Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/d5eb6f-b781-4d52-8283-d2e10c97645f/1/1KcsY5Cov1suUsEYkYHzqmDLkeQ.roa
File: 1KcsY5Cov1suUsEYkYHzqmDLkeQ.roa (raw, json)
Hash identifier: pZOlErCjnY1gx531wWp2q6Pb3r/L8AGIqDyTQ2GvrEs=
Subject key identifier: D4:A7:2C:63:90:A8:BF:5B:2E:52:C1:18:91:81:F3:AA:60:CB:91:E4
Certificate issuer: /CN=8079afcba5a8762fb79f4e5e0d7a35ee84cd3df4
Certificate serial: 019368316E14A93A75BFCE033A04C504C370
Authority key identifier: 80:79:AF:CB:A5:A8:76:2F:B7:9F:4E:5E:0D:7A:35:EE:84:CD:3D:F4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gHmvy6Wodi-3n05eDXo17oTNPfQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/d5eb6f-b781-4d52-8283-d2e10c97645f/1/1KcsY5Cov1suUsEYkYHzqmDLkeQ.roa
Signing time: Tue 26 Nov 2024 11:18:10 +0000
ROA not before: Tue 26 Nov 2024 11:18:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203
IP address blocks: 193.19.196.0/24 maxlen: 24
193.19.197.0/24 maxlen: 24
194.125.246.0/24 maxlen: 24
194.125.247.0/24 maxlen: 24
195.22.158.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 03:49:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:68:31:6e:14:a9:3a:75:bf:ce:03:3a:04:c5:04:c3:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8079afcba5a8762fb79f4e5e0d7a35ee84cd3df4
Validity
Not Before: Nov 26 11:18:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d4a72c6390a8bf5b2e52c1189181f3aa60cb91e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:b4:40:ea:dd:7c:a5:3b:d9:16:14:ac:97:ca:
0e:b8:8f:5d:25:b4:60:6c:7c:89:ab:ea:5d:cc:e0:
71:86:3b:59:a2:4e:1b:2b:92:93:53:a0:88:84:bd:
7a:9a:a9:1a:a5:57:c8:a7:36:19:2c:56:3e:b5:2b:
75:67:52:66:f6:c8:d2:67:73:58:df:80:a4:62:54:
33:f8:f7:d3:a2:c8:35:dd:c2:30:29:66:5e:1f:fd:
db:25:0b:77:22:d8:fa:a5:2c:2b:4e:02:b3:aa:70:
68:e9:81:23:35:fe:9e:af:4d:e4:a9:a3:d4:de:40:
e8:0a:21:a0:9a:27:5e:28:ab:65:e3:7e:a9:a3:2a:
e3:d2:3f:c4:26:52:76:0c:fc:9c:2b:50:aa:c1:2e:
a3:a2:14:e2:13:34:60:dd:f2:a4:47:e7:2e:01:f7:
07:7b:79:3a:61:af:9f:72:f4:65:3b:f7:a2:3f:df:
c5:88:78:b2:80:93:d9:ac:91:f1:64:98:b4:ad:28:
73:0b:39:90:28:94:0f:e8:d7:db:c3:b7:9a:63:1f:
b5:05:25:2d:5c:74:c7:5f:84:52:4f:e4:f0:37:f7:
51:7e:2a:08:91:3f:cd:5c:ab:d3:c4:e3:98:5e:98:
b3:6f:18:be:22:f8:46:b9:23:c4:5b:b8:94:dd:0a:
fc:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:A7:2C:63:90:A8:BF:5B:2E:52:C1:18:91:81:F3:AA:60:CB:91:E4
X509v3 Authority Key Identifier:
keyid:80:79:AF:CB:A5:A8:76:2F:B7:9F:4E:5E:0D:7A:35:EE:84:CD:3D:F4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gHmvy6Wodi-3n05eDXo17oTNPfQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/d5eb6f-b781-4d52-8283-d2e10c97645f/1/1KcsY5Cov1suUsEYkYHzqmDLkeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/d5eb6f-b781-4d52-8283-d2e10c97645f/1/gHmvy6Wodi-3n05eDXo17oTNPfQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.19.196.0/23
194.125.246.0/23
195.22.158.0/24
Signature Algorithm: sha256WithRSAEncryption
97:75:d8:19:e8:d5:2f:d8:d9:b3:ae:36:4b:01:da:7f:d1:15:
be:47:ff:21:9d:14:66:cf:da:f3:56:37:98:9c:c3:e6:97:d7:
d6:e1:3e:f3:91:b6:0c:ec:b7:29:65:e0:1e:3c:62:be:d2:00:
94:b1:05:db:e1:47:f2:15:cc:db:2b:99:f7:17:c3:9f:23:2a:
50:ab:28:ae:1d:17:c4:8e:dc:14:f7:c5:b3:d2:4c:e9:05:31:
26:86:a9:16:4a:b8:99:dd:29:4b:6b:3d:a6:be:cd:eb:03:eb:
ca:5f:c7:86:64:b1:f8:fc:e5:df:71:ea:f7:3e:a0:96:58:63:
11:3f:2f:4d:64:0f:ab:5f:6e:d1:e2:02:89:18:65:fe:3d:26:
b7:28:1b:15:25:b4:97:0e:7d:b1:c0:02:b2:60:a0:07:0c:d6:
90:07:94:0e:e1:f3:fd:e1:3d:66:80:a0:1d:28:da:ce:2f:7d:
24:82:6e:eb:fe:43:ce:77:64:7d:19:d8:d4:80:8f:91:84:d3:
18:25:83:b0:95:ff:5c:04:e6:bd:99:76:d2:56:b7:89:5c:c0:
52:4d:33:18:98:35:25:4d:b4:be:e1:72:e0:8b:ee:05:7c:5b:
7f:24:17:08:32:33:36:00:96:fd:a6:6d:74:16:0b:a1:ae:be:
86:59:b3:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZNoMW4UqTp1v84DOgTFBMNwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNzlhZmNiYTVhODc2MmZiNzlmNGU1ZTBkN2EzNWVlODRj
ZDNkZjQwHhcNMjQxMTI2MTExODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGE3MmM2MzkwYThiZjViMmU1MmMxMTg5MTgxZjNhYTYwY2I5MWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrRA6t18pTvZFhSsl8oOuI9dJbRg
bHyJq+pdzOBxhjtZok4bK5KTU6CIhL16mqkapVfIpzYZLFY+tSt1Z1Jm9sjSZ3NY
34CkYlQz+PfTosg13cIwKWZeH/3bJQt3Itj6pSwrTgKzqnBo6YEjNf6er03kqaPU
3kDoCiGgmideKKtl436poyrj0j/EJlJ2DPycK1CqwS6johTiEzRg3fKkR+cuAfcH
e3k6Ya+fcvRlO/eiP9/FiHiygJPZrJHxZJi0rShzCzmQKJQP6Nfbw7eaYx+1BSUt
XHTHX4RST+TwN/dRfioIkT/NXKvTxOOYXpizbxi+IvhGuSPEW7iU3Qr8aQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNSnLGOQqL9bLlLBGJGB86pgy5HkMB8GA1UdIwQY
MBaAFIB5r8ulqHYvt59OXg16Ne6EzT30MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0htdnk2V29kaS0zbjA1ZURYbzE3b1ROUGZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9kNWViNmYtYjc4MS00ZDUyLTgyODMt
ZDJlMTBjOTc2NDVmLzEvMUtjc1k1Q292MXN1VXNFWWtZSHpxbURMa2VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9kNWViNmYtYjc4MS00ZDUyLTgyODMtZDJlMTBjOTc2NDVm
LzEvZ0htdnk2V29kaS0zbjA1ZURYbzE3b1ROUGZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBwRPEAwQB
wn32AwQAwxaeMA0GCSqGSIb3DQEBCwUAA4IBAQCXddgZ6NUv2NmzrjZLAdp/0RW+
R/8hnRRmz9rzVjeYnMPml9fW4T7zkbYM7LcpZeAePGK+0gCUsQXb4UfyFczbK5n3
F8OfIypQqyiuHRfEjtwU98Wz0kzpBTEmhqkWSriZ3SlLaz2mvs3rA+vKX8eGZLH4
/OXfcer3PqCWWGMRPy9NZA+rX27R4gKJGGX+PSa3KBsVJbSXDn2xwAKyYKAHDNaQ
B5QO4fP94T1mgKAdKNrOL30kgm7r/kPOd2R9GdjUgI+RhNMYJYOwlf9cBOa9mXbS
VreJXMBSTTMYmDUlTbS+4XLgi+4FfFt/JBcIMjM2AJb9pm10Fguhrr6GWbOH
-----END CERTIFICATE-----
Generated at Sun May 11 19:18:12 2025 by rpki-client