Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/RRFNSlfobpPO_VgDR8vNanrR95k.roa
File: RRFNSlfobpPO_VgDR8vNanrR95k.roa (raw, json)
Hash identifier: haaGWItMV3eWp35tCP0Req/FbJLx3rdSwYJxHB2/UKE=
Subject key identifier: 45:11:4D:4A:57:E8:6E:93:CE:FD:58:03:47:CB:CD:6A:7A:D1:F7:99
Certificate issuer: /CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
Certificate serial: 0194CB2376CB25273DEFFFD1ED2DF0CC1697
Authority key identifier: 53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/RRFNSlfobpPO_VgDR8vNanrR95k.roa
Signing time: Mon 03 Feb 2025 09:28:06 +0000
ROA not before: Mon 03 Feb 2025 09:28:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 200712
IP address blocks: 80.254.231.0/24 maxlen: 24
91.216.32.0/24 maxlen: 24
185.92.168.0/23 maxlen: 24
185.92.168.0/24 maxlen: 24
185.92.169.0/24 maxlen: 24
185.92.170.0/24 maxlen: 24
2a13:5240::/32 maxlen: 32
2a13:5243::/32 maxlen: 48
2a13:5245::/32 maxlen: 48
Validation: Failed, certificate revoked on Wed 26 Feb 2025 10:03:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:cb:23:76:cb:25:27:3d:ef:ff:d1:ed:2d:f0:cc:16:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53b46ab79b9fc58f5dc4cf29d72dc5267ec3edde
Validity
Not Before: Feb 3 09:28:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=45114d4a57e86e93cefd580347cbcd6a7ad1f799
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:9b:f2:60:fa:e4:c9:dc:90:b2:eb:75:18:d5:
e1:2d:13:a2:bf:7f:5e:59:b6:37:fd:b7:5a:71:2f:
f7:95:14:fc:0a:cc:ac:03:c8:53:d2:46:79:e7:8f:
7c:5c:2e:df:41:cb:19:4e:82:16:ec:b1:9a:ee:f9:
ef:50:4b:80:c4:3e:22:95:8b:21:b6:cf:cc:f0:b0:
ba:2b:6a:19:20:27:ed:bc:7f:82:95:5c:3f:08:2b:
91:6f:ad:d8:ad:f1:2c:c7:5f:74:07:80:cc:6b:16:
0a:68:3d:5c:83:dd:a1:a9:67:61:a3:ef:5e:2a:4a:
fd:49:09:e8:f7:de:6d:fb:b7:07:5b:36:72:7d:4c:
c1:c6:a4:d5:58:5b:8c:d9:c2:03:fa:b6:9a:d5:21:
6f:a9:7c:1a:b1:1d:81:f2:e8:f8:5a:76:08:e4:d6:
e9:99:35:8c:2b:d2:87:58:8e:c4:d8:b2:1c:b9:86:
61:b2:ea:9b:bd:ef:a9:de:9b:93:01:9d:d3:ca:c3:
fc:35:2b:5a:55:1d:cb:94:56:f6:d9:39:1b:78:50:
99:55:18:ad:a5:04:08:3e:63:36:75:ba:c1:60:4d:
ca:bf:a3:f6:b6:54:a0:51:b4:a8:35:78:09:8e:ed:
29:f1:07:b4:f0:2d:ee:2f:ce:e1:d1:2e:0d:b9:5e:
6d:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:11:4D:4A:57:E8:6E:93:CE:FD:58:03:47:CB:CD:6A:7A:D1:F7:99
X509v3 Authority Key Identifier:
keyid:53:B4:6A:B7:9B:9F:C5:8F:5D:C4:CF:29:D7:2D:C5:26:7E:C3:ED:DE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/RRFNSlfobpPO_VgDR8vNanrR95k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/ac9af6-7fc3-4d13-a594-060a4738091d/1/U7Rqt5ufxY9dxM8p1y3FJn7D7d4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.254.231.0/24
91.216.32.0/24
185.92.168.0-185.92.170.255
IPv6:
2a13:5240::/32
2a13:5243::/32
2a13:5245::/32
Signature Algorithm: sha256WithRSAEncryption
6c:34:04:00:6b:5f:d1:e1:5b:4a:35:bc:e1:e3:6c:df:b6:51:
93:4a:79:31:8c:3f:7a:39:0d:a9:7d:79:07:db:4b:7c:cb:fa:
d2:dc:9b:da:a4:89:03:9e:59:3c:e1:44:0d:2e:9d:29:a1:42:
4e:d2:ec:fe:c8:45:1a:22:d1:a6:93:dc:fc:3b:66:c2:21:eb:
70:db:93:b3:40:0d:ce:14:7b:89:63:10:8a:eb:c4:e3:88:42:
eb:7b:da:fd:8d:01:21:cf:e6:17:ff:15:bf:58:e0:ae:3b:1f:
2d:93:ce:9c:95:5e:d6:80:03:99:ae:6e:14:3a:d9:ae:97:5e:
1d:97:45:07:e7:5b:8e:dd:85:74:a6:08:5c:d8:14:d1:80:73:
6e:9e:77:a0:12:a7:8c:77:e4:30:95:b1:1e:73:ce:e9:95:f2:
d9:5d:4b:25:04:cb:fc:9c:51:c0:46:cf:8a:1b:3c:26:88:cb:
72:08:cc:1d:12:66:ac:e9:d8:99:5c:2e:51:75:7f:57:b6:5e:
2d:c5:30:fe:1b:73:46:a6:6a:a9:be:bf:d6:25:21:b4:1b:57:
a1:6f:e5:22:82:7d:9f:32:3d:9d:eb:d6:53:2a:3e:0e:38:aa:
ba:c2:d2:6a:8f:2f:a4:fe:00:5e:a8:01:98:c6:3f:9a:38:40:
7c:7d:c6:14
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAZTLI3bLJSc97//R7S3wzBaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjQ2YWI3OWI5ZmM1OGY1ZGM0Y2YyOWQ3MmRjNTI2N2Vj
M2VkZGUwHhcNMjUwMjAzMDkyODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTExNGQ0YTU3ZTg2ZTkzY2VmZDU4MDM0N2NiY2Q2YTdhZDFmNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJvyYPrkydyQsut1GNXhLROiv39e
WbY3/bdacS/3lRT8CsysA8hT0kZ55498XC7fQcsZToIW7LGa7vnvUEuAxD4ilYsh
ts/M8LC6K2oZICftvH+ClVw/CCuRb63YrfEsx190B4DMaxYKaD1cg92hqWdho+9e
Kkr9SQno995t+7cHWzZyfUzBxqTVWFuM2cID+raa1SFvqXwasR2B8uj4WnYI5Nbp
mTWMK9KHWI7E2LIcuYZhsuqbve+p3puTAZ3TysP8NStaVR3LlFb22TkbeFCZVRit
pQQIPmM2dbrBYE3Kv6P2tlSgUbSoNXgJju0p8Qe08C3uL87h0S4NuV5t4wIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFEURTUpX6G6Tzv1YA0fLzWp60feZMB8GA1UdIwQY
MBaAFFO0arebn8WPXcTPKdctxSZ+w+3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQt
MDYwYTQ3MzgwOTFkLzEvUlJGTlNsZm9icFBPX1ZnRFI4dk5hbnJSOTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hYzlhZjYtN2ZjMy00ZDEzLWE1OTQtMDYwYTQ3MzgwOTFk
LzEvVTdScXQ1dWZ4WTlkeE04cDF5M0ZKbjdEN2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAgBAIAATAaAwQAUP7nAwQA
W9ggMAwDBAO5XKgDBAC5XKowGwQCAAIwFQMFACoTUkADBQAqE1JDAwUAKhNSRTAN
BgkqhkiG9w0BAQsFAAOCAQEAbDQEAGtf0eFbSjW84eNs37ZRk0p5MYw/ejkNqX15
B9tLfMv60tyb2qSJA55ZPOFEDS6dKaFCTtLs/shFGiLRppPc/DtmwiHrcNuTs0AN
zhR7iWMQiuvE44hC63va/Y0BIc/mF/8Vv1jgrjsfLZPOnJVe1oADma5uFDrZrpde
HZdFB+dbjt2FdKYIXNgU0YBzbp53oBKnjHfkMJWxHnPO6ZXy2V1LJQTL/JxRwEbP
ihs8JojLcgjMHRJmrOnYmVwuUXV/V7ZeLcUw/htzRqZqqb6/1iUhtBtXoW/lIoJ9
nzI9nevWUyo+DjiqusLSao8vpP4AXqgBmMY/mjhAfH3GFA==
-----END CERTIFICATE-----
Generated at Sun Apr 27 22:18:15 2025 by rpki-client