Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/u24yngzCKkux8qQvP0z8y0PSf7o.roa
File: u24yngzCKkux8qQvP0z8y0PSf7o.roa (raw, json)
Hash identifier: Mi9qgVlwDDW2dN7rq88Ql3cYWgZhKNfP6zbgOqifHRo=
Subject key identifier: BB:6E:32:9E:0C:C2:2A:4B:B1:F2:A4:2F:3F:4C:FC:CB:43:D2:7F:BA
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 018F290324A06A4D24B270BCB56C77E8331B
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/u24yngzCKkux8qQvP0z8y0PSf7o.roa
Signing time: Mon 29 Apr 2024 08:40:22 +0000
ROA not before: Mon 29 Apr 2024 08:40:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20473
IP address blocks: 2a0c:7884::/32 maxlen: 32
2a0e:15c0:4::/48 maxlen: 48
2a0e:1a84::/32 maxlen: 32
2a0f:7d00:1::/48 maxlen: 48
2a0f:7d01::/32 maxlen: 32
2a0f:e7c6:1000::/48 maxlen: 48
2a0f:ea00::/29 maxlen: 29
2a13:2b40::/29 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 May 2024 11:25:56 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:29:03:24:a0:6a:4d:24:b2:70:bc:b5:6c:77:e8:33:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Apr 29 08:40:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bb6e329e0cc22a4bb1f2a42f3f4cfccb43d27fba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:e9:04:f5:71:b0:aa:8e:28:e3:01:88:9b:26:
99:4a:95:7c:07:24:32:53:e9:76:4b:d5:64:2c:05:
c5:c9:12:65:d1:69:a8:b9:ce:04:22:1b:2a:5a:2e:
a7:58:59:47:31:95:22:1c:d6:20:23:16:3e:e3:c6:
1f:51:96:57:5c:a5:68:3c:f2:0a:b2:88:af:75:64:
98:72:01:9e:b7:81:af:59:94:6e:f2:71:3e:df:d5:
b8:60:36:50:df:63:6b:a0:38:c0:bd:f1:4a:3e:29:
f1:18:e7:90:79:3c:0f:f9:af:ca:b7:aa:21:a8:e9:
11:58:52:ec:ab:e1:ba:12:22:f7:d6:73:36:37:6d:
f1:8e:2c:20:a1:a2:4d:e6:8b:df:b2:db:f7:a7:97:
59:ce:c4:b3:5b:ad:b4:bf:09:4c:ad:91:10:52:05:
9e:e3:80:4c:8d:1a:1d:95:51:b0:87:8d:fc:3b:20:
14:01:2f:12:b4:4e:ba:b5:95:fd:5a:59:6d:bd:33:
98:12:01:cf:55:ef:b2:92:93:da:b8:1c:80:3b:ec:
aa:12:90:81:d2:56:a6:39:7a:a7:4b:0c:3e:36:50:
2b:13:33:8e:30:ba:89:83:61:d8:76:a2:e6:f4:e1:
48:69:cb:10:66:a9:ed:1c:83:2b:77:23:e8:e5:38:
01:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:6E:32:9E:0C:C2:2A:4B:B1:F2:A4:2F:3F:4C:FC:CB:43:D2:7F:BA
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/u24yngzCKkux8qQvP0z8y0PSf7o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0c:7884::/32
2a0e:15c0:4::/48
2a0e:1a84::/32
2a0f:7d00:1::/48
2a0f:7d01::/32
2a0f:e7c6:1000::/48
2a0f:ea00::/29
2a13:2b40::/29
Signature Algorithm: sha256WithRSAEncryption
66:8c:05:64:f3:3a:66:35:45:10:df:b4:ad:25:87:eb:47:be:
83:6a:80:83:69:32:79:71:e6:3c:07:bd:eb:e8:77:bc:78:56:
46:9f:be:ea:70:5f:a3:72:0f:e6:32:bd:5a:01:44:04:e4:87:
b3:b5:60:bf:f9:f7:f2:03:3a:f3:cd:cc:c8:aa:6b:cd:89:a7:
72:82:20:dc:da:a4:0b:aa:df:1c:68:74:ce:f4:4f:52:c1:f4:
6f:23:08:f0:0d:57:d0:b6:92:16:7c:63:b7:25:a8:91:a0:71:
86:f8:22:4a:4c:c3:8f:46:0b:14:f4:b2:0e:df:76:5d:36:5c:
9f:c4:96:8b:3b:fd:df:e0:33:29:be:08:3c:12:2d:d1:4f:0a:
a8:fe:04:ef:28:bf:e7:bf:4b:ff:82:e2:56:20:4d:c5:4b:13:
fa:d7:1a:43:f4:bc:ea:5b:22:a8:d3:da:27:c5:d1:c4:7a:a9:
2b:4f:0d:ae:72:9a:71:72:db:d2:8b:75:1f:9a:7f:64:68:8a:
f1:da:b1:fe:c8:22:91:b9:43:b9:92:6e:20:25:d8:f7:32:55:
81:50:f6:9a:84:c7:a1:4d:4f:db:f6:53:fc:27:a3:e4:3d:2d:
a7:e0:63:cc:b1:6d:32:96:6d:5c:80:1f:ec:dc:53:4c:c3:5a:
e6:bf:e5:ee
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAY8pAySgak0ksnC8tWx36DMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjQwNDI5MDg0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjZlMzI5ZTBjYzIyYTRiYjFmMmE0MmYzZjRjZmNjYjQzZDI3ZmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ukE9XGwqo4o4wGImyaZSpV8ByQy
U+l2S9VkLAXFyRJl0Wmouc4EIhsqWi6nWFlHMZUiHNYgIxY+48YfUZZXXKVoPPIK
soivdWSYcgGet4GvWZRu8nE+39W4YDZQ32NroDjAvfFKPinxGOeQeTwP+a/Kt6oh
qOkRWFLsq+G6EiL31nM2N23xjiwgoaJN5ovfstv3p5dZzsSzW620vwlMrZEQUgWe
44BMjRodlVGwh438OyAUAS8StE66tZX9WlltvTOYEgHPVe+ykpPauByAO+yqEpCB
0lamOXqnSww+NlArEzOOMLqJg2HYdqLm9OFIacsQZqntHIMrdyPo5TgBjwIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFLtuMp4MwipLsfKkLz9M/MtD0n+6MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdTI0eW5nekNLa3V4OHFRdlAwejh5MFBTZjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAAjA+AwUAKgx4hAMH
ACoOFcAABAMFACoOGoQDBwAqD30AAAEDBQAqD30BAwcAKg/nxhAAAwUDKg/qAAMF
AyoTK0AwDQYJKoZIhvcNAQELBQADggEBAGaMBWTzOmY1RRDftK0lh+tHvoNqgINp
Mnlx5jwHvevod7x4VkafvupwX6NyD+YyvVoBRATkh7O1YL/59/IDOvPNzMiqa82J
p3KCINzapAuq3xxodM70T1LB9G8jCPANV9C2khZ8Y7clqJGgcYb4IkpMw49GCxT0
sg7fdl02XJ/Elos7/d/gMym+CDwSLdFPCqj+BO8ov+e/S/+C4lYgTcVLE/rXGkP0
vOpbIqjT2ifF0cR6qStPDa5ymnFy29KLdR+af2RoivHasf7IIpG5Q7mSbiAl2Pcy
VYFQ9pqEx6FNT9v2U/wno+Q9LafgY8yxbTKWbVyAH+zcU0zDWua/5e4=
-----END CERTIFICATE-----
Generated at Sun May 11 15:43:46 2025 by rpki-client