Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/oD8kAv-o9eVYnjLoAgToxJe2TsQ.roa
File: oD8kAv-o9eVYnjLoAgToxJe2TsQ.roa (raw, json)
Hash identifier: yK7g4aIRWN50zLSMYmkQgW8H2aDP/DPqJCRjD8imXow=
Subject key identifier: A0:3F:24:02:FF:A8:F5:E5:58:9E:32:E8:02:04:E8:C4:97:B6:4E:C4
Certificate issuer: /CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Certificate serial: 018CC5DC4B42A1468398E52B45FF3112A2EE
Authority key identifier: 7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/oD8kAv-o9eVYnjLoAgToxJe2TsQ.roa
Signing time: Mon 01 Jan 2024 16:29:57 +0000
ROA not before: Mon 01 Jan 2024 16:29:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201627
IP address blocks: 193.71.224.0/21 maxlen: 21
193.71.224.0/22 maxlen: 22
193.71.228.0/24 maxlen: 24
193.71.228.0/22 maxlen: 22
Validation: Failed, certificate revoked on Wed 01 Jan 2025 17:48:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:4b:42:a1:46:83:98:e5:2b:45:ff:31:12:a2:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7dc4acedcb86cddfed7f6de8cadfca00469bbc8e
Validity
Not Before: Jan 1 16:29:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a03f2402ffa8f5e5589e32e80204e8c497b64ec4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:70:19:66:ca:67:fd:ba:15:39:c2:f1:27:e3:
eb:e3:f3:3e:dd:72:45:c4:51:5e:c5:4e:34:bc:02:
8a:f6:34:1f:53:d8:e8:e8:96:6b:fc:d8:d1:2b:6b:
af:bc:61:67:e2:6d:41:f1:30:9a:94:06:fd:44:fd:
b4:38:3b:a7:08:03:48:b2:ab:74:27:74:cb:ac:d8:
ab:35:b8:b0:83:f1:c8:bb:db:09:e6:cf:05:91:41:
24:92:79:b6:06:34:19:05:bb:92:e2:0e:6d:d7:e4:
35:35:c3:87:d6:c4:27:7c:f7:84:5f:14:4d:e8:27:
b0:42:dc:f3:56:71:2c:4e:52:b4:b7:c0:25:a3:dd:
c5:98:15:60:a7:61:32:9e:12:81:d2:e3:0a:36:3d:
9e:4b:85:02:4f:1f:79:3a:d5:2b:fe:bd:a6:ac:53:
05:8e:3e:b8:6c:28:31:95:2e:44:e0:77:c3:3a:e1:
c1:af:22:06:63:87:14:32:31:4c:4c:e8:d4:f2:9a:
88:2f:ea:93:5d:9f:19:48:49:10:0e:c0:7f:5a:57:
85:6a:d0:86:5c:11:15:a5:72:3e:6c:1a:a7:dc:88:
81:f6:36:82:d7:51:88:ee:75:9f:8c:77:e9:8c:a3:
bb:ab:06:45:5d:7d:20:01:a2:27:87:00:5b:65:ae:
27:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:3F:24:02:FF:A8:F5:E5:58:9E:32:E8:02:04:E8:C4:97:B6:4E:C4
X509v3 Authority Key Identifier:
keyid:7D:C4:AC:ED:CB:86:CD:DF:ED:7F:6D:E8:CA:DF:CA:00:46:9B:BC:8E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fcSs7cuGzd_tf23oyt_KAEabvI4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/oD8kAv-o9eVYnjLoAgToxJe2TsQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/3d2a14-6b79-4689-9579-39480285a948/1/fcSs7cuGzd_tf23oyt_KAEabvI4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.71.224.0/21
Signature Algorithm: sha256WithRSAEncryption
3b:bc:33:81:ed:d1:76:cc:b5:3d:62:af:11:67:0b:35:d4:4e:
f5:08:ce:61:10:47:7f:96:12:2f:ff:2e:eb:b5:3b:2c:93:23:
4b:db:8e:0b:35:ad:f7:23:da:59:84:74:a7:a2:07:bb:92:5c:
c0:df:ff:b3:f3:00:65:44:25:e0:45:8b:b7:07:dd:69:e7:41:
31:c2:00:17:d6:09:e5:71:4c:54:2e:70:11:fc:a9:78:cf:e4:
23:b5:23:0c:7d:52:ba:9f:1c:3e:e6:d4:5a:f2:0c:01:17:8f:
d6:35:f3:cb:b6:7d:18:30:f4:dc:b9:93:fe:4c:1c:6f:ed:cc:
70:d3:68:30:fc:9c:bd:cd:3e:69:4b:d9:d4:b8:cd:b2:9d:97:
0b:34:e5:fe:2b:a7:9f:04:84:9f:64:7b:a8:02:38:e2:28:db:
1c:31:e8:0a:65:c8:d4:c1:56:a9:3e:32:c1:c5:9c:3d:df:d7:
59:80:24:89:4c:0f:c0:d5:21:90:e5:c5:e3:49:04:6d:19:2b:
97:3a:d2:93:e0:a4:5d:49:c5:e2:ef:d2:4f:ed:6b:85:20:35:
7f:62:df:b3:16:b0:49:f4:79:f1:82:13:91:07:7f:37:a2:7f:
58:02:f6:e2:8f:6d:cb:46:21:19:87:2f:a6:5a:cc:a0:4b:aa:
49:71:65:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3EtCoUaDmOUrRf8xEqLuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYzRhY2VkY2I4NmNkZGZlZDdmNmRlOGNhZGZjYTAwNDY5
YmJjOGUwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDNmMjQwMmZmYThmNWU1NTg5ZTMyZTgwMjA0ZThjNDk3YjY0ZWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3AZZspn/boVOcLxJ+Pr4/M+3XJF
xFFexU40vAKK9jQfU9jo6JZr/NjRK2uvvGFn4m1B8TCalAb9RP20ODunCANIsqt0
J3TLrNirNbiwg/HIu9sJ5s8FkUEkknm2BjQZBbuS4g5t1+Q1NcOH1sQnfPeEXxRN
6CewQtzzVnEsTlK0t8Alo93FmBVgp2EynhKB0uMKNj2eS4UCTx95OtUr/r2mrFMF
jj64bCgxlS5E4HfDOuHBryIGY4cUMjFMTOjU8pqIL+qTXZ8ZSEkQDsB/WleFatCG
XBEVpXI+bBqn3IiB9jaC11GI7nWfjHfpjKO7qwZFXX0gAaInhwBbZa4nDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKA/JAL/qPXlWJ4y6AIE6MSXtk7EMB8GA1UdIwQY
MBaAFH3ErO3Lhs3f7X9t6MrfygBGm7yOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1Nzkt
Mzk0ODAyODVhOTQ4LzEvb0Q4a0F2LW85ZVZZbmpMb0FnVG94SmUyVHNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8zZDJhMTQtNmI3OS00Njg5LTk1NzktMzk0ODAyODVhOTQ4
LzEvZmNTczdjdUd6ZF90ZjIzb3l0X0tBRWFidkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwUfgMA0G
CSqGSIb3DQEBCwUAA4IBAQA7vDOB7dF2zLU9Yq8RZws11E71CM5hEEd/lhIv/y7r
tTsskyNL244LNa33I9pZhHSnoge7klzA3/+z8wBlRCXgRYu3B91p50ExwgAX1gnl
cUxULnAR/Kl4z+QjtSMMfVK6nxw+5tRa8gwBF4/WNfPLtn0YMPTcuZP+TBxv7cxw
02gw/Jy9zT5pS9nUuM2ynZcLNOX+K6efBISfZHuoAjjiKNscMegKZcjUwVapPjLB
xZw939dZgCSJTA/A1SGQ5cXjSQRtGSuXOtKT4KRdScXi79JP7WuFIDV/Yt+zFrBJ
9HnxghORB383on9YAvbij23LRiEZhy+mWsygS6pJcWU5
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:42:36 2025 by rpki-client