Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NTOck1gr1CkGEJaKXwvV2iGTvhc.roa
File: NTOck1gr1CkGEJaKXwvV2iGTvhc.roa (raw, json)
Hash identifier: 0NksvnyAjMAX++drd4xWzvYs9c71g4U80BBKt7mBsyw=
Subject key identifier: 35:33:9C:93:58:2B:D4:29:06:10:96:8A:5F:0B:D5:DA:21:93:BE:17
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 0194E437F8066C627B8786467498582BB619
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NTOck1gr1CkGEJaKXwvV2iGTvhc.roa
Signing time: Sat 08 Feb 2025 06:21:00 +0000
ROA not before: Sat 08 Feb 2025 06:21:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 215304
IP address blocks: 151.243.60.0/24 maxlen: 24
151.243.61.0/24 maxlen: 24
151.243.62.0/24 maxlen: 24
151.243.63.0/24 maxlen: 24
151.243.88.0/24 maxlen: 24
151.243.89.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sat 22 Feb 2025 04:13:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:e4:37:f8:06:6c:62:7b:87:86:46:74:98:58:2b:b6:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Feb 8 06:21:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=35339c93582bd4290610968a5f0bd5da2193be17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:de:1b:11:46:55:d3:61:7a:7f:ac:3c:5b:3e:
10:58:72:ce:51:db:2e:82:62:c1:1b:4e:28:7c:b9:
a7:41:ed:e6:81:c8:f2:a0:e1:3f:f4:60:7b:a1:98:
2c:93:e2:53:70:ea:20:55:62:83:3b:af:eb:17:a9:
75:03:31:88:25:bc:bd:9d:01:ac:22:c5:e8:59:16:
fd:e9:87:ee:cd:63:8d:01:a5:d1:3d:66:77:40:75:
97:ea:7b:af:23:e2:97:58:31:f7:26:7f:bf:93:25:
62:81:9b:4f:9a:19:ae:d9:97:34:45:be:4a:56:51:
63:d3:53:74:9d:95:40:81:eb:87:dc:76:09:03:e6:
66:e0:72:85:c4:22:ac:88:00:c1:ee:5d:bc:8a:61:
13:e7:ca:30:b0:de:65:67:fe:d1:15:7b:3c:f3:8f:
e4:56:f9:f6:83:7b:1b:f0:2f:b1:91:48:9c:22:91:
09:11:c1:8f:9e:ad:5b:85:39:73:60:51:99:04:7c:
24:53:49:4a:ee:f5:fc:f1:42:79:21:0e:d6:b5:38:
cf:8e:4a:50:05:e3:16:b9:f1:dd:5f:36:c4:9d:b5:
ed:39:90:ce:bb:e4:4c:69:16:9f:b7:29:e2:d4:d8:
01:67:47:62:bd:e7:32:d7:51:f9:87:71:f7:99:29:
ab:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:33:9C:93:58:2B:D4:29:06:10:96:8A:5F:0B:D5:DA:21:93:BE:17
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/NTOck1gr1CkGEJaKXwvV2iGTvhc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
151.243.60.0/22
151.243.88.0/23
Signature Algorithm: sha256WithRSAEncryption
0a:72:24:47:8f:06:49:2b:25:1b:ec:bc:63:1f:c5:67:8d:a4:
98:b1:7c:e0:06:92:37:9f:11:5a:7b:36:6a:ea:46:79:d4:78:
56:bf:e1:bc:11:67:e5:5b:73:5e:e0:19:9c:91:3c:83:11:37:
2a:19:9a:b9:27:83:c5:20:55:7b:46:25:0f:7a:cf:94:23:ce:
a2:67:d0:87:c9:15:a3:5f:ad:63:0c:fb:7d:fd:e2:3e:08:1b:
3f:8e:17:00:90:e5:63:df:e4:11:1a:6c:c0:26:8c:e2:14:95:
ca:1d:9f:f9:2e:22:ce:01:ee:59:a6:c9:45:db:00:cf:cd:07:
f2:81:d5:5d:0c:aa:85:3b:86:c3:5e:f8:a1:c4:73:df:23:7b:
e7:32:9e:50:d8:3e:08:1c:1d:70:98:ae:db:b3:9a:a9:14:40:
97:f7:b6:67:47:2a:d7:9f:0d:08:d9:df:8a:f9:54:4d:fb:77:
be:95:4d:84:6b:10:2d:0a:4f:f5:f2:46:ae:1e:0a:14:ce:b9:
b6:9b:93:c7:47:e8:b2:34:e7:31:d9:71:db:17:37:36:35:47:
ca:d5:74:dc:e0:e7:30:08:33:ea:7a:e7:d3:d0:03:06:2d:90:
f3:d4:65:ce:47:1f:1d:ed:8c:ff:6d:18:6b:94:5f:99:92:fb:
cd:ec:f5:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZTkN/gGbGJ7h4ZGdJhYK7YZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMjA4MDYyMTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTMzOWM5MzU4MmJkNDI5MDYxMDk2OGE1ZjBiZDVkYTIxOTNiZTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0d4bEUZV02F6f6w8Wz4QWHLOUdsu
gmLBG04ofLmnQe3mgcjyoOE/9GB7oZgsk+JTcOogVWKDO6/rF6l1AzGIJby9nQGs
IsXoWRb96YfuzWONAaXRPWZ3QHWX6nuvI+KXWDH3Jn+/kyVigZtPmhmu2Zc0Rb5K
VlFj01N0nZVAgeuH3HYJA+Zm4HKFxCKsiADB7l28imET58owsN5lZ/7RFXs884/k
Vvn2g3sb8C+xkUicIpEJEcGPnq1bhTlzYFGZBHwkU0lK7vX88UJ5IQ7WtTjPjkpQ
BeMWufHdXzbEnbXtOZDOu+RMaRaftyni1NgBZ0divecy11H5h3H3mSmrzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDUznJNYK9QpBhCWil8L1dohk74XMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvTlRPY2sxZ3IxQ2tHRUphS1h3dlYyaUdUdmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCl/M8AwQB
l/NYMA0GCSqGSIb3DQEBCwUAA4IBAQAKciRHjwZJKyUb7LxjH8VnjaSYsXzgBpI3
nxFaezZq6kZ51HhWv+G8EWflW3Ne4BmckTyDETcqGZq5J4PFIFV7RiUPes+UI86i
Z9CHyRWjX61jDPt9/eI+CBs/jhcAkOVj3+QRGmzAJoziFJXKHZ/5LiLOAe5ZpslF
2wDPzQfygdVdDKqFO4bDXvihxHPfI3vnMp5Q2D4IHB1wmK7bs5qpFECX97ZnRyrX
nw0I2d+K+VRN+3e+lU2EaxAtCk/18kauHgoUzrm2m5PHR+iyNOcx2XHbFzc2NUfK
1XTc4OcwCDPqeufT0AMGLZDz1GXORx8d7Yz/bRhrlF+ZkvvN7PV+
-----END CERTIFICATE-----
Generated at Mon Apr 7 00:20:56 2025 by rpki-client