Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/x5ZjOe80Dfqi5YPzR-s5XFUxSgg.roa
File: x5ZjOe80Dfqi5YPzR-s5XFUxSgg.roa (raw, json)
Hash identifier: 0XMmsO2PrK/zB3aJ8AwvImJ03IJTEBusP9V9q2p/2ww=
Subject key identifier: C7:96:63:39:EF:34:0D:FA:A2:E5:83:F3:47:EB:39:5C:55:31:4A:08
Certificate issuer: /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial: 019208A86D846070F9BDE64737EDE6AA1C99
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/x5ZjOe80Dfqi5YPzR-s5XFUxSgg.roa
Signing time: Thu 19 Sep 2024 05:01:48 +0000
ROA not before: Thu 19 Sep 2024 05:01:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 216167
IP address blocks: 103.102.230.0/24 maxlen: 24
103.102.231.0/24 maxlen: 24
203.55.81.0/24 maxlen: 24
2a13:c7c0::/32 maxlen: 48
Validation: Failed, certificate revoked on Sat 21 Sep 2024 10:15:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:08:a8:6d:84:60:70:f9:bd:e6:47:37:ed:e6:aa:1c:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Validity
Not Before: Sep 19 05:01:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c7966339ef340dfaa2e583f347eb395c55314a08
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:13:d6:97:ae:21:0f:2a:48:98:03:de:55:6a:
fa:f7:4a:c3:39:39:a1:7b:f8:00:d4:bb:43:84:6b:
ba:81:9b:ef:54:87:29:ba:72:07:d1:cf:75:32:e4:
46:66:e5:d1:9e:1f:57:89:dd:7c:c7:03:f9:8f:db:
8d:87:43:b3:6b:5c:33:23:47:19:05:fd:7a:ed:36:
27:3d:58:c0:0c:24:74:17:c0:b7:3d:91:f9:2e:40:
46:25:51:bb:08:cc:ab:85:b4:c7:9d:ce:a6:0b:08:
26:52:8a:f2:ff:84:8c:23:44:f0:f1:fb:0b:5f:b5:
ca:35:1e:63:b0:3c:b5:85:9e:31:22:00:1e:81:1e:
21:e1:23:94:c9:74:4e:0f:4c:9b:c6:73:27:07:14:
2b:b0:f8:df:88:b7:f7:39:d9:22:5b:97:cf:82:9c:
0f:df:36:d6:c2:2d:42:13:d3:55:ff:c5:8f:42:28:
45:8e:8a:c7:f6:b1:2d:20:7d:28:58:6c:ca:14:4e:
94:c1:75:5c:23:2e:85:13:bc:37:d8:3b:6b:eb:d7:
98:a8:00:6a:de:58:f3:dd:f5:11:cf:32:67:12:fb:
db:75:88:4a:a3:91:a4:92:dd:40:87:d7:13:96:62:
8a:80:77:77:76:d2:66:a1:2f:9a:b7:ea:a0:0e:5f:
79:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:96:63:39:EF:34:0D:FA:A2:E5:83:F3:47:EB:39:5C:55:31:4A:08
X509v3 Authority Key Identifier:
keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/x5ZjOe80Dfqi5YPzR-s5XFUxSgg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
103.102.230.0/23
203.55.81.0/24
IPv6:
2a13:c7c0::/32
Signature Algorithm: sha256WithRSAEncryption
43:43:73:95:48:0b:ba:09:67:55:dd:cb:a2:f0:07:96:82:a4:
1d:fe:e7:99:5b:e2:13:15:a8:0f:db:ac:21:5a:a2:e5:de:d9:
83:aa:d0:da:84:a8:d4:e1:12:7c:fc:3d:07:29:2b:32:8d:dc:
dd:34:1b:3c:38:b0:0b:96:04:bb:ab:25:ce:89:1c:be:c0:a8:
d5:5a:94:b8:50:8b:8b:0e:20:71:1f:f8:d6:d2:ee:31:47:ac:
ca:93:1a:59:1f:38:c4:fe:89:bc:f8:13:4e:0e:ae:c7:b1:b8:
50:4c:70:19:32:f5:9f:3d:40:46:c7:23:e6:1e:d0:9d:fd:f3:
bc:aa:68:e7:3a:02:3d:1e:6b:7d:1d:0b:a9:17:69:cc:5d:64:
39:85:2d:e1:69:36:f2:8d:7c:0d:38:15:8f:9b:0a:09:0b:3e:
1d:51:b4:3f:51:4d:71:1e:a6:ff:38:f9:e5:95:a0:17:c8:8f:
a2:f6:a0:14:b9:d9:52:70:50:25:23:89:25:48:06:db:18:1d:
b5:f8:8f:fa:c8:a0:8f:6a:62:b2:4d:eb:bb:70:1d:64:47:60:
3d:6f:ed:bc:36:fd:57:3b:5d:44:d5:73:ff:dc:47:80:8a:04:
db:a4:f4:2f:b5:31:d5:78:d9:da:b3:d5:a1:d5:42:52:3a:12:
3a:0d:34:a6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZIIqG2EYHD5veZHN+3mqhyZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjQwOTE5MDUwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzk2NjMzOWVmMzQwZGZhYTJlNTgzZjM0N2ViMzk1YzU1MzE0YTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRPWl64hDypImAPeVWr690rDOTmh
e/gA1LtDhGu6gZvvVIcpunIH0c91MuRGZuXRnh9Xid18xwP5j9uNh0Oza1wzI0cZ
Bf167TYnPVjADCR0F8C3PZH5LkBGJVG7CMyrhbTHnc6mCwgmUory/4SMI0Tw8fsL
X7XKNR5jsDy1hZ4xIgAegR4h4SOUyXROD0ybxnMnBxQrsPjfiLf3OdkiW5fPgpwP
3zbWwi1CE9NV/8WPQihFjorH9rEtIH0oWGzKFE6UwXVcIy6FE7w32Dtr69eYqABq
3ljz3fURzzJnEvvbdYhKo5Gkkt1Ah9cTlmKKgHd3dtJmoS+at+qgDl95nQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMeWYznvNA36ouWD80frOVxVMUoIMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEveDVaak9lODBEZnFpNVlQelItczVYRlV4U2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBZ2bmAwQA
yzdRMA0EAgACMAcDBQAqE8fAMA0GCSqGSIb3DQEBCwUAA4IBAQBDQ3OVSAu6CWdV
3cui8AeWgqQd/ueZW+ITFagP26whWqLl3tmDqtDahKjU4RJ8/D0HKSsyjdzdNBs8
OLALlgS7qyXOiRy+wKjVWpS4UIuLDiBxH/jW0u4xR6zKkxpZHzjE/om8+BNODq7H
sbhQTHAZMvWfPUBGxyPmHtCd/fO8qmjnOgI9Hmt9HQupF2nMXWQ5hS3haTbyjXwN
OBWPmwoJCz4dUbQ/UU1xHqb/OPnllaAXyI+i9qAUudlScFAlI4klSAbbGB21+I/6
yKCPamKyTeu7cB1kR2A9b+28Nv1XO11E1XP/3EeAigTbpPQvtTHVeNnas9Wh1UJS
OhI6DTSm
-----END CERTIFICATE-----
Generated at Tue Apr 22 13:35:03 2025 by rpki-client