Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/HF89XL3tkpy9yastQ2E5ap-5j1k.roa
File: HF89XL3tkpy9yastQ2E5ap-5j1k.roa (raw, json)
Hash identifier: t460ch/n0QgPoqSvcoNSbZauMYrX0tSHeaLdhslrAVk=
Subject key identifier: 1C:5F:3D:5C:BD:ED:92:9C:BD:C9:AB:2D:43:61:39:6A:9F:B9:8F:59
Certificate issuer: /CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Certificate serial: 0195372C92D4BF8C2C126E14F3318323DA2B
Authority key identifier: 1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/HF89XL3tkpy9yastQ2E5ap-5j1k.roa
Signing time: Mon 24 Feb 2025 08:57:02 +0000
ROA not before: Mon 24 Feb 2025 08:57:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 214099
IP address blocks: 89.18.52.0/22 maxlen: 22
89.18.56.0/22 maxlen: 22
Validation: Failed, certificate revoked on Tue 25 Feb 2025 08:06:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:37:2c:92:d4:bf:8c:2c:12:6e:14:f3:31:83:23:da:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f1e2eaaef0701595ac2754d0121217e7b91d739
Validity
Not Before: Feb 24 08:57:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1c5f3d5cbded929cbdc9ab2d4361396a9fb98f59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:2f:56:02:d5:03:eb:81:35:2c:6b:03:23:ee:
9e:9e:74:31:b8:4b:be:a8:30:52:7e:78:0f:78:2d:
21:56:1f:57:61:db:f5:c2:1c:fe:59:cd:14:d5:79:
4f:c0:69:f0:39:1f:e9:3c:0e:d6:19:7f:a7:7f:57:
c4:7a:36:79:12:c2:f0:8b:3b:af:f6:31:5d:1f:b7:
f2:55:c5:9b:8f:c2:1d:d3:36:e3:9e:35:04:25:3b:
30:51:43:98:95:4a:18:b6:2d:87:05:01:69:94:89:
40:db:3f:a4:a8:96:4d:fe:37:18:0d:0c:0a:53:8b:
02:5a:eb:fe:cf:f4:2b:48:c7:0b:b7:72:d9:22:31:
fb:73:32:40:dc:6f:9a:79:e8:73:b8:19:7a:80:af:
14:28:59:83:a1:f0:77:a1:e2:e0:5d:64:0c:c0:b0:
9c:5e:f8:e7:c8:6c:8b:3a:dd:15:eb:71:2e:e5:9a:
bc:82:24:d6:78:f9:20:83:e9:f5:ba:f2:10:1f:77:
bc:48:ea:d1:12:eb:46:7e:14:06:10:4a:b8:56:c6:
fa:1a:fa:06:97:5e:05:5b:32:d7:69:f3:76:17:46:
f3:40:23:72:fd:c1:76:f8:34:7b:f8:51:9a:52:84:
72:54:2d:12:85:6b:6a:0c:7b:57:cf:e8:93:75:9a:
29:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1C:5F:3D:5C:BD:ED:92:9C:BD:C9:AB:2D:43:61:39:6A:9F:B9:8F:59
X509v3 Authority Key Identifier:
keyid:1F:1E:2E:AA:EF:07:01:59:5A:C2:75:4D:01:21:21:7E:7B:91:D7:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hx4uqu8HAVlawnVNASEhfnuR1zk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/HF89XL3tkpy9yastQ2E5ap-5j1k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/4d6ffd-1fac-497f-810c-2b34b8433bb5/1/Hx4uqu8HAVlawnVNASEhfnuR1zk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.18.52.0-89.18.59.255
Signature Algorithm: sha256WithRSAEncryption
57:47:3c:53:ff:68:1e:2f:26:e6:42:38:fc:2b:7d:58:75:9b:
47:e1:31:99:c7:e6:1e:26:59:ac:65:77:4a:db:3f:a7:08:e9:
f4:f3:00:f3:98:32:6c:10:a0:8b:a9:da:42:8e:00:d3:b4:11:
88:3f:fb:9a:14:bc:e6:7e:11:af:41:d0:f5:3e:bf:43:9f:24:
2c:39:6e:86:72:b4:1b:84:5b:5d:71:89:ca:7b:0a:f8:ee:0d:
40:5f:37:56:aa:ff:1c:6f:30:62:2a:a2:ec:bd:1d:66:f9:4f:
d5:5a:8a:68:d5:4a:de:48:e1:f1:4d:52:ca:c6:f1:8a:b3:ff:
2c:96:27:34:44:51:82:26:9d:ed:a2:ca:a6:eb:8f:bf:d1:e7:
15:1e:5f:95:cb:be:4f:20:8c:7a:fb:a8:82:57:7b:7d:74:c9:
f2:74:ab:18:cb:e6:f4:f8:87:15:af:ce:01:b4:b4:0a:d8:01:
6a:55:91:39:38:d1:88:92:88:53:82:e4:82:c7:fc:f7:6f:94:
a4:68:05:88:d6:ad:67:6d:15:8e:b7:26:dd:0c:89:ef:d6:6b:
92:df:d1:d5:16:16:5b:96:03:ea:62:d6:40:b0:f4:62:6e:67:
fd:09:6b:e3:ba:fd:72:0f:0b:d4:d1:1f:31:58:e4:87:d2:9b:
4a:86:23:bb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZU3LJLUv4wsEm4U8zGDI9orMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMWUyZWFhZWYwNzAxNTk1YWMyNzU0ZDAxMjEyMTdlN2I5
MWQ3MzkwHhcNMjUwMjI0MDg1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzVmM2Q1Y2JkZWQ5MjljYmRjOWFiMmQ0MzYxMzk2YTlmYjk4ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC9WAtUD64E1LGsDI+6ennQxuEu+
qDBSfngPeC0hVh9XYdv1whz+Wc0U1XlPwGnwOR/pPA7WGX+nf1fEejZ5EsLwizuv
9jFdH7fyVcWbj8Id0zbjnjUEJTswUUOYlUoYti2HBQFplIlA2z+kqJZN/jcYDQwK
U4sCWuv+z/QrSMcLt3LZIjH7czJA3G+aeehzuBl6gK8UKFmDofB3oeLgXWQMwLCc
XvjnyGyLOt0V63Eu5Zq8giTWePkgg+n1uvIQH3e8SOrREutGfhQGEEq4Vsb6GvoG
l14FWzLXafN2F0bzQCNy/cF2+DR7+FGaUoRyVC0ShWtqDHtXz+iTdZopPwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBxfPVy97ZKcvcmrLUNhOWqfuY9ZMB8GA1UdIwQY
MBaAFB8eLqrvBwFZWsJ1TQEhIX57kdc5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMt
MmIzNGI4NDMzYmI1LzEvSEY4OVhMM3RrcHk5eWFzdFEyRTVhcC01ajFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS80ZDZmZmQtMWZhYy00OTdmLTgxMGMtMmIzNGI4NDMzYmI1
LzEvSHg0dXF1OEhBVmxhd25WTkFTRWhmbnVSMXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJZEjQD
BAJZEjgwDQYJKoZIhvcNAQELBQADggEBAFdHPFP/aB4vJuZCOPwrfVh1m0fhMZnH
5h4mWaxld0rbP6cI6fTzAPOYMmwQoIup2kKOANO0EYg/+5oUvOZ+Ea9B0PU+v0Of
JCw5boZytBuEW11xicp7CvjuDUBfN1aq/xxvMGIqouy9HWb5T9VaimjVSt5I4fFN
UsrG8Yqz/yyWJzREUYImne2iyqbrj7/R5xUeX5XLvk8gjHr7qIJXe310yfJ0qxjL
5vT4hxWvzgG0tArYAWpVkTk40YiSiFOC5ILH/PdvlKRoBYjWrWdtFY63Jt0Mie/W
a5Lf0dUWFluWA+pi1kCw9GJuZ/0Ja+O6/XIPC9TRHzFY5IfSm0qGI7s=
-----END CERTIFICATE-----
Generated at Sun Mar 9 19:12:31 2025 by rpki-client