Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/GQhhPB-Zo9ZKIbg4WQE55SO3WYQ.roa
File: GQhhPB-Zo9ZKIbg4WQE55SO3WYQ.roa (raw, json)
Hash identifier: RY/O10X/cpwBHBBAMA9vbNKac72DMPI1BY5p5AUfjDs=
Subject key identifier: 19:08:61:3C:1F:99:A3:D6:4A:21:B8:38:59:01:39:E5:23:B7:59:84
Certificate issuer: /CN=3a0429b5aecac8364544bf623f94f163afdce561
Certificate serial: 0192B875702F61107BDF52B50E819FCD0824
Authority key identifier: 3A:04:29:B5:AE:CA:C8:36:45:44:BF:62:3F:94:F1:63:AF:DC:E5:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/GQhhPB-Zo9ZKIbg4WQE55SO3WYQ.roa
Signing time: Wed 23 Oct 2024 08:19:17 +0000
ROA not before: Wed 23 Oct 2024 08:19:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 146.0.0.0/24 maxlen: 24
146.0.1.0/24 maxlen: 24
146.0.2.0/24 maxlen: 24
146.0.5.0/24 maxlen: 24
146.0.8.0/24 maxlen: 24
146.0.9.0/24 maxlen: 24
146.0.15.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 15:50:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:b8:75:70:2f:61:10:7b:df:52:b5:0e:81:9f:cd:08:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3a0429b5aecac8364544bf623f94f163afdce561
Validity
Not Before: Oct 23 08:19:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1908613c1f99a3d64a21b838590139e523b75984
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:e9:bd:d8:4f:c3:a8:c5:1f:24:5b:72:62:6e:
dd:8b:8a:0c:77:22:db:7d:1e:6d:47:7c:bb:41:97:
58:45:66:db:39:11:cc:64:ae:40:9d:bf:c4:74:e5:
77:76:94:e9:65:74:61:9c:5e:5d:be:ca:27:9e:9d:
87:0a:c5:6f:bd:55:22:3a:03:40:0a:49:18:99:0f:
72:39:54:3b:33:6f:1f:06:e3:5b:3c:9c:ae:4a:b5:
b6:65:06:9f:a7:74:c3:72:df:f4:70:1e:d4:2e:d6:
b2:36:37:15:5e:d8:35:70:00:65:a4:77:8f:95:60:
10:63:95:7d:a1:06:e0:fb:4b:41:6a:6b:ff:85:3c:
e1:83:8a:d0:72:1c:03:25:c3:59:1f:89:57:1d:b4:
84:73:6e:4c:1f:63:d6:21:60:60:ad:ef:74:e7:10:
c7:21:c5:ed:f1:63:64:9a:36:a1:8a:99:d5:71:de:
fa:54:7c:24:fe:2f:99:c0:4f:31:3d:ff:fc:d0:86:
a8:73:ac:33:10:71:90:4f:ac:fb:41:cf:d7:a7:31:
65:3a:74:a4:55:51:de:47:ea:88:bf:ba:84:f1:f7:
41:ef:49:dd:9d:52:3e:ec:09:87:ef:3e:88:fc:4c:
f1:f2:52:02:56:46:3d:57:56:83:4c:30:4d:11:2f:
0e:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:08:61:3C:1F:99:A3:D6:4A:21:B8:38:59:01:39:E5:23:B7:59:84
X509v3 Authority Key Identifier:
keyid:3A:04:29:B5:AE:CA:C8:36:45:44:BF:62:3F:94:F1:63:AF:DC:E5:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OgQpta7KyDZFRL9iP5TxY6_c5WE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/GQhhPB-Zo9ZKIbg4WQE55SO3WYQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/fb9215-d1d1-47c2-ac81-84712c9f3464/1/OgQpta7KyDZFRL9iP5TxY6_c5WE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
146.0.0.0-146.0.2.255
146.0.5.0/24
146.0.8.0/23
146.0.15.0/24
Signature Algorithm: sha256WithRSAEncryption
88:d3:fa:96:91:6c:aa:46:bf:ca:be:c0:ca:b4:bb:91:ac:fb:
d3:54:8d:ea:4c:bc:28:ea:f7:e3:98:b1:9e:31:c7:5e:06:74:
92:df:33:53:56:4c:aa:9b:84:d3:85:df:30:3a:02:88:06:16:
42:43:a2:30:9b:58:fc:7c:68:7c:ee:f5:dc:43:f8:d5:90:16:
24:67:4b:86:82:e5:91:cd:21:ad:3d:8f:d2:6a:f4:19:bf:aa:
3a:6d:73:54:df:66:bc:9e:f8:53:5f:bf:0f:4d:d8:90:5f:f0:
3a:4d:b4:f7:30:64:c7:96:09:d3:96:12:f1:27:60:c4:f7:ec:
58:0c:87:03:eb:f4:f7:66:7e:8a:72:17:7d:fc:0c:c3:f3:ea:
78:df:04:2f:c2:48:90:7e:a2:e1:45:88:a1:7a:06:5f:d4:8c:
50:b5:ac:82:a9:9d:8e:bf:10:03:6b:c3:ec:05:3f:47:0f:41:
96:40:1d:69:ec:1b:ff:02:7b:34:d3:7f:a7:c7:02:a5:34:99:
21:cf:2c:d3:53:67:53:1a:c8:59:19:6e:10:85:e4:25:c4:9f:
81:16:ea:fe:a4:bf:9d:1b:fd:50:d0:3b:31:92:90:87:ac:de:
de:c0:1a:cf:d3:69:b1:c2:06:85:db:14:43:06:05:bf:4c:ea:
ee:cf:d0:02
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZK4dXAvYRB731K1DoGfzQgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMDQyOWI1YWVjYWM4MzY0NTQ0YmY2MjNmOTRmMTYzYWZk
Y2U1NjEwHhcNMjQxMDIzMDgxOTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTA4NjEzYzFmOTlhM2Q2NGEyMWI4Mzg1OTAxMzllNTIzYjc1OTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+m92E/DqMUfJFtyYm7di4oMdyLb
fR5tR3y7QZdYRWbbORHMZK5Anb/EdOV3dpTpZXRhnF5dvsonnp2HCsVvvVUiOgNA
CkkYmQ9yOVQ7M28fBuNbPJyuSrW2ZQafp3TDct/0cB7ULtayNjcVXtg1cABlpHeP
lWAQY5V9oQbg+0tBamv/hTzhg4rQchwDJcNZH4lXHbSEc25MH2PWIWBgre905xDH
IcXt8WNkmjahipnVcd76VHwk/i+ZwE8xPf/80Iaoc6wzEHGQT6z7Qc/XpzFlOnSk
VVHeR+qIv7qE8fdB70ndnVI+7AmH7z6I/Ezx8lICVkY9V1aDTDBNES8ORQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBkIYTwfmaPWSiG4OFkBOeUjt1mEMB8GA1UdIwQY
MBaAFDoEKbWuysg2RUS/Yj+U8WOv3OVhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2dRcHRhN0t5RFpGUkw5aVA1VHhZNl9jNVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9mYjkyMTUtZDFkMS00N2MyLWFjODEt
ODQ3MTJjOWYzNDY0LzEvR1FoaFBCLVpvOVpLSWJnNFdRRTU1U08zV1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9mYjkyMTUtZDFkMS00N2MyLWFjODEtODQ3MTJjOWYzNDY0
LzEvT2dRcHRhN0t5RFpGUkw5aVA1VHhZNl9jNVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeMAoDAgGSAwQA
kgACAwQAkgAFAwQBkgAIAwQAkgAPMA0GCSqGSIb3DQEBCwUAA4IBAQCI0/qWkWyq
Rr/KvsDKtLuRrPvTVI3qTLwo6vfjmLGeMcdeBnSS3zNTVkyqm4TThd8wOgKIBhZC
Q6Iwm1j8fGh87vXcQ/jVkBYkZ0uGguWRzSGtPY/SavQZv6o6bXNU32a8nvhTX78P
TdiQX/A6TbT3MGTHlgnTlhLxJ2DE9+xYDIcD6/T3Zn6Kchd9/AzD8+p43wQvwkiQ
fqLhRYihegZf1IxQtayCqZ2OvxADa8PsBT9HD0GWQB1p7Bv/Ans003+nxwKlNJkh
zyzTU2dTGshZGW4QheQlxJ+BFur+pL+dG/1Q0DsxkpCHrN7ewBrP02mxwgaF2xRD
BgW/TOruz9AC
-----END CERTIFICATE-----
Generated at Thu Mar 13 21:19:04 2025 by rpki-client