Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b0dc52-416e-4a02-8993-fbc5a1e382c5/1/cYWgwwxrssUrySDXBgseQ-KZkqI.roa
File: cYWgwwxrssUrySDXBgseQ-KZkqI.roa (raw, json)
Hash identifier: MyHM+Z8QDcMiLk32dXiikHwxgiwLWjQe8srFCtQu+4I=
Subject key identifier: 71:85:A0:C3:0C:6B:B2:C5:2B:C9:20:D7:06:0B:1E:43:E2:99:92:A2
Certificate issuer: /CN=aedc8f327a461964c0a87a9c7809401c57c86d41
Certificate serial: 01902A38F658C7F3F59354D6F20C5D061032
Authority key identifier: AE:DC:8F:32:7A:46:19:64:C0:A8:7A:9C:78:09:40:1C:57:C8:6D:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rtyPMnpGGWTAqHqceAlAHFfIbUE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b0dc52-416e-4a02-8993-fbc5a1e382c5/1/cYWgwwxrssUrySDXBgseQ-KZkqI.roa
Signing time: Tue 18 Jun 2024 07:21:34 +0000
ROA not before: Tue 18 Jun 2024 07:21:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61189
IP address blocks: 85.194.200.0/22 maxlen: 22
85.194.201.0/24 maxlen: 24
185.7.252.0/22 maxlen: 22
185.7.252.0/23 maxlen: 23
185.7.254.0/23 maxlen: 23
2a03:29c0::/32 maxlen: 32
2a03:29c0:1000::/36 maxlen: 36
2a03:29c0:2000::/36 maxlen: 36
2a03:29c0:8000::/33 maxlen: 33
2a03:29c0:a000::/35 maxlen: 35
2a03:29c0:fffe::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 27 Jun 2024 07:36:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:2a:38:f6:58:c7:f3:f5:93:54:d6:f2:0c:5d:06:10:32
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aedc8f327a461964c0a87a9c7809401c57c86d41
Validity
Not Before: Jun 18 07:21:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7185a0c30c6bb2c52bc920d7060b1e43e29992a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:d2:6e:32:40:c6:36:b1:f0:e1:97:c4:ee:f4:
53:00:a6:15:d8:23:60:2a:be:2f:95:5d:ab:64:2a:
da:e7:8a:2e:52:cd:2c:6a:84:da:18:51:5b:17:79:
e6:1c:4c:e9:8d:a1:37:74:b2:91:58:b8:f5:31:e2:
38:e3:d2:2a:86:b8:d2:42:1a:ea:24:9b:67:7a:a5:
60:6e:e8:25:16:6e:7a:fe:0b:bd:80:96:a5:46:10:
f7:69:4c:69:85:e0:0a:e7:68:a9:65:14:7e:af:a6:
82:f9:24:58:b4:e7:54:62:5b:67:66:39:e5:84:f6:
29:7b:16:c1:5a:6a:7b:67:33:ed:06:c8:a4:bd:ce:
55:9c:af:0f:eb:7c:1f:80:21:85:8a:91:75:f2:5e:
ef:3e:2d:38:c5:d6:b4:85:60:c1:93:2e:8c:1d:59:
10:cc:00:a4:e2:ac:a7:f1:95:34:fb:16:f5:aa:11:
6e:44:37:d8:b5:9c:86:25:b7:e7:23:19:ed:47:f0:
e8:0b:13:23:d7:55:64:c0:cb:5e:47:56:20:a7:e9:
28:51:c9:5c:cf:ee:ed:6f:fa:47:6f:97:eb:5f:5f:
a6:86:d0:cf:4a:71:58:d2:8a:62:16:95:13:54:85:
ff:c5:33:dd:4e:64:0b:68:7e:1b:55:6c:8b:82:ee:
07:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:85:A0:C3:0C:6B:B2:C5:2B:C9:20:D7:06:0B:1E:43:E2:99:92:A2
X509v3 Authority Key Identifier:
keyid:AE:DC:8F:32:7A:46:19:64:C0:A8:7A:9C:78:09:40:1C:57:C8:6D:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtyPMnpGGWTAqHqceAlAHFfIbUE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0dc52-416e-4a02-8993-fbc5a1e382c5/1/cYWgwwxrssUrySDXBgseQ-KZkqI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0dc52-416e-4a02-8993-fbc5a1e382c5/1/rtyPMnpGGWTAqHqceAlAHFfIbUE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.194.200.0/22
185.7.252.0/22
IPv6:
2a03:29c0::/32
Signature Algorithm: sha256WithRSAEncryption
6d:9e:3d:47:7e:be:77:f1:a2:b2:8c:af:3c:51:e6:94:95:aa:
a1:b5:d0:12:31:36:14:19:77:3c:c9:21:4f:a3:25:98:97:45:
b4:79:dc:58:a7:50:82:41:18:23:aa:3c:c8:cf:08:d4:36:f9:
5a:06:94:bb:93:f6:d4:eb:7e:07:e6:1b:51:a5:09:76:24:57:
78:71:c3:f6:87:ab:e8:4b:cd:83:b7:79:f3:6b:76:cf:21:9d:
71:9f:29:33:fd:63:07:38:10:58:e3:62:bc:a0:26:2d:99:0b:
b1:01:af:ac:e7:5f:df:72:da:26:e0:42:46:44:b7:62:26:18:
40:85:d4:68:0c:3b:ef:ba:2d:0b:15:73:ae:9c:88:a3:22:4e:
5d:b2:82:41:d6:b6:49:b3:24:ae:10:21:69:2e:15:52:42:e1:
f5:0d:ba:84:4d:5b:c9:15:28:65:07:71:55:16:63:07:8c:7d:
57:f4:1b:ec:ee:0c:fc:0a:3b:36:26:ba:58:29:9b:2d:43:c5:
5a:72:44:75:95:c8:ea:3c:66:2b:c8:d2:e6:79:dc:c6:ff:a0:
4d:03:b5:c9:a7:b8:23:3e:84:35:af:e7:ab:97:74:52:87:3d:
bc:3d:f0:e3:c7:9d:2c:56:e7:56:b4:b6:9f:e5:77:cb:f0:bf:
af:56:47:5e
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZAqOPZYx/P1k1TW8gxdBhAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGM4ZjMyN2E0NjE5NjRjMGE4N2E5Yzc4MDk0MDFjNTdj
ODZkNDEwHhcNMjQwNjE4MDcyMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTg1YTBjMzBjNmJiMmM1MmJjOTIwZDcwNjBiMWU0M2UyOTk5MmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8NJuMkDGNrHw4ZfE7vRTAKYV2CNg
Kr4vlV2rZCra54ouUs0saoTaGFFbF3nmHEzpjaE3dLKRWLj1MeI449IqhrjSQhrq
JJtneqVgbuglFm56/gu9gJalRhD3aUxpheAK52ipZRR+r6aC+SRYtOdUYltnZjnl
hPYpexbBWmp7ZzPtBsikvc5VnK8P63wfgCGFipF18l7vPi04xda0hWDBky6MHVkQ
zACk4qyn8ZU0+xb1qhFuRDfYtZyGJbfnIxntR/DoCxMj11VkwMteR1Ygp+koUclc
z+7tb/pHb5frX1+mhtDPSnFY0opiFpUTVIX/xTPdTmQLaH4bVWyLgu4HhwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHGFoMMMa7LFK8kg1wYLHkPimZKiMB8GA1UdIwQY
MBaAFK7cjzJ6RhlkwKh6nHgJQBxXyG1BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnR5UE1ucEdHV1RBcUhxY2VBbEFIRmZJYlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iMGRjNTItNDE2ZS00YTAyLTg5OTMt
ZmJjNWExZTM4MmM1LzEvY1lXZ3d3eHJzc1VyeVNEWEJnc2VRLUtaa3FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iMGRjNTItNDE2ZS00YTAyLTg5OTMtZmJjNWExZTM4MmM1
LzEvcnR5UE1ucEdHV1RBcUhxY2VBbEFIRmZJYlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCVcLIAwQC
uQf8MA0EAgACMAcDBQAqAynAMA0GCSqGSIb3DQEBCwUAA4IBAQBtnj1Hfr538aKy
jK88UeaUlaqhtdASMTYUGXc8ySFPoyWYl0W0edxYp1CCQRgjqjzIzwjUNvlaBpS7
k/bU634H5htRpQl2JFd4ccP2h6voS82Dt3nza3bPIZ1xnykz/WMHOBBY42K8oCYt
mQuxAa+s51/fctom4EJGRLdiJhhAhdRoDDvvui0LFXOunIijIk5dsoJB1rZJsySu
ECFpLhVSQuH1DbqETVvJFShlB3FVFmMHjH1X9Bvs7gz8Cjs2JrpYKZstQ8VackR1
lcjqPGYryNLmedzG/6BNA7XJp7gjPoQ1r+erl3RShz28PfDjx50sVudWtLaf5XfL
8L+vVkde
-----END CERTIFICATE-----
Generated at Thu Jun 27 12:26:56 2024 by rpki-client on console-ams.rpki-client.org