Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/iMKjTejAT5eiGh2UFfww2f7OZt0.roa
File: iMKjTejAT5eiGh2UFfww2f7OZt0.roa (raw, json)
Hash identifier: 4h4K5UvqPWOZ6aH7Ei162l5w7mRTH3w0BcXvZ8QFZvc=
Subject key identifier: 88:C2:A3:4D:E8:C0:4F:97:A2:1A:1D:94:15:FC:30:D9:FE:CE:66:DD
Certificate issuer: /CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Certificate serial: 018C1FEE0495735E58D8815E1A0B7AE70F40
Authority key identifier: 57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/iMKjTejAT5eiGh2UFfww2f7OZt0.roa
Signing time: Thu 30 Nov 2023 11:12:21 +0000
ROA not before: Thu 30 Nov 2023 11:12:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205836
IP address blocks: 185.157.129.0/24 maxlen: 24
185.157.130.0/24 maxlen: 24
185.157.131.0/24 maxlen: 24
185.157.128.0/24 maxlen: 24
185.204.202.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 06 Dec 2023 12:51:54 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1f:ee:04:95:73:5e:58:d8:81:5e:1a:0b:7a:e7:0f:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=577021dcdf44b6afdd3810547c55a79bd1a9fa3b
Validity
Not Before: Nov 30 11:12:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=88c2a34de8c04f97a21a1d9415fc30d9fece66dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:a6:bd:dd:74:92:14:65:ab:3f:73:75:04:8b:
9e:ac:6a:2e:14:07:75:64:18:1b:8a:89:c7:ff:7e:
cf:70:7c:ce:f5:48:d9:1e:99:c0:71:5a:6b:38:4f:
45:7f:99:d7:2f:9f:03:be:46:95:90:45:b3:e6:16:
da:c7:48:3d:6b:e6:45:3c:64:cf:54:60:26:90:01:
5d:c7:f2:7e:a6:ec:33:ee:ed:15:06:79:b4:37:57:
45:46:29:9b:56:4a:3a:66:09:89:c1:1d:90:a5:83:
bf:b5:07:63:95:0b:34:99:5a:3e:25:e1:3e:89:e6:
2f:9e:c2:9c:18:52:4b:08:df:39:c4:e5:18:4f:25:
d5:5a:83:6b:9e:79:a8:b7:14:bc:89:7b:fd:cb:bc:
aa:9d:f8:09:ea:44:a5:9e:ce:14:37:7e:40:5b:fe:
3f:97:71:5d:e1:01:8b:09:05:3d:48:33:1d:a4:89:
0e:31:74:cd:b6:cc:d4:45:e3:29:a8:c8:8e:89:2c:
6f:27:43:90:b8:27:c2:e7:19:ea:02:ec:64:37:5b:
0f:23:7a:ad:70:4c:9f:8e:09:f8:4f:e6:cd:aa:ec:
47:a4:9a:19:91:f2:0c:38:fe:3a:0e:29:69:91:e3:
c2:cb:d9:b2:98:93:20:80:8b:39:8a:56:fa:6c:e7:
af:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:C2:A3:4D:E8:C0:4F:97:A2:1A:1D:94:15:FC:30:D9:FE:CE:66:DD
X509v3 Authority Key Identifier:
keyid:57:70:21:DC:DF:44:B6:AF:DD:38:10:54:7C:55:A7:9B:D1:A9:FA:3B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/iMKjTejAT5eiGh2UFfww2f7OZt0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/0ac27a-2159-48d7-8bfd-c907ae1c211e/1/V3Ah3N9Etq_dOBBUfFWnm9Gp-js.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.157.128.0/22
185.204.202.0/24
Signature Algorithm: sha256WithRSAEncryption
53:eb:28:37:2a:4c:69:42:b5:00:32:71:ca:da:5f:2f:34:e0:
3a:cb:03:bf:95:65:62:0d:2d:30:0b:1b:f6:84:ae:7e:24:c5:
a7:70:12:be:5a:3c:63:ca:9c:87:c7:8f:4f:6a:db:3d:14:fc:
d8:1d:66:dd:a5:30:ba:dd:d1:5f:71:15:d1:3b:84:44:86:8c:
62:37:24:9a:62:77:db:23:aa:8c:4c:33:1f:0a:2a:c2:86:f0:
f3:53:10:6e:88:17:19:ec:06:1d:66:d4:12:7a:68:54:0c:4b:
23:e9:9d:f6:07:5a:aa:98:ea:bc:36:22:4d:69:97:70:fd:18:
b6:80:f8:4e:25:39:5f:ac:91:41:d3:16:1b:55:b1:86:31:1f:
b4:34:f0:7e:ba:d2:a9:09:c0:e6:a0:10:41:ac:06:53:16:b8:
7a:e9:86:80:1f:9a:f2:41:e1:1b:54:03:86:73:d0:a9:74:11:
db:6b:0d:da:f5:45:cd:0b:07:b3:94:4e:26:76:0c:f5:6e:c6:
c5:ba:5a:f6:0d:6a:79:e2:f5:06:f5:ec:5c:d6:d0:58:8d:20:
fa:38:33:eb:be:43:e9:a1:d9:f2:e9:2c:d4:61:0b:e1:30:21:
9c:55:e5:4d:f1:06:04:9a:69:dc:f4:4b:22:cc:0d:c9:34:e6:
0a:bd:ef:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYwf7gSVc15Y2IFeGgt65w9AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NzAyMWRjZGY0NGI2YWZkZDM4MTA1NDdjNTVhNzliZDFh
OWZhM2IwHhcNMjMxMTMwMTExMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGMyYTM0ZGU4YzA0Zjk3YTIxYTFkOTQxNWZjMzBkOWZlY2U2NmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkKa93XSSFGWrP3N1BIuerGouFAd1
ZBgbionH/37PcHzO9UjZHpnAcVprOE9Ff5nXL58DvkaVkEWz5hbax0g9a+ZFPGTP
VGAmkAFdx/J+puwz7u0VBnm0N1dFRimbVko6ZgmJwR2QpYO/tQdjlQs0mVo+JeE+
ieYvnsKcGFJLCN85xOUYTyXVWoNrnnmotxS8iXv9y7yqnfgJ6kSlns4UN35AW/4/
l3Fd4QGLCQU9SDMdpIkOMXTNtszUReMpqMiOiSxvJ0OQuCfC5xnqAuxkN1sPI3qt
cEyfjgn4T+bNquxHpJoZkfIMOP46DilpkePCy9mymJMggIs5ilb6bOev2QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIjCo03owE+XohodlBX8MNn+zmbdMB8GA1UdIwQY
MBaAFFdwIdzfRLav3TgQVHxVp5vRqfo7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQt
YzkwN2FlMWMyMTFlLzEvaU1LalRlakFUNWVpR2gyVUZmd3cyZjdPWnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS8wYWMyN2EtMjE1OS00OGQ3LThiZmQtYzkwN2FlMWMyMTFl
LzEvVjNBaDNOOUV0cV9kT0JCVWZGV25tOUdwLWpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZ2AAwQA
uczKMA0GCSqGSIb3DQEBCwUAA4IBAQBT6yg3KkxpQrUAMnHK2l8vNOA6ywO/lWVi
DS0wCxv2hK5+JMWncBK+WjxjypyHx49Pats9FPzYHWbdpTC63dFfcRXRO4REhoxi
NySaYnfbI6qMTDMfCirChvDzUxBuiBcZ7AYdZtQSemhUDEsj6Z32B1qqmOq8NiJN
aZdw/Ri2gPhOJTlfrJFB0xYbVbGGMR+0NPB+utKpCcDmoBBBrAZTFrh66YaAH5ry
QeEbVAOGc9CpdBHbaw3a9UXNCwezlE4mdgz1bsbFulr2DWp54vUG9exc1tBYjSD6
ODPrvkPpodny6SzUYQvhMCGcVeVN8QYEmmnc9EsizA3JNOYKve/e
-----END CERTIFICATE-----