Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/1-eBvWKF2ksjk5K5pWtLONRdE9A8.roa
File: 1-eBvWKF2ksjk5K5pWtLONRdE9A8.roa (raw, json)
Hash identifier: H2RocMduSziTddihL7QI5LrtLUzwsuhDTcHY+0HG9X8=
Subject key identifier: F9:E0:6F:58:A1:76:92:C8:E4:E4:AE:69:5A:D2:CE:35:17:44:F4:0F
Certificate issuer: /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial: 018CB6C208C2F89B3E9E874CF975E2194D17
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/1-eBvWKF2ksjk5K5pWtLONRdE9A8.roa
Signing time: Fri 29 Dec 2023 18:06:58 +0000
ROA not before: Fri 29 Dec 2023 18:06:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 216271
IP address blocks: 185.201.136.0/22 maxlen: 22
2a12:ec0::/29 maxlen: 29
2a12:28c0::/29 maxlen: 29
2a0f:e000::/29 maxlen: 29
2a12:1900::/29 maxlen: 29
2a0e:7780::/29 maxlen: 29
2a11:f140::/29 maxlen: 29
2a0a:e2c0::/29 maxlen: 29
Validation: Failed, certificate revoked on Sat 30 Dec 2023 16:47:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b6:c2:08:c2:f8:9b:3e:9e:87:4c:f9:75:e2:19:4d:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Validity
Not Before: Dec 29 18:06:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f9e06f58a17692c8e4e4ae695ad2ce351744f40f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:01:eb:ac:ea:4a:5f:2f:95:d7:a5:c3:37:b0:
41:45:cc:cb:bb:3e:48:55:b2:35:bb:d6:ad:c7:ba:
c9:9e:e8:0c:b9:01:c4:15:18:77:d1:8b:88:80:56:
3c:5a:09:dc:4d:c0:fe:60:d4:21:62:f9:1f:70:37:
5a:8a:45:3e:ee:ef:8c:6a:f1:f7:07:b8:38:b9:99:
c8:e8:d9:7c:d6:6c:72:d9:38:35:a9:15:5a:8d:e9:
c0:1c:0c:d2:78:0d:78:6b:db:4d:02:be:9f:19:92:
8c:2e:9e:1e:2d:b3:22:62:99:2a:2f:16:a8:86:98:
21:30:89:7f:60:ad:d4:dc:49:7e:56:02:9a:87:6c:
2a:1d:2f:aa:80:69:7f:bd:62:0d:a4:9f:1f:9b:60:
6c:4e:92:9a:b7:65:a6:5f:5c:e5:40:a3:bd:1c:3c:
a1:bb:7a:f6:e9:8d:0e:a8:cb:f9:b9:f1:39:6c:6d:
95:0d:f1:6a:16:70:04:a6:6d:6b:15:34:25:d4:63:
3a:81:32:4c:40:ea:07:e6:09:a2:f7:39:43:3c:fb:
cb:37:f3:99:90:31:bf:8f:74:28:92:4e:e9:3c:e0:
45:ed:93:67:55:4f:2b:21:b2:0e:63:43:bc:03:45:
6f:69:a2:0f:d4:40:b4:9e:69:f1:c8:41:eb:aa:91:
6f:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:E0:6F:58:A1:76:92:C8:E4:E4:AE:69:5A:D2:CE:35:17:44:F4:0F
X509v3 Authority Key Identifier:
keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/1-eBvWKF2ksjk5K5pWtLONRdE9A8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.201.136.0/22
IPv6:
2a0a:e2c0::/29
2a0e:7780::/29
2a0f:e000::/29
2a11:f140::/29
2a12:ec0::/29
2a12:1900::/29
2a12:28c0::/29
Signature Algorithm: sha256WithRSAEncryption
c9:e6:c7:d5:d5:31:dc:aa:b7:bd:95:b5:d8:ed:f0:33:5f:a2:
ad:e4:5c:22:3d:c5:74:1e:72:06:48:da:38:61:2d:b6:be:25:
d1:4c:bf:d9:de:16:91:60:9a:84:01:9e:92:a4:94:89:92:48:
5e:94:4f:d6:db:64:23:4f:d2:fb:ca:63:94:a5:dc:8a:30:25:
fb:60:41:7d:d1:a9:1c:4e:93:00:b0:ca:96:d1:16:61:2b:92:
56:f4:a5:7d:41:e2:5b:c6:17:69:a9:04:85:9c:54:41:4d:4f:
cd:75:42:ff:72:bf:2a:42:a2:c2:5d:aa:ef:da:8f:ed:e4:64:
1a:58:df:a3:f6:7b:34:f3:78:28:87:78:6e:10:46:ee:de:26:
7a:08:16:4c:73:d2:6e:0e:4a:1f:50:d0:86:f8:0c:e5:52:5a:
83:f9:9a:ca:fa:00:a7:50:84:99:22:d6:18:aa:cb:73:9c:e8:
05:cf:2b:bd:00:df:3b:47:2f:c0:ac:39:c1:57:77:3e:07:ac:
9e:15:5a:dc:59:34:cb:44:e7:c2:04:91:51:a7:f5:78:8e:ba:
54:c2:ad:08:2a:2b:4b:c6:2d:86:a0:9a:db:75:dc:41:03:bf:
52:23:db:1c:ab:80:7a:f6:97:c5:47:1c:5f:9a:54:96:d7:15:
ef:ba:c8:94
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAYy2wgjC+Js+nodM+XXiGU0XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjMxMjI5MTgwNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWUwNmY1OGExNzY5MmM4ZTRlNGFlNjk1YWQyY2UzNTE3NDRmNDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigHrrOpKXy+V16XDN7BBRczLuz5I
VbI1u9atx7rJnugMuQHEFRh30YuIgFY8WgncTcD+YNQhYvkfcDdaikU+7u+MavH3
B7g4uZnI6Nl81mxy2Tg1qRVajenAHAzSeA14a9tNAr6fGZKMLp4eLbMiYpkqLxao
hpghMIl/YK3U3El+VgKah2wqHS+qgGl/vWINpJ8fm2BsTpKat2WmX1zlQKO9HDyh
u3r26Y0OqMv5ufE5bG2VDfFqFnAEpm1rFTQl1GM6gTJMQOoH5gmi9zlDPPvLN/OZ
kDG/j3Qokk7pPOBF7ZNnVU8rIbIOY0O8A0VvaaIP1EC0nmnxyEHrqpFvswIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFPngb1ihdpLI5OSuaVrSzjUXRPQPMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvMS1lQnZXS0Yya3NqazVLNXBXdExPTlJkRTlBOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTEvNzU3YjU2LTdiNTctNDhhMC05YTc1LWEyYTRjNmE2MjFj
ZC8xL0dKMXJWZGFtaU81ZU00R0lPN1d2YUVNeWR1TS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBYBggrBgEFBQcBBwEB/wRJMEcwDAQCAAEwBgMEArnJiDA3
BAIAAjAxAwUDKgriwAMFAyoOd4ADBQMqD+AAAwUDKhHxQAMFAyoSDsADBQMqEhkA
AwUDKhIowDANBgkqhkiG9w0BAQsFAAOCAQEAyebH1dUx3Kq3vZW12O3wM1+ireRc
Ij3FdB5yBkjaOGEttr4l0Uy/2d4WkWCahAGekqSUiZJIXpRP1ttkI0/S+8pjlKXc
ijAl+2BBfdGpHE6TALDKltEWYSuSVvSlfUHiW8YXaakEhZxUQU1PzXVC/3K/KkKi
wl2q79qP7eRkGljfo/Z7NPN4KId4bhBG7t4meggWTHPSbg5KH1DQhvgM5VJag/ma
yvoAp1CEmSLWGKrLc5zoBc8rvQDfO0cvwKw5wVd3PgesnhVa3Fk0y0TnwgSRUaf1
eI66VMKtCCorS8YthqCa23XcQQO/UiPbHKuAevaXxUccX5pUltcV77rIlA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:02 2024 by rpki-client on console-ams.rpki-client.org