Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/XfMFkFTXMcKm3A2QtMhClJVFETQ.roa
File: XfMFkFTXMcKm3A2QtMhClJVFETQ.roa (raw, json)
Hash identifier: YmAX/j81ukNHVfBi4isEv9XwTjl1IVJr9cWGjHK0OXY=
Subject key identifier: 5D:F3:05:90:54:D7:31:C2:A6:DC:0D:90:B4:C8:42:94:95:45:11:34
Certificate issuer: /CN=00e2c33731adca57dcc33b2fb8233fc038b095e9
Certificate serial: 019157467018955D9CC74AE44E1207544606
Authority key identifier: 00:E2:C3:37:31:AD:CA:57:DC:C3:3B:2F:B8:23:3F:C0:38:B0:95:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AOLDNzGtylfcwzsvuCM_wDiwlek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/XfMFkFTXMcKm3A2QtMhClJVFETQ.roa
Signing time: Thu 15 Aug 2024 18:21:59 +0000
ROA not before: Thu 15 Aug 2024 18:21:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 57648
IP address blocks: 45.156.160.0/24 maxlen: 24
45.156.161.0/24 maxlen: 24
45.156.162.0/24 maxlen: 24
45.156.163.0/24 maxlen: 24
2a0f:2580:1000::/48 maxlen: 48
Validation: Failed, certificate revoked on Wed 01 Jan 2025 01:47:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:57:46:70:18:95:5d:9c:c7:4a:e4:4e:12:07:54:46:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00e2c33731adca57dcc33b2fb8233fc038b095e9
Validity
Not Before: Aug 15 18:21:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5df3059054d731c2a6dc0d90b4c8429495451134
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:be:48:1e:6d:d2:e9:9c:96:ef:ca:f2:17:cf:
88:83:be:a4:0e:d7:43:8b:b3:fa:0f:55:ea:36:5b:
ee:37:84:bd:40:b5:8d:42:f2:64:e3:3f:b5:02:7b:
31:dc:fb:c1:b2:4a:ca:35:4b:01:61:32:50:90:56:
6e:de:13:d6:1f:67:f2:30:d9:1e:ee:05:d3:ed:04:
c7:fd:fc:13:64:47:9f:56:a5:5d:96:da:0f:53:37:
60:df:85:26:92:f8:83:8d:87:91:73:3e:7c:da:6d:
ea:bb:22:c3:58:6a:07:f2:f2:fd:34:6b:28:b6:52:
2e:9f:c5:70:66:b6:1c:cf:f3:dc:17:8d:93:ee:7a:
1e:b2:e1:04:e7:67:01:ba:1b:f7:b7:a3:fe:59:be:
1c:0c:91:55:d5:fb:47:34:c8:82:9d:0d:26:e5:f3:
13:1d:ac:e8:b5:a0:8f:fd:06:c3:64:46:2b:93:44:
dc:59:7a:40:e0:30:0a:b1:3e:8a:ac:0a:8c:29:7f:
88:b7:82:89:b2:a9:b8:ac:11:3b:99:1c:52:47:f9:
e7:c8:84:f5:23:73:54:b8:09:f0:eb:c7:72:e8:9c:
13:e0:ba:2c:55:f7:d0:17:4d:03:c5:2f:6b:8e:40:
1d:9a:f1:f7:8b:09:e1:5f:15:33:eb:37:d2:74:13:
fe:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:F3:05:90:54:D7:31:C2:A6:DC:0D:90:B4:C8:42:94:95:45:11:34
X509v3 Authority Key Identifier:
keyid:00:E2:C3:37:31:AD:CA:57:DC:C3:3B:2F:B8:23:3F:C0:38:B0:95:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AOLDNzGtylfcwzsvuCM_wDiwlek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/XfMFkFTXMcKm3A2QtMhClJVFETQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/9d5feb-beda-4147-9d83-c9ad37f94cd7/1/AOLDNzGtylfcwzsvuCM_wDiwlek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.160.0/22
IPv6:
2a0f:2580:1000::/48
Signature Algorithm: sha256WithRSAEncryption
8e:23:34:57:de:14:f3:fa:e8:3b:02:a2:62:43:27:9d:90:21:
93:81:2e:80:c8:05:0c:71:0e:e0:a4:a8:c4:7b:0f:86:8c:a1:
47:88:b1:de:85:d9:61:57:bf:15:43:10:48:7c:6b:b9:d3:02:
19:85:03:9a:ba:7e:d8:30:b3:d9:47:28:97:6a:ad:38:6f:9a:
91:7b:28:59:4d:fe:f2:4d:09:5d:1b:ac:3b:9e:f2:7e:48:4b:
99:62:c0:9e:45:01:8a:c3:a0:77:00:73:26:fb:05:5b:e0:36:
0e:96:ca:c7:01:e9:a3:7f:a1:b5:82:a6:40:53:e0:ce:d3:98:
5b:99:95:5d:98:ba:aa:06:ca:e8:ed:e2:bd:55:e6:2b:59:c6:
09:15:ad:a4:62:94:f3:f3:14:63:3a:92:44:7a:40:f3:cd:21:
c2:d4:eb:22:0f:2d:f9:41:e7:4c:aa:51:5e:06:4b:53:a4:07:
dd:7a:4f:1b:9f:ec:73:5c:ea:8c:26:9d:45:04:c2:1d:01:dc:
08:e1:29:b8:ae:5b:38:a3:24:1f:5b:cb:85:8b:3a:6e:81:b0:
0e:34:d4:45:dc:a8:f4:d4:a8:37:7f:3d:87:3b:8d:8f:bc:20:
5a:f6:5e:7d:4f:98:f9:fd:19:9a:fb:2c:b6:2e:b6:a9:f4:fd:
5c:5f:77:09
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZFXRnAYlV2cx0rkThIHVEYGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwZTJjMzM3MzFhZGNhNTdkY2MzM2IyZmI4MjMzZmMwMzhi
MDk1ZTkwHhcNMjQwODE1MTgyMTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGYzMDU5MDU0ZDczMWMyYTZkYzBkOTBiNGM4NDI5NDk1NDUxMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhL5IHm3S6ZyW78ryF8+Ig76kDtdD
i7P6D1XqNlvuN4S9QLWNQvJk4z+1Ansx3PvBskrKNUsBYTJQkFZu3hPWH2fyMNke
7gXT7QTH/fwTZEefVqVdltoPUzdg34UmkviDjYeRcz582m3quyLDWGoH8vL9NGso
tlIun8VwZrYcz/PcF42T7noesuEE52cBuhv3t6P+Wb4cDJFV1ftHNMiCnQ0m5fMT
HazotaCP/QbDZEYrk0TcWXpA4DAKsT6KrAqMKX+It4KJsqm4rBE7mRxSR/nnyIT1
I3NUuAnw68dy6JwT4LosVffQF00DxS9rjkAdmvH3iwnhXxUz6zfSdBP+5QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFF3zBZBU1zHCptwNkLTIQpSVRRE0MB8GA1UdIwQY
MBaAFADiwzcxrcpX3MM7L7gjP8A4sJXpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQU9MRE56R3R5bGZjd3pzdnVDTV93RGl3bGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS85ZDVmZWItYmVkYS00MTQ3LTlkODMt
YzlhZDM3Zjk0Y2Q3LzEvWGZNRmtGVFhNY0ttM0EyUXRNaENsSlZGRVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS85ZDVmZWItYmVkYS00MTQ3LTlkODMtYzlhZDM3Zjk0Y2Q3
LzEvQU9MRE56R3R5bGZjd3pzdnVDTV93RGl3bGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLZygMA8E
AgACMAkDBwAqDyWAEAAwDQYJKoZIhvcNAQELBQADggEBAI4jNFfeFPP66DsComJD
J52QIZOBLoDIBQxxDuCkqMR7D4aMoUeIsd6F2WFXvxVDEEh8a7nTAhmFA5q6ftgw
s9lHKJdqrThvmpF7KFlN/vJNCV0brDue8n5IS5liwJ5FAYrDoHcAcyb7BVvgNg6W
yscB6aN/obWCpkBT4M7TmFuZlV2YuqoGyujt4r1V5itZxgkVraRilPPzFGM6kkR6
QPPNIcLU6yIPLflB50yqUV4GS1OkB916Txuf7HNc6owmnUUEwh0B3AjhKbiuWzij
JB9by4WLOm6BsA401EXcqPTUqDd/PYc7jY+8IFr2Xn1PmPn9GZr7LLYutqn0/Vxf
dwk=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:27:12 2025 by rpki-client