Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/552f0d-01c2-418a-aa3c-acc4aac78d0d/1/2rv9Eb2J8eCjiP035SDSi8oIB2A.roa
File: 2rv9Eb2J8eCjiP035SDSi8oIB2A.roa (raw, json)
Hash identifier: MYRtrZcxou7TReHNgjL3rKDGaK8yHahlqdfDkb9h1E8=
Subject key identifier: DA:BB:FD:11:BD:89:F1:E0:A3:88:FD:37:E5:20:D2:8B:CA:08:07:60
Certificate issuer: /CN=2f88a53fcb96777f99e02df8940dd040b454cd1c
Certificate serial: 018CC56EBEAB32B0FB3C924B752B6B825B5C
Authority key identifier: 2F:88:A5:3F:CB:96:77:7F:99:E0:2D:F8:94:0D:D0:40:B4:54:CD:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L4ilP8uWd3-Z4C34lA3QQLRUzRw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ce/552f0d-01c2-418a-aa3c-acc4aac78d0d/1/2rv9Eb2J8eCjiP035SDSi8oIB2A.roa
Signing time: Mon 01 Jan 2024 14:30:18 +0000
ROA not before: Mon 01 Jan 2024 14:30:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49770
IP address blocks: 185.154.108.0/22 maxlen: 24
95.143.192.0/20 maxlen: 24
2a03:d780::/32 maxlen: 48
Validation: Failed, certificate revoked on Wed 01 Jan 2025 03:47:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:be:ab:32:b0:fb:3c:92:4b:75:2b:6b:82:5b:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f88a53fcb96777f99e02df8940dd040b454cd1c
Validity
Not Before: Jan 1 14:30:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dabbfd11bd89f1e0a388fd37e520d28bca080760
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:d6:e4:3e:36:d3:32:1b:1b:98:4a:c9:fc:f9:
6e:a2:c5:06:67:b6:5e:c4:c6:f2:23:8c:a7:d3:87:
3c:35:5b:bc:c7:d9:f1:29:ae:2e:15:d0:20:7b:ac:
ed:45:51:8a:35:9a:33:73:62:45:81:6d:9f:fd:e0:
9d:78:0e:e3:f1:cf:b3:13:3d:05:9c:f0:0e:8d:63:
da:d5:24:d3:fe:eb:b1:c9:f3:dc:fb:33:fe:b1:33:
fb:0a:e1:8a:73:84:7a:9e:8e:29:bc:37:ef:c8:b4:
b5:d3:f3:94:be:af:8a:6e:65:7d:99:64:df:62:4b:
74:03:de:f9:ba:4d:71:05:9a:86:76:a6:a7:a2:13:
1a:32:7b:eb:e8:0e:79:7d:1c:e7:0b:fa:eb:d4:ee:
ca:66:cc:99:18:25:68:87:9f:fc:bd:2f:c8:f0:08:
d4:e0:65:3e:eb:f2:ce:85:65:1f:ce:c7:2e:dd:bd:
7a:9e:60:81:e2:30:3a:6c:11:26:3e:b2:40:28:5a:
cc:15:5a:0c:33:8b:2f:f4:d8:bc:87:28:4e:48:5e:
fa:e3:41:ea:88:bf:a7:88:1b:b7:cf:e2:38:34:99:
09:a8:37:52:da:12:e6:14:d2:1e:b6:d2:47:54:e3:
69:eb:9a:5d:6f:9f:80:17:5e:6b:7a:61:69:67:21:
71:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:BB:FD:11:BD:89:F1:E0:A3:88:FD:37:E5:20:D2:8B:CA:08:07:60
X509v3 Authority Key Identifier:
keyid:2F:88:A5:3F:CB:96:77:7F:99:E0:2D:F8:94:0D:D0:40:B4:54:CD:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4ilP8uWd3-Z4C34lA3QQLRUzRw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/552f0d-01c2-418a-aa3c-acc4aac78d0d/1/2rv9Eb2J8eCjiP035SDSi8oIB2A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/552f0d-01c2-418a-aa3c-acc4aac78d0d/1/L4ilP8uWd3-Z4C34lA3QQLRUzRw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.143.192.0/20
185.154.108.0/22
IPv6:
2a03:d780::/32
Signature Algorithm: sha256WithRSAEncryption
2a:d3:b1:ec:d1:9d:52:49:fb:4a:03:df:94:fd:8b:1d:82:90:
a6:f1:8e:c4:94:9b:43:af:da:96:00:62:84:5b:62:17:88:02:
64:13:ac:c9:5c:0a:83:37:b5:ed:91:89:78:4c:4e:67:68:c0:
20:7a:9e:0c:bf:d0:51:af:12:ea:56:b8:f6:30:7b:7c:0c:ee:
71:31:d2:35:89:63:4b:45:4f:30:ed:2d:b0:26:31:a8:b7:c3:
c9:15:81:da:58:d7:34:2f:1d:87:d4:d6:20:7f:52:84:05:94:
ff:a0:b4:18:69:57:c2:a1:af:42:6b:4e:3d:b0:3c:60:c2:74:
f9:d1:00:88:86:9d:38:7b:86:0c:7b:c2:5b:f9:38:f4:9f:0a:
24:c0:6e:07:57:28:9c:f6:4d:1b:5e:95:1a:d3:1a:1e:52:20:
42:e5:b4:84:ef:80:ca:86:6d:95:a7:ab:69:e1:1f:57:b4:dd:
6f:8a:9c:b7:b2:fe:1c:2a:88:04:00:07:7e:10:21:47:51:3e:
d6:dd:0c:ce:37:0a:ba:e1:7e:71:ca:19:78:ae:99:13:e0:99:
f4:b0:13:76:9f:34:c8:ed:fe:ef:9c:9f:d0:45:da:79:cb:0b:
97:39:9c:8b:f3:66:b4:1d:32:6b:14:d8:61:18:8e:aa:37:02:
4c:f4:07:00
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzFbr6rMrD7PJJLdStrgltcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODhhNTNmY2I5Njc3N2Y5OWUwMmRmODk0MGRkMDQwYjQ1
NGNkMWMwHhcNMjQwMTAxMTQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWJiZmQxMWJkODlmMWUwYTM4OGZkMzdlNTIwZDI4YmNhMDgwNzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNbkPjbTMhsbmErJ/PluosUGZ7Ze
xMbyI4yn04c8NVu8x9nxKa4uFdAge6ztRVGKNZozc2JFgW2f/eCdeA7j8c+zEz0F
nPAOjWPa1STT/uuxyfPc+zP+sTP7CuGKc4R6no4pvDfvyLS10/OUvq+KbmV9mWTf
Ykt0A975uk1xBZqGdqanohMaMnvr6A55fRznC/rr1O7KZsyZGCVoh5/8vS/I8AjU
4GU+6/LOhWUfzscu3b16nmCB4jA6bBEmPrJAKFrMFVoMM4sv9Ni8hyhOSF7640Hq
iL+niBu3z+I4NJkJqDdS2hLmFNIettJHVONp65pdb5+AF15remFpZyFxqQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNq7/RG9ifHgo4j9N+Ug0ovKCAdgMB8GA1UdIwQY
MBaAFC+IpT/Llnd/meAt+JQN0EC0VM0cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRpbFA4dVdkMy1aNEMzNGxBM1FRTFJVelJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS81NTJmMGQtMDFjMi00MThhLWFhM2Mt
YWNjNGFhYzc4ZDBkLzEvMnJ2OUViMko4ZUNqaVAwMzVTRFNpOG9JQjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS81NTJmMGQtMDFjMi00MThhLWFhM2MtYWNjNGFhYzc4ZDBk
LzEvTDRpbFA4dVdkMy1aNEMzNGxBM1FRTFJVelJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEX4/AAwQC
uZpsMA0EAgACMAcDBQAqA9eAMA0GCSqGSIb3DQEBCwUAA4IBAQAq07Hs0Z1SSftK
A9+U/YsdgpCm8Y7ElJtDr9qWAGKEW2IXiAJkE6zJXAqDN7XtkYl4TE5naMAgep4M
v9BRrxLqVrj2MHt8DO5xMdI1iWNLRU8w7S2wJjGot8PJFYHaWNc0Lx2H1NYgf1KE
BZT/oLQYaVfCoa9Ca049sDxgwnT50QCIhp04e4YMe8Jb+Tj0nwokwG4HVyic9k0b
XpUa0xoeUiBC5bSE74DKhm2Vp6tp4R9XtN1vipy3sv4cKogEAAd+ECFHUT7W3QzO
Nwq64X5xyhl4rpkT4Jn0sBN2nzTI7f7vnJ/QRdp5ywuXOZyL82a0HTJrFNhhGI6q
NwJM9AcA
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:09:02 2025 by rpki-client