Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/4qBD8BCWoM3qZiqdrjR2yla4Bog.roa
File: 4qBD8BCWoM3qZiqdrjR2yla4Bog.roa (raw, json)
Hash identifier: NHI2UXRzgnpfHSiJzK5/HjIaV/sFV36KERfsNOmhjEc=
Subject key identifier: E2:A0:43:F0:10:96:A0:CD:EA:66:2A:9D:AE:34:76:CA:56:B8:06:88
Certificate issuer: /CN=aac575cafa00bc41d57c494ac1f5dbcfee78332e
Certificate serial: 018CC79560916ADEBE51920902560CF3C303
Authority key identifier: AA:C5:75:CA:FA:00:BC:41:D5:7C:49:4A:C1:F5:DB:CF:EE:78:33:2E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/4qBD8BCWoM3qZiqdrjR2yla4Bog.roa
Signing time: Tue 02 Jan 2024 00:31:44 +0000
ROA not before: Tue 02 Jan 2024 00:31:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206478
IP address blocks: 185.174.32.0/22 maxlen: 22
195.225.200.0/22 maxlen: 22
2a10:4140::/29 maxlen: 48
Validation: Failed, certificate revoked on Wed 01 Jan 2025 21:47:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:95:60:91:6a:de:be:51:92:09:02:56:0c:f3:c3:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aac575cafa00bc41d57c494ac1f5dbcfee78332e
Validity
Not Before: Jan 2 00:31:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e2a043f01096a0cdea662a9dae3476ca56b80688
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:7d:0a:a9:09:64:de:e5:a8:9e:34:60:a1:09:
2c:08:e8:d7:b8:8f:81:17:f6:87:ec:95:bc:44:4d:
1e:13:3e:69:85:de:44:ec:18:a4:7c:ba:44:c7:e3:
73:53:80:64:36:ad:27:f4:78:32:6a:c1:4b:5b:a2:
c2:87:c1:e6:7e:53:2b:0e:9c:06:96:1b:76:8e:79:
4b:59:1b:00:3d:7c:b1:6f:b0:ad:1d:08:ef:55:26:
e6:ea:b4:9d:6c:54:88:b5:59:63:01:9e:27:40:1b:
b7:31:fa:39:1e:18:8c:0d:0e:cb:d6:3d:f6:7a:3c:
12:02:58:f8:f9:08:4e:d0:3f:1a:8b:d3:2f:1d:fb:
a8:f4:19:08:79:ae:b3:f6:f0:67:7b:82:e0:0e:62:
63:ac:71:24:e9:72:1a:e1:28:1e:f7:51:cf:73:2a:
85:24:7c:1e:31:6b:7a:6f:9e:04:11:9d:39:c8:68:
7d:d3:3d:6b:c3:d9:1c:b0:f9:29:b6:c2:62:d5:99:
8f:4f:cf:43:d7:4a:92:a1:31:21:40:92:f1:32:4f:
c1:63:10:4f:0e:9d:19:09:a0:e8:42:e0:db:06:06:
50:6a:d1:0b:c9:ab:bb:fa:39:f6:67:3d:52:69:62:
ca:24:8d:3b:94:1d:ce:00:00:c9:1f:49:1d:68:7f:
9d:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:A0:43:F0:10:96:A0:CD:EA:66:2A:9D:AE:34:76:CA:56:B8:06:88
X509v3 Authority Key Identifier:
keyid:AA:C5:75:CA:FA:00:BC:41:D5:7C:49:4A:C1:F5:DB:CF:EE:78:33:2E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qsV1yvoAvEHVfElKwfXbz-54My4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/4qBD8BCWoM3qZiqdrjR2yla4Bog.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/35d598-c32c-49a7-b1f6-8f913e2696e5/1/qsV1yvoAvEHVfElKwfXbz-54My4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.174.32.0/22
195.225.200.0/22
IPv6:
2a10:4140::/29
Signature Algorithm: sha256WithRSAEncryption
4c:8c:c5:c8:96:98:4f:3a:90:28:d6:09:29:6a:87:74:5d:49:
dd:ca:36:14:b7:a2:9f:ad:fc:2a:82:71:06:7c:f4:33:ec:94:
2d:ab:f8:bf:3d:4e:24:35:0f:81:74:94:66:32:57:b8:2e:f1:
54:13:5a:12:a8:dc:54:47:68:a7:ce:63:37:9c:e6:88:d8:53:
23:24:7d:e3:03:af:fa:67:aa:3d:81:5b:75:ee:61:77:9c:97:
80:82:66:89:a7:ce:a7:57:71:85:bb:9b:11:07:90:c5:ac:22:
fb:08:f0:e9:de:b2:d8:b7:2e:76:b1:5a:f7:e7:04:66:9f:3f:
31:f9:24:69:81:cb:09:c4:b0:4e:d6:05:15:cc:98:ac:80:0d:
da:1b:f9:c5:16:4f:26:56:bf:93:35:cc:c3:e1:27:5b:6a:28:
b2:f2:ac:36:74:a0:64:74:cc:cb:9a:3c:cf:34:f0:3e:4b:81:
df:17:4a:af:83:6f:16:84:8b:46:7e:c2:8e:2c:5e:95:1b:a7:
00:23:ce:d1:57:b2:9c:1d:90:b0:9a:1d:9a:a9:81:5a:87:bf:
dc:6c:7f:13:4c:df:84:31:80:c2:dc:82:6e:d5:50:85:27:21:
12:80:09:c3:23:61:b4:08:44:09:41:13:8c:fb:59:3e:d0:57:
0c:cb:c9:7b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzHlWCRat6+UZIJAlYM88MDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYzU3NWNhZmEwMGJjNDFkNTdjNDk0YWMxZjVkYmNmZWU3
ODMzMmUwHhcNMjQwMTAyMDAzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmEwNDNmMDEwOTZhMGNkZWE2NjJhOWRhZTM0NzZjYTU2YjgwNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl30KqQlk3uWonjRgoQksCOjXuI+B
F/aH7JW8RE0eEz5phd5E7BikfLpEx+NzU4BkNq0n9HgyasFLW6LCh8HmflMrDpwG
lht2jnlLWRsAPXyxb7CtHQjvVSbm6rSdbFSItVljAZ4nQBu3Mfo5HhiMDQ7L1j32
ejwSAlj4+QhO0D8ai9MvHfuo9BkIea6z9vBne4LgDmJjrHEk6XIa4Sge91HPcyqF
JHweMWt6b54EEZ05yGh90z1rw9kcsPkptsJi1ZmPT89D10qSoTEhQJLxMk/BYxBP
Dp0ZCaDoQuDbBgZQatELyau7+jn2Zz1SaWLKJI07lB3OAADJH0kdaH+dEQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFOKgQ/AQlqDN6mYqna40dspWuAaIMB8GA1UdIwQY
MBaAFKrFdcr6ALxB1XxJSsH128/ueDMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXNWMXl2b0F2RUhWZkVsS3dmWGJ6LTU0TXk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8zNWQ1OTgtYzMyYy00OWE3LWIxZjYt
OGY5MTNlMjY5NmU1LzEvNHFCRDhCQ1dvTTNxWmlxZHJqUjJ5bGE0Qm9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8zNWQ1OTgtYzMyYy00OWE3LWIxZjYtOGY5MTNlMjY5NmU1
LzEvcXNWMXl2b0F2RUhWZkVsS3dmWGJ6LTU0TXk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCua4gAwQC
w+HIMA0EAgACMAcDBQMqEEFAMA0GCSqGSIb3DQEBCwUAA4IBAQBMjMXIlphPOpAo
1gkpaod0XUndyjYUt6KfrfwqgnEGfPQz7JQtq/i/PU4kNQ+BdJRmMle4LvFUE1oS
qNxUR2inzmM3nOaI2FMjJH3jA6/6Z6o9gVt17mF3nJeAgmaJp86nV3GFu5sRB5DF
rCL7CPDp3rLYty52sVr35wRmnz8x+SRpgcsJxLBO1gUVzJisgA3aG/nFFk8mVr+T
NczD4Sdbaiiy8qw2dKBkdMzLmjzPNPA+S4HfF0qvg28WhItGfsKOLF6VG6cAI87R
V7KcHZCwmh2aqYFah7/cbH8TTN+EMYDC3IJu1VCFJyESgAnDI2G0CEQJQROM+1k+
0FcMy8l7
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:36:38 2025 by rpki-client