Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/2lPCys7-z1VNUB6sPnxv3DExlrc.roa
File: 2lPCys7-z1VNUB6sPnxv3DExlrc.roa (raw, json)
Hash identifier: DMC/KbjQQVEW9wFX0cqtqWV7mdXf/6rnZskSXSCyO6M=
Subject key identifier: DA:53:C2:CA:CE:FE:CF:55:4D:50:1E:AC:3E:7C:6F:DC:31:31:96:B7
Certificate issuer: /CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Certificate serial: 018CC726C753A6E22F220E3F2A5C6B6C9452
Authority key identifier: BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/2lPCys7-z1VNUB6sPnxv3DExlrc.roa
Signing time: Mon 01 Jan 2024 22:30:56 +0000
ROA not before: Mon 01 Jan 2024 22:30:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35332
IP address blocks: 185.151.96.0/22 maxlen: 24
87.236.0.0/21 maxlen: 24
194.5.181.0/24 maxlen: 24
77.242.112.0/20 maxlen: 24
188.92.56.0/21 maxlen: 24
37.235.112.0/21 maxlen: 24
45.116.184.0/22 maxlen: 24
208.88.128.0/22 maxlen: 24
185.113.212.0/22 maxlen: 24
139.28.200.0/22 maxlen: 24
2a00:a000::/32 maxlen: 48
Validation: Failed, certificate revoked on Tue 27 Feb 2024 09:21:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:26:c7:53:a6:e2:2f:22:0e:3f:2a:5c:6b:6c:94:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=bf809a7e6ca14d0a1a976673e0319e34e956ed3d
Validity
Not Before: Jan 1 22:30:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=da53c2cacefecf554d501eac3e7c6fdc313196b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:17:2e:7e:45:f2:4b:7a:8b:4c:ed:ae:a8:4f:
ef:05:b2:07:64:40:c1:27:1c:06:e2:c2:c1:d3:29:
0c:72:ed:f7:f6:4a:62:3c:8c:28:c3:ae:60:d8:15:
c2:ad:6a:44:72:1c:00:c6:28:5c:3c:b4:2c:4c:48:
dc:78:85:2b:87:8e:dc:5e:9b:a9:e0:84:7f:9d:22:
52:19:3a:c5:3b:98:8d:34:d5:9f:2f:a5:de:e2:fc:
bc:58:ec:f9:7a:b4:65:85:1a:ab:7c:e1:62:91:63:
a6:7e:49:24:3b:92:30:b1:3c:f8:ac:ea:56:ee:ac:
73:a0:73:fb:df:19:35:54:11:57:c1:7d:1a:2f:0f:
ed:e7:f4:1c:9a:db:80:89:72:bf:68:a7:35:99:aa:
bf:a8:b7:c5:55:41:85:ff:1d:19:a9:a1:77:4a:1c:
90:9f:07:a8:af:34:06:d1:aa:14:84:b7:a1:40:93:
4e:70:f5:95:d5:ef:49:53:03:bf:01:d5:bb:7c:e9:
2f:52:2c:de:d9:5d:3c:93:e4:f6:8d:43:b8:fd:5a:
32:d3:37:43:fe:67:9b:05:7a:ee:6d:47:c4:d4:c3:
45:cc:fa:38:dc:75:ac:27:d5:ca:16:08:01:f4:0a:
a2:63:bb:9a:8a:6d:64:f4:c7:e8:d8:9c:d3:a2:c0:
74:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:53:C2:CA:CE:FE:CF:55:4D:50:1E:AC:3E:7C:6F:DC:31:31:96:B7
X509v3 Authority Key Identifier:
keyid:BF:80:9A:7E:6C:A1:4D:0A:1A:97:66:73:E0:31:9E:34:E9:56:ED:3D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4CafmyhTQoal2Zz4DGeNOlW7T0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/2lPCys7-z1VNUB6sPnxv3DExlrc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/3a382a-3dda-4796-b320-3fdfb4140f24/1/v4CafmyhTQoal2Zz4DGeNOlW7T0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.235.112.0/21
45.116.184.0/22
77.242.112.0/20
87.236.0.0/21
139.28.200.0/22
185.113.212.0/22
185.151.96.0/22
188.92.56.0/21
194.5.181.0/24
208.88.128.0/22
IPv6:
2a00:a000::/32
Signature Algorithm: sha256WithRSAEncryption
78:1e:0f:84:d5:e1:6f:95:a5:81:03:ae:e2:67:47:91:96:8d:
ed:92:60:47:66:a9:d2:8e:de:a1:95:d4:30:29:6b:a0:7d:6b:
0e:7d:6c:07:e2:9c:84:ba:7b:2b:a7:a5:7b:01:1e:fe:17:f6:
ac:eb:56:ec:17:1c:14:ec:77:77:8a:c8:8c:dd:c1:75:30:8e:
de:ba:7d:2d:fd:10:79:b3:a5:b8:37:d3:65:bb:89:e7:14:40:
c3:0e:03:c0:c7:08:02:81:3d:45:e2:45:8a:7e:a2:89:63:9b:
63:28:e0:6e:6c:ef:cb:a3:81:09:b3:21:29:0e:5e:b2:14:b0:
d9:8c:f5:06:5e:d0:66:60:f1:ed:ae:c1:1b:f2:b2:d9:00:f3:
30:85:88:bb:20:e1:88:75:38:e2:2b:25:c2:be:c9:90:53:17:
86:f8:4e:46:ab:78:3e:76:07:1b:de:89:03:21:e5:ef:cc:98:
fc:3e:23:fe:89:0b:66:a0:f0:c2:49:79:20:06:28:57:2d:69:
25:6f:b4:cc:86:2d:61:a5:4c:22:c3:96:b3:6b:84:73:95:72:
7c:1f:b8:b7:c7:e1:7f:fc:a4:6f:39:ef:6c:26:fe:2e:64:55:
bc:d5:db:60:30:ec:7e:7a:0f:cb:6f:7e:b9:97:01:ee:da:65:
2f:1c:4f:a7
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzHJsdTpuIvIg4/KlxrbJRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODA5YTdlNmNhMTRkMGExYTk3NjY3M2UwMzE5ZTM0ZTk1
NmVkM2QwHhcNMjQwMTAxMjIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTUzYzJjYWNlZmVjZjU1NGQ1MDFlYWMzZTdjNmZkYzMxMzE5NmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxcufkXyS3qLTO2uqE/vBbIHZEDB
JxwG4sLB0ykMcu339kpiPIwow65g2BXCrWpEchwAxihcPLQsTEjceIUrh47cXpup
4IR/nSJSGTrFO5iNNNWfL6Xe4vy8WOz5erRlhRqrfOFikWOmfkkkO5IwsTz4rOpW
7qxzoHP73xk1VBFXwX0aLw/t5/QcmtuAiXK/aKc1maq/qLfFVUGF/x0ZqaF3ShyQ
nweorzQG0aoUhLehQJNOcPWV1e9JUwO/AdW7fOkvUize2V08k+T2jUO4/Voy0zdD
/mebBXrubUfE1MNFzPo43HWsJ9XKFggB9AqiY7uaim1k9Mfo2JzTosB03QIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFNpTwsrO/s9VTVAerD58b9wxMZa3MB8GA1UdIwQY
MBaAFL+Amn5soU0KGpdmc+AxnjTpVu09MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAt
M2ZkZmI0MTQwZjI0LzEvMmxQQ3lzNy16MVZOVUI2c1BueHYzREV4bHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8zYTM4MmEtM2RkYS00Nzk2LWIzMjAtM2ZkZmI0MTQwZjI0
LzEvdjRDYWZteWhUUW9hbDJaejRER2VOT2xXN1QwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDJetwAwQC
LXS4AwQETfJwAwQDV+wAAwQCixzIAwQCuXHUAwQCuZdgAwQDvFw4AwQAwgW1AwQC
0FiAMA0EAgACMAcDBQAqAKAAMA0GCSqGSIb3DQEBCwUAA4IBAQB4Hg+E1eFvlaWB
A67iZ0eRlo3tkmBHZqnSjt6hldQwKWugfWsOfWwH4pyEunsrp6V7AR7+F/as61bs
FxwU7Hd3isiM3cF1MI7eun0t/RB5s6W4N9Nlu4nnFEDDDgPAxwgCgT1F4kWKfqKJ
Y5tjKOBubO/Lo4EJsyEpDl6yFLDZjPUGXtBmYPHtrsEb8rLZAPMwhYi7IOGIdTji
KyXCvsmQUxeG+E5Gq3g+dgcb3okDIeXvzJj8PiP+iQtmoPDCSXkgBihXLWklb7TM
hi1hpUwiw5aza4RzlXJ8H7i3x+F//KRvOe9sJv4uZFW81dtgMOx+eg/Lb365lwHu
2mUvHE+n
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:00 2024 by rpki-client on console-fra.rpki-client.org