Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/QxKeepNX2YsA4fWBre47KEa_xkg.roa
File: QxKeepNX2YsA4fWBre47KEa_xkg.roa (raw, json)
Hash identifier: E2/pABhFo/7ZxSFw/BJn/VApJP1hMLpoFcOYCUqGkQk=
Subject key identifier: 43:12:9E:7A:93:57:D9:8B:00:E1:F5:81:AD:EE:3B:28:46:BF:C6:48
Certificate issuer: /CN=ccfa88c22b1e7c52de71a37643dea3c3fcdd4954
Certificate serial: 018CCA29E4A4B2FAAFFFD196EBBBD96A4DC9
Authority key identifier: CC:FA:88:C2:2B:1E:7C:52:DE:71:A3:76:43:DE:A3:C3:FC:DD:49:54
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zPqIwisefFLecaN2Q96jw_zdSVQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/QxKeepNX2YsA4fWBre47KEa_xkg.roa
Signing time: Tue 02 Jan 2024 12:33:12 +0000
ROA not before: Tue 02 Jan 2024 12:33:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 15435
IP address blocks: 2001:67c:2c24::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 05:48:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:29:e4:a4:b2:fa:af:ff:d1:96:eb:bb:d9:6a:4d:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccfa88c22b1e7c52de71a37643dea3c3fcdd4954
Validity
Not Before: Jan 2 12:33:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=43129e7a9357d98b00e1f581adee3b2846bfc648
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:b0:8d:b5:73:43:1f:e2:24:3c:48:cb:2b:58:
9b:76:72:bc:34:c1:e7:fe:5b:0a:05:31:fb:9c:3c:
32:9f:2b:96:58:8a:63:9e:44:4c:87:74:e5:98:0f:
cd:7f:c9:b6:dc:31:8b:15:91:2e:46:8d:31:55:10:
97:f1:63:55:f6:5f:99:7d:4f:c1:42:51:3e:64:37:
c4:d5:a7:30:91:20:4c:4d:ca:99:5e:83:90:59:78:
00:4a:4b:ae:35:5a:c5:f3:ce:9c:82:06:dc:7f:99:
19:fa:80:af:97:95:cd:80:de:be:65:cb:1d:ea:78:
41:b5:a2:3b:45:36:36:f5:c8:41:ed:35:75:a6:7b:
e3:88:03:4b:e2:f1:22:b5:be:d3:2e:d8:54:b2:9c:
38:24:be:82:cc:96:bf:56:41:bd:d8:7b:c9:7a:a1:
ab:f1:14:5c:d3:fb:9e:a3:e2:f9:35:cc:8a:e8:e7:
fa:05:97:6f:09:1b:91:6a:5b:49:ad:19:2a:61:60:
48:d3:8d:86:0b:ea:3f:fc:b2:1e:ca:9f:c7:92:a3:
3a:79:72:30:5f:9f:50:d3:bb:fb:db:7e:09:0b:d4:
42:e5:79:7b:5f:40:14:85:33:43:1a:ea:ef:30:a0:
14:77:f4:e6:c1:3c:cc:51:94:af:89:48:9f:9f:fa:
7c:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:12:9E:7A:93:57:D9:8B:00:E1:F5:81:AD:EE:3B:28:46:BF:C6:48
X509v3 Authority Key Identifier:
keyid:CC:FA:88:C2:2B:1E:7C:52:DE:71:A3:76:43:DE:A3:C3:FC:DD:49:54
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zPqIwisefFLecaN2Q96jw_zdSVQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/QxKeepNX2YsA4fWBre47KEa_xkg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/1ae2b0-d93a-463c-a6b9-827b643af3d7/1/zPqIwisefFLecaN2Q96jw_zdSVQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:67c:2c24::/48
Signature Algorithm: sha256WithRSAEncryption
1f:c4:b2:7c:ed:87:c8:56:ca:b3:6b:ee:82:f7:63:1f:0c:47:
f8:5e:83:06:e1:46:1a:23:52:65:2e:da:f8:55:9b:04:8d:01:
16:52:9d:76:a7:7c:da:be:96:e7:b8:0a:da:69:d4:e1:06:d2:
f8:46:31:5c:f0:c1:31:63:7c:a7:07:8f:6a:89:4b:65:5d:41:
56:34:27:61:62:5a:d7:6f:35:4d:b3:cb:05:cf:4a:a2:86:a7:
0d:17:ac:59:08:65:49:30:36:da:7f:26:4f:f6:40:af:33:30:
dc:b7:3d:87:a2:6e:6a:69:81:0f:4a:0b:c0:62:7d:50:13:fb:
2f:61:9c:97:9d:52:6f:bb:3e:ff:bc:ad:fe:9b:80:32:c5:68:
0a:a0:fc:ad:4c:7e:e4:13:e0:71:d6:6f:36:79:5c:c5:0d:f8:
28:d2:ea:52:9d:01:4e:90:3b:84:9e:ee:73:b0:28:31:62:e1:
7b:17:48:b1:25:02:25:6d:09:4b:54:fb:c6:b2:91:e2:00:31:
d9:68:e7:85:ca:e3:5c:cd:0d:13:d5:66:8c:68:f4:18:6c:04:
3d:7f:aa:70:6b:ef:06:c7:de:f3:1b:65:0a:bd:09:68:20:41:
6e:e8:0d:c8:88:5c:ef:1c:c3:92:61:7e:e6:ba:b0:7a:10:61:
a5:a5:86:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzKKeSksvqv/9GW67vZak3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZmE4OGMyMmIxZTdjNTJkZTcxYTM3NjQzZGVhM2MzZmNk
ZDQ5NTQwHhcNMjQwMTAyMTIzMzEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzEyOWU3YTkzNTdkOThiMDBlMWY1ODFhZGVlM2IyODQ2YmZjNjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbCNtXNDH+IkPEjLK1ibdnK8NMHn
/lsKBTH7nDwynyuWWIpjnkRMh3TlmA/Nf8m23DGLFZEuRo0xVRCX8WNV9l+ZfU/B
QlE+ZDfE1acwkSBMTcqZXoOQWXgASkuuNVrF886cggbcf5kZ+oCvl5XNgN6+Zcsd
6nhBtaI7RTY29chB7TV1pnvjiANL4vEitb7TLthUspw4JL6CzJa/VkG92HvJeqGr
8RRc0/ueo+L5NcyK6Of6BZdvCRuRaltJrRkqYWBI042GC+o//LIeyp/HkqM6eXIw
X59Q07v7234JC9RC5Xl7X0AUhTNDGurvMKAUd/TmwTzMUZSviUifn/p8YwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEMSnnqTV9mLAOH1ga3uOyhGv8ZIMB8GA1UdIwQY
MBaAFMz6iMIrHnxS3nGjdkPeo8P83UlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelBxSXdpc2VmRkxlY2FOMlE5Nmp3X3pkU1ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xYWUyYjAtZDkzYS00NjNjLWE2Yjkt
ODI3YjY0M2FmM2Q3LzEvUXhLZWVwTlgyWXNBNGZXQnJlNDdLRWFfeGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xYWUyYjAtZDkzYS00NjNjLWE2YjktODI3YjY0M2FmM2Q3
LzEvelBxSXdpc2VmRkxlY2FOMlE5Nmp3X3pkU1ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCwk
MA0GCSqGSIb3DQEBCwUAA4IBAQAfxLJ87YfIVsqza+6C92MfDEf4XoMG4UYaI1Jl
Ltr4VZsEjQEWUp12p3zavpbnuAraadThBtL4RjFc8MExY3ynB49qiUtlXUFWNCdh
YlrXbzVNs8sFz0qihqcNF6xZCGVJMDbafyZP9kCvMzDctz2Hom5qaYEPSgvAYn1Q
E/svYZyXnVJvuz7/vK3+m4AyxWgKoPytTH7kE+Bx1m82eVzFDfgo0upSnQFOkDuE
nu5zsCgxYuF7F0ixJQIlbQlLVPvGspHiADHZaOeFyuNczQ0T1WaMaPQYbAQ9f6pw
a+8Gx97zG2UKvQloIEFu6A3IiFzvHMOSYX7murB6EGGlpYbD
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:33:49 2025 by rpki-client