Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/iohu0hF6kX0bxKVVVo_XFL1LcKk.roa
File: iohu0hF6kX0bxKVVVo_XFL1LcKk.roa (raw, json)
Hash identifier: jfUbBuZF2mQO4p0mR/ANXjySyImZL5bHHwS1oNSZ3QM=
Subject key identifier: 8A:88:6E:D2:11:7A:91:7D:1B:C4:A5:55:56:8F:D7:14:BD:4B:70:A9
Certificate issuer: /CN=297ae7592ca52491dc166a30fe1477d712bd465d
Certificate serial: 0191DD56D0381E5D17DA90E92B695D438FB9
Authority key identifier: 29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/iohu0hF6kX0bxKVVVo_XFL1LcKk.roa
Signing time: Tue 10 Sep 2024 19:08:59 +0000
ROA not before: Tue 10 Sep 2024 19:08:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 213220
IP address blocks: 94.159.84.0/24 maxlen: 24
94.159.87.0/24 maxlen: 24
94.159.101.0/24 maxlen: 24
94.159.103.0/24 maxlen: 24
94.159.105.0/24 maxlen: 24
94.159.107.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 10 Sep 2024 19:09:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:dd:56:d0:38:1e:5d:17:da:90:e9:2b:69:5d:43:8f:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=297ae7592ca52491dc166a30fe1477d712bd465d
Validity
Not Before: Sep 10 19:08:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8a886ed2117a917d1bc4a555568fd714bd4b70a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:1b:a7:21:ea:98:37:6b:7e:cc:62:c4:8c:6b:
f3:b8:00:1d:7a:62:b9:bf:ea:5a:54:41:a2:b3:2a:
e8:98:21:c5:79:ac:81:cb:e8:6d:16:3d:13:57:6c:
d7:1c:70:f4:e3:73:65:23:88:ab:3a:2e:21:78:95:
8d:e1:b9:0d:45:db:6b:eb:9a:4f:14:e0:4c:c1:6b:
d9:fd:1e:c1:84:6a:b0:29:b6:ae:99:cd:b1:d9:de:
f4:b1:28:77:2b:d5:33:ba:b2:e7:b3:73:e6:f1:48:
21:4e:14:02:34:99:96:87:6d:b9:63:c2:f7:b8:71:
55:05:b7:8d:2b:a1:17:6d:2a:4a:89:50:59:9a:7b:
aa:0d:00:c8:d8:18:4e:4b:57:ac:cc:e3:4c:af:63:
d1:a2:cd:57:5f:35:c4:04:ed:5d:1e:f0:00:6f:0e:
bf:35:8d:c0:7f:c7:12:ea:ca:29:fc:bb:c6:d9:dd:
af:b6:21:46:a5:ef:8d:d6:0e:c6:dc:5c:3e:9b:9b:
27:94:84:3f:2e:a6:66:3c:85:ff:59:76:f4:20:79:
55:ce:e5:0f:cb:d5:8e:a3:46:de:3c:b5:df:a5:2f:
99:73:f8:69:d0:23:5e:10:ba:ae:2f:51:ce:35:33:
60:30:d0:a0:f0:49:89:5f:b0:a3:f1:f2:18:aa:35:
e0:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:88:6E:D2:11:7A:91:7D:1B:C4:A5:55:56:8F:D7:14:BD:4B:70:A9
X509v3 Authority Key Identifier:
keyid:29:7A:E7:59:2C:A5:24:91:DC:16:6A:30:FE:14:77:D7:12:BD:46:5D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXrnWSylJJHcFmow_hR31xK9Rl0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/iohu0hF6kX0bxKVVVo_XFL1LcKk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/48e1e8-328d-4f82-9398-3910a59a1121/1/KXrnWSylJJHcFmow_hR31xK9Rl0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.159.84.0/24
94.159.87.0/24
94.159.101.0/24
94.159.103.0/24
94.159.105.0/24
94.159.107.0/24
Signature Algorithm: sha256WithRSAEncryption
19:81:b9:6b:7f:9c:bf:36:c5:09:70:7a:5a:ae:90:e5:5a:2c:
cb:89:fe:a2:26:ce:0a:21:bb:d7:e8:5f:34:15:91:9e:44:5a:
12:dd:84:29:40:62:d1:dc:eb:62:0d:d6:3b:a5:da:4b:cc:f9:
86:98:59:77:67:bb:5e:5d:5f:6a:d7:63:c9:00:6a:e3:6e:d8:
ce:9f:f6:6a:62:49:f7:fc:9c:b8:e9:e6:11:58:34:61:a9:fa:
8c:47:42:06:d9:d5:90:4e:9c:35:09:24:50:c3:e5:f1:ce:72:
02:c6:1f:f1:05:03:d0:41:8e:cf:18:e8:d2:95:71:ed:94:a2:
66:f7:7c:69:e9:1c:85:d1:81:3c:76:13:2d:24:a0:ee:7a:64:
8e:7c:b0:de:23:0f:e2:19:6f:d1:93:08:ac:68:0a:7e:0f:af:
c9:d3:66:b1:28:a6:34:50:eb:a7:04:c1:65:0f:19:b4:44:95:
7f:c5:b6:09:39:7a:dd:7f:b3:78:d1:80:31:23:a2:ae:5e:d5:
dd:16:f4:97:c2:e0:92:9b:6a:36:44:d5:28:e3:72:f4:03:d7:
68:bf:5d:2a:19:e4:d9:59:53:9e:78:77:81:35:6b:7a:ce:0a:
8b:eb:1e:d9:75:71:55:46:ae:cb:89:95:20:0f:5a:20:cb:46:
a1:23:d2:65
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZHdVtA4Hl0X2pDpK2ldQ4+5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2FlNzU5MmNhNTI0OTFkYzE2NmEzMGZlMTQ3N2Q3MTJi
ZDQ2NWQwHhcNMjQwOTEwMTkwODU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTg4NmVkMjExN2E5MTdkMWJjNGE1NTU1NjhmZDcxNGJkNGI3MGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6BunIeqYN2t+zGLEjGvzuAAdemK5
v+paVEGisyromCHFeayBy+htFj0TV2zXHHD043NlI4irOi4heJWN4bkNRdtr65pP
FOBMwWvZ/R7BhGqwKbaumc2x2d70sSh3K9UzurLns3Pm8UghThQCNJmWh225Y8L3
uHFVBbeNK6EXbSpKiVBZmnuqDQDI2BhOS1eszONMr2PRos1XXzXEBO1dHvAAbw6/
NY3Af8cS6sop/LvG2d2vtiFGpe+N1g7G3Fw+m5snlIQ/LqZmPIX/WXb0IHlVzuUP
y9WOo0bePLXfpS+Zc/hp0CNeELquL1HONTNgMNCg8EmJX7Cj8fIYqjXg7wIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIqIbtIRepF9G8SlVVaP1xS9S3CpMB8GA1UdIwQY
MBaAFCl651kspSSR3BZqMP4Ud9cSvUZdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgt
MzkxMGE1OWExMTIxLzEvaW9odTBoRjZrWDBieEtWVlZvX1hGTDFMY0trLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS80OGUxZTgtMzI4ZC00ZjgyLTkzOTgtMzkxMGE1OWExMTIx
LzEvS1hybldTeWxKSkhjRm1vd19oUjMxeEs5UmwwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAXp9UAwQA
Xp9XAwQAXp9lAwQAXp9nAwQAXp9pAwQAXp9rMA0GCSqGSIb3DQEBCwUAA4IBAQAZ
gblrf5y/NsUJcHparpDlWizLif6iJs4KIbvX6F80FZGeRFoS3YQpQGLR3OtiDdY7
pdpLzPmGmFl3Z7teXV9q12PJAGrjbtjOn/ZqYkn3/Jy46eYRWDRhqfqMR0IG2dWQ
Tpw1CSRQw+XxznICxh/xBQPQQY7PGOjSlXHtlKJm93xp6RyF0YE8dhMtJKDuemSO
fLDeIw/iGW/RkwisaAp+D6/J02axKKY0UOunBMFlDxm0RJV/xbYJOXrdf7N40YAx
I6KuXtXdFvSXwuCSm2o2RNUo43L0A9dov10qGeTZWVOeeHeBNWt6zgqL6x7ZdXFV
Rq7LiZUgD1ogy0ahI9Jl
-----END CERTIFICATE-----
Generated at Mon May 12 19:58:09 2025 by rpki-client