Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/nupS5mg72duz4YcBzCJmhwRPDMs.roa
File: nupS5mg72duz4YcBzCJmhwRPDMs.roa (raw, json)
Hash identifier: VwMez6dAAVER1bqgkGuMJ2mP7qS1AF2h8J39JFMU9Mk=
Subject key identifier: 9E:EA:52:E6:68:3B:D9:DB:B3:E1:87:01:CC:22:66:87:04:4F:0C:CB
Certificate issuer: /CN=a5a56ebf01e00349f673019180560c9a31aea871
Certificate serial: 018CC86EFF04F30B5B30538B45839E9C1815
Authority key identifier: A5:A5:6E:BF:01:E0:03:49:F6:73:01:91:80:56:0C:9A:31:AE:A8:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/nupS5mg72duz4YcBzCJmhwRPDMs.roa
Signing time: Tue 02 Jan 2024 04:29:26 +0000
ROA not before: Tue 02 Jan 2024 04:29:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 399976
IP address blocks: 194.54.146.0/24 maxlen: 24
2a12:c6c0::/29 maxlen: 64
2a12:c6c4::/32 maxlen: 48
2a12:c6c7::/32 maxlen: 48
2a12:c6c6::/32 maxlen: 48
2a12:c6c5::/32 maxlen: 48
Validation: Failed, certificate revoked on Mon 29 Jan 2024 20:40:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6e:ff:04:f3:0b:5b:30:53:8b:45:83:9e:9c:18:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a5a56ebf01e00349f673019180560c9a31aea871
Validity
Not Before: Jan 2 04:29:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9eea52e6683bd9dbb3e18701cc226687044f0ccb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:88:ac:5a:31:b4:15:d7:e7:4a:65:2b:49:70:
60:7f:1b:c5:82:43:67:b4:de:ae:32:05:88:b3:40:
09:5a:52:76:17:ea:1c:68:55:8f:41:c6:0b:33:aa:
45:41:a5:84:61:a6:2e:93:27:86:b4:bc:d6:9c:fd:
44:ac:5f:dd:67:7e:69:ba:a3:4f:f6:61:57:52:72:
95:79:de:8b:90:7d:25:63:02:3b:cf:b0:4b:dc:21:
e6:5b:15:03:ad:3e:6b:27:a2:3d:a5:f3:8f:d1:78:
bc:1e:a3:b9:9d:9b:4e:5d:03:bf:db:f7:a7:3d:c7:
d9:5e:74:5a:66:c7:41:e5:f5:a7:d1:32:b9:2a:01:
cc:d2:86:a0:2b:cb:d2:3c:15:62:3a:a7:95:26:d6:
ab:00:aa:9d:cb:73:9f:42:6f:ee:6f:3a:be:c1:94:
ff:d1:85:97:14:0a:05:96:7e:5b:68:0a:fb:71:8f:
27:4d:0d:a1:2d:43:82:d7:69:d8:43:cb:4d:b5:3f:
f3:65:65:5a:56:75:ed:30:b7:4c:12:d5:b4:81:69:
9c:9e:ad:51:00:fd:a2:85:01:bb:cc:64:2b:4a:dd:
45:c9:05:70:dc:5b:62:13:53:f7:19:50:7a:2b:f0:
fc:a3:80:1e:09:0b:71:0b:f1:09:72:0c:8d:a1:e9:
76:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:EA:52:E6:68:3B:D9:DB:B3:E1:87:01:CC:22:66:87:04:4F:0C:CB
X509v3 Authority Key Identifier:
keyid:A5:A5:6E:BF:01:E0:03:49:F6:73:01:91:80:56:0C:9A:31:AE:A8:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/paVuvwHgA0n2cwGRgFYMmjGuqHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/nupS5mg72duz4YcBzCJmhwRPDMs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/554c35-a83c-4329-a08d-2d46d30dacbf/1/paVuvwHgA0n2cwGRgFYMmjGuqHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.54.146.0/24
IPv6:
2a12:c6c0::/29
Signature Algorithm: sha256WithRSAEncryption
56:61:13:e5:b7:68:ee:41:38:d9:23:14:cd:26:99:58:38:32:
5e:6f:bd:dc:f9:36:55:54:bd:ea:1c:13:98:9f:03:64:95:10:
87:36:41:0b:e6:86:8e:41:e4:3f:9e:2b:2c:ed:18:e7:8c:16:
67:bf:6f:9c:62:ae:88:a7:59:6b:a0:c1:8e:06:47:ef:5f:c0:
3a:6e:7c:5a:fc:f3:37:11:00:fe:d9:fa:e9:1d:9c:d6:3e:13:
fc:1a:a5:30:b5:14:0f:74:aa:3a:59:f2:d0:52:89:46:94:3a:
05:81:16:9e:fa:85:ef:93:58:3e:db:3f:e6:c6:7d:16:f9:eb:
42:37:15:ac:bf:dd:6d:e8:5b:84:73:2d:ba:30:e7:0f:f9:12:
0c:5e:18:d2:01:eb:f3:af:e2:61:b3:04:a6:0f:25:48:38:8b:
34:d8:96:ab:38:d9:c1:2b:61:d8:7b:78:1b:b2:6e:6e:64:ea:
03:e3:63:6c:d9:2b:e6:02:62:bb:8d:ed:31:8a:fa:bc:cf:6b:
df:81:28:e9:65:41:8e:72:98:e5:21:a4:93:32:b7:81:dc:48:
c7:c6:f8:34:46:2e:c4:72:f0:a8:0a:58:78:30:34:de:f1:30:
84:75:fe:6c:b2:f1:48:30:ee:91:fa:bc:52:5b:e2:e5:4f:3d:
54:8d:b6:37
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIbv8E8wtbMFOLRYOenBgVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTU2ZWJmMDFlMDAzNDlmNjczMDE5MTgwNTYwYzlhMzFh
ZWE4NzEwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWVhNTJlNjY4M2JkOWRiYjNlMTg3MDFjYzIyNjY4NzA0NGYwY2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4isWjG0FdfnSmUrSXBgfxvFgkNn
tN6uMgWIs0AJWlJ2F+ocaFWPQcYLM6pFQaWEYaYukyeGtLzWnP1ErF/dZ35puqNP
9mFXUnKVed6LkH0lYwI7z7BL3CHmWxUDrT5rJ6I9pfOP0Xi8HqO5nZtOXQO/2/en
PcfZXnRaZsdB5fWn0TK5KgHM0oagK8vSPBViOqeVJtarAKqdy3OfQm/ubzq+wZT/
0YWXFAoFln5baAr7cY8nTQ2hLUOC12nYQ8tNtT/zZWVaVnXtMLdMEtW0gWmcnq1R
AP2ihQG7zGQrSt1FyQVw3FtiE1P3GVB6K/D8o4AeCQtxC/EJcgyNoel2gQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ7qUuZoO9nbs+GHAcwiZocETwzLMB8GA1UdIwQY
MBaAFKWlbr8B4ANJ9nMBkYBWDJoxrqhxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFWdXZ3SGdBMG4yY3dHUmdGWU1takd1cUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81NTRjMzUtYTgzYy00MzI5LWEwOGQt
MmQ0NmQzMGRhY2JmLzEvbnVwUzVtZzcyZHV6NFljQnpDSm1od1JQRE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81NTRjMzUtYTgzYy00MzI5LWEwOGQtMmQ0NmQzMGRhY2Jm
LzEvcGFWdXZ3SGdBMG4yY3dHUmdGWU1takd1cUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwjaSMA0E
AgACMAcDBQMqEsbAMA0GCSqGSIb3DQEBCwUAA4IBAQBWYRPlt2juQTjZIxTNJplY
ODJeb73c+TZVVL3qHBOYnwNklRCHNkEL5oaOQeQ/niss7RjnjBZnv2+cYq6Ip1lr
oMGOBkfvX8A6bnxa/PM3EQD+2frpHZzWPhP8GqUwtRQPdKo6WfLQUolGlDoFgRae
+oXvk1g+2z/mxn0W+etCNxWsv91t6FuEcy26MOcP+RIMXhjSAevzr+JhswSmDyVI
OIs02JarONnBK2HYe3gbsm5uZOoD42Ns2SvmAmK7je0xivq8z2vfgSjpZUGOcpjl
IaSTMreB3EjHxvg0Ri7EcvCoClh4MDTe8TCEdf5ssvFIMO6R+rxSW+LlTz1UjbY3
-----END CERTIFICATE-----
Generated at Sun Apr 20 12:13:38 2025 by rpki-client