Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Z8-tG0oNIq1sfRfPPRtF7A7u0FM.roa
File: Z8-tG0oNIq1sfRfPPRtF7A7u0FM.roa (raw, json)
Hash identifier: sDdw29BzlOxEZqlAeN5S4WOa6QK6BNTDEESd8UYA3os=
Subject key identifier: 67:CF:AD:1B:4A:0D:22:AD:6C:7D:17:CF:3D:1B:45:EC:0E:EE:D0:53
Certificate issuer: /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial: 01949A03C8130241C318CC32D044A1523B7F
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Z8-tG0oNIq1sfRfPPRtF7A7u0FM.roa
Signing time: Fri 24 Jan 2025 20:32:06 +0000
ROA not before: Fri 24 Jan 2025 20:32:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 834
IP address blocks: 14.102.226.0/23 maxlen: 24
14.102.232.0/24 maxlen: 24
77.111.96.0/22 maxlen: 22
77.111.96.0/24 maxlen: 24
94.229.210.0/24 maxlen: 24
94.229.212.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 29 Jan 2025 00:17:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:9a:03:c8:13:02:41:c3:18:cc:32:d0:44:a1:52:3b:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Validity
Not Before: Jan 24 20:32:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=67cfad1b4a0d22ad6c7d17cf3d1b45ec0eeed053
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:e0:12:ca:38:25:4a:83:c8:9f:62:83:d8:d5:
cb:84:0d:0c:b6:09:c2:0f:37:10:22:f2:b3:3d:e5:
82:82:ca:0c:ca:4a:f5:34:43:66:75:a4:59:9e:96:
c6:ba:51:a0:a3:f7:72:b2:99:d6:ed:48:5e:9f:9a:
d0:b2:2c:a0:8f:59:06:1d:f8:53:d9:12:ab:b1:db:
f4:9a:70:6a:33:43:df:3d:93:aa:52:e4:f0:ff:71:
c4:83:09:ea:dc:61:47:8a:2b:0c:1b:de:12:b9:51:
be:63:17:84:10:88:96:c4:26:4c:03:9c:34:3e:10:
8b:a5:54:cc:86:58:d4:cc:5d:dc:d4:3c:e7:2e:d4:
fe:ae:3c:46:6f:70:91:37:6c:ff:0c:50:5c:19:d2:
35:df:73:f3:f7:c7:fc:f3:49:98:e6:b8:7f:61:22:
7e:f2:29:0c:3f:f5:ac:9c:80:a9:7b:2f:55:28:81:
fc:12:84:f5:d2:69:20:c8:88:5b:6c:59:b9:6e:ff:
a8:da:cb:f9:12:1b:69:4b:79:2f:88:e8:9f:77:3d:
82:0b:2f:89:69:5a:42:05:e1:fc:fa:dd:c2:8a:45:
6e:7b:f5:44:23:d3:fe:a4:79:53:49:0e:bc:91:35:
10:c7:e5:ca:e7:db:8b:92:67:53:86:b9:f4:cc:f4:
17:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:CF:AD:1B:4A:0D:22:AD:6C:7D:17:CF:3D:1B:45:EC:0E:EE:D0:53
X509v3 Authority Key Identifier:
keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Z8-tG0oNIq1sfRfPPRtF7A7u0FM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
14.102.226.0/23
14.102.232.0/24
77.111.96.0/22
94.229.210.0/24
94.229.212.0/24
Signature Algorithm: sha256WithRSAEncryption
de:17:6d:af:22:31:b6:36:f7:0b:88:c1:ae:a7:8a:f0:21:f4:
4e:02:db:56:12:73:1a:c1:7c:74:7e:fb:dd:14:6e:cf:45:0d:
da:eb:ef:e7:80:9d:6d:18:18:e0:ba:54:99:3c:c1:90:de:4c:
89:69:31:42:10:24:06:17:99:8f:3c:ec:1b:e6:4b:44:22:ac:
2e:20:eb:59:74:8f:98:6f:98:06:69:6f:e7:9d:e4:74:4a:21:
95:2a:cb:03:e6:0b:f4:4f:bc:22:4b:b3:01:68:d0:2f:17:fc:
1c:fa:47:93:ce:e1:92:1b:cc:b2:e6:3c:c8:9a:66:61:6b:df:
d4:a5:85:73:58:2f:c8:9f:62:0b:35:0e:55:9f:06:bf:00:31:
47:83:c7:03:82:7e:72:18:52:68:98:ca:ad:fb:9b:cb:64:33:
58:b2:7b:98:55:60:72:a6:65:27:ee:95:cd:02:29:ff:90:09:
dc:7a:75:71:0f:26:1e:9c:13:3d:88:1c:e4:a6:2a:43:28:75:
46:0b:aa:61:73:d1:34:2b:07:ca:c1:4c:ab:5d:f9:a2:be:e9:
b2:d8:d2:92:36:e9:fd:7d:fb:4a:b1:1f:83:e8:cb:bc:99:dd:
30:38:cc:af:cc:24:f9:b8:8e:a3:97:e7:e4:9c:09:42:f2:3f:
ab:ee:52:02
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZSaA8gTAkHDGMwy0EShUjt/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMTI0MjAzMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NmYWQxYjRhMGQyMmFkNmM3ZDE3Y2YzZDFiNDVlYzBlZWVkMDUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+ASyjglSoPIn2KD2NXLhA0MtgnC
DzcQIvKzPeWCgsoMykr1NENmdaRZnpbGulGgo/dyspnW7Uhen5rQsiygj1kGHfhT
2RKrsdv0mnBqM0PfPZOqUuTw/3HEgwnq3GFHiisMG94SuVG+YxeEEIiWxCZMA5w0
PhCLpVTMhljUzF3c1DznLtT+rjxGb3CRN2z/DFBcGdI133Pz98f880mY5rh/YSJ+
8ikMP/WsnICpey9VKIH8EoT10mkgyIhbbFm5bv+o2sv5EhtpS3kviOifdz2CCy+J
aVpCBeH8+t3CikVue/VEI9P+pHlTSQ68kTUQx+XK59uLkmdThrn0zPQX6wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFGfPrRtKDSKtbH0Xzz0bRewO7tBTMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvWjgtdEcwb05JcTFzZlJmUFBSdEY3QTd1MEZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBDmbiAwQA
DmboAwQCTW9gAwQAXuXSAwQAXuXUMA0GCSqGSIb3DQEBCwUAA4IBAQDeF22vIjG2
NvcLiMGup4rwIfROAttWEnMawXx0fvvdFG7PRQ3a6+/ngJ1tGBjgulSZPMGQ3kyJ
aTFCECQGF5mPPOwb5ktEIqwuIOtZdI+Yb5gGaW/nneR0SiGVKssD5gv0T7wiS7MB
aNAvF/wc+keTzuGSG8yy5jzImmZha9/UpYVzWC/In2ILNQ5Vnwa/ADFHg8cDgn5y
GFJomMqt+5vLZDNYsnuYVWBypmUn7pXNAin/kAncenVxDyYenBM9iBzkpipDKHVG
C6phc9E0KwfKwUyrXfmivumy2NKSNun9fftKsR+D6Mu8md0wOMyvzCT5uI6jl+fk
nAlC8j+r7lIC
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:58:09 2025 by rpki-client