Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/Yf5GxfJvDJ3ocf4445R7kQ9ueIY.roa
File: Yf5GxfJvDJ3ocf4445R7kQ9ueIY.roa (raw, json)
Hash identifier: m60ufR7EtBjX9240ETpPUgzIQIloqh0A1+8Mf0c8Kcs=
Subject key identifier: 61:FE:46:C5:F2:6F:0C:9D:E8:71:FE:38:E3:94:7B:91:0F:6E:78:86
Certificate issuer: /CN=aa22bffd2d5a070e2ec8a3fc46e7911af96feaad
Certificate serial: 018CC64B0EEFC281123F7558E26B5F8A9D65
Authority key identifier: AA:22:BF:FD:2D:5A:07:0E:2E:C8:A3:FC:46:E7:91:1A:F9:6F:EA:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qiK__S1aBw4uyKP8RueRGvlv6q0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/Yf5GxfJvDJ3ocf4445R7kQ9ueIY.roa
Signing time: Mon 01 Jan 2024 18:30:56 +0000
ROA not before: Mon 01 Jan 2024 18:30:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209198
IP address blocks: 2.57.200.0/22 maxlen: 24
2a09:de40::/32 maxlen: 56
Validation: Failed, certificate revoked on Wed 01 Jan 2025 07:47:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:0e:ef:c2:81:12:3f:75:58:e2:6b:5f:8a:9d:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aa22bffd2d5a070e2ec8a3fc46e7911af96feaad
Validity
Not Before: Jan 1 18:30:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=61fe46c5f26f0c9de871fe38e3947b910f6e7886
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:b2:74:31:6b:b6:34:6f:9a:e5:1c:47:9c:b7:
21:37:6e:63:58:7e:51:42:70:e5:89:86:9e:7c:55:
f2:41:cb:73:b1:eb:9d:f8:61:35:c6:24:a5:b6:52:
80:ac:3e:9b:7b:35:35:37:6a:b6:08:dd:cf:1d:ff:
ba:64:d8:b5:36:0f:43:44:5e:99:02:c1:03:6d:5a:
6b:88:41:e0:31:66:3e:19:1d:7d:65:76:62:03:bf:
ad:18:fa:4e:fc:f6:84:e2:3e:02:4e:37:22:43:97:
7e:9a:b2:a2:29:10:ad:c3:81:4b:9a:96:5e:7e:4a:
a7:0d:28:a1:36:16:96:5c:52:8f:bd:cb:8f:44:5d:
ad:a1:a6:d4:5c:60:bb:2a:30:73:b5:6b:e2:f8:be:
2a:24:7c:a5:5a:7e:e5:e3:83:71:a9:82:e9:a8:eb:
d0:b1:63:44:d4:26:84:5a:b5:b6:fc:b3:ce:b0:1e:
21:69:18:7f:1d:6e:b4:d7:a8:b9:8c:9a:a9:4b:2b:
8c:17:0b:1a:c2:55:da:1b:6d:f3:44:10:5c:f0:7a:
a9:f3:74:1e:a4:46:39:5d:ae:6c:93:fc:25:33:4c:
34:3e:d2:30:6d:18:b0:ff:bd:3c:9c:7b:5a:27:c1:
b9:ca:17:81:22:c5:a4:c1:0d:fd:eb:60:51:d8:37:
40:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:FE:46:C5:F2:6F:0C:9D:E8:71:FE:38:E3:94:7B:91:0F:6E:78:86
X509v3 Authority Key Identifier:
keyid:AA:22:BF:FD:2D:5A:07:0E:2E:C8:A3:FC:46:E7:91:1A:F9:6F:EA:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qiK__S1aBw4uyKP8RueRGvlv6q0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/Yf5GxfJvDJ3ocf4445R7kQ9ueIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/878d0c-2200-4c27-94c0-5c6e19d070e5/1/qiK__S1aBw4uyKP8RueRGvlv6q0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.200.0/22
IPv6:
2a09:de40::/32
Signature Algorithm: sha256WithRSAEncryption
5e:91:57:89:c1:49:c3:18:f3:7c:23:3f:53:53:60:76:0d:94:
b9:a0:dd:08:c9:36:68:69:cf:3e:2f:98:3b:13:5a:5c:38:ec:
de:fe:cf:aa:3f:f7:40:69:54:6e:b4:e6:42:c8:15:03:c5:47:
18:de:e2:ce:4a:5e:8f:e7:f9:7f:00:ed:8b:f5:75:88:75:40:
2a:d1:e5:f4:34:ca:5d:2c:5c:6e:82:26:0e:b6:ab:bc:66:4a:
67:1d:3a:c6:dd:5d:5e:8e:df:1c:e8:c8:e0:63:2f:16:dc:10:
5d:76:1d:58:be:bd:28:61:44:61:41:fa:c3:be:3e:18:ce:9d:
ac:3c:ed:ef:7b:5d:31:a4:ca:3d:b9:3d:75:49:e0:af:82:e4:
9b:5e:64:98:e9:81:98:89:e3:0f:d9:29:1e:b7:47:1f:b2:d3:
2c:29:a6:c7:a7:dd:b6:fe:ca:91:54:00:ec:77:e9:94:58:a4:
3d:9f:41:07:a8:41:dd:66:d5:29:39:7f:31:dc:02:16:c2:f2:
b1:55:3b:1b:69:59:86:03:85:41:7b:e9:3e:1d:fb:fc:27:e6:
fc:46:97:e1:a6:35:fc:7c:5a:6b:63:44:26:e6:ab:a5:67:64:
d2:64:ad:27:92:3a:31:25:07:92:25:56:87:ea:69:d9:2b:82:
17:01:7c:1f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSw7vwoESP3VY4mtfip1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhMjJiZmZkMmQ1YTA3MGUyZWM4YTNmYzQ2ZTc5MTFhZjk2
ZmVhYWQwHhcNMjQwMTAxMTgzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWZlNDZjNWYyNmYwYzlkZTg3MWZlMzhlMzk0N2I5MTBmNmU3ODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLJ0MWu2NG+a5RxHnLchN25jWH5R
QnDliYaefFXyQctzseud+GE1xiSltlKArD6bezU1N2q2CN3PHf+6ZNi1Ng9DRF6Z
AsEDbVpriEHgMWY+GR19ZXZiA7+tGPpO/PaE4j4CTjciQ5d+mrKiKRCtw4FLmpZe
fkqnDSihNhaWXFKPvcuPRF2toabUXGC7KjBztWvi+L4qJHylWn7l44NxqYLpqOvQ
sWNE1CaEWrW2/LPOsB4haRh/HW6016i5jJqpSyuMFwsawlXaG23zRBBc8Hqp83Qe
pEY5Xa5sk/wlM0w0PtIwbRiw/708nHtaJ8G5yheBIsWkwQ3962BR2DdA7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGH+RsXybwyd6HH+OOOUe5EPbniGMB8GA1UdIwQY
MBaAFKoiv/0tWgcOLsij/EbnkRr5b+qtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWlLX19TMWFCdzR1eUtQOFJ1ZVJHdmx2NnEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84NzhkMGMtMjIwMC00YzI3LTk0YzAt
NWM2ZTE5ZDA3MGU1LzEvWWY1R3hmSnZESjNvY2Y0NDQ1UjdrUTl1ZUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84NzhkMGMtMjIwMC00YzI3LTk0YzAtNWM2ZTE5ZDA3MGU1
LzEvcWlLX19TMWFCdzR1eUtQOFJ1ZVJHdmx2NnEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCAjnIMA0E
AgACMAcDBQAqCd5AMA0GCSqGSIb3DQEBCwUAA4IBAQBekVeJwUnDGPN8Iz9TU2B2
DZS5oN0IyTZoac8+L5g7E1pcOOze/s+qP/dAaVRutOZCyBUDxUcY3uLOSl6P5/l/
AO2L9XWIdUAq0eX0NMpdLFxugiYOtqu8ZkpnHTrG3V1ejt8c6MjgYy8W3BBddh1Y
vr0oYURhQfrDvj4Yzp2sPO3ve10xpMo9uT11SeCvguSbXmSY6YGYieMP2Sket0cf
stMsKabHp922/sqRVADsd+mUWKQ9n0EHqEHdZtUpOX8x3AIWwvKxVTsbaVmGA4VB
e+k+Hfv8J+b8RpfhpjX8fFprY0Qm5qulZ2TSZK0nkjoxJQeSJVaH6mnZK4IXAXwf
-----END CERTIFICATE-----
Generated at Sun Apr 20 03:33:39 2025 by rpki-client