Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/APKTg-iEc9UKLJEC62Vxbik4zas.roa
File: APKTg-iEc9UKLJEC62Vxbik4zas.roa (raw, json)
Hash identifier: DBghnvSBcifin/xuo5EuDTEz7mgJqmFWoRPRFvnWDsY=
Subject key identifier: 00:F2:93:83:E8:84:73:D5:0A:2C:91:02:EB:65:71:6E:29:38:CD:AB
Certificate issuer: /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial: 01917D6E8D2078F43A69D2BBD8AE520E51C8
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/APKTg-iEc9UKLJEC62Vxbik4zas.roa
Signing time: Fri 23 Aug 2024 04:11:22 +0000
ROA not before: Fri 23 Aug 2024 04:11:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12389
IP address blocks: 2a09:6285::/32 maxlen: 32
2a10:4105::/32 maxlen: 32
2a12:a346::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 21 Nov 2024 10:16:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:7d:6e:8d:20:78:f4:3a:69:d2:bb:d8:ae:52:0e:51:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Validity
Not Before: Aug 23 04:11:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=00f29383e88473d50a2c9102eb65716e2938cdab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:43:1f:48:13:1d:68:c7:d7:61:b6:0f:72:da:
d2:61:e7:56:03:64:0f:b3:9d:de:27:84:c6:df:a2:
ec:d7:92:d3:e7:97:c6:94:92:ac:ea:23:6f:73:5b:
1f:ce:83:31:b8:ca:ea:2f:ca:41:50:f5:f8:19:8f:
4f:f6:6b:1c:65:e2:61:46:e8:65:25:7d:47:f0:a3:
1b:91:76:1b:c5:ae:5e:f3:e7:01:d1:e7:f2:18:3c:
60:ea:cd:ba:b0:ba:fb:c8:5e:ae:40:e5:58:d0:13:
a2:cb:f9:5e:8e:08:5f:d6:f6:68:8c:fb:d9:4f:ba:
5d:8f:b1:fc:bf:c5:1b:d4:e9:a4:d2:45:a8:72:f4:
74:2b:54:24:83:08:0a:d1:02:be:7c:4b:6c:11:4b:
70:53:b6:45:31:9b:fb:1a:dc:2c:79:6a:68:b5:c0:
4f:c2:51:3e:f4:22:d2:4f:25:23:87:85:60:50:b2:
4a:96:79:ca:2d:d5:4b:c8:50:07:13:23:49:68:80:
27:46:fb:69:5c:cc:2f:74:0a:4d:85:9b:bf:61:b2:
f7:54:a2:52:db:94:9a:36:b8:b6:0b:ac:19:2a:cf:
d1:23:f5:93:62:70:bd:d7:eb:0b:b3:ad:b7:16:e5:
81:b4:a2:9f:d4:fd:0f:87:2b:7c:41:3a:f6:b5:6a:
f0:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:F2:93:83:E8:84:73:D5:0A:2C:91:02:EB:65:71:6E:29:38:CD:AB
X509v3 Authority Key Identifier:
keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/APKTg-iEc9UKLJEC62Vxbik4zas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a09:6285::/32
2a10:4105::/32
2a12:a346::/32
Signature Algorithm: sha256WithRSAEncryption
50:60:76:5b:4a:95:ec:a4:28:9b:0c:f8:bf:b5:48:d1:f1:fa:
e2:10:f9:06:f8:d9:02:03:83:84:4f:00:47:b8:3f:2c:8f:03:
ab:a6:ef:fe:d9:34:d7:35:1b:af:0f:53:c6:a9:82:d4:34:f3:
68:c1:ea:e3:45:18:61:e0:45:db:b4:1a:8a:8f:34:e4:8d:6c:
31:d5:18:5c:2f:af:4f:c6:53:b9:0b:07:c9:7b:b6:b9:85:7b:
08:cd:dc:87:6e:6f:8f:a9:16:92:8d:9f:26:29:72:be:28:e8:
21:8e:b4:07:af:2e:07:a5:55:42:d4:7d:92:ad:5d:93:d9:95:
64:ea:79:c1:70:df:dd:8a:4d:d9:51:4b:8c:ba:8d:bf:64:73:
f6:90:64:b3:21:ee:fe:df:71:eb:14:0c:28:72:c7:34:24:10:
e2:45:75:63:69:fc:79:00:a9:68:96:20:cb:e3:b9:ba:4c:3e:
e7:63:1d:d9:f2:9e:da:55:e5:aa:81:4f:0f:02:f0:05:37:ea:
36:3e:89:e0:e9:78:88:73:ce:3e:0e:d0:ad:df:f4:95:e3:ec:
f8:0e:d7:59:80:bc:b9:99:02:5d:e1:89:5e:9c:df:35:52:c6:
6c:62:89:18:79:1d:58:91:42:67:c8:8b:7d:f0:d1:65:ef:e5:
41:32:f9:2f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZF9bo0gePQ6adK72K5SDlHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjQwODIzMDQxMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGYyOTM4M2U4ODQ3M2Q1MGEyYzkxMDJlYjY1NzE2ZTI5MzhjZGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00MfSBMdaMfXYbYPctrSYedWA2QP
s53eJ4TG36Ls15LT55fGlJKs6iNvc1sfzoMxuMrqL8pBUPX4GY9P9mscZeJhRuhl
JX1H8KMbkXYbxa5e8+cB0efyGDxg6s26sLr7yF6uQOVY0BOiy/lejghf1vZojPvZ
T7pdj7H8v8Ub1Omk0kWocvR0K1QkgwgK0QK+fEtsEUtwU7ZFMZv7GtwseWpotcBP
wlE+9CLSTyUjh4VgULJKlnnKLdVLyFAHEyNJaIAnRvtpXMwvdApNhZu/YbL3VKJS
25SaNri2C6wZKs/RI/WTYnC91+sLs623FuWBtKKf1P0Phyt8QTr2tWrwDQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFADyk4PohHPVCiyRAutlcW4pOM2rMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvQVBLVGctaUVjOVVLTEpFQzYyVnhiaWs0emFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKglihQMF
ACoQQQUDBQAqEqNGMA0GCSqGSIb3DQEBCwUAA4IBAQBQYHZbSpXspCibDPi/tUjR
8friEPkG+NkCA4OETwBHuD8sjwOrpu/+2TTXNRuvD1PGqYLUNPNowerjRRhh4EXb
tBqKjzTkjWwx1RhcL69PxlO5CwfJe7a5hXsIzdyHbm+PqRaSjZ8mKXK+KOghjrQH
ry4HpVVC1H2SrV2T2ZVk6nnBcN/dik3ZUUuMuo2/ZHP2kGSzIe7+33HrFAwocsc0
JBDiRXVjafx5AKloliDL47m6TD7nYx3Z8p7aVeWqgU8PAvAFN+o2Pong6XiIc84+
DtCt3/SV4+z4DtdZgLy5mQJd4YlenN81UsZsYokYeR1YkUJnyIt98NFl7+VBMvkv
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:37:49 2025 by rpki-client