Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kgKA0VqpSkhzz_z8kliuXwcxBQU.roa
File: kgKA0VqpSkhzz_z8kliuXwcxBQU.roa (raw, json)
Hash identifier: NG9CDAGkP2XVs8ErJpaTqcn6FLAjvuVMsPSzWBeSx+8=
Subject key identifier: 92:02:80:D1:5A:A9:4A:48:73:CF:FC:FC:92:58:AE:5F:07:31:05:05
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 01942748190BBC43B832B66EA6D12FE1DEBE
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kgKA0VqpSkhzz_z8kliuXwcxBQU.roa
Signing time: Thu 02 Jan 2025 13:50:23 +0000
ROA not before: Thu 02 Jan 2025 13:50:23 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 16509
IP address blocks: 193.58.108.0/24 maxlen: 24
195.66.24.0/24 maxlen: 24
2a09:17c0:1000::/48 maxlen: 48
2a0a:2d02::/32 maxlen: 48
2a0f:1586::/32 maxlen: 32
2a0f:3d80:123::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 28 Jan 2025 09:13:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:19:0b:bc:43:b8:32:b6:6e:a6:d1:2f:e1:de:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Jan 2 13:50:23 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=920280d15aa94a4873cffcfc9258ae5f07310505
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:9f:36:17:f0:00:ea:54:bf:05:45:9c:fb:e9:
56:75:43:66:11:72:e4:07:16:6d:83:1d:9d:0a:36:
21:6e:26:b6:80:ca:af:26:44:33:6a:23:fb:27:32:
1e:70:9e:5b:6b:33:f9:cd:44:26:bc:36:57:9a:51:
cf:14:b2:09:35:75:ad:c6:d8:8a:00:a3:5e:14:62:
f9:ea:a7:6d:3e:69:5e:fd:4d:2b:26:de:a2:5f:03:
61:dd:2a:08:0b:f1:74:7f:7c:1e:72:d0:7c:95:21:
30:c8:ea:f5:47:5d:0c:b3:ec:82:68:7f:63:76:a6:
88:e4:2e:38:88:d3:df:e2:1b:91:b9:6a:78:aa:ff:
e8:1a:6e:c9:83:1c:22:1e:ac:ef:ac:25:1e:86:60:
f5:fd:40:cc:51:36:d5:83:0b:9c:72:eb:e0:4d:27:
08:87:2a:98:01:1a:b5:01:6d:fb:ad:18:24:17:8b:
06:9d:63:cf:f5:07:94:3e:c8:7b:1b:1a:1c:1f:74:
04:17:88:b7:65:16:67:0a:44:9d:b4:97:45:17:2f:
77:0c:69:c8:68:3b:33:ba:46:66:d4:a2:0f:8b:94:
c7:b2:fd:bd:03:04:60:b8:70:36:88:4c:de:db:dc:
12:ea:6b:26:56:5b:a6:48:a7:d1:41:93:dd:59:30:
d7:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:02:80:D1:5A:A9:4A:48:73:CF:FC:FC:92:58:AE:5F:07:31:05:05
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kgKA0VqpSkhzz_z8kliuXwcxBQU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.58.108.0/24
195.66.24.0/24
IPv6:
2a09:17c0:1000::/48
2a0a:2d02::/32
2a0f:1586::/32
2a0f:3d80:123::/48
Signature Algorithm: sha256WithRSAEncryption
b5:6b:66:ee:3f:03:be:dd:d6:10:b7:0f:2c:31:71:67:45:f4:
58:90:ad:f8:21:24:33:74:82:b8:76:4a:a7:8e:fb:2b:fe:d7:
68:5d:86:a9:d4:fd:76:9d:ee:c3:83:fb:ce:4e:e7:ae:a9:88:
16:80:65:18:29:56:00:8b:a6:70:38:5e:36:2c:5b:a1:79:50:
8f:8a:7f:b1:52:c8:de:42:d4:86:7b:7d:ff:30:64:aa:48:3a:
a6:a9:6f:70:7f:76:c3:19:71:71:0a:f0:34:9d:f6:8b:0e:2e:
e0:da:65:69:91:eb:53:82:ac:c1:5c:4a:78:7f:00:c9:db:10:
a2:b0:e4:96:c2:0f:26:0a:34:30:32:d3:c0:2c:42:da:22:b7:
33:7d:ed:66:28:df:27:a1:f7:ef:74:4f:6f:dc:6e:80:11:90:
4a:a8:ec:0b:41:01:e4:58:5b:25:13:14:c8:0b:06:50:9a:ed:
79:4c:34:6b:42:71:c3:73:dc:7c:55:8f:9c:d9:c0:56:d6:bd:
4d:75:45:02:0a:a9:e3:5d:ff:06:e5:f3:62:aa:35:42:8f:03:
96:fa:12:b9:bd:fb:6d:b7:7b:28:9f:85:ad:a8:ef:8e:4e:97:
c2:42:17:24:bd:91:e9:fa:03:3e:0e:35:34:a0:c9:28:32:71:
46:4f:38:e5
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAZQnSBkLvEO4MrZuptEv4d6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMTAyMTM1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjAyODBkMTVhYTk0YTQ4NzNjZmZjZmM5MjU4YWU1ZjA3MzEwNTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtp82F/AA6lS/BUWc++lWdUNmEXLk
BxZtgx2dCjYhbia2gMqvJkQzaiP7JzIecJ5bazP5zUQmvDZXmlHPFLIJNXWtxtiK
AKNeFGL56qdtPmle/U0rJt6iXwNh3SoIC/F0f3wectB8lSEwyOr1R10Ms+yCaH9j
dqaI5C44iNPf4huRuWp4qv/oGm7JgxwiHqzvrCUehmD1/UDMUTbVgwuccuvgTScI
hyqYARq1AW37rRgkF4sGnWPP9QeUPsh7GxocH3QEF4i3ZRZnCkSdtJdFFy93DGnI
aDszukZm1KIPi5THsv29AwRguHA2iEze29wS6msmVlumSKfRQZPdWTDXywIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFJICgNFaqUpIc8/8/JJYrl8HMQUFMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEva2dLQTBWcXBTa2h6el96OGtsaXVYd2N4QlFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDASBAIAATAMAwQAwTpsAwQA
w0IYMCYEAgACMCADBwAqCRfAEAADBQAqCi0CAwUAKg8VhgMHACoPPYABIzANBgkq
hkiG9w0BAQsFAAOCAQEAtWtm7j8Dvt3WELcPLDFxZ0X0WJCt+CEkM3SCuHZKp477
K/7XaF2GqdT9dp3uw4P7zk7nrqmIFoBlGClWAIumcDheNixboXlQj4p/sVLI3kLU
hnt9/zBkqkg6pqlvcH92wxlxcQrwNJ32iw4u4NplaZHrU4KswVxKeH8AydsQorDk
lsIPJgo0MDLTwCxC2iK3M33tZijfJ6H373RPb9xugBGQSqjsC0EB5FhbJRMUyAsG
UJrteUw0a0Jxw3PcfFWPnNnAVta9TXVFAgqp413/BuXzYqo1Qo8DlvoSub37bbd7
KJ+Frajvjk6XwkIXJL2R6foDPg41NKDJKDJxRk845Q==
-----END CERTIFICATE-----
Generated at Tue Apr 22 03:33:18 2025 by rpki-client