Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/c34c99-18c8-41a2-874b-390b85394beb/1/hfvCDPfjHCGKUsqap0fYJufoGAE.roa
File: hfvCDPfjHCGKUsqap0fYJufoGAE.roa (raw, json)
Hash identifier: XKPBMUSseytGII+Qxtd9hWo+5KjJdKRBXnP08xYo+fY=
Subject key identifier: 85:FB:C2:0C:F7:E3:1C:21:8A:52:CA:9A:A7:47:D8:26:E7:E8:18:01
Certificate issuer: /CN=4225b570f46de5c6e8b2b64ed090ad1385dab731
Certificate serial: 018CC501193AB96AA71B3415CB81EB6957B0
Authority key identifier: 42:25:B5:70:F4:6D:E5:C6:E8:B2:B6:4E:D0:90:AD:13:85:DA:B7:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QiW1cPRt5cbosrZO0JCtE4XatzE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/c34c99-18c8-41a2-874b-390b85394beb/1/hfvCDPfjHCGKUsqap0fYJufoGAE.roa
Signing time: Mon 01 Jan 2024 12:30:32 +0000
ROA not before: Mon 01 Jan 2024 12:30:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60377
IP address blocks: 45.13.4.0/22 maxlen: 22
45.13.5.0/24 maxlen: 24
145.40.128.0/18 maxlen: 18
2a0e:cb00::/29 maxlen: 29
Validation: Failed, certificate revoked on Thu 02 Jan 2025 17:50:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:19:3a:b9:6a:a7:1b:34:15:cb:81:eb:69:57:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4225b570f46de5c6e8b2b64ed090ad1385dab731
Validity
Not Before: Jan 1 12:30:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=85fbc20cf7e31c218a52ca9aa747d826e7e81801
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:31:9d:05:a3:bb:46:f7:ab:b6:9d:a3:35:a6:
01:ff:fb:a8:c6:29:2f:e8:73:03:76:dd:25:e7:43:
ec:28:83:b5:6a:18:1e:cd:8c:f5:f1:74:a8:8f:fb:
b7:48:5a:e8:d5:da:7c:5b:cf:c7:18:34:5d:dd:45:
13:74:d3:04:7f:58:e4:e9:c0:60:16:6c:dd:51:d1:
e4:6c:22:06:fb:e3:b6:71:bb:e9:7b:5a:9e:7f:db:
52:fe:ae:a8:b4:7c:42:6b:e2:ee:91:26:a4:0b:cf:
57:c7:c4:c8:e4:37:57:13:41:21:40:eb:9d:dd:34:
66:0a:66:35:33:c5:ff:2a:49:d6:88:8b:52:69:4f:
ae:8d:23:ca:2e:73:b2:08:3f:a4:29:5b:37:0d:52:
7b:f2:0a:37:97:77:a9:a2:de:08:e3:ae:22:b8:c6:
05:e1:c6:40:a7:d3:4a:62:16:8f:43:78:c2:25:32:
7e:7f:ce:fb:e2:90:76:07:db:9f:14:20:cc:ff:12:
9d:3e:3a:3b:83:d9:c4:ff:b3:01:4b:01:9d:67:8f:
e4:fd:68:c9:05:60:0a:ef:7f:24:d7:8b:45:16:0e:
b9:30:ee:00:b6:2c:99:33:15:b4:9c:db:83:09:a7:
ff:1d:8d:b3:22:92:7c:18:f2:ce:74:c8:b9:6c:d7:
4b:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:FB:C2:0C:F7:E3:1C:21:8A:52:CA:9A:A7:47:D8:26:E7:E8:18:01
X509v3 Authority Key Identifier:
keyid:42:25:B5:70:F4:6D:E5:C6:E8:B2:B6:4E:D0:90:AD:13:85:DA:B7:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiW1cPRt5cbosrZO0JCtE4XatzE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/c34c99-18c8-41a2-874b-390b85394beb/1/hfvCDPfjHCGKUsqap0fYJufoGAE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/c34c99-18c8-41a2-874b-390b85394beb/1/QiW1cPRt5cbosrZO0JCtE4XatzE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.13.4.0/22
145.40.128.0/18
IPv6:
2a0e:cb00::/29
Signature Algorithm: sha256WithRSAEncryption
04:cd:bd:68:9d:9c:8d:2e:f3:75:c3:a3:7b:45:e8:4a:76:40:
97:04:7f:7f:88:f3:14:55:f1:a4:66:01:58:a0:79:01:38:c3:
03:2d:7f:19:23:61:08:0a:f2:e5:00:9b:5b:ea:be:95:37:03:
89:6f:06:9d:1c:1e:4b:e3:73:77:88:54:45:7e:e8:5d:b7:3c:
1a:28:1a:2c:78:52:2f:df:7b:16:ac:14:b2:fb:bf:1d:9f:ca:
65:af:ec:c0:2b:ee:7b:ea:96:27:74:28:cc:fe:e5:99:a6:20:
c0:45:ab:30:1f:56:69:f3:f1:90:b2:12:75:7f:f9:78:88:52:
11:5a:2a:16:fc:73:86:fc:4d:22:f8:e0:e0:64:4f:5a:96:8b:
b5:79:90:b1:29:f2:aa:69:0f:13:c0:d4:09:16:75:0c:c0:8a:
4f:9e:32:b2:e4:fe:5d:75:d8:fe:86:6d:35:28:a8:fd:d1:77:
38:3a:f4:c8:4b:c0:f0:c2:17:a3:37:4c:82:ea:14:dd:6a:af:
1c:32:cb:df:44:42:9f:a1:05:dc:74:a8:3a:64:2b:b9:6c:35:
5e:d7:6d:4f:fd:b8:ba:23:d1:46:c5:87:dd:c8:fe:2b:16:8d:
94:89:b3:67:ce:29:40:49:53:17:49:31:81:32:84:c3:29:51:
4b:f7:93:4a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFARk6uWqnGzQVy4HraVewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjViNTcwZjQ2ZGU1YzZlOGIyYjY0ZWQwOTBhZDEzODVk
YWI3MzEwHhcNMjQwMTAxMTIzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWZiYzIwY2Y3ZTMxYzIxOGE1MmNhOWFhNzQ3ZDgyNmU3ZTgxODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTGdBaO7Rvertp2jNaYB//uoxikv
6HMDdt0l50PsKIO1ahgezYz18XSoj/u3SFro1dp8W8/HGDRd3UUTdNMEf1jk6cBg
FmzdUdHkbCIG++O2cbvpe1qef9tS/q6otHxCa+LukSakC89Xx8TI5DdXE0EhQOud
3TRmCmY1M8X/KknWiItSaU+ujSPKLnOyCD+kKVs3DVJ78go3l3epot4I464iuMYF
4cZAp9NKYhaPQ3jCJTJ+f8774pB2B9ufFCDM/xKdPjo7g9nE/7MBSwGdZ4/k/WjJ
BWAK738k14tFFg65MO4AtiyZMxW0nNuDCaf/HY2zIpJ8GPLOdMi5bNdL0wIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIX7wgz34xwhilLKmqdH2Cbn6BgBMB8GA1UdIwQY
MBaAFEIltXD0beXG6LK2TtCQrROF2rcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlXMWNQUnQ1Y2Jvc3JaTzBKQ3RFNFhhdHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jMzRjOTktMThjOC00MWEyLTg3NGIt
MzkwYjg1Mzk0YmViLzEvaGZ2Q0RQZmpIQ0dLVXNxYXAwZllKdWZvR0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jMzRjOTktMThjOC00MWEyLTg3NGItMzkwYjg1Mzk0YmVi
LzEvUWlXMWNQUnQ1Y2Jvc3JaTzBKQ3RFNFhhdHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLQ0EAwQG
kSiAMA0EAgACMAcDBQMqDssAMA0GCSqGSIb3DQEBCwUAA4IBAQAEzb1onZyNLvN1
w6N7RehKdkCXBH9/iPMUVfGkZgFYoHkBOMMDLX8ZI2EICvLlAJtb6r6VNwOJbwad
HB5L43N3iFRFfuhdtzwaKBoseFIv33sWrBSy+78dn8plr+zAK+576pYndCjM/uWZ
piDARaswH1Zp8/GQshJ1f/l4iFIRWioW/HOG/E0i+ODgZE9alou1eZCxKfKqaQ8T
wNQJFnUMwIpPnjKy5P5dddj+hm01KKj90Xc4OvTIS8DwwhejN0yC6hTdaq8cMsvf
REKfoQXcdKg6ZCu5bDVe121P/bi6I9FGxYfdyP4rFo2UibNnzilASVMXSTGBMoTD
KVFL95NK
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:19:17 2025 by rpki-client