Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/BPlLnypPiuagZWcrE6iAVNghCOU.roa
File: BPlLnypPiuagZWcrE6iAVNghCOU.roa (raw, json)
Hash identifier: RofoPCZ6ir6aVHGZW0D501kjmtwNGd4wnfrYSGTr0nk=
Subject key identifier: 04:F9:4B:9F:2A:4F:8A:E6:A0:65:67:2B:13:A8:80:54:D8:21:08:E5
Certificate issuer: /CN=b78678bd654ca6b10a5c773bc269754dc234cfd5
Certificate serial: 0194258F433A4B84FC3C1ADD8A18F69ED65F
Authority key identifier: B7:86:78:BD:65:4C:A6:B1:0A:5C:77:3B:C2:69:75:4D:C2:34:CF:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/t4Z4vWVMprEKXHc7wml1TcI0z9U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/BPlLnypPiuagZWcrE6iAVNghCOU.roa
Signing time: Thu 02 Jan 2025 05:48:53 +0000
ROA not before: Thu 02 Jan 2025 05:48:53 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 29119
IP address blocks: 2.59.244.0/22 maxlen: 22
89.38.216.0/21 maxlen: 21
103.95.124.0/22 maxlen: 22
103.132.4.0/22 maxlen: 22
103.204.220.0/23 maxlen: 23
185.124.100.0/22 maxlen: 22
185.250.76.0/22 maxlen: 22
193.36.96.0/22 maxlen: 22
Validation: Failed, certificate revoked on Tue 01 Apr 2025 11:21:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:43:3a:4b:84:fc:3c:1a:dd:8a:18:f6:9e:d6:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b78678bd654ca6b10a5c773bc269754dc234cfd5
Validity
Not Before: Jan 2 05:48:53 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=04f94b9f2a4f8ae6a065672b13a88054d82108e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:54:bc:c0:77:7b:68:8f:de:cc:12:8c:5a:e3:
cb:ef:f0:81:67:81:0f:da:96:6d:36:ce:53:fe:9a:
3a:f4:69:d4:7a:12:c5:4e:31:d8:a1:3e:ec:c9:c6:
af:d3:af:8f:40:80:62:80:2b:a7:57:fd:3e:2a:66:
1e:d6:ba:08:dc:40:f7:0e:32:3b:e3:a4:5b:a6:dd:
7a:93:61:af:0d:bc:ff:72:70:35:25:da:4e:41:01:
40:a1:57:74:e2:46:3d:8e:aa:ce:8c:7a:5d:b2:cd:
4c:f1:bd:3d:3a:82:bd:67:21:2c:ca:54:f1:89:8d:
a3:77:54:83:1d:26:5e:ed:8b:2e:8f:62:9c:91:f3:
b0:2a:af:1c:2a:9c:e6:bf:fa:96:c3:1b:3e:a2:55:
64:7c:3c:f3:50:73:87:57:f9:b2:15:57:9b:00:08:
c8:b3:ef:f6:4f:11:04:13:1e:ef:32:f9:11:f7:e3:
b5:b9:fe:54:89:6a:06:18:f3:2f:54:6b:a7:4b:5d:
f4:09:16:66:36:cb:e4:e0:9c:8b:5f:b0:88:c4:9f:
8d:f9:c6:60:c2:b7:39:40:72:ab:b8:18:e6:a0:04:
bf:23:04:c6:56:82:b3:3d:5e:b9:ac:c7:48:83:fd:
57:0a:28:e2:af:e8:c9:ca:36:88:b7:1a:c0:ec:3b:
02:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:F9:4B:9F:2A:4F:8A:E6:A0:65:67:2B:13:A8:80:54:D8:21:08:E5
X509v3 Authority Key Identifier:
keyid:B7:86:78:BD:65:4C:A6:B1:0A:5C:77:3B:C2:69:75:4D:C2:34:CF:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t4Z4vWVMprEKXHc7wml1TcI0z9U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/BPlLnypPiuagZWcrE6iAVNghCOU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/480f4a-a937-4149-aee8-e32924ac7b63/1/t4Z4vWVMprEKXHc7wml1TcI0z9U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.244.0/22
89.38.216.0/21
103.95.124.0/22
103.132.4.0/22
103.204.220.0/23
185.124.100.0/22
185.250.76.0/22
193.36.96.0/22
Signature Algorithm: sha256WithRSAEncryption
05:90:72:d8:a9:09:c9:ed:bf:13:0e:01:8a:08:6f:c4:3f:df:
da:eb:d4:bf:05:52:96:24:e7:b5:cc:8e:32:51:1f:63:43:e9:
3e:d3:b7:6a:01:5f:78:b7:d0:db:96:34:69:1b:2f:ed:bf:16:
61:a3:ff:90:89:4c:8f:59:07:3e:32:d0:de:00:ef:5d:0b:1f:
3d:19:15:b6:8f:0f:40:99:dc:76:e6:78:b3:e5:78:e8:4d:72:
c7:b9:9f:43:d9:b1:9b:e5:93:11:bd:f1:d7:a9:af:cc:26:ac:
09:7f:10:1a:eb:54:de:76:40:5f:f4:f6:e3:cf:19:ab:57:06:
53:7e:8f:e8:46:0d:01:37:c5:45:d9:e9:e3:60:da:ab:63:ca:
f2:62:17:13:d1:56:8d:f1:66:18:30:6b:76:9a:ef:60:72:d1:
e5:75:25:0e:92:e0:8f:fa:25:ac:bd:90:45:c5:a9:e5:12:86:
1f:72:5f:92:9f:a3:38:64:7d:7d:dc:8e:99:10:27:6e:6e:e5:
8a:d9:83:17:bd:dd:aa:42:00:c3:06:0c:9a:71:c7:c7:ec:8d:
2d:a7:d6:50:e1:1e:f8:5f:7e:8f:22:61:48:bf:82:71:a1:ef:
1b:aa:35:28:99:25:91:a9:fd:6f:b7:67:bd:c6:29:2c:47:2a:
8c:db:5e:b0
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZQlj0M6S4T8PBrdihj2ntZfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ODY3OGJkNjU0Y2E2YjEwYTVjNzczYmMyNjk3NTRkYzIz
NGNmZDUwHhcNMjUwMTAyMDU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGY5NGI5ZjJhNGY4YWU2YTA2NTY3MmIxM2E4ODA1NGQ4MjEwOGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFS8wHd7aI/ezBKMWuPL7/CBZ4EP
2pZtNs5T/po69GnUehLFTjHYoT7sycav06+PQIBigCunV/0+KmYe1roI3ED3DjI7
46Rbpt16k2GvDbz/cnA1JdpOQQFAoVd04kY9jqrOjHpdss1M8b09OoK9ZyEsylTx
iY2jd1SDHSZe7Ysuj2KckfOwKq8cKpzmv/qWwxs+olVkfDzzUHOHV/myFVebAAjI
s+/2TxEEEx7vMvkR9+O1uf5UiWoGGPMvVGunS130CRZmNsvk4JyLX7CIxJ+N+cZg
wrc5QHKruBjmoAS/IwTGVoKzPV65rMdIg/1XCijir+jJyjaItxrA7DsCBQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAT5S58qT4rmoGVnKxOogFTYIQjlMB8GA1UdIwQY
MBaAFLeGeL1lTKaxClx3O8JpdU3CNM/VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDRaNHZXVk1wckVLWEhjN3dtbDFUY0kwejlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS80ODBmNGEtYTkzNy00MTQ5LWFlZTgt
ZTMyOTI0YWM3YjYzLzEvQlBsTG55cFBpdWFnWldjckU2aUFWTmdoQ09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS80ODBmNGEtYTkzNy00MTQ5LWFlZTgtZTMyOTI0YWM3YjYz
LzEvdDRaNHZXVk1wckVLWEhjN3dtbDFUY0kwejlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCAjv0AwQD
WSbYAwQCZ198AwQCZ4QEAwQBZ8zcAwQCuXxkAwQCufpMAwQCwSRgMA0GCSqGSIb3
DQEBCwUAA4IBAQAFkHLYqQnJ7b8TDgGKCG/EP9/a69S/BVKWJOe1zI4yUR9jQ+k+
07dqAV94t9DbljRpGy/tvxZho/+QiUyPWQc+MtDeAO9dCx89GRW2jw9Amdx25niz
5XjoTXLHuZ9D2bGb5ZMRvfHXqa/MJqwJfxAa61TedkBf9PbjzxmrVwZTfo/oRg0B
N8VF2enjYNqrY8ryYhcT0VaN8WYYMGt2mu9gctHldSUOkuCP+iWsvZBFxanlEoYf
cl+Sn6M4ZH193I6ZECdubuWK2YMXvd2qQgDDBgyaccfH7I0tp9ZQ4R74X36PImFI
v4Jxoe8bqjUomSWRqf1vt2e9xiksRyqM216w
-----END CERTIFICATE-----
Generated at Fri May 2 00:50:06 2025 by rpki-client