Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/zWYDae8lEofQzFs3oRqMtHudggM.roa
File: zWYDae8lEofQzFs3oRqMtHudggM.roa (raw, json)
Hash identifier: XQQeEANYROchXV/GYagvccQtMtUZeseWwXxm8uvMWJk=
Subject key identifier: CD:66:03:69:EF:25:12:87:D0:CC:5B:37:A1:1A:8C:B4:7B:9D:82:03
Certificate issuer: /CN=5f5980132d193e270ed1efe0ad2849fe8ab0d76c
Certificate serial: 01917DC0F4264BB6B99DBB2F03C0BC4FC1B9
Authority key identifier: 5F:59:80:13:2D:19:3E:27:0E:D1:EF:E0:AD:28:49:FE:8A:B0:D7:6C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X1mAEy0ZPicO0e_grShJ_oqw12w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/zWYDae8lEofQzFs3oRqMtHudggM.roa
Signing time: Fri 23 Aug 2024 05:41:22 +0000
ROA not before: Fri 23 Aug 2024 05:41:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197902
IP address blocks: 141.138.172.0/22 maxlen: 22
2a03:3c00:c000::/34 maxlen: 34
2a03:3c00:c001::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 28 Oct 2024 05:45:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:7d:c0:f4:26:4b:b6:b9:9d:bb:2f:03:c0:bc:4f:c1:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f5980132d193e270ed1efe0ad2849fe8ab0d76c
Validity
Not Before: Aug 23 05:41:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cd660369ef251287d0cc5b37a11a8cb47b9d8203
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:89:cd:51:00:ba:98:1f:8e:90:87:ab:77:1c:
fe:54:75:31:f5:a3:60:14:15:8e:2c:e1:0a:5f:70:
c8:e7:34:4c:ac:10:46:9f:f5:d2:d2:47:cd:cf:3d:
e7:cc:91:93:21:48:c4:3a:be:cf:ea:ac:de:81:d0:
bc:84:7f:02:2d:f7:fb:14:b2:3b:3c:1b:18:62:00:
20:ce:98:2d:e5:75:0d:95:d7:d0:9d:36:59:1a:b5:
3b:e7:d5:bd:c3:51:5a:3b:20:39:53:c3:e9:2d:d5:
f5:33:e8:fe:b8:39:e7:90:8f:51:90:9a:5e:26:23:
fb:98:49:13:af:50:9b:41:91:8a:9a:a4:43:d2:3c:
a3:56:43:cf:00:a7:a5:42:84:9e:1b:0e:0b:3f:b3:
a5:57:56:a3:eb:02:dd:77:a2:bd:5c:0e:66:a9:65:
55:ff:6b:33:44:01:c7:bd:fc:6e:8a:99:4f:14:4a:
47:88:9a:8c:4a:51:d2:1d:f5:03:a7:12:dd:40:38:
89:35:d3:62:8e:58:f7:b3:82:36:87:af:63:ed:ab:
3d:19:9e:ef:6c:7a:38:41:22:28:a5:74:0c:00:6f:
ea:eb:b2:3e:b4:53:d5:f1:78:7c:0c:e0:a7:59:49:
a8:98:ed:f2:54:a3:80:fd:eb:43:b2:ce:9b:5a:09:
de:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:66:03:69:EF:25:12:87:D0:CC:5B:37:A1:1A:8C:B4:7B:9D:82:03
X509v3 Authority Key Identifier:
keyid:5F:59:80:13:2D:19:3E:27:0E:D1:EF:E0:AD:28:49:FE:8A:B0:D7:6C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X1mAEy0ZPicO0e_grShJ_oqw12w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/zWYDae8lEofQzFs3oRqMtHudggM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/aa8ac8-13b8-4197-be56-1e1de91a987c/1/X1mAEy0ZPicO0e_grShJ_oqw12w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.138.172.0/22
IPv6:
2a03:3c00:c000::/34
Signature Algorithm: sha256WithRSAEncryption
ae:19:4f:2e:0c:05:0a:47:bd:98:6b:4e:5b:bf:6c:55:e0:91:
98:65:c5:84:ad:19:cf:6c:82:5b:88:77:ce:02:65:7f:b4:93:
74:e6:87:a3:42:85:95:7f:9a:44:42:8e:9a:b3:ad:14:de:e3:
4a:e7:a0:42:dc:5b:5b:90:eb:ce:7d:74:65:e0:9d:b5:4d:30:
77:d2:29:d2:cc:51:0a:41:7b:26:7f:44:b0:ef:12:64:d9:c5:
d2:12:0a:fa:f2:de:6e:86:cd:cf:11:6e:85:a8:08:fa:cb:2d:
32:be:7d:b8:3e:01:86:f0:0c:cc:53:1c:44:1a:40:88:74:39:
21:90:aa:b7:b6:e2:f3:6f:7f:18:bb:e3:91:44:f7:df:c5:92:
2e:6b:9b:7f:95:a9:2d:43:ea:b5:92:d3:f3:48:f9:16:59:00:
86:10:42:27:22:b2:7a:14:18:06:08:06:57:58:47:3b:a2:de:
7a:24:06:cc:6c:e8:e9:e6:7a:2a:b0:65:d0:54:77:0f:2a:7f:
1b:a9:6b:48:b3:fd:51:60:1b:91:07:01:6c:21:39:2d:4f:bc:
bd:dc:c5:f2:46:e6:25:bb:b3:32:82:df:2f:d0:77:59:75:f7:
dc:00:84:f3:35:a6:18:ce:c8:86:b5:bf:71:ba:5d:d4:0b:ee:
86:d2:06:0d
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZF9wPQmS7a5nbsvA8C8T8G5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmNTk4MDEzMmQxOTNlMjcwZWQxZWZlMGFkMjg0OWZlOGFi
MGQ3NmMwHhcNMjQwODIzMDU0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDY2MDM2OWVmMjUxMjg3ZDBjYzViMzdhMTFhOGNiNDdiOWQ4MjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsonNUQC6mB+OkIerdxz+VHUx9aNg
FBWOLOEKX3DI5zRMrBBGn/XS0kfNzz3nzJGTIUjEOr7P6qzegdC8hH8CLff7FLI7
PBsYYgAgzpgt5XUNldfQnTZZGrU759W9w1FaOyA5U8PpLdX1M+j+uDnnkI9RkJpe
JiP7mEkTr1CbQZGKmqRD0jyjVkPPAKelQoSeGw4LP7OlV1aj6wLdd6K9XA5mqWVV
/2szRAHHvfxuiplPFEpHiJqMSlHSHfUDpxLdQDiJNdNijlj3s4I2h69j7as9GZ7v
bHo4QSIopXQMAG/q67I+tFPV8Xh8DOCnWUmomO3yVKOA/etDss6bWgnemwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFM1mA2nvJRKH0MxbN6EajLR7nYIDMB8GA1UdIwQY
MBaAFF9ZgBMtGT4nDtHv4K0oSf6KsNdsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDFtQUV5MFpQaWNPMGVfZ3JTaEpfb3F3MTJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9hYThhYzgtMTNiOC00MTk3LWJlNTYt
MWUxZGU5MWE5ODdjLzEveldZRGFlOGxFb2ZRekZzM29ScU10SHVkZ2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9hYThhYzgtMTNiOC00MTk3LWJlNTYtMWUxZGU5MWE5ODdj
LzEvWDFtQUV5MFpQaWNPMGVfZ3JTaEpfb3F3MTJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCjYqsMA4E
AgACMAgDBgYqAzwAwDANBgkqhkiG9w0BAQsFAAOCAQEArhlPLgwFCke9mGtOW79s
VeCRmGXFhK0Zz2yCW4h3zgJlf7STdOaHo0KFlX+aREKOmrOtFN7jSuegQtxbW5Dr
zn10ZeCdtU0wd9Ip0sxRCkF7Jn9EsO8SZNnF0hIK+vLebobNzxFuhagI+sstMr59
uD4BhvAMzFMcRBpAiHQ5IZCqt7bi829/GLvjkUT338WSLmubf5WpLUPqtZLT80j5
FlkAhhBCJyKyehQYBggGV1hHO6LeeiQGzGzo6eZ6KrBl0FR3Dyp/G6lrSLP9UWAb
kQcBbCE5LU+8vdzF8kbmJbuzMoLfL9B3WXX33ACE8zWmGM7IhrW/cbpd1AvuhtIG
DQ==
-----END CERTIFICATE-----
Generated at Thu Apr 17 13:41:25 2025 by rpki-client