Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/CFDX3RP4JSmKXAmIlTRBwhUr5dU.roa
File: CFDX3RP4JSmKXAmIlTRBwhUr5dU.roa (raw, json)
Hash identifier: goeCxRrH8WsPWPo0sWYU8oJEkVegJYqPwztcd6kaH3k=
Subject key identifier: 08:50:D7:DD:13:F8:25:29:8A:5C:09:88:95:34:41:C2:15:2B:E5:D5
Certificate issuer: /CN=359f1e3b80551e98a16fc2bbcb7dd87c9a0efe25
Certificate serial: 01928F8F14B1DD71C0178847E2C50A163452
Authority key identifier: 35:9F:1E:3B:80:55:1E:98:A1:6F:C2:BB:CB:7D:D8:7C:9A:0E:FE:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NZ8eO4BVHpihb8K7y33YfJoO_iU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/CFDX3RP4JSmKXAmIlTRBwhUr5dU.roa
Signing time: Tue 15 Oct 2024 09:42:51 +0000
ROA not before: Tue 15 Oct 2024 09:42:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58280
IP address blocks: 45.129.224.0/22 maxlen: 22
45.129.224.0/23 maxlen: 23
2a0e:5040::/29 maxlen: 29
2a0f:fd03::/32 maxlen: 32
Validation: Failed, certificate revoked on Tue 15 Oct 2024 10:57:51 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:8f:8f:14:b1:dd:71:c0:17:88:47:e2:c5:0a:16:34:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=359f1e3b80551e98a16fc2bbcb7dd87c9a0efe25
Validity
Not Before: Oct 15 09:42:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0850d7dd13f825298a5c0988953441c2152be5d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:78:fd:b5:56:62:36:8d:da:7c:df:a7:4d:cf:
cd:c2:78:29:99:c4:52:e6:76:6a:b5:bb:c6:00:0d:
fb:ef:75:3c:5f:a6:d5:07:db:ea:3c:75:e6:be:19:
8f:09:ee:39:13:98:41:b0:fd:d5:cb:94:6a:3b:7c:
e8:cc:c3:3a:15:4b:00:3d:3a:e8:87:cf:73:aa:bc:
03:52:52:e7:1c:a8:ac:59:27:50:7b:3d:e7:2d:ed:
ac:2e:cc:8c:80:01:ed:44:17:61:df:65:1c:20:cb:
86:25:97:a1:8a:7c:82:a9:70:b0:80:54:09:39:69:
7a:04:0c:73:c8:c4:80:f0:6a:f9:52:e3:9f:f4:dd:
f6:70:51:35:b2:9a:60:d6:e1:95:4e:5e:63:9c:fa:
bb:bc:25:13:05:0d:e5:e8:27:7b:ec:d2:67:fb:91:
e3:07:06:e9:51:25:86:1d:af:a0:1f:27:3f:c9:10:
76:9f:26:b5:f2:90:6e:2e:0a:d6:00:98:a4:df:cc:
d2:c3:82:2d:74:23:e5:d5:4c:21:ba:d8:0a:25:fb:
2b:ea:05:c5:45:f0:16:6f:4d:c4:07:45:4f:e6:40:
cb:46:e7:24:46:77:c6:45:f2:0d:5a:05:2b:9a:59:
45:5f:c8:5f:0e:44:84:b1:cf:ac:1d:79:b9:26:c7:
42:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:50:D7:DD:13:F8:25:29:8A:5C:09:88:95:34:41:C2:15:2B:E5:D5
X509v3 Authority Key Identifier:
keyid:35:9F:1E:3B:80:55:1E:98:A1:6F:C2:BB:CB:7D:D8:7C:9A:0E:FE:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NZ8eO4BVHpihb8K7y33YfJoO_iU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/CFDX3RP4JSmKXAmIlTRBwhUr5dU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/89fd43-54f0-4a15-b2b1-3f3a02748c2a/1/NZ8eO4BVHpihb8K7y33YfJoO_iU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.224.0/22
IPv6:
2a0e:5040::/29
2a0f:fd03::/32
Signature Algorithm: sha256WithRSAEncryption
84:bb:50:dc:dd:88:1b:07:34:90:57:f1:db:9c:92:c6:e3:c6:
0c:d9:d6:d9:0d:01:07:49:2c:c1:25:2a:38:33:3d:22:ac:a4:
43:fd:17:89:59:53:d8:17:7b:9b:ba:95:b1:8e:50:8e:5f:ba:
7a:db:1b:23:4c:f4:7f:3b:7f:06:09:05:07:0f:71:a1:8d:a7:
0f:9d:58:dd:cd:f4:3c:83:e8:02:cb:8c:e3:fc:9a:c0:76:5a:
2d:14:67:94:7a:8f:dc:1c:d9:bc:41:4e:4f:7c:a4:11:00:b6:
75:ad:5b:82:03:5a:64:39:04:4d:2b:76:d6:93:5d:f1:3d:00:
6f:90:2a:03:e2:40:07:ad:a9:70:0a:2e:a5:e8:a2:99:7e:63:
8a:2c:d9:02:92:02:0a:f5:12:bc:61:9c:6f:ab:76:41:77:3e:
01:98:2e:81:81:1b:2a:3b:94:3d:2c:f3:42:ee:cf:11:2e:6c:
a9:5b:e9:00:6b:ad:87:5e:72:57:e3:6d:34:52:0d:d0:c0:01:
6f:29:b3:85:d7:f6:24:69:d6:5c:45:13:85:f4:b3:59:c1:c2:
43:ab:9d:4d:06:45:2f:f3:3b:63:34:06:cd:9c:0a:0f:fe:f0:
c7:20:f0:c7:81:cc:b3:4d:9a:90:ed:39:16:7b:77:8c:cc:6c:
02:71:ce:0b
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZKPjxSx3XHAF4hH4sUKFjRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1OWYxZTNiODA1NTFlOThhMTZmYzJiYmNiN2RkODdjOWEw
ZWZlMjUwHhcNMjQxMDE1MDk0MjUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODUwZDdkZDEzZjgyNTI5OGE1YzA5ODg5NTM0NDFjMjE1MmJlNWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHj9tVZiNo3afN+nTc/NwngpmcRS
5nZqtbvGAA3773U8X6bVB9vqPHXmvhmPCe45E5hBsP3Vy5RqO3zozMM6FUsAPTro
h89zqrwDUlLnHKisWSdQez3nLe2sLsyMgAHtRBdh32UcIMuGJZehinyCqXCwgFQJ
OWl6BAxzyMSA8Gr5UuOf9N32cFE1sppg1uGVTl5jnPq7vCUTBQ3l6Cd77NJn+5Hj
BwbpUSWGHa+gHyc/yRB2nya18pBuLgrWAJik38zSw4ItdCPl1UwhutgKJfsr6gXF
RfAWb03EB0VP5kDLRuckRnfGRfINWgUrmllFX8hfDkSEsc+sHXm5JsdCYQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFAhQ190T+CUpilwJiJU0QcIVK+XVMB8GA1UdIwQY
MBaAFDWfHjuAVR6YoW/Cu8t92HyaDv4lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlo4ZU80QlZIcGloYjhLN3kzM1lmSm9PX2lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS84OWZkNDMtNTRmMC00YTE1LWIyYjEt
M2YzYTAyNzQ4YzJhLzEvQ0ZEWDNSUDRKU21LWEFtSWxUUkJ3aFVyNWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS84OWZkNDMtNTRmMC00YTE1LWIyYjEtM2YzYTAyNzQ4YzJh
LzEvTlo4ZU80QlZIcGloYjhLN3kzM1lmSm9PX2lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQCLYHgMBQE
AgACMA4DBQMqDlBAAwUAKg/9AzANBgkqhkiG9w0BAQsFAAOCAQEAhLtQ3N2IGwc0
kFfx25ySxuPGDNnW2Q0BB0kswSUqODM9IqykQ/0XiVlT2Bd7m7qVsY5Qjl+6etsb
I0z0fzt/BgkFBw9xoY2nD51Y3c30PIPoAsuM4/yawHZaLRRnlHqP3BzZvEFOT3yk
EQC2da1bggNaZDkETSt21pNd8T0Ab5AqA+JAB62pcAoupeiimX5jiizZApICCvUS
vGGcb6t2QXc+AZgugYEbKjuUPSzzQu7PES5sqVvpAGuth15yV+NtNFIN0MABbymz
hdf2JGnWXEUThfSzWcHCQ6udTQZFL/M7YzQGzZwKD/7wxyDwx4HMs02akO05Fnt3
jMxsAnHOCw==
-----END CERTIFICATE-----
Generated at Fri Apr 18 06:54:40 2025 by rpki-client