Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/utp-iQK6YAp8FN1o2PvZbov-K9I.roa
File: utp-iQK6YAp8FN1o2PvZbov-K9I.roa (raw, json)
Hash identifier: xbNrgFxpuaa0sXCOZgn0PpeoE1wggBxvTUhEJ0UMnyQ=
Subject key identifier: BA:DA:7E:89:02:BA:60:0A:7C:14:DD:68:D8:FB:D9:6E:8B:FE:2B:D2
Certificate issuer: /CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Certificate serial: 0194DB732F1A7B240BEB95E9F8C9FF284515
Authority key identifier: 42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/utp-iQK6YAp8FN1o2PvZbov-K9I.roa
Signing time: Thu 06 Feb 2025 13:29:06 +0000
ROA not before: Thu 06 Feb 2025 13:29:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 42130
IP address blocks: 93.88.20.0/22 maxlen: 22
93.88.20.0/23 maxlen: 23
93.88.22.0/23 maxlen: 23
185.198.49.0/24 maxlen: 24
185.207.174.0/24 maxlen: 24
195.245.72.0/24 maxlen: 24
195.245.88.0/24 maxlen: 24
2a13:b2c0::/32 maxlen: 32
2a13:b2c1:1::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 25 Mar 2025 10:54:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:db:73:2f:1a:7b:24:0b:eb:95:e9:f8:c9:ff:28:45:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=429361cd181d86ef54ebe2fc91a80ec534ceac78
Validity
Not Before: Feb 6 13:29:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=bada7e8902ba600a7c14dd68d8fbd96e8bfe2bd2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:ab:9d:54:3b:75:5e:6c:0f:6e:b7:25:3f:ae:
3e:d0:6b:70:05:71:a1:f7:eb:d6:c2:4e:c0:af:40:
4b:fc:c6:d4:aa:f8:56:21:c7:72:33:88:4a:99:d1:
03:f3:54:7a:6e:09:54:34:f9:9e:d8:5b:57:e2:79:
6c:e2:41:c9:bf:69:16:b7:26:9e:dc:26:a9:4e:f4:
25:a7:94:f5:46:e9:7c:1c:93:ae:75:77:91:29:b5:
7b:0a:68:2f:2c:18:d3:63:96:44:6a:e4:16:10:9e:
db:b1:62:2e:de:f1:df:46:cd:e1:1e:84:3a:16:65:
1c:b2:fa:d0:9f:c1:17:17:58:68:e8:93:13:dd:f3:
47:3a:12:d1:0a:bd:7e:2f:1b:ea:c9:10:4d:c6:8b:
14:22:9e:3a:d3:21:b4:29:b3:0a:dc:52:86:0f:3b:
d6:83:88:b2:46:da:09:c4:39:a7:b0:4c:dd:f9:31:
0b:47:15:25:50:30:90:4f:f7:d4:04:4a:b1:78:66:
83:54:bb:c3:cc:82:b9:d7:80:2d:46:bb:bb:e5:71:
fa:b4:b7:04:6a:62:19:7d:22:bc:17:a6:1d:75:4f:
fd:ea:ef:7e:e7:37:f5:61:df:07:75:ee:f8:92:bf:
7d:d9:0c:dd:91:0f:12:88:62:72:f6:b6:94:3f:27:
21:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:DA:7E:89:02:BA:60:0A:7C:14:DD:68:D8:FB:D9:6E:8B:FE:2B:D2
X509v3 Authority Key Identifier:
keyid:42:93:61:CD:18:1D:86:EF:54:EB:E2:FC:91:A8:0E:C5:34:CE:AC:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QpNhzRgdhu9U6-L8kagOxTTOrHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/utp-iQK6YAp8FN1o2PvZbov-K9I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/7230bd-0c7c-4a02-adb9-9bbb42fa8ced/1/QpNhzRgdhu9U6-L8kagOxTTOrHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.88.20.0/22
185.198.49.0/24
185.207.174.0/24
195.245.72.0/24
195.245.88.0/24
IPv6:
2a13:b2c0::/32
2a13:b2c1:1::/48
Signature Algorithm: sha256WithRSAEncryption
a6:6b:d1:4a:5e:b7:9a:e0:1c:1d:44:9f:9e:8a:3e:67:9b:49:
92:06:74:89:ac:d1:d7:7a:e7:17:f2:93:f2:d3:86:77:43:db:
c2:b4:a1:28:05:ee:03:6d:b9:d2:7d:b2:12:f1:f8:3e:6e:3c:
2f:99:fe:84:ea:c1:2b:79:04:39:95:13:e4:0b:df:1a:d2:3a:
c5:0b:65:4a:e4:38:fb:cb:52:98:fd:c8:47:fa:b1:59:63:f9:
75:de:02:46:38:6d:bb:a6:e4:ad:6c:c7:01:9e:d2:f2:a7:04:
b8:47:88:f0:d2:49:82:e8:53:05:62:ad:9d:a9:b3:38:93:af:
0f:36:3b:a9:23:67:47:f7:1a:03:ea:66:2e:4d:ba:78:e9:f9:
0c:2c:2d:6e:4b:31:f0:2a:25:8a:c7:f0:32:4b:c7:e1:f9:ff:
f5:1a:e0:0d:49:b1:49:cd:4d:41:3c:f5:e6:12:81:1d:87:f9:
6e:c6:6a:eb:a0:a8:c1:ea:b9:2a:10:0c:74:9b:a4:19:6f:3a:
7b:10:51:fa:8a:89:ee:5d:46:91:a2:10:0d:4c:05:02:24:75:
f1:fd:44:fb:a9:bd:89:3d:a5:d6:01:7c:d8:c0:71:23:1c:a4:
45:96:02:9d:a8:a9:89:1e:59:05:a7:ec:86:57:cf:4b:79:6e:
63:de:2b:d3
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAZTbcy8aeyQL65Xp+Mn/KEUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyOTM2MWNkMTgxZDg2ZWY1NGViZTJmYzkxYTgwZWM1MzRj
ZWFjNzgwHhcNMjUwMjA2MTMyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWRhN2U4OTAyYmE2MDBhN2MxNGRkNjhkOGZiZDk2ZThiZmUyYmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKudVDt1XmwPbrclP64+0GtwBXGh
9+vWwk7Ar0BL/MbUqvhWIcdyM4hKmdED81R6bglUNPme2FtX4nls4kHJv2kWtyae
3CapTvQlp5T1Rul8HJOudXeRKbV7CmgvLBjTY5ZEauQWEJ7bsWIu3vHfRs3hHoQ6
FmUcsvrQn8EXF1ho6JMT3fNHOhLRCr1+LxvqyRBNxosUIp460yG0KbMK3FKGDzvW
g4iyRtoJxDmnsEzd+TELRxUlUDCQT/fUBEqxeGaDVLvDzIK514AtRru75XH6tLcE
amIZfSK8F6YddU/96u9+5zf1Yd8Hde74kr992QzdkQ8SiGJy9raUPychOwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLrafokCumAKfBTdaNj72W6L/ivSMB8GA1UdIwQY
MBaAFEKTYc0YHYbvVOvi/JGoDsU0zqx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjkt
OWJiYjQyZmE4Y2VkLzEvdXRwLWlRSzZZQXA4Rk4xbzJQdlpib3YtSzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS83MjMwYmQtMGM3Yy00YTAyLWFkYjktOWJiYjQyZmE4Y2Vk
LzEvUXBOaHpSZ2RodTlVNi1MOGthZ094VFRPckhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjAkBAIAATAeAwQCXVgUAwQA
ucYxAwQAuc+uAwQAw/VIAwQAw/VYMBYEAgACMBADBQAqE7LAAwcAKhOywQABMA0G
CSqGSIb3DQEBCwUAA4IBAQCma9FKXrea4BwdRJ+eij5nm0mSBnSJrNHXeucX8pPy
04Z3Q9vCtKEoBe4DbbnSfbIS8fg+bjwvmf6E6sEreQQ5lRPkC98a0jrFC2VK5Dj7
y1KY/chH+rFZY/l13gJGOG27puStbMcBntLypwS4R4jw0kmC6FMFYq2dqbM4k68P
NjupI2dH9xoD6mYuTbp46fkMLC1uSzHwKiWKx/AyS8fh+f/1GuANSbFJzU1BPPXm
EoEdh/luxmrroKjB6rkqEAx0m6QZbzp7EFH6ionuXUaRohANTAUCJHXx/UT7qb2J
PaXWAXzYwHEjHKRFlgKdqKmJHlkFp+yGV89LeW5j3ivT
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:10:25 2025 by rpki-client