Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/2r9XJeYMa226F7g3tlJJrYQrb7Y.roa
File: 2r9XJeYMa226F7g3tlJJrYQrb7Y.roa (raw, json)
Hash identifier: zWuptzm8V0lkKF73VcYTnvrL05dTHwQWYRqO+9OLZh0=
Subject key identifier: DA:BF:57:25:E6:0C:6B:6D:BA:17:B8:37:B6:52:49:AD:84:2B:6F:B6
Certificate issuer: /CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
Certificate serial: 01958AFBC2A0572D7E56582F090F0550CE9E
Authority key identifier: 4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/2r9XJeYMa226F7g3tlJJrYQrb7Y.roa
Signing time: Wed 12 Mar 2025 15:31:49 +0000
ROA not before: Wed 12 Mar 2025 15:31:49 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 211680
IP address blocks: 45.156.128.0/24 maxlen: 24
45.156.129.0/24 maxlen: 24
45.156.130.0/24 maxlen: 24
185.180.140.0/24 maxlen: 24
185.180.143.0/24 maxlen: 24
2a10:3c0:1::/48 maxlen: 48
2a10:3c0:2::/48 maxlen: 48
Validation: Failed, certificate revoked on Fri 28 Mar 2025 15:18:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:8a:fb:c2:a0:57:2d:7e:56:58:2f:09:0f:05:50:ce:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
Validity
Not Before: Mar 12 15:31:49 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dabf5725e60c6b6dba17b837b65249ad842b6fb6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:54:0b:c6:31:60:2d:99:e0:84:f4:b7:4c:c9:
a6:db:23:6b:90:4e:b9:38:c8:1f:74:88:95:57:37:
a8:59:12:04:12:0c:63:d1:02:bd:42:5f:80:eb:7c:
f5:f8:00:b8:55:79:9b:76:de:bc:43:74:ba:dc:ef:
31:f5:69:7b:81:07:17:0a:ce:ff:b6:4c:81:c7:7b:
64:56:da:47:ef:22:67:53:c1:28:cc:a9:fe:30:f8:
c1:6b:d9:2a:94:b9:d8:e1:4e:8a:13:b3:1a:fb:c8:
6f:af:ee:3c:72:2e:62:e3:0e:10:d3:b8:e3:c6:03:
9b:44:a9:88:b3:c0:85:5b:5e:59:a0:c6:a2:81:3d:
48:19:f4:0e:74:c1:9b:0b:5c:fd:42:ef:64:6a:72:
ab:c5:8c:d0:ca:71:0f:06:ba:50:f6:ce:65:c0:cb:
92:a2:b3:96:ce:72:0a:aa:94:93:74:a8:e5:d1:8e:
f3:5c:df:35:1a:44:7b:98:b5:55:94:ab:59:f5:02:
54:11:76:fd:fe:26:e5:25:d6:29:77:b1:ec:ee:52:
06:62:8c:c5:f6:6c:87:87:26:77:77:70:bd:31:97:
b3:a4:ff:f0:32:92:98:a7:fb:ba:80:d9:da:a2:24:
6d:b4:82:96:38:17:2f:e5:80:4a:58:8f:1f:92:fe:
65:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:BF:57:25:E6:0C:6B:6D:BA:17:B8:37:B6:52:49:AD:84:2B:6F:B6
X509v3 Authority Key Identifier:
keyid:4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/2r9XJeYMa226F7g3tlJJrYQrb7Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.128.0-45.156.130.255
185.180.140.0/24
185.180.143.0/24
IPv6:
2a10:3c0:1::-2a10:3c0:2:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
9b:7a:9a:98:53:5d:79:4d:a3:39:a8:1a:78:ad:c8:ec:6a:15:
be:f6:71:6c:8d:49:9e:d6:b7:cf:b1:99:35:e3:2a:17:9e:b7:
26:85:4e:02:83:c2:1d:be:3c:57:8f:d6:8b:dd:09:e4:3c:25:
84:40:00:ea:11:e5:bf:aa:2a:59:04:7e:e5:ee:d5:8c:2a:05:
44:cf:f4:f0:c0:4d:99:55:6d:42:82:27:ab:17:ce:eb:fc:e4:
83:76:00:1c:8a:c7:12:b6:d5:84:09:0e:11:54:02:e2:5c:4e:
f4:3f:26:05:90:ef:37:be:56:c4:c0:36:c9:af:22:0f:80:f3:
6d:16:72:fd:cd:81:1a:9d:fb:14:f6:8c:31:65:df:5b:25:f0:
65:36:b5:73:d9:7c:42:7e:48:fa:b3:18:3b:98:ba:9b:4d:1a:
af:39:78:ee:07:18:7a:0f:f8:d1:53:bb:c8:ed:b1:1e:82:8c:
31:72:3b:74:eb:45:e9:30:0a:07:d3:06:1b:df:8c:62:9d:6e:
6b:d1:b7:6b:80:f3:5e:19:9a:96:d8:73:7c:fe:20:21:83:db:
64:1f:d4:9c:74:42:db:d0:72:5c:f0:37:b5:07:4c:dd:4b:fe:
a4:0b:72:73:67:40:b5:b9:10:e9:8d:22:2d:7e:19:a0:2f:9b:
92:e3:9a:63
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZWK+8KgVy1+VlgvCQ8FUM6eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2ZhYzg2NDVhM2M2ZjEwMDQyZGM0YTc0ZDcwMGQ5ZDA2
YWYxN2EwHhcNMjUwMzEyMTUzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWJmNTcyNWU2MGM2YjZkYmExN2I4MzdiNjUyNDlhZDg0MmI2ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01QLxjFgLZnghPS3TMmm2yNrkE65
OMgfdIiVVzeoWRIEEgxj0QK9Ql+A63z1+AC4VXmbdt68Q3S63O8x9Wl7gQcXCs7/
tkyBx3tkVtpH7yJnU8EozKn+MPjBa9kqlLnY4U6KE7Ma+8hvr+48ci5i4w4Q07jj
xgObRKmIs8CFW15ZoMaigT1IGfQOdMGbC1z9Qu9kanKrxYzQynEPBrpQ9s5lwMuS
orOWznIKqpSTdKjl0Y7zXN81GkR7mLVVlKtZ9QJUEXb9/iblJdYpd7Hs7lIGYozF
9myHhyZ3d3C9MZezpP/wMpKYp/u6gNnaoiRttIKWOBcv5YBKWI8fkv5lLQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFNq/VyXmDGttuhe4N7ZSSa2EK2+2MB8GA1UdIwQY
MBaAFErPrIZFo8bxAELcSnTXANnQavF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYt
N2JmODI3N2Q4YTJmLzEvMnI5WEplWU1hMjI2RjdnM3RsSkpyWVFyYjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYtN2JmODI3N2Q4YTJm
LzEvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAgBAIAATAaMAwDBActnIAD
BAAtnIIDBAC5tIwDBAC5tI8wGgQCAAIwFDASAwcAKhADwAABAwcAKhADwAACMA0G
CSqGSIb3DQEBCwUAA4IBAQCbepqYU115TaM5qBp4rcjsahW+9nFsjUme1rfPsZk1
4yoXnrcmhU4Cg8IdvjxXj9aL3QnkPCWEQADqEeW/qipZBH7l7tWMKgVEz/TwwE2Z
VW1CgierF87r/OSDdgAciscSttWECQ4RVALiXE70PyYFkO83vlbEwDbJryIPgPNt
FnL9zYEanfsU9owxZd9bJfBlNrVz2XxCfkj6sxg7mLqbTRqvOXjuBxh6D/jRU7vI
7bEegowxcjt060XpMAoH0wYb34xinW5r0bdrgPNeGZqW2HN8/iAhg9tkH9ScdELb
0HJc8De1B0zdS/6kC3JzZ0C1uRDpjSItfhmgL5uS45pj
-----END CERTIFICATE-----
Generated at Mon Apr 21 07:35:55 2025 by rpki-client