Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/uv21ZCqV4UTnIS-bSHkSRQCsSBY.roa
File: uv21ZCqV4UTnIS-bSHkSRQCsSBY.roa (raw, json)
Hash identifier: 5j4toHIauuEmwkves173RMhWwHPMpZl+j/1YKtGBVSs=
Subject key identifier: BA:FD:B5:64:2A:95:E1:44:E7:21:2F:9B:48:79:12:45:00:AC:48:16
Certificate issuer: /CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Certificate serial: 018572CC99A1C98D29C3FE2A536229EAD43E
Authority key identifier: D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/uv21ZCqV4UTnIS-bSHkSRQCsSBY.roa
Signing time: Mon 02 Jan 2023 14:04:49 +0000
ROA not before: Mon 02 Jan 2023 14:04:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31251
IP address blocks: 85.203.0.0/24 maxlen: 24
85.203.0.0/22 maxlen: 22
85.203.2.0/24 maxlen: 24
85.203.11.0/24 maxlen: 24
85.203.5.0/24 maxlen: 24
85.203.6.0/24 maxlen: 24
85.203.12.0/24 maxlen: 24
2a02:a10::/29 maxlen: 29
2a03:60c0::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:cc:99:a1:c9:8d:29:c3:fe:2a:53:62:29:ea:d4:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d45bdf6eec08370ae1f67e83f99b5ac1fe26872c
Validity
Not Before: Jan 2 14:04:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bafdb5642a95e144e7212f9b4879124500ac4816
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:85:aa:54:ca:65:c1:a7:1d:f2:b8:5e:1f:c6:
8c:ce:4e:f4:34:2d:9e:26:8a:50:66:57:fe:ec:7b:
f9:4f:a3:e5:49:ca:e7:8e:34:38:f9:87:f9:5f:d8:
68:95:aa:ea:99:8e:cd:e5:80:cd:15:e3:40:57:50:
48:6b:3b:0a:91:4c:ad:89:1f:e6:4a:e9:cc:b0:4f:
c3:a9:31:a4:49:d8:7c:02:47:79:48:2f:20:48:c2:
0f:c5:f3:01:6e:24:d8:4b:67:1e:1b:2d:e1:b5:40:
cb:c9:4f:68:df:c5:7e:cb:43:48:a8:84:63:6e:6a:
04:b3:12:48:63:4f:6c:5c:ba:64:8a:3c:aa:f7:87:
58:ae:a8:55:38:f1:3c:5b:40:36:80:22:2a:fd:5d:
12:47:68:97:f1:ed:24:8a:fd:ec:56:c1:ba:c1:df:
28:cf:8d:e4:21:e5:1a:72:8f:35:91:35:9d:06:5e:
b0:e6:d7:cf:e1:07:3f:57:d0:65:16:51:33:33:55:
85:f8:fa:9c:52:99:52:52:9b:aa:52:04:03:d5:29:
84:a5:06:99:31:67:3e:1e:a3:ca:78:bf:82:af:cf:
16:da:2f:40:e6:fb:ae:f4:28:d2:1f:2b:5a:df:9a:
fe:27:b3:61:f4:fd:bd:7d:b9:d9:02:52:fe:77:39:
2d:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:FD:B5:64:2A:95:E1:44:E7:21:2F:9B:48:79:12:45:00:AC:48:16
X509v3 Authority Key Identifier:
keyid:D4:5B:DF:6E:EC:08:37:0A:E1:F6:7E:83:F9:9B:5A:C1:FE:26:87:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1FvfbuwINwrh9n6D-Ztawf4mhyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/uv21ZCqV4UTnIS-bSHkSRQCsSBY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/e2dfff-8ba8-4bcf-ac31-98463859ecc1/1/1FvfbuwINwrh9n6D-Ztawf4mhyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.203.0.0/22
85.203.5.0-85.203.6.255
85.203.11.0-85.203.12.255
IPv6:
2a02:a10::/29
2a03:60c0::/29
Signature Algorithm: sha256WithRSAEncryption
11:ca:97:5d:e0:fd:df:bb:9c:75:f4:65:3b:dc:c1:57:2d:42:
99:fb:3c:54:3a:0b:4a:fc:f4:22:d8:b5:33:56:43:eb:10:44:
f1:46:7c:dc:2b:01:f1:ee:85:a2:16:b7:7a:41:8f:e3:01:92:
f0:29:99:7f:d2:19:5d:26:f4:32:20:10:30:97:b0:18:6d:17:
55:64:2f:05:8a:5c:b4:52:14:57:c1:53:be:5e:05:28:85:66:
1c:91:85:f3:7c:78:39:42:9a:e5:90:54:8a:40:96:95:09:f5:
1f:fe:11:43:50:5a:9c:3c:77:c8:14:11:b9:cd:6b:a1:be:cf:
56:67:4f:83:84:52:75:fa:6a:c0:13:21:09:b9:98:19:ec:9f:
27:15:8b:b3:a7:69:df:97:07:c1:b0:af:ce:b0:66:26:ad:62:
c6:86:8d:08:20:21:81:8e:c2:ef:0c:7a:f4:2e:50:dc:ec:51:
b7:46:c9:e8:78:31:82:a1:50:3b:fb:98:6c:e3:83:d6:63:4f:
85:83:21:fa:d5:a1:d3:e3:cf:17:20:13:cf:60:17:05:91:a5:
99:72:88:05:f7:e9:40:9b:a1:b4:69:b8:c4:76:80:4e:c8:be:
f0:64:88:f3:31:ef:61:3a:71:72:88:01:b5:11:79:9a:52:3e:
f4:d0:3e:d8
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVyzJmhyY0pw/4qU2Ip6tQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NWJkZjZlZWMwODM3MGFlMWY2N2U4M2Y5OWI1YWMxZmUy
Njg3MmMwHhcNMjMwMTAyMTQwNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWZkYjU2NDJhOTVlMTQ0ZTcyMTJmOWI0ODc5MTI0NTAwYWM0ODE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYWqVMplwacd8rheH8aMzk70NC2e
JopQZlf+7Hv5T6PlScrnjjQ4+Yf5X9holarqmY7N5YDNFeNAV1BIazsKkUytiR/m
SunMsE/DqTGkSdh8Akd5SC8gSMIPxfMBbiTYS2ceGy3htUDLyU9o38V+y0NIqIRj
bmoEsxJIY09sXLpkijyq94dYrqhVOPE8W0A2gCIq/V0SR2iX8e0kiv3sVsG6wd8o
z43kIeUaco81kTWdBl6w5tfP4Qc/V9BlFlEzM1WF+PqcUplSUpuqUgQD1SmEpQaZ
MWc+HqPKeL+Cr88W2i9A5vuu9CjSHyta35r+J7Nh9P29fbnZAlL+dzktRwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFLr9tWQqleFE5yEvm0h5EkUArEgWMB8GA1UdIwQY
MBaAFNRb327sCDcK4fZ+g/mbWsH+JocsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEt
OTg0NjM4NTllY2MxLzEvdXYyMVpDcVY0VVRuSVMtYlNIa1NSUUNzU0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lMmRmZmYtOGJhOC00YmNmLWFjMzEtOTg0NjM4NTllY2Mx
LzEvMUZ2ZmJ1d0lOd3JoOW42RC1adGF3ZjRtaHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAoBAIAATAiAwQCVcsAMAwD
BABVywUDBABVywYwDAMEAFXLCwMEAFXLDDAUBAIAAjAOAwUDKgIKEAMFAyoDYMAw
DQYJKoZIhvcNAQELBQADggEBABHKl13g/d+7nHX0ZTvcwVctQpn7PFQ6C0r89CLY
tTNWQ+sQRPFGfNwrAfHuhaIWt3pBj+MBkvApmX/SGV0m9DIgEDCXsBhtF1VkLwWK
XLRSFFfBU75eBSiFZhyRhfN8eDlCmuWQVIpAlpUJ9R/+EUNQWpw8d8gUEbnNa6G+
z1ZnT4OEUnX6asATIQm5mBnsnycVi7Onad+XB8Gwr86wZiatYsaGjQggIYGOwu8M
evQuUNzsUbdGyeh4MYKhUDv7mGzjg9ZjT4WDIfrVodPjzxcgE89gFwWRpZlyiAX3
6UCbobRpuMR2gE7IvvBkiPMx72E6cXKIAbUReZpSPvTQPtg=
-----END CERTIFICATE-----
Generated at Tue Jan 2 15:20:34 2024 by rpki-client on console-ams.rpki-client.org