Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/2nwCho0BjYGW5DLuk9sN1BsG9Hw.roa
File: 2nwCho0BjYGW5DLuk9sN1BsG9Hw.roa (raw, json)
Hash identifier: D4f19nL7POFUsKXi+2AKJRcIlNV+f8BaS4FMvO/ZwRg=
Subject key identifier: DA:7C:02:86:8D:01:8D:81:96:E4:32:EE:93:DB:0D:D4:1B:06:F4:7C
Certificate issuer: /CN=df0198a7b3afdcdd7003562a0871878e238760ad
Certificate serial: 018CE8FA82C9447868C34EEEFB6AA01B8BCC
Authority key identifier: DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/2nwCho0BjYGW5DLuk9sN1BsG9Hw.roa
Signing time: Mon 08 Jan 2024 12:09:40 +0000
ROA not before: Mon 08 Jan 2024 12:09:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1299
IP address blocks: 94.44.0.0/16 maxlen: 24
89.223.128.0/17 maxlen: 24
212.48.240.0/20 maxlen: 24
37.220.192.0/18 maxlen: 24
212.96.32.0/19 maxlen: 24
5.63.192.0/18 maxlen: 24
213.222.128.0/18 maxlen: 24
5.206.128.0/18 maxlen: 24
Validation: Failed, certificate revoked on Mon 08 Jan 2024 12:25:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:e8:fa:82:c9:44:78:68:c3:4e:ee:fb:6a:a0:1b:8b:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=df0198a7b3afdcdd7003562a0871878e238760ad
Validity
Not Before: Jan 8 12:09:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=da7c02868d018d8196e432ee93db0dd41b06f47c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:7a:30:f8:e2:c3:32:d8:45:7c:94:82:f0:e0:
2e:76:c9:40:44:0c:75:83:51:94:44:18:f2:80:4c:
ae:cc:dd:0b:aa:36:01:d0:7a:10:31:66:b0:cd:16:
17:3d:76:c7:27:36:eb:74:52:d1:24:e4:ff:7f:9c:
cf:d2:30:58:b7:b0:b5:cf:3c:e3:a9:0a:3d:1f:af:
12:94:ff:a7:bb:6e:4e:41:1e:84:c6:81:ae:df:91:
d8:ec:88:03:89:70:0f:03:a4:2a:04:98:0e:e5:e6:
90:b5:b8:1e:36:b7:78:55:c8:fe:69:c4:02:e4:aa:
9d:47:50:62:42:c2:84:d9:95:2f:95:ce:81:8c:2b:
4a:8d:1d:d3:49:c9:9a:98:f5:9f:14:df:22:cc:7e:
0a:f6:7c:5e:38:b9:9d:82:ce:09:48:2f:de:14:5d:
91:23:13:3e:8a:20:65:b3:51:f3:45:19:af:41:b0:
0a:31:77:51:6c:ad:f7:ab:04:87:f7:f2:b1:3e:47:
03:85:d6:cb:5e:69:f1:01:1d:60:5c:39:c6:71:b5:
fc:aa:33:31:58:eb:b8:0e:53:f8:46:79:a6:77:44:
29:b9:ca:74:4b:13:a8:38:27:15:69:e1:43:6a:fe:
a2:5d:2b:b7:9a:a0:73:4a:53:e2:a9:58:5d:17:ae:
22:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:7C:02:86:8D:01:8D:81:96:E4:32:EE:93:DB:0D:D4:1B:06:F4:7C
X509v3 Authority Key Identifier:
keyid:DF:01:98:A7:B3:AF:DC:DD:70:03:56:2A:08:71:87:8E:23:87:60:AD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/2nwCho0BjYGW5DLuk9sN1BsG9Hw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d3fca6-ecb5-43aa-8c9d-0fcc6c3011fc/1/3wGYp7Ov3N1wA1YqCHGHjiOHYK0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.63.192.0/18
5.206.128.0/18
37.220.192.0/18
89.223.128.0/17
94.44.0.0/16
212.48.240.0/20
212.96.32.0/19
213.222.128.0/18
Signature Algorithm: sha256WithRSAEncryption
16:32:51:56:f3:c8:d5:4a:5d:f6:f0:60:21:20:63:57:bb:0f:
b8:84:0c:5e:94:41:e5:84:e9:77:2e:fb:d7:34:6a:bb:45:70:
05:54:59:a8:80:cc:26:dd:47:95:a2:0c:e5:37:ba:bf:97:9c:
8f:28:19:f3:1b:6a:00:4b:0e:9b:31:73:81:f5:b3:c9:1c:da:
42:60:3e:1f:0f:98:d6:07:ac:84:b9:f9:d0:85:c4:32:31:07:
66:65:34:06:0b:b4:73:20:12:11:39:1b:25:74:6c:cb:55:d0:
11:99:ca:34:0a:1e:88:17:0e:42:99:f6:a0:97:49:7d:d0:47:
1c:d6:4c:24:71:c1:c4:25:d4:55:b0:b5:4f:2f:86:f4:6f:24:
49:93:71:a2:35:6d:33:c2:f0:a8:e5:3c:d9:8c:7b:cd:46:69:
a9:f9:44:56:0a:f8:47:25:35:f3:bb:ce:6e:c6:06:5e:2d:bb:
7f:c6:80:f6:02:e5:68:89:21:39:d0:6d:f9:b9:88:a0:bd:7a:
c6:70:6d:51:f7:3b:b9:c2:e1:8d:03:17:84:32:29:b7:e4:35:
2d:64:20:ca:57:b8:b0:bc:f0:8d:7c:b9:ff:01:ac:3d:ce:39:
6f:5f:af:02:42:81:4e:03:c0:83:c3:76:e6:77:e5:84:04:f0:
08:4a:11:2d
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzo+oLJRHhow07u+2qgG4vMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmMDE5OGE3YjNhZmRjZGQ3MDAzNTYyYTA4NzE4NzhlMjM4
NzYwYWQwHhcNMjQwMTA4MTIwOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTdjMDI4NjhkMDE4ZDgxOTZlNDMyZWU5M2RiMGRkNDFiMDZmNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXow+OLDMthFfJSC8OAudslARAx1
g1GURBjygEyuzN0LqjYB0HoQMWawzRYXPXbHJzbrdFLRJOT/f5zP0jBYt7C1zzzj
qQo9H68SlP+nu25OQR6ExoGu35HY7IgDiXAPA6QqBJgO5eaQtbgeNrd4Vcj+acQC
5KqdR1BiQsKE2ZUvlc6BjCtKjR3TScmamPWfFN8izH4K9nxeOLmdgs4JSC/eFF2R
IxM+iiBls1HzRRmvQbAKMXdRbK33qwSH9/KxPkcDhdbLXmnxAR1gXDnGcbX8qjMx
WOu4DlP4Rnmmd0Qpucp0SxOoOCcVaeFDav6iXSu3mqBzSlPiqVhdF64iFwIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFNp8AoaNAY2BluQy7pPbDdQbBvR8MB8GA1UdIwQY
MBaAFN8BmKezr9zdcANWKghxh44jh2CtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQt
MGZjYzZjMzAxMWZjLzEvMm53Q2hvMEJqWUdXNURMdWs5c04xQnNHOUh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kM2ZjYTYtZWNiNS00M2FhLThjOWQtMGZjYzZjMzAxMWZj
LzEvM3dHWXA3T3YzTjF3QTFZcUNIR0hqaU9IWUswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzA1BAIAATAvAwQGBT/AAwQG
Bc6AAwQGJdzAAwQHWd+AAwMAXiwDBATUMPADBAXUYCADBAbV3oAwDQYJKoZIhvcN
AQELBQADggEBABYyUVbzyNVKXfbwYCEgY1e7D7iEDF6UQeWE6Xcu+9c0artFcAVU
WaiAzCbdR5WiDOU3ur+XnI8oGfMbagBLDpsxc4H1s8kc2kJgPh8PmNYHrIS5+dCF
xDIxB2ZlNAYLtHMgEhE5GyV0bMtV0BGZyjQKHogXDkKZ9qCXSX3QRxzWTCRxwcQl
1FWwtU8vhvRvJEmTcaI1bTPC8KjlPNmMe81Gaan5RFYK+EclNfO7zm7GBl4tu3/G
gPYC5WiJITnQbfm5iKC9esZwbVH3O7nC4Y0DF4QyKbfkNS1kIMpXuLC88I18uf8B
rD3OOW9frwJCgU4DwIPDduZ35YQE8AhKES0=
-----END CERTIFICATE-----
Generated at Mon May 12 17:24:21 2025 by rpki-client