Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/c6ec68-225f-4d95-9340-a1f74586387b/1/1yii9cHrXR_cn5QAS8IaOtBUQik.roa
File: 1yii9cHrXR_cn5QAS8IaOtBUQik.roa (raw, json)
Hash identifier: 2KvyLGoHorSJyPC9lsoGnObj3WCWbbln5K4qXv7QTqo=
Subject key identifier: D7:28:A2:F5:C1:EB:5D:1F:DC:9F:94:00:4B:C2:1A:3A:D0:54:42:29
Certificate issuer: /CN=f52f20d0d3b2efc5bc97a47b775bd8ba1794f9e5
Certificate serial: 018570FBC3D6DC59EBAA511B7421B4967F1F
Authority key identifier: F5:2F:20:D0:D3:B2:EF:C5:BC:97:A4:7B:77:5B:D8:BA:17:94:F9:E5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9S8g0NOy78W8l6R7d1vYuheU-eU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/20/c6ec68-225f-4d95-9340-a1f74586387b/1/1yii9cHrXR_cn5QAS8IaOtBUQik.roa
Signing time: Mon 02 Jan 2023 05:37:05 +0000
ROA not before: Mon 02 Jan 2023 05:37:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208018
IP address blocks: 185.172.206.0/23 maxlen: 23
185.172.204.0/22 maxlen: 22
185.172.204.0/23 maxlen: 23
185.172.207.0/24 maxlen: 24
2a0f:1dc0::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:fb:c3:d6:dc:59:eb:aa:51:1b:74:21:b4:96:7f:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f52f20d0d3b2efc5bc97a47b775bd8ba1794f9e5
Validity
Not Before: Jan 2 05:37:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d728a2f5c1eb5d1fdc9f94004bc21a3ad0544229
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:59:d5:83:fd:f3:2f:73:62:42:70:28:54:80:
89:af:1f:db:15:c9:a4:98:91:ad:47:4c:5a:b1:04:
58:1b:73:e7:25:cb:81:10:74:81:51:f3:56:96:d3:
09:47:73:3b:f0:e3:20:52:6f:57:53:d2:91:a6:59:
4a:d4:43:cd:a0:20:96:0c:b5:eb:91:af:03:b6:db:
8d:d0:95:94:a6:ab:d3:f6:47:5c:c2:ad:3e:41:11:
e7:a7:7f:5e:e5:7a:2a:13:16:75:26:03:0d:ce:f0:
eb:8c:15:55:c1:3f:c3:fb:66:81:d4:bb:cd:ce:08:
cc:63:87:04:33:fb:75:7d:d4:f4:17:49:86:80:2a:
5a:3e:9f:c1:38:f3:fa:44:9c:a4:93:c9:88:e1:2f:
eb:75:68:78:98:4a:85:25:7a:c3:a6:98:a6:f7:e1:
03:b0:ee:48:e0:67:3e:e1:c5:45:cd:6e:ca:2b:fa:
fa:5c:30:7a:ca:42:22:c8:49:9b:08:e7:e2:f2:81:
88:a7:f1:36:2f:72:eb:80:07:c3:d7:8c:c8:c6:e7:
71:b5:aa:13:b7:80:3f:21:bf:62:f6:2b:39:c3:ac:
7e:3d:ac:17:4f:64:fc:d7:83:87:af:a9:a9:2e:e1:
f4:56:d4:97:7c:be:87:e7:c2:88:3b:21:a6:e1:03:
27:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:28:A2:F5:C1:EB:5D:1F:DC:9F:94:00:4B:C2:1A:3A:D0:54:42:29
X509v3 Authority Key Identifier:
keyid:F5:2F:20:D0:D3:B2:EF:C5:BC:97:A4:7B:77:5B:D8:BA:17:94:F9:E5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9S8g0NOy78W8l6R7d1vYuheU-eU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c6ec68-225f-4d95-9340-a1f74586387b/1/1yii9cHrXR_cn5QAS8IaOtBUQik.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/20/c6ec68-225f-4d95-9340-a1f74586387b/1/9S8g0NOy78W8l6R7d1vYuheU-eU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.172.204.0/22
IPv6:
2a0f:1dc0::/29
Signature Algorithm: sha256WithRSAEncryption
a1:37:77:ef:fe:88:2b:5e:a9:b6:aa:0b:48:cb:98:d9:be:f4:
b3:cb:5f:b1:8e:09:fa:a5:25:22:d2:92:5a:13:b3:93:cd:bd:
1f:11:00:dd:be:2c:90:32:2d:ab:63:06:3c:f2:a8:18:bd:dd:
af:72:e2:5b:b7:4e:05:48:1b:0e:3a:5b:50:46:c8:f0:05:1f:
62:f4:90:6d:80:df:58:3f:fb:61:5b:4d:42:0c:2f:e0:5c:fb:
f4:4f:80:25:ad:cf:b7:db:02:84:8e:6b:de:70:46:5e:fd:1e:
bf:ac:f0:b6:5f:3c:95:a0:1c:b4:df:7e:f6:dc:a4:63:0a:4a:
0d:95:e0:5f:b8:b7:d8:17:0e:3f:31:9a:b9:66:e0:c1:ac:6a:
8e:b7:14:13:87:c7:df:ac:90:38:29:d6:92:f5:36:23:4a:93:
d1:d4:c9:3a:a7:2c:4d:a5:c1:36:ef:e3:39:a5:58:72:0d:a2:
82:62:b8:dc:3d:ff:c3:45:be:ae:b7:48:8b:be:25:eb:72:63:
4a:ef:cb:f1:4f:36:85:81:52:e2:24:97:35:ac:da:3c:60:a0:
61:44:45:03:6e:33:07:7f:f2:bc:7e:80:94:1e:49:50:88:89:
f5:5d:9f:e2:a4:c0:00:e0:42:c4:44:c0:9c:4a:5a:7e:7b:28:
6c:57:83:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVw+8PW3FnrqlEbdCG0ln8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MmYyMGQwZDNiMmVmYzViYzk3YTQ3Yjc3NWJkOGJhMTc5
NGY5ZTUwHhcNMjMwMTAyMDUzNzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzI4YTJmNWMxZWI1ZDFmZGM5Zjk0MDA0YmMyMWEzYWQwNTQ0MjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlVnVg/3zL3NiQnAoVICJrx/bFcmk
mJGtR0xasQRYG3PnJcuBEHSBUfNWltMJR3M78OMgUm9XU9KRpllK1EPNoCCWDLXr
ka8DttuN0JWUpqvT9kdcwq0+QRHnp39e5XoqExZ1JgMNzvDrjBVVwT/D+2aB1LvN
zgjMY4cEM/t1fdT0F0mGgCpaPp/BOPP6RJykk8mI4S/rdWh4mEqFJXrDppim9+ED
sO5I4Gc+4cVFzW7KK/r6XDB6ykIiyEmbCOfi8oGIp/E2L3LrgAfD14zIxudxtaoT
t4A/Ib9i9is5w6x+PawXT2T814OHr6mpLuH0VtSXfL6H58KIOyGm4QMnRQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNcoovXB610f3J+UAEvCGjrQVEIpMB8GA1UdIwQY
MBaAFPUvINDTsu/FvJeke3db2LoXlPnlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVM4ZzBOT3k3OFc4bDZSN2Qxdll1aGVVLWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9jNmVjNjgtMjI1Zi00ZDk1LTkzNDAt
YTFmNzQ1ODYzODdiLzEvMXlpaTljSHJYUl9jbjVRQVM4SWFPdEJVUWlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9jNmVjNjgtMjI1Zi00ZDk1LTkzNDAtYTFmNzQ1ODYzODdi
LzEvOVM4ZzBOT3k3OFc4bDZSN2Qxdll1aGVVLWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuazMMA0E
AgACMAcDBQMqDx3AMA0GCSqGSIb3DQEBCwUAA4IBAQChN3fv/ogrXqm2qgtIy5jZ
vvSzy1+xjgn6pSUi0pJaE7OTzb0fEQDdviyQMi2rYwY88qgYvd2vcuJbt04FSBsO
OltQRsjwBR9i9JBtgN9YP/thW01CDC/gXPv0T4Alrc+32wKEjmvecEZe/R6/rPC2
XzyVoBy033723KRjCkoNleBfuLfYFw4/MZq5ZuDBrGqOtxQTh8ffrJA4KdaS9TYj
SpPR1Mk6pyxNpcE27+M5pVhyDaKCYrjcPf/DRb6ut0iLviXrcmNK78vxTzaFgVLi
JJc1rNo8YKBhREUDbjMHf/K8foCUHklQiIn1XZ/ipMAA4ELERMCcSlp+eyhsV4O7
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:31:57 2024 by rpki-client on console-ams.rpki-client.org