Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CMXOveH7-ZbA2oYzyIIwqWYMbFw.roa
File: CMXOveH7-ZbA2oYzyIIwqWYMbFw.roa (raw, json)
Hash identifier: KF8wxmVkEm978kESqBtvvLnRvCCFE1aK/Mxrt5VcseU=
Subject key identifier: 08:C5:CE:BD:E1:FB:F9:96:C0:DA:86:33:C8:82:30:A9:66:0C:6C:5C
Certificate issuer: /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial: 0194221F8D60899610C23480351FA5CEE530
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CMXOveH7-ZbA2oYzyIIwqWYMbFw.roa
Signing time: Wed 01 Jan 2025 13:48:00 +0000
ROA not before: Wed 01 Jan 2025 13:48:00 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 51189
IP address blocks: 89.252.252.0/23 maxlen: 24
Validation: Failed, certificate revoked on Thu 02 Jan 2025 09:56:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:22:1f:8d:60:89:96:10:c2:34:80:35:1f:a5:ce:e5:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Validity
Not Before: Jan 1 13:48:00 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=08c5cebde1fbf996c0da8633c88230a9660c6c5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:4f:24:62:3a:72:42:39:4e:9c:03:ad:c7:40:
9c:47:35:fc:14:e7:65:bb:d1:d8:88:5a:97:36:11:
27:a7:0a:14:a6:72:ad:3c:23:50:64:ba:66:80:2d:
83:b0:03:02:4c:0c:09:88:fc:0e:6e:f3:bf:6e:47:
23:78:9a:17:ba:d4:bd:b2:a8:7e:d2:26:99:bc:91:
1f:df:60:bb:bf:d9:47:54:df:9d:ce:59:c0:8f:eb:
77:90:f9:76:f2:4a:07:6f:df:fd:49:8f:dd:36:45:
52:25:97:ae:d7:81:ce:ed:03:ec:9e:f3:4d:f4:9c:
5c:f3:11:d6:e6:fe:6f:ea:60:20:7e:04:4c:83:ce:
3d:5a:f3:0d:12:3c:51:e4:90:79:0b:e1:a7:2a:87:
8e:9c:7d:98:ed:c3:05:d8:b7:46:d4:cc:21:0c:9a:
a2:71:57:e0:0a:57:60:a0:bf:64:de:e9:94:b4:bf:
2a:58:7d:02:da:82:07:d5:1b:e6:d8:6e:3c:f7:e7:
41:20:c1:e5:65:8f:9d:90:e6:7f:0d:f0:3f:d7:44:
60:cb:a6:13:6c:8e:bc:a2:55:68:4c:45:1d:3e:83:
6a:23:0f:34:01:6f:23:39:b2:55:7c:96:76:a2:0a:
49:9b:c4:69:97:00:e3:cd:1a:58:4b:fe:17:31:5d:
16:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:C5:CE:BD:E1:FB:F9:96:C0:DA:86:33:C8:82:30:A9:66:0C:6C:5C
X509v3 Authority Key Identifier:
keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/CMXOveH7-ZbA2oYzyIIwqWYMbFw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.252.252.0/23
Signature Algorithm: sha256WithRSAEncryption
63:d7:a8:5b:90:b8:d2:99:83:d3:6f:61:a3:52:16:47:9c:64:
db:67:94:eb:90:12:36:ec:c9:fa:d5:73:42:e7:63:07:d5:e5:
2b:67:e9:f1:62:9c:0a:5d:11:7e:bc:04:84:fd:b5:24:5b:82:
32:ef:8a:11:f8:d8:94:65:63:df:ae:ef:43:67:2f:d6:68:c4:
ac:62:18:20:b7:44:7c:29:a0:05:b2:5a:94:95:37:88:d4:28:
36:49:fc:a1:ea:68:98:96:4b:4c:2c:4d:3c:35:74:a6:6c:49:
3c:14:a2:ef:1b:7e:e3:66:c9:d3:3b:5b:10:c2:b4:5b:d6:e6:
5b:05:49:f2:f1:a6:30:ff:31:7e:a2:6d:10:14:17:df:31:f8:
2c:6b:cf:a6:53:90:cc:23:4a:c4:01:ed:bd:57:25:47:3e:27:
f1:f6:36:46:92:3e:44:56:7c:46:49:b8:99:33:9b:7b:80:9b:
1f:0e:0a:f0:20:9f:51:7d:9a:0d:8f:55:85:22:c7:b3:d6:44:
59:48:c2:c9:a5:b1:ac:5f:2b:60:37:a9:3f:46:b2:a2:cb:0d:
c7:32:07:54:b8:4a:3c:41:c0:e8:fc:76:42:e0:ee:dc:83:7b:
14:43:47:29:22:e5:8d:40:5f:60:ad:bb:f3:81:30:f1:eb:04:
c3:4b:ab:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH41giZYQwjSANR+lzuUwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGM1Y2ViZGUxZmJmOTk2YzBkYTg2MzNjODgyMzBhOTY2MGM2YzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoU8kYjpyQjlOnAOtx0CcRzX8FOdl
u9HYiFqXNhEnpwoUpnKtPCNQZLpmgC2DsAMCTAwJiPwObvO/bkcjeJoXutS9sqh+
0iaZvJEf32C7v9lHVN+dzlnAj+t3kPl28koHb9/9SY/dNkVSJZeu14HO7QPsnvNN
9Jxc8xHW5v5v6mAgfgRMg849WvMNEjxR5JB5C+GnKoeOnH2Y7cMF2LdG1MwhDJqi
cVfgCldgoL9k3umUtL8qWH0C2oIH1Rvm2G489+dBIMHlZY+dkOZ/DfA/10Rgy6YT
bI68olVoTEUdPoNqIw80AW8jObJVfJZ2ogpJm8RplwDjzRpYS/4XMV0WmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjFzr3h+/mWwNqGM8iCMKlmDGxcMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvQ01YT3ZlSDctWmJBMm9ZenlJSXdxV1lNYkZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBWfz8MA0G
CSqGSIb3DQEBCwUAA4IBAQBj16hbkLjSmYPTb2GjUhZHnGTbZ5TrkBI27Mn61XNC
52MH1eUrZ+nxYpwKXRF+vASE/bUkW4Iy74oR+NiUZWPfru9DZy/WaMSsYhggt0R8
KaAFslqUlTeI1Cg2Sfyh6miYlktMLE08NXSmbEk8FKLvG37jZsnTO1sQwrRb1uZb
BUny8aYw/zF+om0QFBffMfgsa8+mU5DMI0rEAe29VyVHPifx9jZGkj5EVnxGSbiZ
M5t7gJsfDgrwIJ9RfZoNj1WFIsez1kRZSMLJpbGsXytgN6k/RrKiyw3HMgdUuEo8
QcDo/HZC4O7cg3sUQ0cpIuWNQF9grbvzgTDx6wTDS6sB
-----END CERTIFICATE-----
Generated at Wed May 14 02:53:30 2025 by rpki-client