Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VFIRTJVi2Ct5bIkwPI3IGHJtoJ4.roa
File: VFIRTJVi2Ct5bIkwPI3IGHJtoJ4.roa (raw, json)
Hash identifier: Y7UHQtGnu3QAboZauc9Xm9c/c4Cpdb4moV/fCNoLrZ8=
Subject key identifier: 54:52:11:4C:95:62:D8:2B:79:6C:89:30:3C:8D:C8:18:72:6D:A0:9E
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01931F11A4EF2349EA3C330859874AE12830
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VFIRTJVi2Ct5bIkwPI3IGHJtoJ4.roa
Signing time: Tue 12 Nov 2024 06:31:10 +0000
ROA not before: Tue 12 Nov 2024 06:31:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3758
IP address blocks: 2.56.56.0/22 maxlen: 24
91.217.236.0/24 maxlen: 24
193.84.132.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 13:48:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:1f:11:a4:ef:23:49:ea:3c:33:08:59:87:4a:e1:28:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Nov 12 06:31:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5452114c9562d82b796c89303c8dc818726da09e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:23:5c:ee:64:c2:d6:f0:c1:86:3d:78:63:8d:
ab:73:91:91:55:3f:78:48:93:60:43:fa:71:d4:54:
c0:a1:c5:08:dc:59:84:9b:9a:fe:8f:f6:a7:d5:e0:
26:0f:9a:0d:37:1b:0b:bc:c1:90:f4:65:60:ea:0e:
49:5d:c9:47:85:77:49:31:50:37:58:20:14:1e:44:
fd:ae:71:fc:de:10:fe:48:bd:46:03:f6:b8:b7:3a:
ae:cf:47:d2:21:8d:41:14:7e:6c:a4:93:0c:84:17:
ef:a0:de:dd:bf:ec:cb:73:1c:8d:8c:78:fd:55:e3:
ee:81:dc:f7:17:fd:c8:8e:d9:6b:c8:3d:77:b4:95:
98:7c:39:2c:f3:f6:25:ac:a8:55:17:75:a7:81:b1:
d0:4f:de:28:dd:27:08:b1:54:89:b5:a9:4e:66:7c:
89:a4:91:57:f7:f5:66:1e:93:e0:9a:44:1a:86:62:
17:e8:2d:aa:06:ea:0b:8f:c0:80:18:fd:45:d4:ba:
c6:6c:19:63:25:f9:2e:d6:1b:ca:c5:ee:32:34:5f:
56:cc:cb:69:44:42:c6:3e:ef:a9:89:b4:74:95:d2:
ae:ed:ad:7f:69:f4:dd:be:00:36:ba:67:7d:88:55:
47:19:8b:98:fc:d8:83:cc:aa:3b:94:65:14:d0:c4:
9e:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:52:11:4C:95:62:D8:2B:79:6C:89:30:3C:8D:C8:18:72:6D:A0:9E
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/VFIRTJVi2Ct5bIkwPI3IGHJtoJ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.56.0/22
91.217.236.0/24
193.84.132.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:dd:90:b5:33:88:78:74:04:16:d4:b6:b2:ac:21:97:23:7c:
b5:44:76:5f:c4:f8:53:22:19:62:90:1b:e3:2a:4c:bc:4c:1f:
e6:b5:79:be:02:b5:c6:08:95:b8:6b:06:63:cb:40:a0:3c:6d:
f8:ba:ed:45:a2:4d:2a:ca:b1:3c:fc:91:37:3b:b0:da:7d:c6:
e2:d1:55:df:08:54:bf:ea:30:60:4a:a0:04:12:5b:69:85:b7:
1a:6c:6c:61:1e:fd:8f:a0:69:20:11:da:84:f0:9f:81:8c:29:
f4:ad:68:db:a9:cc:37:27:53:3a:7a:c9:cd:cd:bb:f2:9b:bb:
87:c1:8c:36:d6:6f:b5:44:cf:e1:ed:58:4d:e4:fc:53:be:d0:
ed:bd:92:a9:29:74:e1:76:d5:f9:a7:6e:c9:77:2f:f6:f3:5d:
51:41:ef:4d:a1:96:c5:d6:7d:13:5d:ce:68:b0:59:9b:36:fa:
31:16:0f:5a:f9:5c:75:d5:e9:bd:5e:f2:77:aa:17:c8:2a:59:
41:00:18:40:ed:72:03:f6:e7:52:ff:d8:95:42:04:24:0c:b8:
73:54:bd:6b:b1:4d:9b:65:23:ef:07:3f:bf:1c:54:82:ba:38:
d2:0a:98:2f:09:30:1a:2e:07:c0:fd:31:37:cd:35:e1:20:a3:
3c:4f:d5:20
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZMfEaTvI0nqPDMIWYdK4SgwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQxMTEyMDYzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDUyMTE0Yzk1NjJkODJiNzk2Yzg5MzAzYzhkYzgxODcyNmRhMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuCNc7mTC1vDBhj14Y42rc5GRVT94
SJNgQ/px1FTAocUI3FmEm5r+j/an1eAmD5oNNxsLvMGQ9GVg6g5JXclHhXdJMVA3
WCAUHkT9rnH83hD+SL1GA/a4tzquz0fSIY1BFH5spJMMhBfvoN7dv+zLcxyNjHj9
VePugdz3F/3IjtlryD13tJWYfDks8/YlrKhVF3WngbHQT94o3ScIsVSJtalOZnyJ
pJFX9/VmHpPgmkQahmIX6C2qBuoLj8CAGP1F1LrGbBljJfku1hvKxe4yNF9WzMtp
RELGPu+pibR0ldKu7a1/afTdvgA2umd9iFVHGYuY/NiDzKo7lGUU0MSeXQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFRSEUyVYtgreWyJMDyNyBhybaCeMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVkZJUlRKVmkyQ3Q1Yklrd1BJM0lHSEp0b0o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCAjg4AwQA
W9nsAwQAwVSEMA0GCSqGSIb3DQEBCwUAA4IBAQB+3ZC1M4h4dAQW1LayrCGXI3y1
RHZfxPhTIhlikBvjKky8TB/mtXm+ArXGCJW4awZjy0CgPG34uu1Fok0qyrE8/JE3
O7Dafcbi0VXfCFS/6jBgSqAEEltphbcabGxhHv2PoGkgEdqE8J+BjCn0rWjbqcw3
J1M6esnNzbvym7uHwYw21m+1RM/h7VhN5PxTvtDtvZKpKXThdtX5p27Jdy/2811R
Qe9NoZbF1n0TXc5osFmbNvoxFg9a+Vx11em9XvJ3qhfIKllBABhA7XID9udS/9iV
QgQkDLhzVL1rsU2bZSPvBz+/HFSCujjSCpgvCTAaLgfA/TE3zTXhIKM8T9Ug
-----END CERTIFICATE-----
Generated at Sun Feb 16 20:34:09 2025 by rpki-client