Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/8LofYwzOnDiA0y7Z7CmVnR50mIY.roa
File: 8LofYwzOnDiA0y7Z7CmVnR50mIY.roa (raw, json)
Hash identifier: hmXZ2bTl0BK/47F8+saWfaSWl9ePupsFOT0CPW0OeqA=
Subject key identifier: F0:BA:1F:63:0C:CE:9C:38:80:D3:2E:D9:EC:29:95:9D:1E:74:98:86
Certificate issuer: /CN=a749aca85dc66c83ce55ecdc045c96075ca7debc
Certificate serial: 018D0E561C093BEBA66DC9D6C1A3CBF5CC13
Authority key identifier: A7:49:AC:A8:5D:C6:6C:83:CE:55:EC:DC:04:5C:96:07:5C:A7:DE:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p0msqF3GbIPOVezcBFyWB1yn3rw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/8LofYwzOnDiA0y7Z7CmVnR50mIY.roa
Signing time: Mon 15 Jan 2024 18:15:40 +0000
ROA not before: Mon 15 Jan 2024 18:15:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61025
IP address blocks: 185.17.236.0/23 maxlen: 24
2a03:dd42::/32 maxlen: 32
2a03:dd40::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 Jan 2025 13:49:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:0e:56:1c:09:3b:eb:a6:6d:c9:d6:c1:a3:cb:f5:cc:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a749aca85dc66c83ce55ecdc045c96075ca7debc
Validity
Not Before: Jan 15 18:15:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f0ba1f630cce9c3880d32ed9ec29959d1e749886
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:0d:fc:9b:79:b7:99:9f:a0:5a:65:29:08:06:
3a:f7:71:86:49:ba:a7:98:fb:c5:d9:df:e0:3f:59:
2e:fd:f9:aa:59:73:31:d7:82:d9:7c:35:9d:96:bd:
c7:d1:35:b5:c8:6a:13:73:b6:91:d6:81:48:dc:ba:
ca:89:62:9a:69:b1:43:6e:a8:01:e0:c7:02:84:80:
8b:66:ab:98:05:9f:ed:25:0b:00:11:c6:c3:85:05:
4d:7b:8e:ae:56:16:94:8b:1d:b4:ee:a8:7f:9c:89:
c0:78:14:da:73:07:2f:fd:98:1c:79:6a:31:85:f3:
df:16:1b:75:b8:0d:da:d9:ed:e7:6d:62:61:c3:2a:
d4:fa:9f:cb:e4:15:f4:ae:ad:c4:e8:3e:9b:3f:11:
15:f1:78:35:12:8b:2e:23:5c:83:29:c1:4a:ce:ff:
c3:37:07:49:df:8a:cf:80:4a:55:ec:a6:f5:3e:db:
11:69:ac:96:61:62:9c:48:85:53:97:2c:25:cd:23:
bb:db:87:96:5d:3c:58:b9:06:c2:2a:f3:dc:2f:c1:
a4:8f:34:81:09:4a:a4:79:c9:30:aa:28:20:cc:85:
c2:b7:52:ac:13:22:ac:40:f9:87:c1:9c:47:b6:b2:
e5:a8:16:d5:02:cf:88:97:fc:b2:22:bc:ac:dc:2f:
5d:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:BA:1F:63:0C:CE:9C:38:80:D3:2E:D9:EC:29:95:9D:1E:74:98:86
X509v3 Authority Key Identifier:
keyid:A7:49:AC:A8:5D:C6:6C:83:CE:55:EC:DC:04:5C:96:07:5C:A7:DE:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p0msqF3GbIPOVezcBFyWB1yn3rw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/8LofYwzOnDiA0y7Z7CmVnR50mIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/33e508-127d-4946-b3cc-4c9f43f878ab/1/p0msqF3GbIPOVezcBFyWB1yn3rw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.17.236.0/23
IPv6:
2a03:dd40::/32
2a03:dd42::/32
Signature Algorithm: sha256WithRSAEncryption
1b:5e:5c:a6:a0:67:a4:fe:df:a5:aa:62:79:58:4a:27:3a:3b:
6b:e7:49:58:a8:65:75:b6:7d:9a:6c:d8:be:b5:29:67:44:4e:
86:99:ae:dc:23:d0:4a:2e:24:d6:40:45:3c:aa:c3:e6:7c:26:
cb:38:be:89:4a:19:e6:2a:a4:32:df:07:bd:bd:3a:b6:7b:c0:
85:6d:19:3d:9c:7b:b7:d1:d5:e7:de:dc:14:7e:98:61:09:f3:
2a:95:50:b5:46:d1:0b:1a:b4:9a:c7:99:c4:39:82:99:74:60:
be:98:75:93:71:76:f6:2f:fc:73:c9:4e:06:09:09:5f:91:e3:
94:51:b2:eb:a8:8b:6b:56:74:33:c6:2f:60:fb:8c:c9:7d:a2:
49:6e:a8:7e:d1:c3:d4:e6:05:2c:bb:5b:48:59:f4:a1:9f:a1:
f5:b6:4d:d4:7a:61:d1:74:f2:9e:c7:47:f3:3f:d4:b5:06:3d:
15:66:af:ba:78:73:b7:9d:18:bf:ee:7e:26:bb:61:5c:b6:a2:
76:8c:e4:bd:77:eb:43:e4:2b:95:3b:c3:d4:47:9b:e8:bd:da:
ef:3d:0d:94:04:b5:33:96:66:b0:9e:0f:5f:f8:d5:59:2f:cc:
67:4f:ce:43:5d:9d:72:11:63:92:0e:3a:28:89:62:b5:41:5b:
96:a2:93:03
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAY0OVhwJO+umbcnWwaPL9cwTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NDlhY2E4NWRjNjZjODNjZTU1ZWNkYzA0NWM5NjA3NWNh
N2RlYmMwHhcNMjQwMTE1MTgxNTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGJhMWY2MzBjY2U5YzM4ODBkMzJlZDllYzI5OTU5ZDFlNzQ5ODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgw38m3m3mZ+gWmUpCAY693GGSbqn
mPvF2d/gP1ku/fmqWXMx14LZfDWdlr3H0TW1yGoTc7aR1oFI3LrKiWKaabFDbqgB
4McChICLZquYBZ/tJQsAEcbDhQVNe46uVhaUix207qh/nInAeBTacwcv/ZgceWox
hfPfFht1uA3a2e3nbWJhwyrU+p/L5BX0rq3E6D6bPxEV8Xg1EosuI1yDKcFKzv/D
NwdJ34rPgEpV7Kb1PtsRaayWYWKcSIVTlywlzSO724eWXTxYuQbCKvPcL8GkjzSB
CUqkeckwqiggzIXCt1KsEyKsQPmHwZxHtrLlqBbVAs+Il/yyIrys3C9djQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPC6H2MMzpw4gNMu2ewplZ0edJiGMB8GA1UdIwQY
MBaAFKdJrKhdxmyDzlXs3ARclgdcp968MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDBtc3FGM0diSVBPVmV6Y0JGeVdCMXluM3J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8zM2U1MDgtMTI3ZC00OTQ2LWIzY2Mt
NGM5ZjQzZjg3OGFiLzEvOExvZll3ek9uRGlBMHk3WjdDbVZuUjUwbUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8zM2U1MDgtMTI3ZC00OTQ2LWIzY2MtNGM5ZjQzZjg3OGFi
LzEvcDBtc3FGM0diSVBPVmV6Y0JGeVdCMXluM3J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAMBAIAATAGAwQBuRHsMBQE
AgACMA4DBQAqA91AAwUAKgPdQjANBgkqhkiG9w0BAQsFAAOCAQEAG15cpqBnpP7f
papieVhKJzo7a+dJWKhldbZ9mmzYvrUpZ0ROhpmu3CPQSi4k1kBFPKrD5nwmyzi+
iUoZ5iqkMt8Hvb06tnvAhW0ZPZx7t9HV597cFH6YYQnzKpVQtUbRCxq0mseZxDmC
mXRgvph1k3F29i/8c8lOBgkJX5HjlFGy66iLa1Z0M8YvYPuMyX2iSW6oftHD1OYF
LLtbSFn0oZ+h9bZN1Hph0XTynsdH8z/UtQY9FWavunhzt50Yv+5+JrthXLaidozk
vXfrQ+QrlTvD1Eeb6L3a7z0NlAS1M5ZmsJ4PX/jVWS/MZ0/OQ12dchFjkg46KIli
tUFblqKTAw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:10:33 2025 by rpki-client