Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/2IY1e9mRbRINWFhoGDmBg6nCupE.roa
File: 2IY1e9mRbRINWFhoGDmBg6nCupE.roa (raw, json)
Hash identifier: zDC0aaCM53LVdL+nrwpGJ7L5wlz5nEjbRmZy4f6JqDw=
Subject key identifier: D8:86:35:7B:D9:91:6D:12:0D:58:58:68:18:39:81:83:A9:C2:BA:91
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 0195037C753C4B0D1C5467F854F952CD24DB
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/2IY1e9mRbRINWFhoGDmBg6nCupE.roa
Signing time: Fri 14 Feb 2025 08:04:02 +0000
ROA not before: Fri 14 Feb 2025 08:04:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 209641
IP address blocks: 2a0e:5643::/32 maxlen: 32
2a0e:5645::/32 maxlen: 32
2a0e:5905::/32 maxlen: 32
2a0e:8084::/32 maxlen: 32
2a0e:ccc4::/32 maxlen: 32
2a0f:6fc3::/32 maxlen: 32
2a0f:b4c2::/32 maxlen: 32
2a0f:c085::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 24 Feb 2025 11:50:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:03:7c:75:3c:4b:0d:1c:54:67:f8:54:f9:52:cd:24:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Feb 14 08:04:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d886357bd9916d120d58586818398183a9c2ba91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:63:36:f2:5d:10:c6:04:b9:82:a7:5a:12:d2:
4d:c8:a4:f5:ed:66:1e:8b:60:1c:0a:df:f7:24:31:
72:8a:87:18:6a:cd:a5:08:5f:90:02:5d:70:6c:01:
e0:16:bd:46:f1:37:3f:c9:f5:35:eb:0e:8e:dc:62:
a1:b7:19:47:f8:32:a9:20:e0:9d:fc:4a:01:b1:f8:
cd:41:ce:46:e9:c7:d3:bc:1b:d7:a1:96:08:12:6b:
6d:83:76:d5:74:97:91:34:88:9a:43:94:29:8d:a0:
09:16:77:ce:09:20:5b:2f:9f:13:38:e5:9f:70:1a:
3a:e7:25:5a:e7:2b:e0:0f:34:8e:86:1c:e8:1d:40:
cc:94:54:d0:1b:68:2d:d4:ae:74:fe:13:46:01:53:
70:0d:e6:86:d6:e0:dc:62:67:27:47:25:7b:8e:2e:
bb:a5:cf:b2:c6:a8:b7:32:d6:e3:36:b6:32:61:a1:
c7:f3:ec:63:e0:fb:8d:22:9a:17:2b:76:73:91:e4:
16:24:cb:46:3c:ef:69:4f:98:1a:54:35:4c:f6:31:
4a:01:71:1c:b5:36:02:4e:54:79:41:88:a1:b3:b8:
09:1d:ba:ea:4c:50:d7:71:af:96:72:f0:eb:60:d5:
79:86:39:55:df:5d:11:03:db:01:f7:24:e1:76:cc:
3d:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:86:35:7B:D9:91:6D:12:0D:58:58:68:18:39:81:83:A9:C2:BA:91
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/2IY1e9mRbRINWFhoGDmBg6nCupE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0e:5643::/32
2a0e:5645::/32
2a0e:5905::/32
2a0e:8084::/32
2a0e:ccc4::/32
2a0f:6fc3::/32
2a0f:b4c2::/32
2a0f:c085::/32
Signature Algorithm: sha256WithRSAEncryption
5f:39:f1:d5:0e:f0:97:3b:84:1e:7d:88:74:d4:67:d3:fa:0c:
9a:c9:f7:5a:78:1e:4e:74:81:c2:fe:4f:e3:eb:27:b1:b8:7b:
eb:b9:ef:1c:c9:ca:78:df:ea:21:ed:ed:6f:f5:99:04:71:f7:
34:b5:99:2b:af:29:1e:07:fb:50:ed:e0:53:eb:59:f1:d7:ea:
4e:64:61:44:2b:f1:63:8c:dd:d8:df:b8:95:9d:73:df:df:7b:
f1:6c:4e:3b:9a:eb:7f:d5:f0:19:46:f0:48:04:ae:bb:ad:f4:
3c:70:37:b2:50:f2:b0:65:64:56:a9:d5:14:2e:20:05:b2:32:
67:4f:25:bd:b4:fa:c0:0e:96:8a:25:29:29:ff:61:6d:bf:95:
d6:db:4b:f4:8e:a7:c1:6e:2e:e5:98:0d:51:f6:0f:84:a9:75:
4f:74:11:ec:67:7f:bf:c0:1b:35:89:ea:85:35:73:23:71:33:
63:f8:01:1a:7f:b3:ba:c0:b9:6b:79:2a:9b:8b:7b:54:a8:b2:
c9:37:cb:df:81:9d:15:54:67:2f:19:e6:14:a6:d4:bb:1e:4d:
4f:59:0e:38:cf:88:d8:12:55:02:fa:ca:1d:57:bf:b1:28:fe:
26:7b:1e:b2:ba:cd:95:12:20:c9:cd:78:52:fe:25:fb:18:6f:
96:6d:48:c4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZUDfHU8Sw0cVGf4VPlSzSTbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjUwMjE0MDgwNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODg2MzU3YmQ5OTE2ZDEyMGQ1ODU4NjgxODM5ODE4M2E5YzJiYTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGM28l0QxgS5gqdaEtJNyKT17WYe
i2AcCt/3JDFyiocYas2lCF+QAl1wbAHgFr1G8Tc/yfU16w6O3GKhtxlH+DKpIOCd
/EoBsfjNQc5G6cfTvBvXoZYIEmttg3bVdJeRNIiaQ5QpjaAJFnfOCSBbL58TOOWf
cBo65yVa5yvgDzSOhhzoHUDMlFTQG2gt1K50/hNGAVNwDeaG1uDcYmcnRyV7ji67
pc+yxqi3MtbjNrYyYaHH8+xj4PuNIpoXK3ZzkeQWJMtGPO9pT5gaVDVM9jFKAXEc
tTYCTlR5QYihs7gJHbrqTFDXca+WcvDrYNV5hjlV310RA9sB9yThdsw95wIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFNiGNXvZkW0SDVhYaBg5gYOpwrqRMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvMklZMWU5bVJiUklOV0Zob0dEbUJnNm5DdXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUAKg5WQwMF
ACoOVkUDBQAqDlkFAwUAKg6AhAMFACoOzMQDBQAqD2/DAwUAKg+0wgMFACoPwIUw
DQYJKoZIhvcNAQELBQADggEBAF858dUO8Jc7hB59iHTUZ9P6DJrJ91p4Hk50gcL+
T+PrJ7G4e+u57xzJynjf6iHt7W/1mQRx9zS1mSuvKR4H+1Dt4FPrWfHX6k5kYUQr
8WOM3djfuJWdc9/fe/FsTjua63/V8BlG8EgErrut9DxwN7JQ8rBlZFap1RQuIAWy
MmdPJb20+sAOloolKSn/YW2/ldbbS/SOp8FuLuWYDVH2D4SpdU90Eexnf7/AGzWJ
6oU1cyNxM2P4ARp/s7rAuWt5KpuLe1Sossk3y9+BnRVUZy8Z5hSm1LseTU9ZDjjP
iNgSVQL6yh1Xv7Eo/iZ7HrK6zZUSIMnNeFL+JfsYb5ZtSMQ=
-----END CERTIFICATE-----
Generated at Tue Apr 29 22:21:23 2025 by rpki-client