Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/mc5JZ-DpOXUsJHV8vZI_IYal2O0.roa
File: mc5JZ-DpOXUsJHV8vZI_IYal2O0.roa (raw, json)
Hash identifier: 3YbuI/DSiTlU2P9XIDTs9naRLCiV8r78p0U23as4B64=
Subject key identifier: 99:CE:49:67:E0:E9:39:75:2C:24:75:7C:BD:92:3F:21:86:A5:D8:ED
Certificate issuer: /CN=3d8012fa14ace7a0c3bd2e82e0a29d9a44bfe290
Certificate serial: 018CC94CA23E8B782676D6CD9331241C3393
Authority key identifier: 3D:80:12:FA:14:AC:E7:A0:C3:BD:2E:82:E0:A2:9D:9A:44:BF:E2:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PYAS-hSs56DDvS6C4KKdmkS_4pA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/mc5JZ-DpOXUsJHV8vZI_IYal2O0.roa
Signing time: Tue 02 Jan 2024 08:31:31 +0000
ROA not before: Tue 02 Jan 2024 08:31:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206801
IP address blocks: 5.180.170.0/23 maxlen: 23
5.180.168.0/23 maxlen: 23
5.180.168.0/22 maxlen: 22
5.180.168.0/24 maxlen: 24
5.180.169.0/24 maxlen: 24
5.180.170.0/24 maxlen: 24
5.180.171.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 13:48:25 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4c:a2:3e:8b:78:26:76:d6:cd:93:31:24:1c:33:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3d8012fa14ace7a0c3bd2e82e0a29d9a44bfe290
Validity
Not Before: Jan 2 08:31:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=99ce4967e0e939752c24757cbd923f2186a5d8ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:bd:5d:97:77:54:a0:dd:78:8e:25:58:9d:cb:
f1:ed:6a:4a:a4:d2:ac:72:69:4b:4e:8f:35:86:7e:
5a:e8:d9:12:47:bc:ca:3f:c8:61:16:0f:21:79:a6:
f3:5c:29:27:8f:91:5b:a8:a0:0c:b6:f8:b7:61:90:
db:65:f4:02:0d:2f:ff:79:78:6a:e1:7b:60:40:13:
bd:64:78:c5:e9:db:1e:05:d1:b7:17:65:0f:61:54:
f2:6c:73:64:4f:da:0d:a0:4d:f6:1f:8e:a5:a7:16:
15:f8:56:ab:02:16:2d:78:73:f9:19:6a:b6:13:f2:
4d:ed:19:f5:a6:ef:3c:c9:3d:b1:c8:72:21:ff:c5:
42:e5:22:b4:13:6b:bf:5f:5f:5e:84:c7:8e:ba:99:
89:8b:96:91:3b:a4:bc:ab:2d:91:d4:a7:0f:57:72:
64:48:2e:5d:de:2e:a3:d7:dc:39:54:44:17:e4:d5:
ad:e0:3c:c2:bc:1f:e8:eb:86:34:89:79:fb:30:0a:
93:4d:6b:5f:b0:bd:b7:d0:5a:e3:09:57:3c:77:44:
48:b5:87:8a:7b:ba:98:88:c3:65:95:9e:6b:91:d1:
22:be:cf:ab:8f:00:1d:d7:29:c4:8a:b9:6a:09:a0:
54:fd:e2:97:cb:dc:6c:72:8c:e1:a3:d5:52:98:a5:
c6:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:CE:49:67:E0:E9:39:75:2C:24:75:7C:BD:92:3F:21:86:A5:D8:ED
X509v3 Authority Key Identifier:
keyid:3D:80:12:FA:14:AC:E7:A0:C3:BD:2E:82:E0:A2:9D:9A:44:BF:E2:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PYAS-hSs56DDvS6C4KKdmkS_4pA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/mc5JZ-DpOXUsJHV8vZI_IYal2O0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/ef5ed1-bdee-4639-9248-77f84c562a5f/1/PYAS-hSs56DDvS6C4KKdmkS_4pA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.168.0/22
Signature Algorithm: sha256WithRSAEncryption
7b:93:86:f5:6a:7d:0e:6c:c2:54:e8:4d:a7:f3:a1:22:e2:ee:
b7:b8:6f:bf:36:0e:ae:0e:9c:25:00:ed:8e:fd:49:0a:de:c4:
38:20:45:83:42:06:4a:ec:41:38:1b:c3:01:58:95:40:4e:fd:
e4:50:d9:49:fe:4b:44:9b:0f:e2:54:98:b7:9d:ce:e3:db:95:
5e:43:d3:42:5f:93:67:38:e7:26:d6:78:df:a1:1f:63:e2:77:
e0:5b:31:7f:c4:13:df:6c:82:61:20:02:4b:98:3b:26:74:25:
d3:09:ce:b8:1a:b2:df:1d:19:c9:8b:44:81:78:9e:1c:cc:b3:
e5:1e:4d:65:5e:fe:f2:84:7f:f4:0e:17:75:6d:97:ee:b5:ea:
33:cd:14:39:13:e4:ef:bc:52:98:2d:3a:94:bb:9f:3c:9c:36:
c6:fa:97:d9:97:8d:bf:72:80:5a:b5:23:d1:bc:71:0a:a0:4a:
62:67:67:d3:b7:1a:f0:9b:02:34:82:e6:4c:66:93:d4:6d:b0:
61:cc:19:e9:73:76:12:a6:4a:4e:c8:00:3a:9a:4f:b1:2c:49:
f3:bd:cd:67:e9:e9:7d:78:36:97:ac:55:7e:5c:5c:09:d8:85:
87:e7:fc:ed:7f:49:cd:2f:aa:8d:ed:6e:b7:0f:62:99:ed:f3:
7c:32:f7:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTKI+i3gmdtbNkzEkHDOTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkODAxMmZhMTRhY2U3YTBjM2JkMmU4MmUwYTI5ZDlhNDRi
ZmUyOTAwHhcNMjQwMTAyMDgzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWNlNDk2N2UwZTkzOTc1MmMyNDc1N2NiZDkyM2YyMTg2YTVkOGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwb1dl3dUoN14jiVYncvx7WpKpNKs
cmlLTo81hn5a6NkSR7zKP8hhFg8heabzXCknj5FbqKAMtvi3YZDbZfQCDS//eXhq
4XtgQBO9ZHjF6dseBdG3F2UPYVTybHNkT9oNoE32H46lpxYV+FarAhYteHP5GWq2
E/JN7Rn1pu88yT2xyHIh/8VC5SK0E2u/X19ehMeOupmJi5aRO6S8qy2R1KcPV3Jk
SC5d3i6j19w5VEQX5NWt4DzCvB/o64Y0iXn7MAqTTWtfsL230FrjCVc8d0RItYeK
e7qYiMNllZ5rkdEivs+rjwAd1ynEirlqCaBU/eKXy9xscozho9VSmKXGiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJnOSWfg6Tl1LCR1fL2SPyGGpdjtMB8GA1UdIwQY
MBaAFD2AEvoUrOegw70uguCinZpEv+KQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFlBUy1oU3M1NkREdlM2QzRLS2Rta1NfNHBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9lZjVlZDEtYmRlZS00NjM5LTkyNDgt
NzdmODRjNTYyYTVmLzEvbWM1SlotRHBPWFVzSkhWOHZaSV9JWWFsMk8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9lZjVlZDEtYmRlZS00NjM5LTkyNDgtNzdmODRjNTYyYTVm
LzEvUFlBUy1oU3M1NkREdlM2QzRLS2Rta1NfNHBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbSoMA0G
CSqGSIb3DQEBCwUAA4IBAQB7k4b1an0ObMJU6E2n86Ei4u63uG+/Ng6uDpwlAO2O
/UkK3sQ4IEWDQgZK7EE4G8MBWJVATv3kUNlJ/ktEmw/iVJi3nc7j25VeQ9NCX5Nn
OOcm1njfoR9j4nfgWzF/xBPfbIJhIAJLmDsmdCXTCc64GrLfHRnJi0SBeJ4czLPl
Hk1lXv7yhH/0Dhd1bZfuteozzRQ5E+TvvFKYLTqUu588nDbG+pfZl42/coBatSPR
vHEKoEpiZ2fTtxrwmwI0guZMZpPUbbBhzBnpc3YSpkpOyAA6mk+xLEnzvc1n6el9
eDaXrFV+XFwJ2IWH5/ztf0nNL6qN7W63D2KZ7fN8Mvfi
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:56:50 2025 by rpki-client