Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BHcmGi-qS1SHqkBYsvZPymkuQ-c.roa
File: BHcmGi-qS1SHqkBYsvZPymkuQ-c.roa (raw, json)
Hash identifier: CHeucBWoI3Z07V/2o8RxQoWoT/PGdesQZZ2P6luXSZY=
Subject key identifier: 04:77:26:1A:2F:AA:4B:54:87:AA:40:58:B2:F6:4F:CA:69:2E:43:E7
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01941C1CD591F126396F1A7AC5A764A80DCB
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BHcmGi-qS1SHqkBYsvZPymkuQ-c.roa
Signing time: Tue 31 Dec 2024 09:47:19 +0000
ROA not before: Tue 31 Dec 2024 09:47:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49608
IP address blocks: 213.218.208.0/24 maxlen: 24
213.218.215.0/24 maxlen: 24
213.218.232.0/24 maxlen: 24
213.218.235.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 09:47:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:1c:1c:d5:91:f1:26:39:6f:1a:7a:c5:a7:64:a8:0d:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 31 09:47:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0477261a2faa4b5487aa4058b2f64fca692e43e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:0b:76:55:8b:df:29:6c:2d:40:8e:f4:c4:6e:
d1:e7:6c:bc:df:0d:d3:b2:92:76:fa:99:be:4c:9b:
24:40:a6:43:3f:f9:01:99:d3:f1:11:cf:97:8f:90:
b4:56:ce:21:97:1a:2f:1e:49:c1:5c:a3:8f:0f:c1:
95:e4:24:d4:54:37:b0:be:27:f8:97:45:5f:3d:db:
26:5e:47:1e:5e:cd:85:6c:eb:a2:80:c7:92:bc:50:
de:ef:d9:c7:c8:9b:c8:ce:52:a5:1c:98:6c:65:c8:
ec:df:4c:a1:15:f7:dc:b2:d7:8b:26:31:6c:bb:b4:
12:ac:21:23:56:95:ea:7e:e6:d8:f7:9e:f3:9e:14:
47:d2:38:a0:cc:de:f4:9e:e0:8a:07:05:08:05:aa:
f3:b4:29:e6:bd:cb:88:3c:fc:6b:cf:e0:da:75:ae:
47:d1:a1:cb:6c:b3:43:73:87:41:a7:d0:4a:b3:cd:
22:f9:3c:90:28:15:56:22:68:f5:2c:1d:7b:8e:ae:
f2:5f:61:35:b2:a5:10:c1:01:ab:a1:a9:8f:c8:43:
0d:19:42:48:d4:73:ea:ca:80:4b:54:80:8e:9f:fc:
c5:ed:64:d6:95:dd:5c:87:47:68:4e:35:68:ec:b4:
80:bd:18:0f:04:a6:04:ac:2d:07:d3:37:3d:9d:15:
ec:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:77:26:1A:2F:AA:4B:54:87:AA:40:58:B2:F6:4F:CA:69:2E:43:E7
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/BHcmGi-qS1SHqkBYsvZPymkuQ-c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.218.208.0/24
213.218.215.0/24
213.218.232.0/24
213.218.235.0/24
Signature Algorithm: sha256WithRSAEncryption
10:dd:eb:c2:04:24:4c:d4:fe:67:2a:36:9a:4c:d8:c2:60:b3:
66:71:a0:c1:04:b8:74:4e:a7:13:7f:24:87:e1:30:bc:1b:07:
00:03:63:30:b7:3e:b0:b1:4f:69:5c:30:9a:75:5e:98:84:44:
88:e8:b7:7b:0b:de:50:53:e1:c5:a5:d0:c4:b0:08:e8:03:1f:
e8:ca:e1:a2:f8:3d:f0:3e:2e:93:cd:1f:c5:e4:20:fe:25:a1:
95:51:13:23:27:3d:47:d4:1e:51:79:91:a6:da:85:c9:79:c1:
cb:8f:7d:0a:37:18:3a:a4:aa:7f:fa:5b:02:61:d4:fd:d6:1a:
e9:0f:9f:8c:c5:14:e5:f1:06:1b:1d:c0:3c:ff:c5:3b:c8:81:
b2:46:f1:df:83:00:ec:a2:78:af:16:d0:d2:6b:a6:56:db:fa:
3e:54:63:6a:0d:db:2f:b2:7a:e9:35:44:f0:37:49:a1:7e:a3:
5e:69:7e:c5:ed:27:dd:e0:a2:ec:fc:05:07:ff:ed:14:a4:73:
d3:7f:ec:aa:e6:9d:44:6c:ca:66:91:70:ef:a8:24:be:83:76:
c3:95:db:91:2e:b0:08:3f:42:fc:c6:77:36:16:fd:50:79:6a:
5b:1b:00:06:e9:1a:7a:d2:32:95:a3:91:0a:be:c4:b7:43:6e:
d9:52:3b:ed
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZQcHNWR8SY5bxp6xadkqA3LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQxMjMxMDk0NzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDc3MjYxYTJmYWE0YjU0ODdhYTQwNThiMmY2NGZjYTY5MmU0M2U3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtgt2VYvfKWwtQI70xG7R52y83w3T
spJ2+pm+TJskQKZDP/kBmdPxEc+Xj5C0Vs4hlxovHknBXKOPD8GV5CTUVDewvif4
l0VfPdsmXkceXs2FbOuigMeSvFDe79nHyJvIzlKlHJhsZcjs30yhFffcsteLJjFs
u7QSrCEjVpXqfubY957znhRH0jigzN70nuCKBwUIBarztCnmvcuIPPxrz+Dada5H
0aHLbLNDc4dBp9BKs80i+TyQKBVWImj1LB17jq7yX2E1sqUQwQGroamPyEMNGUJI
1HPqyoBLVICOn/zF7WTWld1ch0doTjVo7LSAvRgPBKYErC0H0zc9nRXsRwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAR3JhovqktUh6pAWLL2T8ppLkPnMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvQkhjbUdpLXFTMVNIcWtCWXN2WlB5bWt1US1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQA1drQAwQA
1drXAwQA1droAwQA1drrMA0GCSqGSIb3DQEBCwUAA4IBAQAQ3evCBCRM1P5nKjaa
TNjCYLNmcaDBBLh0TqcTfySH4TC8GwcAA2Mwtz6wsU9pXDCadV6YhESI6Ld7C95Q
U+HFpdDEsAjoAx/oyuGi+D3wPi6TzR/F5CD+JaGVURMjJz1H1B5ReZGm2oXJecHL
j30KNxg6pKp/+lsCYdT91hrpD5+MxRTl8QYbHcA8/8U7yIGyRvHfgwDsonivFtDS
a6ZW2/o+VGNqDdsvsnrpNUTwN0mhfqNeaX7F7Sfd4KLs/AUH/+0UpHPTf+yq5p1E
bMpmkXDvqCS+g3bDlduRLrAIP0L8xnc2Fv1QeWpbGwAG6Rp60jKVo5EKvsS3Q27Z
Ujvt
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:23:05 2025 by rpki-client