Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/XfDtX210ws0XzTn4upUc4HUxdZQ.roa
File: XfDtX210ws0XzTn4upUc4HUxdZQ.roa (raw, json)
Hash identifier: uSQ05DYh/dXGUkZq4aBH/MW9zi7Q6W05eUd8AVb1K4g=
Subject key identifier: 5D:F0:ED:5F:6D:74:C2:CD:17:CD:39:F8:BA:95:1C:E0:75:31:75:94
Certificate issuer: /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial: 019430F39BC5BBDFBCB4CB450A6593D5869E
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/XfDtX210ws0XzTn4upUc4HUxdZQ.roa
Signing time: Sat 04 Jan 2025 10:54:18 +0000
ROA not before: Sat 04 Jan 2025 10:54:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 174
IP address blocks: 152.89.28.0/22 maxlen: 22
193.135.151.0/24 maxlen: 24
193.135.174.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 30 Jan 2025 06:16:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:30:f3:9b:c5:bb:df:bc:b4:cb:45:0a:65:93:d5:86:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Validity
Not Before: Jan 4 10:54:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5df0ed5f6d74c2cd17cd39f8ba951ce075317594
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:62:c0:87:8c:e3:47:09:5c:dc:f0:b1:be:65:
c3:3d:2b:cc:37:60:29:2f:49:b3:78:8f:94:f1:a9:
3d:51:e3:4c:aa:77:2f:ba:a1:4c:1c:77:4a:ff:6b:
d0:b1:e5:72:22:bf:f2:7c:1c:19:7c:83:4b:ee:c7:
e4:41:a2:4f:33:f8:f9:f0:b1:4d:3c:97:3e:6f:7c:
4b:57:02:3c:13:c6:59:e6:42:db:7f:b8:0f:d7:14:
e1:8e:f3:20:35:e3:2e:c0:a6:e9:dd:f0:c6:22:b9:
94:9d:08:e0:de:a4:d4:4f:58:5b:92:e3:27:fd:5f:
46:d9:0d:d4:52:be:d8:bd:6f:8f:97:1c:e1:95:f6:
90:a2:3c:a3:ab:0f:b5:b0:ce:08:15:e4:c4:c1:27:
06:7a:e7:1d:1a:f5:51:4a:0c:e4:1b:6a:ec:b4:15:
0a:f5:21:6f:da:6d:0c:cd:a0:ab:ea:74:09:a4:33:
7b:4c:0b:5d:f1:3c:fc:76:90:a9:ef:4d:04:fa:97:
bf:07:7e:5b:01:48:df:c8:d9:c6:0c:a6:ea:20:02:
a8:9b:9d:30:71:5b:78:a9:78:d2:f3:6a:e1:3c:95:
2d:32:07:62:98:83:56:2c:2d:bd:05:87:f9:3f:e8:
cf:7c:ea:6c:d3:38:d3:86:ab:f5:6f:87:92:21:f0:
ef:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:F0:ED:5F:6D:74:C2:CD:17:CD:39:F8:BA:95:1C:E0:75:31:75:94
X509v3 Authority Key Identifier:
keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/XfDtX210ws0XzTn4upUc4HUxdZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.28.0/22
193.135.151.0/24
193.135.174.0/24
Signature Algorithm: sha256WithRSAEncryption
30:78:8c:3b:99:e0:17:9a:f5:1d:4c:fb:a6:61:ae:80:a7:47:
8d:71:d3:5c:57:c8:af:bd:b3:30:1e:a5:5f:d1:88:88:23:4f:
fe:6d:b4:85:6f:87:8d:14:91:6f:c2:c8:cd:a3:b4:54:97:c0:
14:96:1b:1b:86:fd:fa:fe:fc:5c:b2:87:ec:6d:dd:1e:b0:8c:
b1:8e:8a:64:b9:7d:52:74:7c:81:09:31:68:1d:ab:41:33:3c:
f4:a3:a0:00:64:4d:11:af:92:f6:22:2f:d8:07:10:d8:cf:0e:
35:ce:a6:c6:86:2f:5e:0d:06:c1:c0:96:57:f7:2e:bd:f6:76:
b4:09:d1:5a:38:10:fd:11:d2:f2:85:ad:85:21:a6:9f:60:79:
ae:79:72:11:cb:db:99:3a:9b:65:d3:a5:ab:4e:c7:12:1b:f3:
bf:6d:a7:49:c8:8b:00:46:87:cb:93:bc:89:85:67:d4:a0:86:
91:eb:a0:c7:7d:f8:23:c4:9d:2d:e7:ab:82:e4:70:fb:b7:e6:
e9:18:1f:78:62:17:c5:4b:47:5f:a0:10:9d:a9:83:d2:2d:95:
73:2e:4e:08:81:0c:2c:15:65:86:35:6a:bd:7e:60:0c:ef:f1:
cb:f8:d7:aa:98:c7:32:06:04:d0:18:16:16:6d:cb:3e:0a:2d:
40:5d:3d:c7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQw85vFu9+8tMtFCmWT1YaeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjUwMTA0MTA1NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGYwZWQ1ZjZkNzRjMmNkMTdjZDM5ZjhiYTk1MWNlMDc1MzE3NTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmLAh4zjRwlc3PCxvmXDPSvMN2Ap
L0mzeI+U8ak9UeNMqncvuqFMHHdK/2vQseVyIr/yfBwZfINL7sfkQaJPM/j58LFN
PJc+b3xLVwI8E8ZZ5kLbf7gP1xThjvMgNeMuwKbp3fDGIrmUnQjg3qTUT1hbkuMn
/V9G2Q3UUr7YvW+PlxzhlfaQojyjqw+1sM4IFeTEwScGeucdGvVRSgzkG2rstBUK
9SFv2m0MzaCr6nQJpDN7TAtd8Tz8dpCp700E+pe/B35bAUjfyNnGDKbqIAKom50w
cVt4qXjS82rhPJUtMgdimINWLC29BYf5P+jPfOps0zjThqv1b4eSIfDvIwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF3w7V9tdMLNF805+LqVHOB1MXWUMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvWGZEdFgyMTB3czBYelRuNHVwVWM0SFV4ZFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCmFkcAwQA
wYeXAwQAwYeuMA0GCSqGSIb3DQEBCwUAA4IBAQAweIw7meAXmvUdTPumYa6Ap0eN
cdNcV8ivvbMwHqVf0YiII0/+bbSFb4eNFJFvwsjNo7RUl8AUlhsbhv36/vxcsofs
bd0esIyxjopkuX1SdHyBCTFoHatBMzz0o6AAZE0Rr5L2Ii/YBxDYzw41zqbGhi9e
DQbBwJZX9y699na0CdFaOBD9EdLyha2FIaafYHmueXIRy9uZOptl06WrTscSG/O/
badJyIsARofLk7yJhWfUoIaR66DHffgjxJ0t56uC5HD7t+bpGB94YhfFS0dfoBCd
qYPSLZVzLk4IgQwsFWWGNWq9fmAM7/HL+NeqmMcyBgTQGBYWbcs+Ci1AXT3H
-----END CERTIFICATE-----
Generated at Wed Feb 5 10:52:33 2025 by rpki-client