Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/BpfaWPsO89GJAxXdiRNrD7SRy4I.roa
File: BpfaWPsO89GJAxXdiRNrD7SRy4I.roa (raw, json)
Hash identifier: ndhuD8vlV0KUF3pCKZ5wyQ4gNSMpfzjWsaI1K6VP7Fc=
Subject key identifier: 06:97:DA:58:FB:0E:F3:D1:89:03:15:DD:89:13:6B:0F:B4:91:CB:82
Certificate issuer: /CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Certificate serial: 0195199669BCCB0F8D83C0FF0B06E72F56F2
Authority key identifier: 0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/BpfaWPsO89GJAxXdiRNrD7SRy4I.roa
Signing time: Tue 18 Feb 2025 15:04:02 +0000
ROA not before: Tue 18 Feb 2025 15:04:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 49690
IP address blocks: 159.151.0.0/18 maxlen: 18
159.151.224.0/20 maxlen: 20
159.151.240.0/21 maxlen: 21
159.151.248.0/23 maxlen: 23
159.151.252.0/24 maxlen: 24
159.151.253.0/24 maxlen: 24
159.151.254.0/24 maxlen: 24
192.109.140.0/24 maxlen: 24
192.109.141.0/24 maxlen: 24
2a07:8140::/36 maxlen: 36
Validation: Failed, certificate revoked on Tue 18 Feb 2025 15:53:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:19:96:69:bc:cb:0f:8d:83:c0:ff:0b:06:e7:2f:56:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a37d807d4f7cdd3e0afe4abc8ee5a880c6090f1
Validity
Not Before: Feb 18 15:04:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0697da58fb0ef3d1890315dd89136b0fb491cb82
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:97:61:0f:8e:5d:de:f2:4a:58:51:c4:08:70:
59:8b:69:38:2f:2c:58:41:d3:6b:4f:25:45:7f:76:
1c:db:c8:2c:28:c7:78:a8:8d:cc:fb:7d:a2:df:39:
e9:b5:44:26:c1:ba:a2:fa:f6:6b:5b:63:15:51:12:
12:a3:80:ee:76:43:8b:8b:d8:30:8f:fb:27:23:9b:
cf:0a:32:9e:63:0d:f5:ed:c7:76:45:f8:d8:fe:60:
7a:ff:86:dd:f9:aa:54:08:26:ad:b5:ba:eb:80:05:
f3:1a:c4:1f:f7:4c:36:af:ec:8b:7f:8f:c2:5c:66:
33:37:cc:60:2d:ec:38:06:e5:b4:38:69:23:3e:11:
c7:41:3b:19:61:a1:90:d1:ab:f2:0c:07:a2:25:8a:
a9:66:5d:90:c5:70:ac:6f:96:6c:c2:c4:d3:10:88:
82:b3:d4:fd:80:f3:c8:64:ea:8a:83:53:44:22:b8:
a9:99:ae:c4:9e:9f:2d:04:53:d0:b2:cd:b3:65:10:
c5:7f:c0:e8:ee:56:67:52:6f:e4:d9:a3:f0:a0:eb:
73:18:1a:bb:74:28:ca:ba:3f:d1:8e:48:24:83:57:
91:37:e3:74:98:39:7a:1a:1d:9d:bd:2e:74:84:44:
32:b1:14:74:cd:87:34:72:9d:72:1b:9c:55:05:21:
e9:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:97:DA:58:FB:0E:F3:D1:89:03:15:DD:89:13:6B:0F:B4:91:CB:82
X509v3 Authority Key Identifier:
keyid:0A:37:D8:07:D4:F7:CD:D3:E0:AF:E4:AB:C8:EE:5A:88:0C:60:90:F1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CjfYB9T3zdPgr-SryO5aiAxgkPE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/BpfaWPsO89GJAxXdiRNrD7SRy4I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/88/bc268d-61f0-471f-aab9-800eda2cfb36/1/CjfYB9T3zdPgr-SryO5aiAxgkPE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
159.151.0.0/18
159.151.224.0-159.151.249.255
159.151.252.0-159.151.254.255
192.109.140.0/23
IPv6:
2a07:8140::/36
Signature Algorithm: sha256WithRSAEncryption
af:97:df:a5:87:7e:1f:74:91:81:52:57:20:9e:df:9b:c0:23:
fd:d4:5a:2b:5a:d0:2d:2a:f1:b6:8a:bc:0e:8b:8b:a7:22:cf:
90:24:6f:29:81:6e:02:f6:39:64:f3:c8:c7:65:a2:64:54:f9:
56:1a:b0:bb:76:d4:a8:67:4a:94:f8:a2:a8:47:48:8d:75:95:
13:06:08:7d:cd:dd:49:e6:36:28:68:a1:69:58:41:a3:10:71:
e3:d9:ad:44:c4:11:c5:6f:b4:39:d3:f1:01:38:cf:1e:a7:3b:
6b:7c:5d:3a:23:5d:a0:23:f1:32:e3:53:c0:a6:e3:6e:97:33:
e4:ce:6b:a2:ad:00:d3:ec:e9:e3:2a:b2:f2:b4:10:1f:3f:e7:
60:63:08:43:da:83:e8:80:5c:98:63:b0:18:99:99:6f:f0:d6:
b6:be:89:d5:f2:dc:50:ab:ff:69:42:bf:7c:4e:78:b1:20:4c:
a4:3a:a5:ff:5d:47:70:c5:65:c7:d7:85:93:7a:fb:4a:03:a9:
d9:27:45:ef:93:37:c2:fd:25:d2:38:0d:44:02:76:78:76:dc:
4d:8f:cb:67:d3:c8:23:d1:0f:6a:82:65:16:72:8d:2c:28:eb:
4f:00:4e:b9:32:3d:47:d0:3b:2e:83:a2:4b:67:31:82:80:45:
a3:44:29:6f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZUZlmm8yw+Ng8D/CwbnL1byMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMzdkODA3ZDRmN2NkZDNlMGFmZTRhYmM4ZWU1YTg4MGM2
MDkwZjEwHhcNMjUwMjE4MTUwNDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjk3ZGE1OGZiMGVmM2QxODkwMzE1ZGQ4OTEzNmIwZmI0OTFjYjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJdhD45d3vJKWFHECHBZi2k4LyxY
QdNrTyVFf3Yc28gsKMd4qI3M+32i3znptUQmwbqi+vZrW2MVURISo4DudkOLi9gw
j/snI5vPCjKeYw317cd2RfjY/mB6/4bd+apUCCattbrrgAXzGsQf90w2r+yLf4/C
XGYzN8xgLew4BuW0OGkjPhHHQTsZYaGQ0avyDAeiJYqpZl2QxXCsb5ZswsTTEIiC
s9T9gPPIZOqKg1NEIripma7Enp8tBFPQss2zZRDFf8Do7lZnUm/k2aPwoOtzGBq7
dCjKuj/Rjkgkg1eRN+N0mDl6Gh2dvS50hEQysRR0zYc0cp1yG5xVBSHpmwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFAaX2lj7DvPRiQMV3YkTaw+0kcuCMB8GA1UdIwQY
MBaAFAo32AfU983T4K/kq8juWogMYJDxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjkt
ODAwZWRhMmNmYjM2LzEvQnBmYVdQc084OUdKQXhYZGlSTnJEN1NSeTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC9iYzI2OGQtNjFmMC00NzFmLWFhYjktODAwZWRhMmNmYjM2
LzEvQ2pmWUI5VDN6ZFBnci1TcnlPNWFpQXhna1BFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAuBAIAATAoAwQGn5cAMAwD
BAWfl+ADBAGfl/gwDAMEAp+X/AMEAJ+X/gMEAcBtjDAOBAIAAjAIAwYEKgeBQAAw
DQYJKoZIhvcNAQELBQADggEBAK+X36WHfh90kYFSVyCe35vAI/3UWita0C0q8baK
vA6Li6ciz5AkbymBbgL2OWTzyMdlomRU+VYasLt21KhnSpT4oqhHSI11lRMGCH3N
3UnmNihooWlYQaMQcePZrUTEEcVvtDnT8QE4zx6nO2t8XTojXaAj8TLjU8Cm426X
M+TOa6KtANPs6eMqsvK0EB8/52BjCEPag+iAXJhjsBiZmW/w1ra+idXy3FCr/2lC
v3xOeLEgTKQ6pf9dR3DFZcfXhZN6+0oDqdknRe+TN8L9JdI4DUQCdnh23E2Py2fT
yCPRD2qCZRZyjSwo608ATrkyPUfQOy6DoktnMYKARaNEKW8=
-----END CERTIFICATE-----
Generated at Sun May 11 13:23:19 2025 by rpki-client