Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/DqIOmRf587dAP1NKgWxy8pyZQcw.roa
File: DqIOmRf587dAP1NKgWxy8pyZQcw.roa (raw, json)
Hash identifier: emqm1Qxw9sMG2SNXGHtemsb4rjQ4dH6p2vVPijoDtGQ=
Subject key identifier: 0E:A2:0E:99:17:F9:F3:B7:40:3F:53:4A:81:6C:72:F2:9C:99:41:CC
Certificate issuer: /CN=d356ae625d9506df4a3e577b24a86fce3c73a8f8
Certificate serial: 0185703078212B9E7D1A93672344D97E34AA
Authority key identifier: D3:56:AE:62:5D:95:06:DF:4A:3E:57:7B:24:A8:6F:CE:3C:73:A8:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/01auYl2VBt9KPld7JKhvzjxzqPg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/DqIOmRf587dAP1NKgWxy8pyZQcw.roa
Signing time: Mon 02 Jan 2023 01:55:02 +0000
ROA not before: Mon 02 Jan 2023 01:55:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2603
IP address blocks: 109.105.120.0/22 maxlen: 22
109.105.96.0/20 maxlen: 20
185.174.116.0/22 maxlen: 22
109.105.112.0/21 maxlen: 21
2001:948::/29 maxlen: 29
2001:948:feed::/48 maxlen: 48
2001:948::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 00:29:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:30:78:21:2b:9e:7d:1a:93:67:23:44:d9:7e:34:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d356ae625d9506df4a3e577b24a86fce3c73a8f8
Validity
Not Before: Jan 2 01:55:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0ea20e9917f9f3b7403f534a816c72f29c9941cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:89:d7:bb:ec:ca:a3:a0:53:1e:7c:69:4f:d5:
d4:cd:a9:5b:91:f9:49:d6:f4:9f:13:a6:6d:1d:2f:
92:c9:76:01:65:d7:c9:2a:7c:e5:c0:3a:8b:7d:ac:
3a:d2:13:c9:16:4c:ba:05:a5:91:ac:81:cf:6c:c4:
8e:fe:c0:e6:46:13:69:a4:d0:cc:9e:a3:60:d3:f5:
39:58:c2:ad:5d:42:45:26:e0:54:cc:92:b5:9e:36:
0d:df:86:16:f6:3b:a5:9f:b1:67:ff:6a:56:10:13:
71:87:6c:81:1b:d9:71:9c:e9:bf:9d:7f:25:dd:f0:
aa:ea:ce:24:42:77:d4:49:96:37:49:26:53:3e:41:
30:72:09:43:79:18:43:b3:f1:39:24:05:fc:4b:25:
e2:a3:03:2b:64:b8:e0:78:29:f8:19:ea:1b:fa:a8:
2e:ec:2e:e2:4a:28:91:2f:0d:f1:72:e3:2c:65:82:
a8:0d:01:56:28:28:1d:55:37:85:aa:d6:da:fc:c4:
96:b7:f2:97:a9:eb:22:56:33:b8:4b:4f:5a:d6:fc:
c4:b3:ed:6f:ab:bc:6f:07:1d:7e:67:28:db:2b:8e:
83:77:0a:12:80:47:3d:86:f0:03:83:79:3e:0d:03:
ec:4e:fc:10:36:89:1f:7a:46:ef:9f:92:a2:2c:10:
17:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:A2:0E:99:17:F9:F3:B7:40:3F:53:4A:81:6C:72:F2:9C:99:41:CC
X509v3 Authority Key Identifier:
keyid:D3:56:AE:62:5D:95:06:DF:4A:3E:57:7B:24:A8:6F:CE:3C:73:A8:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01auYl2VBt9KPld7JKhvzjxzqPg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/DqIOmRf587dAP1NKgWxy8pyZQcw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/7a6545-5277-40f3-b366-2ea87e6ea2a0/1/01auYl2VBt9KPld7JKhvzjxzqPg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.105.96.0-109.105.123.255
185.174.116.0/22
IPv6:
2001:948::/29
Signature Algorithm: sha256WithRSAEncryption
67:b1:34:74:50:9e:c6:9c:c0:1e:84:e6:08:80:43:d6:4f:06:
e0:d1:0c:c4:8e:88:dd:37:c8:7b:75:6f:e2:5a:f5:40:4d:77:
d1:ca:25:d4:f8:42:d9:80:63:24:f7:72:94:3b:f6:de:a1:2a:
fb:25:b5:c4:09:9f:a0:4c:f6:44:55:19:a8:95:7a:3a:44:de:
da:ef:e0:a2:32:d9:8d:76:3d:f6:67:54:c3:f7:0d:25:e3:7b:
c3:08:76:b1:4b:a9:91:0e:d5:42:b0:18:a0:f7:4a:ec:85:01:
81:0a:ed:11:08:0b:97:67:a9:b2:55:07:b9:4a:65:41:f9:04:
65:b1:63:21:7f:b5:21:86:00:18:8f:a1:79:2e:9d:01:b6:73:
c9:fd:f5:b9:a3:d8:b2:7c:12:62:13:cc:11:f7:76:ef:79:5f:
15:28:8a:72:83:45:84:2a:a3:53:e4:ce:64:fc:55:0d:4e:c0:
22:d5:b7:f3:7f:96:01:96:71:0b:ea:81:ce:19:e7:4e:f7:0f:
4b:16:51:c2:43:d1:6d:f0:bc:f2:d9:06:22:66:19:01:ad:6a:
6f:93:c7:bc:81:3e:c0:57:8d:58:de:c5:22:f8:83:15:f6:a8:
04:8b:b0:ee:13:5a:9f:58:22:55:27:c1:d5:63:fe:f7:99:43:
93:de:f7:29
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYVwMHghK559GpNnI0TZfjSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTZhZTYyNWQ5NTA2ZGY0YTNlNTc3YjI0YTg2ZmNlM2M3
M2E4ZjgwHhcNMjMwMTAyMDE1NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWEyMGU5OTE3ZjlmM2I3NDAzZjUzNGE4MTZjNzJmMjljOTk0MWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYnXu+zKo6BTHnxpT9XUzalbkflJ
1vSfE6ZtHS+SyXYBZdfJKnzlwDqLfaw60hPJFky6BaWRrIHPbMSO/sDmRhNppNDM
nqNg0/U5WMKtXUJFJuBUzJK1njYN34YW9juln7Fn/2pWEBNxh2yBG9lxnOm/nX8l
3fCq6s4kQnfUSZY3SSZTPkEwcglDeRhDs/E5JAX8SyXiowMrZLjgeCn4Geob+qgu
7C7iSiiRLw3xcuMsZYKoDQFWKCgdVTeFqtba/MSWt/KXqesiVjO4S09a1vzEs+1v
q7xvBx1+ZyjbK46DdwoSgEc9hvADg3k+DQPsTvwQNokfekbvn5KiLBAXfQIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFA6iDpkX+fO3QD9TSoFscvKcmUHMMB8GA1UdIwQY
MBaAFNNWrmJdlQbfSj5XeySob848c6j4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFhdVlsMlZCdDlLUGxkN0pLaHZ6anh6cVBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS83YTY1NDUtNTI3Ny00MGYzLWIzNjYt
MmVhODdlNmVhMmEwLzEvRHFJT21SZjU4N2RBUDFOS2dXeHk4cHlaUWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS83YTY1NDUtNTI3Ny00MGYzLWIzNjYtMmVhODdlNmVhMmEw
LzEvMDFhdVlsMlZCdDlLUGxkN0pLaHZ6anh6cVBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBAVtaWAD
BAJtaXgDBAK5rnQwDQQCAAIwBwMFAyABCUgwDQYJKoZIhvcNAQELBQADggEBAGex
NHRQnsacwB6E5giAQ9ZPBuDRDMSOiN03yHt1b+Ja9UBNd9HKJdT4QtmAYyT3cpQ7
9t6hKvsltcQJn6BM9kRVGaiVejpE3trv4KIy2Y12PfZnVMP3DSXje8MIdrFLqZEO
1UKwGKD3SuyFAYEK7REIC5dnqbJVB7lKZUH5BGWxYyF/tSGGABiPoXkunQG2c8n9
9bmj2LJ8EmITzBH3du95XxUoinKDRYQqo1PkzmT8VQ1OwCLVt/N/lgGWcQvqgc4Z
5073D0sWUcJD0W3wvPLZBiJmGQGtam+Tx7yBPsBXjVjexSL4gxX2qASLsO4TWp9Y
IlUnwdVj/veZQ5Pe9yk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:42 2024 by rpki-client on console-ams.rpki-client.org