:
14:ef:97:a6:37:22:20:0b:9c:dc:71:74:3c:fe:ab:
c5:4a:22:4e:cb:ae:b4:96:5d:6e:10:36:67:8c:ef:
ee:d3:82:1d:99:c8:06:64:a4:78:23:37:ec:4e:20:
52:14:45:23:9b:99:6d:a1:26:53:e5:63:6c:18:28:
dd:1b:fb:b0:88:f5:99:65:aa:88:44:36:5c:3b:5f:
ac:9c:c9:1e:2d:5c:0a:19:0b:b8:de:2d:63:9d:23:
7c:10:19:52:7e:9c:16:b5:4d:ce:0c:1d:b2:c2:21:
c7:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:96:0A:75:CA:24:F6:70:16:EA:53:53:70:EE:C0:BC:A7:7F:C5:D8
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/45YKdcok9nAW6lNTcO7AvKd_xdg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.86.0/24
82.153.207.0/24
212.38.89.0/24
213.218.209.0/24
Signature Algorithm: sha256WithRSAEncryption
35:df:f4:03:c9:57:33:1c:4a:41:83:b4:59:f5:e2:8f:9f:ff:
a9:33:a3:16:c3:05:13:89:bf:f4:c2:49:d4:8a:e3:a6:59:f0:
d0:c4:51:4f:a2:10:a9:42:14:00:64:1f:b0:02:11:62:79:18:
7f:8d:a2:04:a1:5f:33:30:2e:b3:88:68:a1:93:12:8e:73:db:
4e:b3:fa:39:58:5f:71:6c:d0:ab:6a:6b:8a:d5:b7:cb:99:1b:
af:a0:db:fc:ab:cb:bd:ee:0a:fc:bc:10:45:e2:82:69:c5:df:
f1:4a:fe:05:0a:c4:51:ab:92:ad:e6:25:4d:6d:7b:55:29:2e:
8a:f5:a5:2b:e1:f0:ec:58:f7:b0:08:93:51:8c:13:dd:76:95:
0e:4d:fb:17:10:04:b7:38:e7:3a:40:e5:00:38:78:75:8d:44:
e5:f0:90:92:08:8f:bb:48:75:ef:dd:33:5f:75:f2:37:0a:b7:
2f:9b:c7:76:f1:ee:66:60:1b:01:ac:46:f9:91:b5:32:79:65:
51:ef:f5:f8:80:6c:9a:0a:da:db:4d:3a:79:cd:8a:d8:87:a4:
3d:cc:17:c6:f4:70:c2:af:51:27:a7:e2:13:59:c0:c5:88:08:
c2:0b:f7:69:3a:b4:6c:50:36:d9:a8:cf:77:cc:cb:78:d9:24:
cf:0f:f5:88
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQhRB4pjrWEnLAUKwqT7DJNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwMTAxMDk0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzk2MGE3NWNhMjRmNjcwMTZlYTUzNTM3MGVlYzBiY2E3N2ZjNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fXmWKlsdAT26KzRSdMH0PB18hvG
tpw7+jXEzdE63KzNinedQGPvW+tmVChWU3fyEVuRFzTRncr4Sr/j0jPhgyXT8Q8U
s+ttlFI8EKDvwwg8tvwaInbUC5+K/ZlrawuqQvFqL6NOi57w+w/dM68LKfwJaIkO
ZxSvd7jjpjv5q6RqqFcEKoYCkbWLNlz7PZfAlv3DYaUU75emNyIgC5zccXQ8/qvF
SiJOy660ll1uEDZnjO/u04IdmcgGZKR4IzfsTiBSFEUjm5ltoSZT5WNsGCjdG/uw
iPWZZaqIRDZcO1+snMkeLVwKGQu43i1jnSN8EBlSfpwWtU3ODB2ywiHHCQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFOOWCnXKJPZwFupTU3DuwLynf8XYMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNDVZS2Rjb2s5bkFXNmxOVGNPN0F2S2RfeGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUPBWAwQA
UpnPAwQA1CZZAwQA1drRMA0GCSqGSIb3DQEBCwUAA4IBAQA13/QDyVczHEpBg7RZ
9eKPn/+pM6MWwwUTib/0wknUiuOmWfDQxFFPohCpQhQAZB+wAhFieRh/jaIEoV8z
MC6ziGihkxKOc9tOs/o5WF9xbNCramuK1bfLmRuvoNv8q8u97gr8vBBF4oJpxd/x
Sv4FCsRRq5Kt5iVNbXtVKS6K9aUr4fDsWPewCJNRjBPddpUOTfsXEAS3OOc6QOUA
OHh1jUTl8JCSCI+7SHXv3TNfdfI3Crcvm8d28e5mYBsBrEb5kbUyeWVR7/X4gGya
CtrbTTp5zYrYh6Q9zBfG9HDCr1Enp+ITWcDFiAjCC/dpOrRsUDbZqM93zMt42STP
D/WI
-----END CERTIFICATE-----
Generated at Wed Feb 5 07:48:14 2025 by rpki-client