Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/CT-ipjJSIuq5hNcMqaDrjKSc3Uw.roa
File: CT-ipjJSIuq5hNcMqaDrjKSc3Uw.roa (raw, json)
Hash identifier: miarkqsKVwSIHyqjFSyhM7wgLs78UDfUA7pRoSemAiA=
Subject key identifier: 09:3F:A2:A6:32:52:22:EA:B9:84:D7:0C:A9:A0:EB:8C:A4:9C:DD:4C
Certificate issuer: /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial: 019542666A3D0D8C85B906B6B687443A892E
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/CT-ipjJSIuq5hNcMqaDrjKSc3Uw.roa
Signing time: Wed 26 Feb 2025 13:16:02 +0000
ROA not before: Wed 26 Feb 2025 13:16:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8311
IP address blocks: 194.143.210.0/23 maxlen: 23
194.143.211.0/24 maxlen: 24
213.220.10.0/23 maxlen: 23
213.220.12.0/22 maxlen: 22
213.220.32.0/22 maxlen: 22
Validation: Failed, certificate revoked on Thu 27 Feb 2025 12:31:20 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:42:66:6a:3d:0d:8c:85:b9:06:b6:b6:87:44:3a:89:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Validity
Not Before: Feb 26 13:16:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=093fa2a6325222eab984d70ca9a0eb8ca49cdd4c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:7d:63:f0:86:81:14:17:a5:bc:b0:6a:38:69:
99:4f:b5:e8:d6:7a:e1:0b:42:3e:d5:3c:e3:0d:f6:
16:58:28:15:50:92:4f:f4:47:6d:a7:7b:0e:ab:72:
99:1d:52:7f:00:85:43:10:43:b0:9a:05:c1:a5:e2:
26:c3:2c:0f:a6:a8:6a:1f:87:05:94:67:82:32:87:
81:97:64:d9:95:bd:af:a9:1b:03:07:e0:00:d4:22:
9e:35:77:3e:7d:5f:12:5c:1d:87:6a:ae:c4:8f:7d:
88:04:1b:eb:f7:7f:36:8d:d3:d9:cb:b0:44:5a:b1:
a9:a2:c6:22:6e:35:91:ef:cb:7b:26:c7:d5:4f:af:
7d:df:6b:06:98:d0:34:83:eb:bb:47:00:99:4e:f3:
c2:20:37:63:cd:f7:44:77:cd:ba:61:cf:01:43:92:
e7:26:3f:84:61:e6:06:60:d9:ea:a1:7f:42:3c:e9:
73:f9:22:55:92:8d:73:a9:d8:3d:28:bc:4d:70:66:
78:0d:9f:39:47:44:48:d4:96:f1:7a:cd:bd:ff:ae:
26:04:17:2d:52:0b:86:68:19:08:60:e5:d1:b1:16:
04:8f:56:da:46:33:90:5e:cd:52:08:3e:f1:b5:7b:
c4:12:3d:b5:d4:84:63:88:69:22:b6:8b:10:6c:f9:
77:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:3F:A2:A6:32:52:22:EA:B9:84:D7:0C:A9:A0:EB:8C:A4:9C:DD:4C
X509v3 Authority Key Identifier:
keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/CT-ipjJSIuq5hNcMqaDrjKSc3Uw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.143.210.0/23
213.220.10.0-213.220.15.255
213.220.32.0/22
Signature Algorithm: sha256WithRSAEncryption
7f:22:c5:f6:94:8a:f6:b9:e5:53:a2:b4:e3:d6:26:78:e8:59:
a4:39:09:65:6d:97:d0:b8:85:01:57:98:2c:5e:d1:ce:93:3a:
9c:52:54:5c:64:64:22:7c:00:19:fc:91:56:19:61:ee:34:34:
29:3c:bc:c5:eb:03:d0:cc:d6:51:ce:bb:04:21:1c:1f:f8:07:
16:be:df:89:b7:d1:52:c5:4f:98:ad:2f:00:98:1b:d3:43:3a:
7c:f7:c6:5b:0c:f2:07:45:c0:81:f0:2f:b1:7b:3b:ad:77:20:
3a:e6:d8:0e:b8:11:bf:3c:36:f8:5f:9d:c1:30:b5:27:62:4d:
a1:e9:af:b0:fc:17:39:f6:e7:cd:74:79:98:86:75:2d:31:5d:
c1:b6:2e:c3:fa:0d:54:7a:7b:87:60:e2:ac:ba:c5:56:b2:4d:
59:f8:04:65:20:b4:f3:b9:2e:92:71:b6:0b:75:22:c0:4d:f7:
01:46:24:22:85:e8:06:2b:92:9f:49:38:f6:5e:d7:10:3a:96:
cb:b2:99:6e:2e:b1:5c:2b:e9:85:ca:cb:dc:ac:66:7f:4a:7d:
76:54:2b:a1:74:88:47:24:69:f8:5a:89:0c:90:49:44:02:c2:
6a:5e:d1:35:43:84:20:47:da:0a:21:0f:69:dd:bc:32:e6:11:
03:5e:52:77
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZVCZmo9DYyFuQa2todEOokuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwMjI2MTMxNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNmYTJhNjMyNTIyMmVhYjk4NGQ3MGNhOWEwZWI4Y2E0OWNkZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzH1j8IaBFBelvLBqOGmZT7Xo1nrh
C0I+1TzjDfYWWCgVUJJP9Edtp3sOq3KZHVJ/AIVDEEOwmgXBpeImwywPpqhqH4cF
lGeCMoeBl2TZlb2vqRsDB+AA1CKeNXc+fV8SXB2Haq7Ej32IBBvr9382jdPZy7BE
WrGposYibjWR78t7JsfVT69932sGmNA0g+u7RwCZTvPCIDdjzfdEd826Yc8BQ5Ln
Jj+EYeYGYNnqoX9CPOlz+SJVko1zqdg9KLxNcGZ4DZ85R0RI1Jbxes29/64mBBct
UguGaBkIYOXRsRYEj1baRjOQXs1SCD7xtXvEEj211IRjiGkitosQbPl3nwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAk/oqYyUiLquYTXDKmg64yknN1MMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvQ1QtaXBqSlNJdXE1aE5jTXFhRHJqS1NjM1V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQBwo/SMAwD
BAHV3AoDBATV3AADBALV3CAwDQYJKoZIhvcNAQELBQADggEBAH8ixfaUiva55VOi
tOPWJnjoWaQ5CWVtl9C4hQFXmCxe0c6TOpxSVFxkZCJ8ABn8kVYZYe40NCk8vMXr
A9DM1lHOuwQhHB/4Bxa+34m30VLFT5itLwCYG9NDOnz3xlsM8gdFwIHwL7F7O613
IDrm2A64Eb88NvhfncEwtSdiTaHpr7D8Fzn25810eZiGdS0xXcG2LsP6DVR6e4dg
4qy6xVayTVn4BGUgtPO5LpJxtgt1IsBN9wFGJCKF6AYrkp9JOPZe1xA6lsuymW4u
sVwr6YXKy9ysZn9KfXZUK6F0iEckafhaiQyQSUQCwmpe0TVDhCBH2gohD2ndvDLm
EQNeUnc=
-----END CERTIFICATE-----
Generated at Thu Apr 17 02:24:37 2025 by rpki-client