Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/5c981c-657c-45be-bff6-be5e050b00f0/1/4x1yh9AaI5FxO8FdUaTVxR1Twa0.roa
File: 4x1yh9AaI5FxO8FdUaTVxR1Twa0.roa (raw, json)
Hash identifier: yLQ+AQk3LFfFghrhJxsTCJo+OWVblqdCiNnkyrlzF/Q=
Subject key identifier: E3:1D:72:87:D0:1A:23:91:71:3B:C1:5D:51:A4:D5:C5:1D:53:C1:AD
Certificate issuer: /CN=ca9c980eaa16141b5c4815c6389ca25b3f2ed77c
Certificate serial: 018CC2DB4E39A091B496B81FCFB31614EA30
Authority key identifier: CA:9C:98:0E:AA:16:14:1B:5C:48:15:C6:38:9C:A2:5B:3F:2E:D7:7C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ypyYDqoWFBtcSBXGOJyiWz8u13w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fb/5c981c-657c-45be-bff6-be5e050b00f0/1/4x1yh9AaI5FxO8FdUaTVxR1Twa0.roa
Signing time: Mon 01 Jan 2024 02:30:01 +0000
ROA not before: Mon 01 Jan 2024 02:30:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 202329
IP address blocks: 2001:678:6e0::/48 maxlen: 48
2001:678:6e3::/48 maxlen: 48
2001:678:6e0::/45 maxlen: 45
2001:678:6e2::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 05:49:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:db:4e:39:a0:91:b4:96:b8:1f:cf:b3:16:14:ea:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ca9c980eaa16141b5c4815c6389ca25b3f2ed77c
Validity
Not Before: Jan 1 02:30:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e31d7287d01a2391713bc15d51a4d5c51d53c1ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:bb:eb:5e:b6:fc:11:51:05:8c:1f:e0:1c:49:
23:d6:f6:84:07:51:b1:33:2d:00:7f:c2:4f:40:0f:
54:67:fd:e2:f9:ba:57:1d:6d:b6:79:f4:ff:00:c7:
d4:42:d9:57:13:51:96:52:e8:34:2e:fb:6f:d3:ec:
6a:58:a3:57:0b:d5:8b:ff:3c:94:32:a4:f3:e5:41:
ff:e0:65:23:8e:50:a2:31:d6:80:5d:41:e3:ac:b3:
18:a6:e6:90:9e:ec:4e:97:24:53:b4:8b:c7:a4:a8:
3a:94:49:c2:31:b5:e9:ce:1c:c2:45:15:06:05:af:
0a:47:90:3c:f5:7f:bf:26:83:74:74:db:97:4a:68:
de:f9:48:56:17:b4:f5:4f:d0:a2:af:28:61:2b:cc:
0a:55:ab:8e:1e:5a:87:69:d5:66:14:ae:5a:25:5d:
5d:92:7f:d6:e4:72:3f:7a:73:c3:a6:c7:ee:1a:cc:
02:e9:b7:98:10:09:d1:54:65:8c:9c:03:7b:62:e5:
9f:4c:0c:f7:3c:a5:be:fc:38:e3:df:93:9c:07:06:
80:13:69:49:fe:f0:4a:38:7f:2b:44:b2:ca:e2:f8:
47:2e:48:c2:d3:eb:d3:6c:c7:d9:dc:85:f4:9d:2e:
93:a4:b6:c1:91:ad:76:2f:5d:9f:89:63:cb:84:14:
96:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:1D:72:87:D0:1A:23:91:71:3B:C1:5D:51:A4:D5:C5:1D:53:C1:AD
X509v3 Authority Key Identifier:
keyid:CA:9C:98:0E:AA:16:14:1B:5C:48:15:C6:38:9C:A2:5B:3F:2E:D7:7C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypyYDqoWFBtcSBXGOJyiWz8u13w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5c981c-657c-45be-bff6-be5e050b00f0/1/4x1yh9AaI5FxO8FdUaTVxR1Twa0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/5c981c-657c-45be-bff6-be5e050b00f0/1/ypyYDqoWFBtcSBXGOJyiWz8u13w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2001:678:6e0::/45
Signature Algorithm: sha256WithRSAEncryption
62:35:60:8d:b2:54:00:a0:98:fc:e5:5a:e5:a5:41:24:a9:e1:
19:f8:2a:24:68:67:a5:cd:8f:87:a9:f3:fd:68:eb:fe:7f:ac:
e9:ea:bb:08:d4:86:63:f2:61:97:7b:f6:4a:b9:9e:3a:b9:73:
af:d9:a3:70:6e:b9:0a:54:d3:09:93:eb:97:a4:62:86:1c:b5:
ee:eb:65:39:00:f9:3f:c8:27:e9:78:22:0f:05:23:8d:a3:01:
b8:5e:5e:af:fe:ed:78:32:4c:65:99:9a:b9:f8:63:f3:2b:43:
37:2e:44:39:e6:1d:45:f3:a8:94:86:d2:1b:6e:53:b7:f0:a5:
5c:07:0c:22:81:aa:81:d6:f4:cc:ab:cd:db:34:02:52:c7:c1:
64:fb:8c:1a:8f:c1:1b:9a:50:78:53:0d:5b:f1:92:4b:85:c9:
db:ba:cb:cd:67:ff:ce:9a:b4:6a:97:27:f3:1e:67:cb:22:2d:
33:65:bc:9d:16:3f:03:e3:82:02:39:2c:7b:18:fa:42:56:5a:
28:44:60:67:ee:04:c0:61:41:3b:b7:c6:69:72:aa:3e:2b:de:
b8:77:95:77:39:d4:5c:1e:75:bc:0b:c4:90:1e:50:59:60:7a:
25:fd:f5:b3:c4:5a:b2:54:e0:ee:e8:e1:4a:6e:4e:6b:2b:7a:
3b:54:4f:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzC2045oJG0lrgfz7MWFOowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOWM5ODBlYWExNjE0MWI1YzQ4MTVjNjM4OWNhMjViM2Yy
ZWQ3N2MwHhcNMjQwMTAxMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzFkNzI4N2QwMWEyMzkxNzEzYmMxNWQ1MWE0ZDVjNTFkNTNjMWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobvrXrb8EVEFjB/gHEkj1vaEB1Gx
My0Af8JPQA9UZ/3i+bpXHW22efT/AMfUQtlXE1GWUug0Lvtv0+xqWKNXC9WL/zyU
MqTz5UH/4GUjjlCiMdaAXUHjrLMYpuaQnuxOlyRTtIvHpKg6lEnCMbXpzhzCRRUG
Ba8KR5A89X+/JoN0dNuXSmje+UhWF7T1T9CiryhhK8wKVauOHlqHadVmFK5aJV1d
kn/W5HI/enPDpsfuGswC6beYEAnRVGWMnAN7YuWfTAz3PKW+/Djj35OcBwaAE2lJ
/vBKOH8rRLLK4vhHLkjC0+vTbMfZ3IX0nS6TpLbBka12L12fiWPLhBSWvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOMdcofQGiORcTvBXVGk1cUdU8GtMB8GA1UdIwQY
MBaAFMqcmA6qFhQbXEgVxjicols/Ltd8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXB5WURxb1dGQnRjU0JYR09KeWlXejh1MTN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi81Yzk4MWMtNjU3Yy00NWJlLWJmZjYt
YmU1ZTA1MGIwMGYwLzEvNHgxeWg5QWFJNUZ4TzhGZFVhVFZ4UjFUd2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi81Yzk4MWMtNjU3Yy00NWJlLWJmZjYtYmU1ZTA1MGIwMGYw
LzEveXB5WURxb1dGQnRjU0JYR09KeWlXejh1MTN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDIAEGeAbg
MA0GCSqGSIb3DQEBCwUAA4IBAQBiNWCNslQAoJj85VrlpUEkqeEZ+CokaGelzY+H
qfP9aOv+f6zp6rsI1IZj8mGXe/ZKuZ46uXOv2aNwbrkKVNMJk+uXpGKGHLXu62U5
APk/yCfpeCIPBSONowG4Xl6v/u14MkxlmZq5+GPzK0M3LkQ55h1F86iUhtIbblO3
8KVcBwwigaqB1vTMq83bNAJSx8Fk+4waj8EbmlB4Uw1b8ZJLhcnbusvNZ//OmrRq
lyfzHmfLIi0zZbydFj8D44ICOSx7GPpCVlooRGBn7gTAYUE7t8Zpcqo+K964d5V3
OdRcHnW8C8SQHlBZYHol/fWzxFqyVODu6OFKbk5rK3o7VE/b
-----END CERTIFICATE-----
Generated at Sun Apr 13 03:14:57 2025 by rpki-client