Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/e3Jl4qnmR_IAkUesfaWKFdTEZ_0.roa
File: e3Jl4qnmR_IAkUesfaWKFdTEZ_0.roa (raw, json)
Hash identifier: TbwhZGp7MUkXmu1NRGMHT0T7hHWUcSwmpomoyvSouDw=
Subject key identifier: 7B:72:65:E2:A9:E6:47:F2:00:91:47:AC:7D:A5:8A:15:D4:C4:67:FD
Certificate issuer: /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial: 018CC26D5756E5739A9B57DF1162FA54C2CE
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/e3Jl4qnmR_IAkUesfaWKFdTEZ_0.roa
Signing time: Mon 01 Jan 2024 00:29:54 +0000
ROA not before: Mon 01 Jan 2024 00:29:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211027
IP address blocks: 2a09:3d00::/29 maxlen: 36
2a0f:c582::/32 maxlen: 32
2a11:b80::/29 maxlen: 36
2a09:b680::/29 maxlen: 36
2a0d:5ec0::/29 maxlen: 36
2a11:780::/29 maxlen: 36
2a11:200:2000::/36 maxlen: 36
2a10:c340:7000::/36 maxlen: 36
Validation: Failed, certificate revoked on Mon 06 May 2024 10:51:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:57:56:e5:73:9a:9b:57:df:11:62:fa:54:c2:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Validity
Not Before: Jan 1 00:29:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7b7265e2a9e647f2009147ac7da58a15d4c467fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:f8:91:de:fd:74:9b:53:69:b8:5c:ee:03:d1:
f4:da:54:12:7e:15:93:4f:a1:e0:17:a9:bf:6d:31:
01:ad:be:27:43:ff:c3:c4:8d:13:68:46:d9:cb:bf:
6d:f5:ad:40:0e:26:ee:48:33:b4:52:47:e5:40:b7:
f0:13:1c:10:93:c6:7d:bf:02:f7:21:4b:c0:09:39:
60:86:0b:10:a3:ca:9a:1f:51:d0:83:0e:c0:bd:02:
d9:8a:8e:7d:0b:67:a2:74:87:a9:87:3f:34:05:c4:
af:f0:73:30:da:ba:9b:e4:40:01:61:d6:84:94:9d:
84:a9:9b:45:04:10:c9:eb:cc:92:2f:55:2f:64:99:
ac:ff:37:39:4a:b1:94:14:4e:29:90:c4:19:56:61:
b1:90:65:3b:e4:2f:d9:f7:34:ea:d6:ac:53:7c:20:
a0:c3:7e:38:74:a3:53:13:07:71:09:c1:3d:04:c8:
39:6e:37:11:ba:fa:d1:6d:51:c5:d2:31:fa:5e:52:
ea:72:09:e1:80:9d:b5:1a:be:bb:aa:60:00:02:a7:
73:2e:ca:46:e6:b4:07:00:af:09:a4:4b:91:89:d3:
4d:ce:04:db:3f:19:83:8d:15:74:d8:0b:18:83:5d:
ca:79:0d:99:fe:b1:62:9d:a6:50:41:d1:a4:a2:d4:
c5:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:72:65:E2:A9:E6:47:F2:00:91:47:AC:7D:A5:8A:15:D4:C4:67:FD
X509v3 Authority Key Identifier:
keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/e3Jl4qnmR_IAkUesfaWKFdTEZ_0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:3d00::/29
2a09:b680::/29
2a0d:5ec0::/29
2a0f:c582::/32
2a10:c340:7000::/36
2a11:200:2000::/36
2a11:780::/29
2a11:b80::/29
Signature Algorithm: sha256WithRSAEncryption
85:99:d9:fc:85:c5:7f:0e:ba:bd:4c:ae:b7:07:e3:0d:f6:e0:
83:5a:cc:f8:97:76:34:8c:2d:c7:f7:13:19:e1:1c:41:b8:60:
0a:b5:76:64:e5:e9:7a:ec:64:b5:ac:48:51:93:07:b3:6f:5a:
6f:c8:7b:40:8f:47:4b:a8:44:8b:38:b7:55:3f:ac:25:ee:e6:
c0:11:51:d4:42:cc:bb:ba:f1:6e:58:7f:c3:e4:db:d7:85:33:
1c:5d:35:88:c2:29:6f:10:70:b7:9a:ff:2a:08:b4:1d:8a:f6:
69:f6:e4:66:dd:d8:18:11:3c:0b:f7:f9:05:4e:a9:e4:da:ed:
80:69:b0:2d:24:76:d2:59:c0:8a:68:c0:d0:39:fa:d6:3c:29:
6a:65:7c:29:8a:91:9b:a1:51:a6:45:37:9e:a2:84:77:f0:b9:
46:a9:9f:3e:ab:d4:43:fd:c3:90:1d:ab:45:0f:f8:45:18:43:
ed:c5:69:5e:0e:a5:1d:3e:a8:c6:e2:eb:15:32:3e:59:c1:22:
54:b8:86:66:f0:b5:3b:d3:a6:99:62:a8:e3:41:9a:43:30:1e:
be:0b:81:47:76:e4:d3:5e:01:88:a7:ea:f7:93:f4:d2:56:ba:
71:98:5b:85:44:ca:f3:0c:b3:1a:24:fc:72:6c:0d:46:7b:4c:
87:d2:d0:3d
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYzCbVdW5XOam1ffEWL6VMLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjcyNjVlMmE5ZTY0N2YyMDA5MTQ3YWM3ZGE1OGExNWQ0YzQ2N2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/iR3v10m1NpuFzuA9H02lQSfhWT
T6HgF6m/bTEBrb4nQ//DxI0TaEbZy79t9a1ADibuSDO0UkflQLfwExwQk8Z9vwL3
IUvACTlghgsQo8qaH1HQgw7AvQLZio59C2eidIephz80BcSv8HMw2rqb5EABYdaE
lJ2EqZtFBBDJ68ySL1UvZJms/zc5SrGUFE4pkMQZVmGxkGU75C/Z9zTq1qxTfCCg
w344dKNTEwdxCcE9BMg5bjcRuvrRbVHF0jH6XlLqcgnhgJ21Gr67qmAAAqdzLspG
5rQHAK8JpEuRidNNzgTbPxmDjRV02AsYg13KeQ2Z/rFinaZQQdGkotTFyQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFHtyZeKp5kfyAJFHrH2lihXUxGf9MB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvZTNKbDRxbm1SX0lBa1Vlc2ZhV0tGZFRFWl8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjBABAIAAjA6AwUDKgk9AAMF
AyoJtoADBQMqDV7AAwUAKg/FggMGBCoQw0BwAwYEKhECACADBQMqEQeAAwUDKhEL
gDANBgkqhkiG9w0BAQsFAAOCAQEAhZnZ/IXFfw66vUyutwfjDfbgg1rM+Jd2NIwt
x/cTGeEcQbhgCrV2ZOXpeuxktaxIUZMHs29ab8h7QI9HS6hEizi3VT+sJe7mwBFR
1ELMu7rxblh/w+Tb14UzHF01iMIpbxBwt5r/Kgi0HYr2afbkZt3YGBE8C/f5BU6p
5NrtgGmwLSR20lnAimjA0Dn61jwpamV8KYqRm6FRpkU3nqKEd/C5RqmfPqvUQ/3D
kB2rRQ/4RRhD7cVpXg6lHT6oxuLrFTI+WcEiVLiGZvC1O9OmmWKo40GaQzAevguB
R3bk014BiKfq95P00la6cZhbhUTK8wyzGiT8cmwNRntMh9LQPQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:58 2024 by rpki-client on console-ams.rpki-client.org