Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/3N2f4gsu_SbnfHLD8T4weQKVobo.roa
File: 3N2f4gsu_SbnfHLD8T4weQKVobo.roa (raw, json)
Hash identifier: NaaCFpMyWkle8cMmIHdNKzN6nwMKKXkGJ5sQyCMnOIc=
Subject key identifier: DC:DD:9F:E2:0B:2E:FD:26:E7:7C:72:C3:F1:3E:30:79:02:95:A1:BA
Certificate issuer: /CN=59c4cfbd871c42dd55a57bd0ff567134f322b23e
Certificate serial: 01940CBA3B69065F33641E1C4C00CCD1BB2E
Authority key identifier: 59:C4:CF:BD:87:1C:42:DD:55:A5:7B:D0:FF:56:71:34:F3:22:B2:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WcTPvYccQt1VpXvQ_1ZxNPMisj4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/3N2f4gsu_SbnfHLD8T4weQKVobo.roa
Signing time: Sat 28 Dec 2024 10:05:18 +0000
ROA not before: Sat 28 Dec 2024 10:05:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 210869
IP address blocks: 45.13.68.0/22 maxlen: 23
45.13.71.0/24 maxlen: 24
2a0e:df00::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 Jan 2025 09:49:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:0c:ba:3b:69:06:5f:33:64:1e:1c:4c:00:cc:d1:bb:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=59c4cfbd871c42dd55a57bd0ff567134f322b23e
Validity
Not Before: Dec 28 10:05:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dcdd9fe20b2efd26e77c72c3f13e30790295a1ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:23:4f:77:dd:cb:9f:31:a7:13:6e:78:56:e2:
5e:3e:e0:08:ea:05:e2:87:23:b8:e8:27:87:0b:dd:
c2:8d:a0:db:e9:e3:20:67:64:ad:be:6e:90:ee:82:
a9:2d:b5:ce:e6:d2:66:29:57:d6:bb:0f:f2:55:b7:
e1:20:74:4b:c5:26:17:6a:fe:cf:f7:7b:18:71:d3:
51:a1:e5:88:5e:05:df:c5:fd:41:d5:a9:1c:69:2c:
2d:19:33:c6:48:bf:ba:fb:7f:db:14:e4:df:5b:6b:
95:dc:b6:77:81:53:2d:a4:4f:85:91:f1:9d:c0:a0:
9f:62:06:7a:ba:fc:55:4f:2c:02:26:a8:fb:68:05:
bb:20:5d:69:84:48:67:78:cb:63:7b:93:f0:53:09:
4f:0e:7c:8f:63:2a:af:db:16:c3:43:b9:8c:0c:50:
ec:09:15:8a:82:86:fb:ca:76:1e:cb:0d:a3:69:08:
4d:c3:00:63:d4:07:35:a4:9a:8c:72:0d:a4:b9:7d:
9b:78:85:e8:23:e9:bb:76:b8:07:59:2b:d9:a8:c8:
d2:6f:15:78:bc:69:ce:7a:ce:40:4b:a0:c6:39:ea:
56:50:86:ba:e4:dd:4e:e1:c8:7e:45:06:fe:17:b6:
23:f2:26:0d:46:5e:fc:9f:66:3c:9e:81:d1:88:cc:
d2:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:DD:9F:E2:0B:2E:FD:26:E7:7C:72:C3:F1:3E:30:79:02:95:A1:BA
X509v3 Authority Key Identifier:
keyid:59:C4:CF:BD:87:1C:42:DD:55:A5:7B:D0:FF:56:71:34:F3:22:B2:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WcTPvYccQt1VpXvQ_1ZxNPMisj4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/3N2f4gsu_SbnfHLD8T4weQKVobo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/90f62b-7ae2-49d6-a42c-899f1e1b7360/1/WcTPvYccQt1VpXvQ_1ZxNPMisj4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.13.68.0/22
IPv6:
2a0e:df00::/32
Signature Algorithm: sha256WithRSAEncryption
7b:ca:98:6b:3c:c3:f9:74:bc:e7:89:c4:e3:62:a5:c4:72:13:
67:69:5e:8d:4d:fe:bc:83:e4:0a:8e:cb:09:a0:80:f1:3a:09:
9c:49:b1:a1:e2:db:a2:83:3f:87:58:99:bf:18:40:37:63:4b:
a3:f2:88:85:5a:58:ab:55:c0:91:a3:fd:00:86:27:05:04:3a:
62:1d:97:3d:97:e8:14:68:09:a4:30:7d:86:74:5f:1d:6b:12:
2c:d4:d5:1b:b3:6d:de:ab:fc:c8:d1:58:b8:a7:38:20:3d:ba:
0d:f1:90:dc:3e:b7:4d:b4:64:57:5b:1a:72:7b:9b:3a:14:9f:
8c:1f:47:a2:96:7e:f6:c9:d7:73:35:ae:d4:97:89:ea:27:2c:
a3:a4:d4:0f:09:d6:28:5f:48:27:b5:bd:b0:7d:ab:84:f5:32:
48:aa:2a:4a:c6:ab:d8:bf:3b:50:0d:a9:2b:c9:73:21:7b:ff:
bb:a2:c2:9f:b5:5e:a0:ce:12:6a:49:6d:de:b2:34:44:a8:4f:
c5:c0:fa:df:6f:1b:0d:c7:d2:4d:4a:6b:37:c5:2e:ef:5a:7b:
a5:3d:9a:d2:9c:3a:2e:39:ac:39:84:ad:59:0c:0e:f7:b0:31:
13:9f:ea:9b:a9:0f:d0:0a:89:9f:21:a8:5c:65:0c:7e:1b:02:
fd:90:16:a6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQMujtpBl8zZB4cTADM0bsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YzRjZmJkODcxYzQyZGQ1NWE1N2JkMGZmNTY3MTM0ZjMy
MmIyM2UwHhcNMjQxMjI4MTAwNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2RkOWZlMjBiMmVmZDI2ZTc3YzcyYzNmMTNlMzA3OTAyOTVhMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyNPd93LnzGnE254VuJePuAI6gXi
hyO46CeHC93CjaDb6eMgZ2Stvm6Q7oKpLbXO5tJmKVfWuw/yVbfhIHRLxSYXav7P
93sYcdNRoeWIXgXfxf1B1akcaSwtGTPGSL+6+3/bFOTfW2uV3LZ3gVMtpE+FkfGd
wKCfYgZ6uvxVTywCJqj7aAW7IF1phEhneMtje5PwUwlPDnyPYyqv2xbDQ7mMDFDs
CRWKgob7ynYeyw2jaQhNwwBj1Ac1pJqMcg2kuX2beIXoI+m7drgHWSvZqMjSbxV4
vGnOes5AS6DGOepWUIa65N1O4ch+RQb+F7Yj8iYNRl78n2Y8noHRiMzSwQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNzdn+ILLv0m53xyw/E+MHkClaG6MB8GA1UdIwQY
MBaAFFnEz72HHELdVaV70P9WcTTzIrI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2NUUHZZY2NRdDFWcFh2UV8xWnhOUE1pc2o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy85MGY2MmItN2FlMi00OWQ2LWE0MmMt
ODk5ZjFlMWI3MzYwLzEvM04yZjRnc3VfU2JuZkhMRDhUNHdlUUtWb2JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy85MGY2MmItN2FlMi00OWQ2LWE0MmMtODk5ZjFlMWI3MzYw
LzEvV2NUUHZZY2NRdDFWcFh2UV8xWnhOUE1pc2o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLQ1EMA0E
AgACMAcDBQAqDt8AMA0GCSqGSIb3DQEBCwUAA4IBAQB7yphrPMP5dLznicTjYqXE
chNnaV6NTf68g+QKjssJoIDxOgmcSbGh4tuigz+HWJm/GEA3Y0uj8oiFWlirVcCR
o/0AhicFBDpiHZc9l+gUaAmkMH2GdF8daxIs1NUbs23eq/zI0Vi4pzggPboN8ZDc
PrdNtGRXWxpye5s6FJ+MH0eiln72yddzNa7Ul4nqJyyjpNQPCdYoX0gntb2wfauE
9TJIqipKxqvYvztQDakryXMhe/+7osKftV6gzhJqSW3esjREqE/FwPrfbxsNx9JN
Sms3xS7vWnulPZrSnDouOaw5hK1ZDA73sDETn+qbqQ/QComfIahcZQx+GwL9kBam
-----END CERTIFICATE-----
Generated at Sat Jun 7 22:58:43 2025 by rpki-client