Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ohfPHS5khqpoIc0I8gaRTb1ikPM.roa
File: ohfPHS5khqpoIc0I8gaRTb1ikPM.roa (raw, json)
Hash identifier: uNuMXJ2i+QlV0jG8MSNusfvSGl+3oFSoq3khdN6S0i4=
Subject key identifier: A2:17:CF:1D:2E:64:86:AA:68:21:CD:08:F2:06:91:4D:BD:62:90:F3
Certificate issuer: /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial: 01945EED84782E4B209D8D21F53545E62BC5
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ohfPHS5khqpoIc0I8gaRTb1ikPM.roa
Signing time: Mon 13 Jan 2025 09:10:11 +0000
ROA not before: Mon 13 Jan 2025 09:10:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 37.202.205.0/24 maxlen: 24
37.202.208.0/23 maxlen: 24
37.202.209.0/24 maxlen: 24
37.202.210.0/24 maxlen: 24
37.202.212.0/23 maxlen: 24
37.202.217.0/24 maxlen: 24
37.202.220.0/24 maxlen: 24
37.202.221.0/24 maxlen: 24
151.242.14.0/24 maxlen: 24
151.242.20.0/24 maxlen: 24
151.243.137.0/24 maxlen: 24
151.243.162.0/24 maxlen: 24
151.243.222.0/24 maxlen: 24
151.243.254.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 14 Jan 2025 15:27:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:5e:ed:84:78:2e:4b:20:9d:8d:21:f5:35:45:e6:2b:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
Validity
Not Before: Jan 13 09:10:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a217cf1d2e6486aa6821cd08f206914dbd6290f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:da:da:a2:82:06:c7:9d:78:50:ee:39:22:63:
92:38:ed:ce:63:22:98:ef:66:2d:22:fb:82:5e:e0:
59:bc:c8:fc:b8:a6:a0:f5:d3:77:5c:73:c1:92:21:
c0:a3:f9:3f:28:f8:7b:93:45:50:f8:cd:87:ad:ef:
57:ec:84:98:c4:0d:64:4b:2a:0f:d7:b6:02:ee:87:
36:ca:86:a7:ee:fc:38:46:7d:a2:00:a4:d7:92:16:
64:6a:c0:74:62:c5:5e:ba:8f:60:4a:3d:65:6b:f5:
2d:f0:23:02:a2:f8:21:76:7f:7f:ef:e3:03:60:d6:
77:68:1e:6d:cd:04:ad:5c:af:8b:c3:7f:36:cb:58:
07:7e:09:0e:af:99:13:ad:51:27:eb:ef:a5:a6:64:
f9:2a:bd:07:03:74:5b:35:57:fe:56:42:80:4f:f9:
08:4d:f4:05:36:6f:b5:01:6c:bf:c8:b8:92:1c:9a:
03:45:5b:8a:a2:ae:6c:2b:33:09:a5:01:30:03:c9:
38:36:1a:f9:9c:0f:c8:7e:61:40:2f:db:b5:fd:65:
ce:37:a2:7f:15:d8:e4:03:2a:4d:5d:ef:31:f6:48:
c1:a2:0e:55:12:32:a2:73:ba:55:78:d1:c2:df:67:
72:37:08:3b:77:0d:5a:bd:50:02:da:82:df:f6:24:
16:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:17:CF:1D:2E:64:86:AA:68:21:CD:08:F2:06:91:4D:BD:62:90:F3
X509v3 Authority Key Identifier:
keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ohfPHS5khqpoIc0I8gaRTb1ikPM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.202.205.0/24
37.202.208.0-37.202.210.255
37.202.212.0/23
37.202.217.0/24
37.202.220.0/23
151.242.14.0/24
151.242.20.0/24
151.243.137.0/24
151.243.162.0/24
151.243.222.0/24
151.243.254.0/24
Signature Algorithm: sha256WithRSAEncryption
99:af:23:38:f9:06:43:2f:7a:ba:e3:3b:ad:b1:2c:04:12:19:
a4:23:9e:a9:fe:1e:d1:a4:26:77:39:cf:82:a4:97:df:13:dd:
0a:63:20:bf:0c:2e:cb:14:0f:8f:82:eb:ba:74:ac:82:97:24:
75:1d:d3:3d:f9:98:90:3a:d8:ed:cd:e1:77:3d:11:f2:e5:6c:
dd:14:fd:b4:20:2f:c3:20:32:8f:b1:16:7e:64:cd:87:ee:27:
9f:90:ee:2a:69:e9:d5:be:d1:b1:c7:b6:cd:2c:c4:f2:e0:f7:
22:d9:a6:f9:4c:32:0b:47:af:46:a4:6a:94:9b:d3:3c:03:ed:
f3:ee:52:6f:40:4b:93:92:63:8e:6f:da:2b:a0:ea:b0:7f:cb:
92:7c:c6:20:da:ac:5f:0f:11:35:38:71:7a:86:a2:5b:11:f9:
ad:d6:2b:f5:77:94:31:3e:26:95:ee:4c:7d:b8:54:ca:f1:ef:
37:7d:aa:b7:08:75:ec:b5:2d:7d:f4:1e:4b:be:91:78:68:3b:
5f:42:fd:0e:b7:88:16:7e:50:d2:d3:63:88:33:b4:4f:36:7e:
28:57:04:df:5d:77:d0:47:83:c3:7c:7a:6b:38:90:59:b9:1b:
93:4c:31:91:92:35:b1:83:3d:59:4d:19:f9:bc:2f:ca:9d:ef:
74:2b:71:a5
-----BEGIN CERTIFICATE-----
MIIFQTCCBCmgAwIBAgISAZRe7YR4LksgnY0h9TVF5ivFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwMTEzMDkxMDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE3Y2YxZDJlNjQ4NmFhNjgyMWNkMDhmMjA2OTE0ZGJkNjI5MGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz9raooIGx514UO45ImOSOO3OYyKY
72YtIvuCXuBZvMj8uKag9dN3XHPBkiHAo/k/KPh7k0VQ+M2Hre9X7ISYxA1kSyoP
17YC7oc2yoan7vw4Rn2iAKTXkhZkasB0YsVeuo9gSj1la/Ut8CMCovghdn9/7+MD
YNZ3aB5tzQStXK+Lw382y1gHfgkOr5kTrVEn6++lpmT5Kr0HA3RbNVf+VkKAT/kI
TfQFNm+1AWy/yLiSHJoDRVuKoq5sKzMJpQEwA8k4Nhr5nA/IfmFAL9u1/WXON6J/
FdjkAypNXe8x9kjBog5VEjKic7pVeNHC32dyNwg7dw1avVAC2oLf9iQWSwIDAQAB
o4ICTTCCAkkwHQYDVR0OBBYEFKIXzx0uZIaqaCHNCPIGkU29YpDzMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvb2hmUEhTNWtocXBvSWMwSThnYVJUYjFpa1BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGMGCCsGAQUFBwEHAQH/BFQwUjBQBAIAATBKAwQAJcrNMAwD
BAQlytADBAAlytIDBAElytQDBAAlytkDBAElytwDBACX8g4DBACX8hQDBACX84kD
BACX86IDBACX894DBACX8/4wDQYJKoZIhvcNAQELBQADggEBAJmvIzj5BkMverrj
O62xLAQSGaQjnqn+HtGkJnc5z4Kkl98T3QpjIL8MLssUD4+C67p0rIKXJHUd0z35
mJA62O3N4Xc9EfLlbN0U/bQgL8MgMo+xFn5kzYfuJ5+Q7ipp6dW+0bHHts0sxPLg
9yLZpvlMMgtHr0akapSb0zwD7fPuUm9AS5OSY45v2iug6rB/y5J8xiDarF8PETU4
cXqGolsR+a3WK/V3lDE+JpXuTH24VMrx7zd9qrcIdey1LX30Hku+kXhoO19C/Q63
iBZ+UNLTY4gztE82fihXBN9dd9BHg8N8ems4kFm5G5NMMZGSNbGDPVlNGfm8L8qd
73QrcaU=
-----END CERTIFICATE-----
Generated at Thu Apr 17 12:59:13 2025 by rpki-client