Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/hDldz5etJnYF3ILsNaDkAwgpPdA.roa
File: hDldz5etJnYF3ILsNaDkAwgpPdA.roa (raw, json)
Hash identifier: uuIwN5uK7lyqEEQbEtEKR2HNNiqDMbiemAPWbiSWa64=
Subject key identifier: 84:39:5D:CF:97:AD:26:76:05:DC:82:EC:35:A0:E4:03:08:29:3D:D0
Certificate issuer: /CN=7bf39e6eb3131ecf3cddcd0c9e378c352da41fc2
Certificate serial: 018EAA00AAD186A135B030B69255761BC20A
Authority key identifier: 7B:F3:9E:6E:B3:13:1E:CF:3C:DD:CD:0C:9E:37:8C:35:2D:A4:1F:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/hDldz5etJnYF3ILsNaDkAwgpPdA.roa
Signing time: Thu 04 Apr 2024 16:45:54 +0000
ROA not before: Thu 04 Apr 2024 16:45:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 24843
IP address blocks: 193.8.206.0/23 maxlen: 23
193.8.206.0/24 maxlen: 24
193.8.207.0/24 maxlen: 24
193.8.220.0/23 maxlen: 23
193.8.220.0/24 maxlen: 24
193.57.128.0/23 maxlen: 23
193.57.128.0/24 maxlen: 24
193.57.129.0/24 maxlen: 24
193.57.130.0/23 maxlen: 23
193.57.130.0/24 maxlen: 24
193.57.131.0/24 maxlen: 24
2a02:c804::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 01 Jan 2025 19:48:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:aa:00:aa:d1:86:a1:35:b0:30:b6:92:55:76:1b:c2:0a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7bf39e6eb3131ecf3cddcd0c9e378c352da41fc2
Validity
Not Before: Apr 4 16:45:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=84395dcf97ad267605dc82ec35a0e40308293dd0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:04:4e:81:40:80:63:24:7d:77:30:db:ec:b4:
36:d3:e5:3b:73:72:e9:00:8c:79:b7:15:05:92:db:
88:c0:57:40:8c:ea:0b:2d:a7:18:3a:6a:a5:bd:64:
85:88:fa:81:d8:37:72:5b:ea:e7:3a:86:bb:bf:d7:
d8:a5:f8:eb:da:6c:5a:60:95:0c:85:34:bd:e5:32:
ff:17:dc:89:f3:aa:7b:c2:f4:6f:e8:ff:22:f4:7c:
b2:a7:14:7b:2e:a5:89:54:95:82:a7:62:11:f2:4d:
6a:3f:45:34:e8:f7:76:f4:c7:06:d9:55:90:5f:92:
5b:cc:97:c8:5c:bf:72:5a:e0:53:27:cd:a7:46:39:
ca:8d:ae:42:94:33:03:fb:e6:01:65:f2:28:c1:83:
8d:15:08:a7:bd:91:4c:b2:62:cb:63:27:f0:67:e1:
ec:f2:df:53:c1:cf:eb:7c:47:f4:d5:d1:5e:7d:0b:
39:f9:38:ac:5f:73:fb:f0:f8:1c:dd:f4:b4:e2:24:
0f:16:3c:c9:bc:6c:cf:ca:5d:db:0f:82:91:03:21:
e2:d1:db:b4:bd:0b:c5:12:ee:c9:37:cd:78:64:3b:
59:b5:bf:67:c8:20:3b:0d:a6:ff:5e:64:35:ac:ac:
e2:14:85:cc:67:f7:8c:d6:ec:5d:8f:d3:00:c7:6f:
d0:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:39:5D:CF:97:AD:26:76:05:DC:82:EC:35:A0:E4:03:08:29:3D:D0
X509v3 Authority Key Identifier:
keyid:7B:F3:9E:6E:B3:13:1E:CF:3C:DD:CD:0C:9E:37:8C:35:2D:A4:1F:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e_OebrMTHs883c0MnjeMNS2kH8I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/hDldz5etJnYF3ILsNaDkAwgpPdA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/a214a5-4449-44af-87ff-c967c9db5752/1/e_OebrMTHs883c0MnjeMNS2kH8I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.8.206.0/23
193.8.220.0/23
193.57.128.0/22
IPv6:
2a02:c804::/32
Signature Algorithm: sha256WithRSAEncryption
62:65:98:65:23:29:d2:a5:dc:10:73:44:15:60:97:6a:d2:1e:
8f:ee:34:83:7f:3e:3b:32:a4:78:50:cf:64:e5:06:2c:8c:ef:
14:94:22:b0:a6:c4:e5:31:60:cf:4a:80:9f:1c:29:bd:a6:d0:
2b:80:24:0a:af:71:cf:8a:b1:20:89:39:8d:f2:5a:69:c5:5c:
67:38:da:d4:78:b8:30:9d:7b:96:16:52:ae:66:2c:b4:9d:92:
1d:18:2a:e7:d3:4c:ad:04:24:4f:77:cc:c5:77:13:26:43:47:
69:0a:33:c7:37:36:a4:61:cd:dd:4c:24:50:cd:b3:71:a7:20:
90:58:25:e8:dc:c9:24:44:f1:cc:98:fa:6a:60:c3:8f:3e:ca:
57:1c:29:cd:5e:20:eb:5a:d9:1a:aa:d8:3e:3c:40:85:c9:c8:
75:d6:a7:5e:bf:28:a3:86:81:f7:4e:07:85:fa:cc:f5:1e:4d:
7e:f9:c1:e3:08:e9:b6:c8:2e:0d:ec:1a:27:6b:3f:6f:1a:c0:
f8:77:d1:f5:d9:fb:21:4a:91:39:f0:5c:28:64:0c:a6:cc:4c:
d6:72:85:b1:b8:22:78:89:89:59:6b:94:c2:19:8f:12:da:66:
20:2a:3b:da:91:7c:99:9b:4b:52:35:c3:71:35:92:71:be:8e:
4f:d4:f7:e0
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAY6qAKrRhqE1sDC2klV2G8IKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiZjM5ZTZlYjMxMzFlY2YzY2RkY2QwYzllMzc4YzM1MmRh
NDFmYzIwHhcNMjQwNDA0MTY0NTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDM5NWRjZjk3YWQyNjc2MDVkYzgyZWMzNWEwZTQwMzA4MjkzZGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAROgUCAYyR9dzDb7LQ20+U7c3Lp
AIx5txUFktuIwFdAjOoLLacYOmqlvWSFiPqB2DdyW+rnOoa7v9fYpfjr2mxaYJUM
hTS95TL/F9yJ86p7wvRv6P8i9HyypxR7LqWJVJWCp2IR8k1qP0U06Pd29McG2VWQ
X5JbzJfIXL9yWuBTJ82nRjnKja5ClDMD++YBZfIowYONFQinvZFMsmLLYyfwZ+Hs
8t9Twc/rfEf01dFefQs5+TisX3P78Pgc3fS04iQPFjzJvGzPyl3bD4KRAyHi0du0
vQvFEu7JN814ZDtZtb9nyCA7Dab/XmQ1rKziFIXMZ/eM1uxdj9MAx2/Q6QIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFIQ5Xc+XrSZ2BdyC7DWg5AMIKT3QMB8GA1UdIwQY
MBaAFHvznm6zEx7PPN3NDJ43jDUtpB/CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZV9PZWJyTVRIczg4M2MwTW5qZU1OUzJrSDhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9hMjE0YTUtNDQ0OS00NGFmLTg3ZmYt
Yzk2N2M5ZGI1NzUyLzEvaERsZHo1ZXRKbllGM0lMc05hRGtBd2dwUGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9hMjE0YTUtNDQ0OS00NGFmLTg3ZmYtYzk2N2M5ZGI1NzUy
LzEvZV9PZWJyTVRIczg4M2MwTW5qZU1OUzJrSDhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBwQjOAwQB
wQjcAwQCwTmAMA0EAgACMAcDBQAqAsgEMA0GCSqGSIb3DQEBCwUAA4IBAQBiZZhl
IynSpdwQc0QVYJdq0h6P7jSDfz47MqR4UM9k5QYsjO8UlCKwpsTlMWDPSoCfHCm9
ptArgCQKr3HPirEgiTmN8lppxVxnONrUeLgwnXuWFlKuZiy0nZIdGCrn00ytBCRP
d8zFdxMmQ0dpCjPHNzakYc3dTCRQzbNxpyCQWCXo3MkkRPHMmPpqYMOPPspXHCnN
XiDrWtkaqtg+PECFych11qdevyijhoH3TgeF+sz1Hk1++cHjCOm2yC4N7Bonaz9v
GsD4d9H12fshSpE58FwoZAymzEzWcoWxuCJ4iYlZa5TCGY8S2mYgKjvakXyZm0tS
NcNxNZJxvo5P1Pfg
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:29:12 2025 by rpki-client