Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NlSSKto3Pzs9KB3qr-M4YCFIyPM.roa
File: NlSSKto3Pzs9KB3qr-M4YCFIyPM.roa (raw, json)
Hash identifier: lIcFg3ndxMT0uRA7LmSLp3oMSe4ld6wsVZ6iQAXK/Qc=
Subject key identifier: 36:54:92:2A:DA:37:3F:3B:3D:28:1D:EA:AF:E3:38:60:21:48:C8:F3
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018CC9BC2BEB14CB6A9C0147B30BCDA74A21
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NlSSKto3Pzs9KB3qr-M4YCFIyPM.roa
Signing time: Tue 02 Jan 2024 10:33:21 +0000
ROA not before: Tue 02 Jan 2024 10:33:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 396362
IP address blocks: 2a0f:e841::/32 maxlen: 32
2a0e:1a82::/32 maxlen: 32
2a0f:1e80:1::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 04 Jan 2024 20:26:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:2b:eb:14:cb:6a:9c:01:47:b3:0b:cd:a7:4a:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Jan 2 10:33:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3654922ada373f3b3d281deaafe338602148c8f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:c6:cf:46:9f:9a:50:22:61:3c:c1:b0:82:45:
99:c9:60:71:34:90:76:fc:a6:31:19:59:a1:69:4c:
1d:7a:90:9e:cc:a5:1b:78:8c:01:4a:2a:6a:47:25:
41:00:da:3a:1a:6f:87:7e:b0:07:ec:db:05:23:b5:
67:a7:fc:d5:51:ee:9e:e6:b5:2c:c5:bc:16:1d:b0:
bb:da:2c:85:39:d7:6f:62:44:bd:28:06:e4:55:6c:
42:07:0e:28:3f:79:26:9c:1f:e4:61:bf:e4:6c:a8:
86:d2:c1:5f:b1:32:9b:62:54:af:db:b8:f7:1a:36:
2b:b4:47:69:b6:09:a0:19:87:4c:06:06:c3:a6:09:
5e:13:45:1d:af:40:a3:0d:59:cf:b3:ac:e4:02:c9:
aa:2a:3c:90:f3:f3:5c:07:af:a1:36:54:75:7d:ae:
61:4c:2f:7f:c1:af:dc:e2:bf:63:2c:46:b5:9b:50:
f6:42:ed:14:fe:2e:23:27:25:40:e0:1a:d5:f4:87:
3f:e7:f7:e9:7d:f4:52:b2:c2:b5:bb:f9:78:0e:33:
25:33:fe:cd:5d:f0:d8:c6:82:45:d4:a8:85:d5:0c:
e2:66:47:05:b8:43:9e:86:49:d8:14:4c:61:32:00:
ab:56:2f:7c:6c:5f:92:a5:14:fa:5a:c9:35:a1:74:
76:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:54:92:2A:DA:37:3F:3B:3D:28:1D:EA:AF:E3:38:60:21:48:C8:F3
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NlSSKto3Pzs9KB3qr-M4YCFIyPM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:1a82::/32
2a0f:1e80:1::/48
2a0f:e841::/32
Signature Algorithm: sha256WithRSAEncryption
1d:95:f6:73:e8:45:17:4e:54:1b:64:c7:f9:3a:a5:1d:b2:56:
e8:47:6b:18:f9:d6:91:cd:14:01:76:0e:97:38:c6:75:c9:04:
71:f7:8f:21:57:e4:4e:97:74:5d:e2:78:19:20:a9:35:17:d4:
7f:15:97:eb:e6:7a:b4:30:58:ef:f4:18:7b:ba:db:8b:70:e3:
d5:1b:55:fc:d9:6a:c1:f1:02:d1:c9:21:f6:a0:e3:32:e9:fe:
ee:1d:5b:cc:d4:b6:cb:4e:eb:b8:71:26:eb:88:f0:e9:9e:8b:
eb:78:83:f9:e7:95:1e:70:55:a4:83:cd:86:39:f2:84:c6:de:
2d:89:35:eb:93:78:93:61:1b:47:a2:74:83:76:c5:1a:42:1e:
af:37:d8:64:19:50:53:a2:35:69:32:9d:8c:d0:e0:bb:cd:21:
f3:66:a4:f2:af:50:70:7c:56:81:c2:5b:81:87:ae:6e:b5:ca:
d9:b2:20:4d:9a:f6:96:17:78:72:00:94:a8:03:e0:27:40:c1:
3e:99:ad:78:42:8a:61:71:5e:54:db:14:87:87:69:e9:ea:ba:
95:31:c1:42:0b:08:11:81:a5:14:ac:1a:35:77:b5:20:79:14:
69:62:dd:43:77:a4:69:b2:1f:35:80:a0:74:ff:93:bc:89:c4:
7c:a5:a1:dd
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzJvCvrFMtqnAFHswvNp0ohMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwMTAyMTAzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjU0OTIyYWRhMzczZjNiM2QyODFkZWFhZmUzMzg2MDIxNDhjOGYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsbPRp+aUCJhPMGwgkWZyWBxNJB2
/KYxGVmhaUwdepCezKUbeIwBSipqRyVBANo6Gm+HfrAH7NsFI7Vnp/zVUe6e5rUs
xbwWHbC72iyFOddvYkS9KAbkVWxCBw4oP3kmnB/kYb/kbKiG0sFfsTKbYlSv27j3
GjYrtEdptgmgGYdMBgbDpgleE0Udr0CjDVnPs6zkAsmqKjyQ8/NcB6+hNlR1fa5h
TC9/wa/c4r9jLEa1m1D2Qu0U/i4jJyVA4BrV9Ic/5/fpffRSssK1u/l4DjMlM/7N
XfDYxoJF1KiF1QziZkcFuEOehknYFExhMgCrVi98bF+SpRT6Wsk1oXR20wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDZUkiraNz87PSgd6q/jOGAhSMjzMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTmxTU0t0bzNQenM5S0IzcXItTTRZQ0ZJeVBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXAwUAKg4aggMH
ACoPHoAAAQMFACoP6EEwDQYJKoZIhvcNAQELBQADggEBAB2V9nPoRRdOVBtkx/k6
pR2yVuhHaxj51pHNFAF2Dpc4xnXJBHH3jyFX5E6XdF3ieBkgqTUX1H8Vl+vmerQw
WO/0GHu624tw49UbVfzZasHxAtHJIfag4zLp/u4dW8zUtstO67hxJuuI8Omei+t4
g/nnlR5wVaSDzYY58oTG3i2JNeuTeJNhG0eidIN2xRpCHq832GQZUFOiNWkynYzQ
4LvNIfNmpPKvUHB8VoHCW4GHrm61ytmyIE2a9pYXeHIAlKgD4CdAwT6ZrXhCimFx
XlTbFIeHaenqupUxwUILCBGBpRSsGjV3tSB5FGli3UN3pGmyHzWAoHT/k7yJxHyl
od0=
-----END CERTIFICATE-----
Generated at Mon Apr 21 15:01:30 2025 by rpki-client