Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/9ikwiFfR3LCtMmdx15syNeEvn7w.roa
File: 9ikwiFfR3LCtMmdx15syNeEvn7w.roa (raw, json)
Hash identifier: 3FNxd8WB8eI9ksULu0jUbWlq5OLDir7W4GasFnFMA6E=
Subject key identifier: F6:29:30:88:57:D1:DC:B0:AD:32:67:71:D7:9B:32:35:E1:2F:9F:BC
Certificate issuer: /CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
Certificate serial: 01940936446F18518B8CAF7D3FC24C437257
Authority key identifier: A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/9ikwiFfR3LCtMmdx15syNeEvn7w.roa
Signing time: Fri 27 Dec 2024 17:42:18 +0000
ROA not before: Fri 27 Dec 2024 17:42:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51465
IP address blocks: 84.38.16.0/21 maxlen: 21
84.38.24.0/21 maxlen: 21
193.91.5.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 09:49:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:09:36:44:6f:18:51:8b:8c:af:7d:3f:c2:4c:43:72:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a4824308bc83b4ee56f1c0c1b9fbfc311b0cd44a
Validity
Not Before: Dec 27 17:42:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f629308857d1dcb0ad326771d79b3235e12f9fbc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:a9:34:47:3d:b5:39:21:bc:44:a7:a4:f6:2b:
1d:70:cf:01:ad:9c:6f:12:f1:7e:1d:88:46:be:ce:
00:74:59:91:1b:8b:69:90:45:39:91:95:be:97:c9:
2c:5e:e0:c7:20:94:6a:a5:77:7b:86:6c:87:bc:37:
14:db:e8:22:f2:cb:b4:93:68:dc:9c:d2:f0:7f:a0:
13:49:28:c1:99:52:be:be:e2:dd:36:91:d1:5f:a9:
33:e4:f4:48:e8:52:cb:c1:7a:53:92:bd:13:a8:a6:
91:a7:59:90:35:b7:c0:ff:21:5e:0e:45:e2:b9:2c:
95:51:08:ac:97:06:17:64:49:52:d5:b2:b2:d8:af:
50:58:46:dd:80:ef:b0:31:93:8f:9b:b1:e4:dd:23:
81:13:29:53:1f:fb:80:c3:a8:43:96:0a:52:51:4c:
12:3d:4b:4a:d0:d6:5a:c2:05:97:a7:2a:8e:73:4c:
cb:85:e4:eb:01:30:c9:ec:35:7d:32:8f:a4:72:ba:
47:a0:59:9d:11:76:99:9a:13:30:0a:1a:70:2f:0b:
b3:ea:ef:82:50:eb:96:c0:a6:c9:a2:7d:4a:f8:1c:
8a:52:15:35:ca:9a:56:99:bb:92:d4:8f:c2:e5:1a:
5b:5e:fd:df:5b:d2:b3:36:66:e2:da:95:9c:a9:c0:
fa:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:29:30:88:57:D1:DC:B0:AD:32:67:71:D7:9B:32:35:E1:2F:9F:BC
X509v3 Authority Key Identifier:
keyid:A4:82:43:08:BC:83:B4:EE:56:F1:C0:C1:B9:FB:FC:31:1B:0C:D4:4A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pIJDCLyDtO5W8cDBufv8MRsM1Eo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/9ikwiFfR3LCtMmdx15syNeEvn7w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/5feb13-9e43-4325-85c9-196e6f375fd6/1/pIJDCLyDtO5W8cDBufv8MRsM1Eo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.38.16.0/20
193.91.5.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:3e:18:2b:01:8f:f4:e7:92:f8:3e:af:96:21:5e:36:7f:79:
91:57:c4:3b:9b:da:c2:24:6b:52:a7:bd:b6:44:3b:b2:a5:b4:
36:73:64:a8:eb:e2:90:8e:76:e6:0c:5d:2f:d2:8d:f9:b4:fe:
66:87:05:f0:af:3a:0f:68:30:55:48:59:25:1d:94:e9:98:3a:
53:fc:10:1b:c7:ff:52:ca:23:2c:25:a8:21:f4:26:62:35:98:
82:42:c7:fe:b3:50:61:cb:2f:c8:41:b1:eb:62:cc:1d:27:7b:
66:4d:d5:cb:fb:4a:4c:2b:53:07:7e:f4:c2:80:c2:da:fb:0f:
a9:e5:4d:18:db:1e:7b:bd:0f:c7:61:e7:f4:44:33:56:5d:65:
1d:3a:88:65:39:41:66:d6:c5:e5:1e:24:4e:e6:eb:38:5c:20:
e5:48:bd:04:d0:f5:f7:e6:31:06:9a:ce:01:5d:15:e2:8c:f6:
78:fb:73:5d:96:c6:97:13:9b:49:ab:a7:a7:c0:10:61:4a:4d:
7b:ac:f8:4f:c5:25:1e:5f:f2:8f:f0:09:e7:70:a5:d9:fd:ef:
a3:c2:b4:22:40:e1:5e:c0:d4:31:ad:b0:81:ca:d4:a3:2f:89:
f9:31:7e:d4:e6:9f:bc:88:64:c1:1d:d7:4e:e6:06:39:80:36:
8f:34:2f:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQJNkRvGFGLjK99P8JMQ3JXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODI0MzA4YmM4M2I0ZWU1NmYxYzBjMWI5ZmJmYzMxMWIw
Y2Q0NGEwHhcNMjQxMjI3MTc0MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjI5MzA4ODU3ZDFkY2IwYWQzMjY3NzFkNzliMzIzNWUxMmY5ZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06k0Rz21OSG8RKek9isdcM8BrZxv
EvF+HYhGvs4AdFmRG4tpkEU5kZW+l8ksXuDHIJRqpXd7hmyHvDcU2+gi8su0k2jc
nNLwf6ATSSjBmVK+vuLdNpHRX6kz5PRI6FLLwXpTkr0TqKaRp1mQNbfA/yFeDkXi
uSyVUQislwYXZElS1bKy2K9QWEbdgO+wMZOPm7Hk3SOBEylTH/uAw6hDlgpSUUwS
PUtK0NZawgWXpyqOc0zLheTrATDJ7DV9Mo+kcrpHoFmdEXaZmhMwChpwLwuz6u+C
UOuWwKbJon1K+ByKUhU1yppWmbuS1I/C5RpbXv3fW9KzNmbi2pWcqcD6kQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPYpMIhX0dywrTJncdebMjXhL5+8MB8GA1UdIwQY
MBaAFKSCQwi8g7TuVvHAwbn7/DEbDNRKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1Yzkt
MTk2ZTZmMzc1ZmQ2LzEvOWlrd2lGZlIzTEN0TW1keDE1c3lOZUV2bjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81ZmViMTMtOWU0My00MzI1LTg1YzktMTk2ZTZmMzc1ZmQ2
LzEvcElKRENMeUR0TzVXOGNEQnVmdjhNUnNNMUVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEVCYQAwQA
wVsFMA0GCSqGSIb3DQEBCwUAA4IBAQA8PhgrAY/055L4Pq+WIV42f3mRV8Q7m9rC
JGtSp722RDuypbQ2c2So6+KQjnbmDF0v0o35tP5mhwXwrzoPaDBVSFklHZTpmDpT
/BAbx/9SyiMsJagh9CZiNZiCQsf+s1Bhyy/IQbHrYswdJ3tmTdXL+0pMK1MHfvTC
gMLa+w+p5U0Y2x57vQ/HYef0RDNWXWUdOohlOUFm1sXlHiRO5us4XCDlSL0E0PX3
5jEGms4BXRXijPZ4+3NdlsaXE5tJq6enwBBhSk17rPhPxSUeX/KP8AnncKXZ/e+j
wrQiQOFewNQxrbCBytSjL4n5MX7U5p+8iGTBHddO5gY5gDaPNC+z
-----END CERTIFICATE-----
Generated at Tue Apr 22 03:57:56 2025 by rpki-client