Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/rlIqXezQw03hRrwupW-A2jwb5zA.roa
File: rlIqXezQw03hRrwupW-A2jwb5zA.roa (raw, json)
Hash identifier: E5ZIcDHgs1veOXMe8KrCKgzq6WOaWtGExJ4L4WS9jRk=
Subject key identifier: AE:52:2A:5D:EC:D0:C3:4D:E1:46:BC:2E:A5:6F:80:DA:3C:1B:E7:30
Certificate issuer: /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial: 018CC5008B3A0B3B76890AA97CBA8F8204CA
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/rlIqXezQw03hRrwupW-A2jwb5zA.roa
Signing time: Mon 01 Jan 2024 12:29:56 +0000
ROA not before: Mon 01 Jan 2024 12:29:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212165
IP address blocks: 185.224.212.0/24 maxlen: 24
2a12:92c0::/29 maxlen: 29
2a10:9680::/29 maxlen: 29
2a11:e140::/29 maxlen: 29
2a12:6c40::/29 maxlen: 29
2a12:7f40::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 30 Jan 2024 10:49:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:8b:3a:0b:3b:76:89:0a:a9:7c:ba:8f:82:04:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Validity
Not Before: Jan 1 12:29:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ae522a5decd0c34de146bc2ea56f80da3c1be730
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:20:85:b4:bd:b3:82:d0:85:e4:41:ab:d0:22:
a9:7e:79:48:76:a7:48:13:0e:a2:e4:75:88:40:93:
c7:c4:fb:34:6a:01:46:40:f2:f6:5c:55:59:4d:ae:
0f:04:a7:d8:18:85:98:9b:28:4a:32:fe:dd:6f:e2:
85:20:a4:22:a3:57:4b:16:a2:19:12:21:a9:0a:7f:
c9:8f:e6:82:1c:46:1a:5c:4e:99:c0:18:54:d6:54:
3f:8c:4c:41:bd:4e:6b:42:20:b6:d4:29:40:65:07:
bb:6c:22:91:93:fa:5f:43:0c:11:04:81:45:a1:da:
d5:a2:a6:bd:b8:fa:a3:91:47:c0:02:5e:f1:4f:12:
b3:90:da:e0:ba:c7:85:04:7c:06:2c:18:0c:ae:57:
35:a3:17:a5:d5:30:b8:27:6f:9e:d3:a4:c4:65:43:
bd:fb:09:91:86:80:43:fe:b6:da:f9:fc:d6:67:2e:
be:3b:24:e4:49:d7:e1:e9:ff:74:04:74:d0:4a:25:
bc:e8:fa:b5:d3:d7:d9:1b:01:20:4b:ec:4f:8c:ff:
7e:59:07:84:78:74:f1:39:3e:1b:c3:ef:2a:6a:0a:
bd:97:8f:21:9f:71:22:e6:12:22:4b:29:b2:63:cc:
a8:25:0a:84:32:05:d5:d9:37:df:5d:c6:aa:2f:7c:
82:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:52:2A:5D:EC:D0:C3:4D:E1:46:BC:2E:A5:6F:80:DA:3C:1B:E7:30
X509v3 Authority Key Identifier:
keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/rlIqXezQw03hRrwupW-A2jwb5zA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.224.212.0/24
IPv6:
2a10:9680::/29
2a11:e140::/29
2a12:6c40::/29
2a12:7f40::/29
2a12:92c0::/29
Signature Algorithm: sha256WithRSAEncryption
29:b6:58:19:49:8b:95:5e:d7:30:c2:53:b4:e7:f0:43:d8:14:
c9:0e:0e:ea:03:6e:f0:30:e1:cb:da:05:11:21:75:53:ea:19:
42:15:21:ca:1c:e0:1d:fb:94:21:b5:3a:b6:e6:f8:60:68:69:
98:37:27:e3:0a:8d:f9:ad:e9:b1:f2:ce:b8:6c:49:93:42:6b:
65:41:6a:a3:24:6a:a3:7b:77:57:45:39:1f:c1:08:fc:cf:71:
04:e6:3b:22:bf:8d:ab:83:f1:6d:89:4c:4c:6f:0e:96:7c:e9:
12:94:4f:2c:df:2d:e4:10:09:04:c9:fe:b3:b5:96:f2:ba:9b:
fc:f3:76:f2:c1:26:58:e5:f6:a8:46:60:1a:5a:39:2e:17:52:
2c:68:41:b8:4a:9e:9e:ea:d9:12:94:e2:70:64:55:95:76:b8:
59:45:00:5c:b9:e2:c0:16:6e:6d:23:88:93:62:48:21:17:0e:
11:5e:16:2e:dd:86:76:0e:38:7b:33:c7:a3:06:41:8e:23:bd:
4a:13:0a:75:e0:43:e9:b6:7b:52:fb:49:5a:e7:ac:f2:73:dd:
55:57:d2:92:49:b5:38:5b:15:4e:1a:22:22:1e:a1:3a:cc:04:
31:5e:f8:8b:ea:52:16:05:42:4d:ce:d8:03:81:92:6d:9f:e6:
da:1d:0b:2e
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYzFAIs6Czt2iQqpfLqPggTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjQwMTAxMTIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTUyMmE1ZGVjZDBjMzRkZTE0NmJjMmVhNTZmODBkYTNjMWJlNzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCCFtL2zgtCF5EGr0CKpfnlIdqdI
Ew6i5HWIQJPHxPs0agFGQPL2XFVZTa4PBKfYGIWYmyhKMv7db+KFIKQio1dLFqIZ
EiGpCn/Jj+aCHEYaXE6ZwBhU1lQ/jExBvU5rQiC21ClAZQe7bCKRk/pfQwwRBIFF
odrVoqa9uPqjkUfAAl7xTxKzkNrguseFBHwGLBgMrlc1oxel1TC4J2+e06TEZUO9
+wmRhoBD/rba+fzWZy6+OyTkSdfh6f90BHTQSiW86Pq109fZGwEgS+xPjP9+WQeE
eHTxOT4bw+8qagq9l48hn3Ei5hIiSymyY8yoJQqEMgXV2TffXcaqL3yC+wIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFK5SKl3s0MNN4Ua8LqVvgNo8G+cwMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvcmxJcVhlelF3MDNoUnJ3dXBXLUEyandiNXpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAMBAIAATAGAwQAueDUMCkE
AgACMCMDBQMqEJaAAwUDKhHhQAMFAyoSbEADBQMqEn9AAwUDKhKSwDANBgkqhkiG
9w0BAQsFAAOCAQEAKbZYGUmLlV7XMMJTtOfwQ9gUyQ4O6gNu8DDhy9oFESF1U+oZ
QhUhyhzgHfuUIbU6tub4YGhpmDcn4wqN+a3psfLOuGxJk0JrZUFqoyRqo3t3V0U5
H8EI/M9xBOY7Ir+Nq4PxbYlMTG8OlnzpEpRPLN8t5BAJBMn+s7WW8rqb/PN28sEm
WOX2qEZgGlo5LhdSLGhBuEqenurZEpTicGRVlXa4WUUAXLniwBZubSOIk2JIIRcO
EV4WLt2Gdg44ezPHowZBjiO9ShMKdeBD6bZ7UvtJWues8nPdVVfSkkm1OFsVThoi
Ih6hOswEMV74i+pSFgVCTc7YA4GSbZ/m2h0LLg==
-----END CERTIFICATE-----
Generated at Mon Apr 21 04:49:13 2025 by rpki-client