Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/MnJ3q4VCKIgSpIvLyekMc1LnA-E.roa
File: MnJ3q4VCKIgSpIvLyekMc1LnA-E.roa (raw, json)
Hash identifier: l0PULd6xuGPofiPeDGAWwKmgom1QxvlcicZSyqkpBOs=
Subject key identifier: 32:72:77:AB:85:42:28:88:12:A4:8B:CB:C9:E9:0C:73:52:E7:03:E1
Certificate issuer: /CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Certificate serial: 018CC500951B33E651C4BA5C99CA1C5F1D64
Authority key identifier: 18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/MnJ3q4VCKIgSpIvLyekMc1LnA-E.roa
Signing time: Mon 01 Jan 2024 12:29:58 +0000
ROA not before: Mon 01 Jan 2024 12:29:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 216157
IP address blocks: 2a12:ec0::/29 maxlen: 32
2a12:1900::/29 maxlen: 32
2a13:ba00::/29 maxlen: 32
2a12:28c0::/29 maxlen: 32
2a12:6b80::/29 maxlen: 32
2a13:dac0::/29 maxlen: 32
2a11:f140::/29 maxlen: 32
2a14:7e00::/29 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 17:42:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:95:1b:33:e6:51:c4:ba:5c:99:ca:1c:5f:1d:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=189d6b55d6a688ee5e3381883bb5af68433276e3
Validity
Not Before: Jan 1 12:29:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=327277ab8542288812a48bcbc9e90c7352e703e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:e3:90:fe:e8:95:6f:fd:eb:ca:3b:8f:ba:e1:
3e:9d:83:d0:2d:1b:db:b7:cb:6a:d5:09:2e:e2:bc:
be:ab:ca:6c:34:94:3a:81:75:d9:4f:0f:f8:1c:1e:
53:2d:b6:cb:ba:fa:d2:06:97:a4:33:4b:5c:22:38:
d9:85:bd:37:79:ac:70:95:45:7c:be:a1:06:97:54:
47:e7:8f:31:d5:35:b9:2a:95:b9:4a:64:a0:ae:98:
90:de:a8:c1:15:1f:f4:c6:09:5d:dd:ae:06:0f:de:
99:6f:27:c3:01:be:50:f8:b9:34:59:20:68:07:2e:
5a:90:51:b4:97:b5:6e:02:a9:97:53:b1:27:bc:9f:
e9:ff:a4:be:83:0d:36:37:87:c0:cb:0c:f3:e9:66:
53:b9:16:fc:9b:37:03:54:7b:73:24:32:6e:06:e3:
0c:ee:84:f3:fb:d0:7b:14:2b:ec:b2:97:b9:d5:c8:
f2:b5:08:52:a4:c3:43:da:fe:ba:53:69:64:10:b6:
a9:69:15:bb:a2:5e:5c:da:3c:37:e6:3c:72:b1:a9:
c1:99:b0:55:ba:b2:ec:ba:01:84:fc:32:bd:e8:da:
23:b7:3d:18:37:ad:e8:af:99:80:a1:81:0e:d4:23:
64:fa:cf:f7:4a:13:76:d6:9d:b1:41:55:4b:87:d5:
87:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:72:77:AB:85:42:28:88:12:A4:8B:CB:C9:E9:0C:73:52:E7:03:E1
X509v3 Authority Key Identifier:
keyid:18:9D:6B:55:D6:A6:88:EE:5E:33:81:88:3B:B5:AF:68:43:32:76:E3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GJ1rVdamiO5eM4GIO7WvaEMyduM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/MnJ3q4VCKIgSpIvLyekMc1LnA-E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/757b56-7b57-48a0-9a75-a2a4c6a621cd/1/GJ1rVdamiO5eM4GIO7WvaEMyduM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a11:f140::/29
2a12:ec0::/29
2a12:1900::/29
2a12:28c0::/29
2a12:6b80::/29
2a13:ba00::/29
2a13:dac0::/29
2a14:7e00::/29
Signature Algorithm: sha256WithRSAEncryption
15:33:bb:6a:11:bc:ec:4f:6d:66:0d:f0:4b:9a:03:74:31:7f:
7b:3b:42:b9:a4:81:59:2e:99:07:c6:dd:9c:90:9a:6b:a8:2a:
08:f2:52:5e:9a:65:41:99:58:b2:d4:d7:44:29:48:78:2e:d7:
1a:40:36:20:40:a4:fa:12:5e:2b:d3:e6:1b:36:01:00:23:00:
81:bd:5b:4e:07:77:7e:8d:b1:89:29:aa:b7:b4:9e:8e:35:02:
69:97:28:33:3b:6c:35:cd:1b:31:40:a5:55:d8:c6:34:25:a7:
8c:fa:05:db:36:7b:56:47:67:b1:a8:1b:2f:a1:d8:14:be:b5:
3f:8d:75:b6:e6:00:c3:20:f5:9d:bb:35:14:d6:2f:8e:c7:7e:
f2:86:d8:d5:44:8c:76:a6:6d:25:ca:53:d6:75:a1:0f:00:16:
ba:ca:a7:dd:a5:02:82:46:6e:d3:30:e1:85:a1:7f:ad:94:83:
2f:43:e2:f2:11:05:a9:8a:8e:a8:6d:10:08:f2:30:e1:f7:cf:
73:c8:67:4e:2f:d2:77:c0:2a:67:c6:de:aa:27:b0:41:20:4b:
5c:ab:a1:f3:b6:45:bf:ea:96:98:47:4d:35:b2:54:2b:50:b0:
da:1e:dc:41:8d:ce:af:53:a9:e3:be:53:5f:10:a6:65:93:d1:
e3:47:c9:86
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYzFAJUbM+ZRxLpcmcocXx1kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4OWQ2YjU1ZDZhNjg4ZWU1ZTMzODE4ODNiYjVhZjY4NDMz
Mjc2ZTMwHhcNMjQwMTAxMTIyOTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjcyNzdhYjg1NDIyODg4MTJhNDhiY2JjOWU5MGM3MzUyZTcwM2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw+OQ/uiVb/3ryjuPuuE+nYPQLRvb
t8tq1Qku4ry+q8psNJQ6gXXZTw/4HB5TLbbLuvrSBpekM0tcIjjZhb03eaxwlUV8
vqEGl1RH548x1TW5KpW5SmSgrpiQ3qjBFR/0xgld3a4GD96ZbyfDAb5Q+Lk0WSBo
By5akFG0l7VuAqmXU7EnvJ/p/6S+gw02N4fAywzz6WZTuRb8mzcDVHtzJDJuBuMM
7oTz+9B7FCvsspe51cjytQhSpMND2v66U2lkELapaRW7ol5c2jw35jxysanBmbBV
urLsugGE/DK96Nojtz0YN63or5mAoYEO1CNk+s/3ShN21p2xQVVLh9WHNQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDJyd6uFQiiIEqSLy8npDHNS5wPhMB8GA1UdIwQY
MBaAFBida1XWpojuXjOBiDu1r2hDMnbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUt
YTJhNGM2YTYyMWNkLzEvTW5KM3E0VkNLSWdTcEl2THlla01jMUxuQS1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS83NTdiNTYtN2I1Ny00OGEwLTlhNzUtYTJhNGM2YTYyMWNk
LzEvR0oxclZkYW1pTzVlTTRHSU83V3ZhRU15ZHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAAjA4AwUDKhHxQAMF
AyoSDsADBQMqEhkAAwUDKhIowAMFAyoSa4ADBQMqE7oAAwUDKhPawAMFAyoUfgAw
DQYJKoZIhvcNAQELBQADggEBABUzu2oRvOxPbWYN8EuaA3Qxf3s7QrmkgVkumQfG
3ZyQmmuoKgjyUl6aZUGZWLLU10QpSHgu1xpANiBApPoSXivT5hs2AQAjAIG9W04H
d36NsYkpqre0no41AmmXKDM7bDXNGzFApVXYxjQlp4z6Bds2e1ZHZ7GoGy+h2BS+
tT+NdbbmAMMg9Z27NRTWL47HfvKG2NVEjHambSXKU9Z1oQ8AFrrKp92lAoJGbtMw
4YWhf62Ugy9D4vIRBamKjqhtEAjyMOH3z3PIZ04v0nfAKmfG3qonsEEgS1yrofO2
Rb/qlphHTTWyVCtQsNoe3EGNzq9TqeO+U18QpmWT0eNHyYY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:38 2024 by rpki-client on console-fra.rpki-client.org