Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/tcFul_CqAhm8A9VwLRbCXvS7XzM.roa
File: tcFul_CqAhm8A9VwLRbCXvS7XzM.roa (raw, json)
Hash identifier: GrPaPA//2vaQGQO7vE0+T20QTNwIc/q8SWjBVdawrd4=
Subject key identifier: B5:C1:6E:97:F0:AA:02:19:BC:03:D5:70:2D:16:C2:5E:F4:BB:5F:33
Certificate issuer: /CN=20f5307242fe3c95327b3220a1da5bffd12524fe
Certificate serial: 0193D8446C2BBA250A1A184C88E17014E23B
Authority key identifier: 20:F5:30:72:42:FE:3C:95:32:7B:32:20:A1:DA:5B:FF:D1:25:24:FE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IPUwckL-PJUyezIgodpb_9ElJP4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/tcFul_CqAhm8A9VwLRbCXvS7XzM.roa
Signing time: Wed 18 Dec 2024 05:36:22 +0000
ROA not before: Wed 18 Dec 2024 05:36:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202446
IP address blocks: 194.33.20.0/22 maxlen: 22
194.33.20.0/24 maxlen: 24
194.33.21.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 17:53:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:d8:44:6c:2b:ba:25:0a:1a:18:4c:88:e1:70:14:e2:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=20f5307242fe3c95327b3220a1da5bffd12524fe
Validity
Not Before: Dec 18 05:36:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b5c16e97f0aa0219bc03d5702d16c25ef4bb5f33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:dd:0a:c3:26:f5:b9:ec:a7:c0:41:bb:ce:7a:
4d:0c:0a:0d:e1:c3:0c:1a:ca:fd:eb:c9:31:05:e1:
48:8b:88:11:98:52:21:c8:d5:df:3c:a6:da:3d:3a:
2e:b9:c9:09:3b:b6:b3:8a:cc:0f:43:68:b8:57:49:
65:f3:19:2d:71:18:05:32:37:6b:56:9d:ed:68:b1:
97:6b:9d:95:43:60:88:ea:72:d3:00:88:1c:c2:9f:
ac:ba:ea:e9:04:ba:98:e2:80:5b:97:1a:19:70:1e:
d5:eb:e8:94:fa:e4:49:85:0b:06:59:c9:4d:a9:64:
07:56:54:e4:ff:f5:97:f6:eb:12:72:24:93:0a:86:
5c:8c:9b:89:2e:a0:56:ad:fe:45:28:07:2e:ff:e5:
0e:9c:fe:1c:c4:c8:68:96:31:71:2e:26:d6:82:71:
1f:7c:0e:f2:b3:9b:c4:f9:c0:d6:9c:95:c2:4b:0d:
a0:78:37:1d:4e:9b:b1:2c:43:e6:66:7b:64:bd:a1:
44:05:44:c1:9d:22:e7:2c:28:a1:ee:6a:04:6b:97:
21:35:c1:d9:d4:46:84:81:c7:08:74:e1:60:4b:f1:
3d:52:7d:a9:e2:c5:fe:10:bf:86:86:1b:4a:c7:79:
2b:2f:45:67:8c:eb:e6:3b:64:38:3e:d5:35:dd:e1:
ea:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:C1:6E:97:F0:AA:02:19:BC:03:D5:70:2D:16:C2:5E:F4:BB:5F:33
X509v3 Authority Key Identifier:
keyid:20:F5:30:72:42:FE:3C:95:32:7B:32:20:A1:DA:5B:FF:D1:25:24:FE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IPUwckL-PJUyezIgodpb_9ElJP4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/tcFul_CqAhm8A9VwLRbCXvS7XzM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/e13a01-c00b-4956-ab3a-309a4970bbfd/1/IPUwckL-PJUyezIgodpb_9ElJP4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.33.20.0/22
Signature Algorithm: sha256WithRSAEncryption
2d:18:dc:09:18:ff:fb:ae:3f:d4:2c:20:a6:8b:7e:c8:e3:07:
8d:d4:c0:a6:d3:e2:f5:47:8d:10:6f:cb:bc:1a:26:d2:e2:24:
d7:ad:f3:2c:54:82:25:f0:43:d8:cf:1b:aa:9a:50:cf:5b:03:
69:0b:3d:3f:fc:5a:86:85:0e:36:8d:d2:2d:81:c4:b7:aa:90:
2e:a1:e9:c0:9b:d4:75:6e:a4:87:28:3c:b0:00:20:64:47:86:
d2:7a:13:4f:4f:db:e6:9f:a7:37:34:39:ec:66:9f:a5:01:62:
26:13:c3:33:9f:fa:3b:e5:f3:59:26:0b:17:dd:28:56:d3:4c:
e7:64:bd:45:89:32:38:42:7f:70:77:aa:0b:e8:af:5e:82:e0:
b7:bf:a4:4a:56:c8:f2:bf:e9:b7:10:86:c0:52:ec:42:4b:84:
dc:c5:e5:a9:5d:e4:e2:a3:79:61:1c:4e:a3:53:9b:48:09:bc:
d9:0b:ef:bc:58:40:af:d2:ba:49:43:a2:a4:04:25:7d:93:71:
af:2a:ed:58:bb:90:cd:b0:8d:a2:5a:a1:53:00:57:c7:0f:eb:
77:18:08:86:70:95:e0:20:6a:ca:ef:dd:14:72:4c:a4:ea:d6:
37:63:00:6d:60:3b:7a:73:ef:ad:7b:5d:06:71:4f:93:94:79:
d0:a4:3d:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZPYRGwruiUKGhhMiOFwFOI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZjUzMDcyNDJmZTNjOTUzMjdiMzIyMGExZGE1YmZmZDEy
NTI0ZmUwHhcNMjQxMjE4MDUzNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWMxNmU5N2YwYWEwMjE5YmMwM2Q1NzAyZDE2YzI1ZWY0YmI1ZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd0Kwyb1ueynwEG7znpNDAoN4cMM
Gsr968kxBeFIi4gRmFIhyNXfPKbaPTouuckJO7aziswPQ2i4V0ll8xktcRgFMjdr
Vp3taLGXa52VQ2CI6nLTAIgcwp+suurpBLqY4oBblxoZcB7V6+iU+uRJhQsGWclN
qWQHVlTk//WX9usSciSTCoZcjJuJLqBWrf5FKAcu/+UOnP4cxMholjFxLibWgnEf
fA7ys5vE+cDWnJXCSw2geDcdTpuxLEPmZntkvaFEBUTBnSLnLCih7moEa5chNcHZ
1EaEgccIdOFgS/E9Un2p4sX+EL+GhhtKx3krL0VnjOvmO2Q4PtU13eHqxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLXBbpfwqgIZvAPVcC0Wwl70u18zMB8GA1UdIwQY
MBaAFCD1MHJC/jyVMnsyIKHaW//RJST+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVBVd2NrTC1QSlV5ZXpJZ29kcGJfOUVsSlA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy9lMTNhMDEtYzAwYi00OTU2LWFiM2Et
MzA5YTQ5NzBiYmZkLzEvdGNGdWxfQ3FBaG04QTlWd0xSYkNYdlM3WHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy9lMTNhMDEtYzAwYi00OTU2LWFiM2EtMzA5YTQ5NzBiYmZk
LzEvSVBVd2NrTC1QSlV5ZXpJZ29kcGJfOUVsSlA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwiEUMA0G
CSqGSIb3DQEBCwUAA4IBAQAtGNwJGP/7rj/ULCCmi37I4weN1MCm0+L1R40Qb8u8
GibS4iTXrfMsVIIl8EPYzxuqmlDPWwNpCz0//FqGhQ42jdItgcS3qpAuoenAm9R1
bqSHKDywACBkR4bSehNPT9vmn6c3NDnsZp+lAWImE8Mzn/o75fNZJgsX3ShW00zn
ZL1FiTI4Qn9wd6oL6K9eguC3v6RKVsjyv+m3EIbAUuxCS4TcxeWpXeTio3lhHE6j
U5tICbzZC++8WECv0rpJQ6KkBCV9k3GvKu1Yu5DNsI2iWqFTAFfHD+t3GAiGcJXg
IGrK790Uckyk6tY3YwBtYDt6c++te10GcU+TlHnQpD0r
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:52:05 2025 by rpki-client