Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/ma8-ewcuTCBOJQQIqjlfnGCR1n0.roa
File: ma8-ewcuTCBOJQQIqjlfnGCR1n0.roa (raw, json)
Hash identifier: +KhiUt0x5AWkyORakxPJz6o7uKHa+nGPxPx6ax8H3TA=
Subject key identifier: 99:AF:3E:7B:07:2E:4C:20:4E:25:04:08:AA:39:5F:9C:60:91:D6:7D
Certificate issuer: /CN=b0a5699a08c7bfd707cfb06d3213f5cacbf28257
Certificate serial: 018C632D5C16E17C3B6A6652D1CE0D7C1BF5
Authority key identifier: B0:A5:69:9A:08:C7:BF:D7:07:CF:B0:6D:32:13:F5:CA:CB:F2:82:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sKVpmgjHv9cHz7BtMhP1ysvyglc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/ma8-ewcuTCBOJQQIqjlfnGCR1n0.roa
Signing time: Wed 13 Dec 2023 12:36:06 +0000
ROA not before: Wed 13 Dec 2023 12:36:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206930
IP address blocks: 185.171.164.0/23 maxlen: 23
185.171.164.0/22 maxlen: 22
185.171.165.0/24 maxlen: 24
185.171.166.0/24 maxlen: 24
185.171.167.0/24 maxlen: 24
185.171.166.0/23 maxlen: 24
Validation: Failed, certificate revoked on Tue 02 Jan 2024 04:30:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:63:2d:5c:16:e1:7c:3b:6a:66:52:d1:ce:0d:7c:1b:f5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0a5699a08c7bfd707cfb06d3213f5cacbf28257
Validity
Not Before: Dec 13 12:36:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=99af3e7b072e4c204e250408aa395f9c6091d67d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:15:3b:2c:3f:38:ef:14:94:1f:1c:aa:30:6c:
ec:ca:f6:03:00:8d:ac:5d:87:90:5f:62:35:74:e9:
96:df:cb:e9:99:c8:6a:64:f4:c1:3c:56:ca:ed:c1:
91:7b:f0:71:ba:bf:c4:3c:f3:de:24:95:ad:9b:d8:
9d:14:5c:ec:c6:d8:4b:4a:25:bd:53:72:e6:63:07:
88:d7:2c:f9:6a:3f:24:dc:17:20:d0:67:88:b4:82:
75:ea:a9:af:40:f3:d1:17:5f:10:e7:b1:8a:6e:6d:
c9:74:d0:d2:ce:da:54:ae:01:88:e6:65:e8:62:ce:
42:76:f8:5f:a6:cd:1f:a3:63:86:1a:51:36:54:05:
0a:1b:9d:dc:05:8f:cc:48:f5:c6:4e:d9:3c:cb:f9:
a6:de:ef:aa:f7:92:fa:dc:34:d4:a6:7b:04:c3:26:
cd:2b:47:7a:7a:ba:01:35:42:92:6b:db:7e:23:ca:
1c:cc:05:14:78:b7:ee:93:c5:67:40:ef:65:4c:15:
48:ea:12:e9:79:72:69:bb:6c:dd:a7:c2:15:24:cc:
8c:a9:8b:da:88:de:38:4e:a2:eb:7b:bc:77:f4:22:
af:cb:75:97:f3:d3:2c:42:db:8a:12:35:95:f4:06:
f8:39:e9:6d:fb:a8:43:ad:9e:34:4a:15:36:21:f9:
5e:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:AF:3E:7B:07:2E:4C:20:4E:25:04:08:AA:39:5F:9C:60:91:D6:7D
X509v3 Authority Key Identifier:
keyid:B0:A5:69:9A:08:C7:BF:D7:07:CF:B0:6D:32:13:F5:CA:CB:F2:82:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sKVpmgjHv9cHz7BtMhP1ysvyglc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/ma8-ewcuTCBOJQQIqjlfnGCR1n0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/3fd6e9-17d3-4019-8669-9666d976285d/1/sKVpmgjHv9cHz7BtMhP1ysvyglc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.171.164.0/22
Signature Algorithm: sha256WithRSAEncryption
51:cc:af:51:11:01:61:21:0e:e3:54:99:91:53:41:7b:3e:5c:
09:e2:8d:f8:fc:26:e0:cd:ef:20:c5:43:b7:b7:1a:cd:af:6f:
be:0f:20:39:fe:9e:00:74:be:92:a9:f2:37:05:86:7c:33:7e:
51:be:78:8f:07:37:80:08:fd:2d:4a:94:ef:53:0f:f3:9f:a1:
94:b1:e7:02:0b:6e:8a:1d:2b:6b:3c:46:fc:e4:e3:aa:7d:f4:
1d:0d:a2:f9:0d:2c:8f:10:b6:a0:2c:72:e5:f9:61:25:1a:7c:
c9:96:2d:08:ef:b2:cb:ef:c4:ba:b1:9c:5d:f4:98:bd:07:ed:
b7:b3:09:b0:6b:72:6f:49:4c:e6:ff:76:c2:31:f5:72:16:37:
a0:0b:92:86:69:af:b4:b5:8c:95:2c:d6:87:bf:8b:e6:94:0f:
67:f7:16:6d:23:77:1b:18:bd:19:af:a3:a8:d9:6d:b3:7e:83:
0b:e3:b7:1f:db:8b:2e:f9:8c:0f:b4:1e:3a:3d:32:f8:ba:88:
4f:a4:d2:da:60:82:aa:1a:8b:19:21:7e:81:fc:2e:b5:fa:58:
d2:46:04:20:77:4b:95:03:63:5e:78:78:8a:d1:ca:4a:a6:e9:
9b:6e:a8:73:d0:c7:fb:3c:b2:76:9c:b8:24:0d:e7:05:61:6b:
59:31:0c:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYxjLVwW4Xw7amZS0c4NfBv1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYTU2OTlhMDhjN2JmZDcwN2NmYjA2ZDMyMTNmNWNhY2Jm
MjgyNTcwHhcNMjMxMjEzMTIzNjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWFmM2U3YjA3MmU0YzIwNGUyNTA0MDhhYTM5NWY5YzYwOTFkNjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRU7LD847xSUHxyqMGzsyvYDAI2s
XYeQX2I1dOmW38vpmchqZPTBPFbK7cGRe/Bxur/EPPPeJJWtm9idFFzsxthLSiW9
U3LmYweI1yz5aj8k3Bcg0GeItIJ16qmvQPPRF18Q57GKbm3JdNDSztpUrgGI5mXo
Ys5Cdvhfps0fo2OGGlE2VAUKG53cBY/MSPXGTtk8y/mm3u+q95L63DTUpnsEwybN
K0d6eroBNUKSa9t+I8oczAUUeLfuk8VnQO9lTBVI6hLpeXJpu2zdp8IVJMyMqYva
iN44TqLre7x39CKvy3WX89MsQtuKEjWV9Ab4Oelt+6hDrZ40ShU2IflelwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJmvPnsHLkwgTiUECKo5X5xgkdZ9MB8GA1UdIwQY
MBaAFLClaZoIx7/XB8+wbTIT9crL8oJXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0tWcG1nakh2OWNIejdCdE1oUDF5c3Z5Z2xjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8zZmQ2ZTktMTdkMy00MDE5LTg2Njkt
OTY2NmQ5NzYyODVkLzEvbWE4LWV3Y3VUQ0JPSlFRSXFqbGZuR0NSMW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8zZmQ2ZTktMTdkMy00MDE5LTg2NjktOTY2NmQ5NzYyODVk
LzEvc0tWcG1nakh2OWNIejdCdE1oUDF5c3Z5Z2xjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaukMA0G
CSqGSIb3DQEBCwUAA4IBAQBRzK9REQFhIQ7jVJmRU0F7PlwJ4o34/Cbgze8gxUO3
txrNr2++DyA5/p4AdL6SqfI3BYZ8M35RvniPBzeACP0tSpTvUw/zn6GUsecCC26K
HStrPEb85OOqffQdDaL5DSyPELagLHLl+WElGnzJli0I77LL78S6sZxd9Ji9B+23
swmwa3JvSUzm/3bCMfVyFjegC5KGaa+0tYyVLNaHv4vmlA9n9xZtI3cbGL0Zr6Oo
2W2zfoML47cf24su+YwPtB46PTL4uohPpNLaYIKqGosZIX6B/C61+ljSRgQgd0uV
A2NeeHiK0cpKpumbbqhz0Mf7PLJ2nLgkDecFYWtZMQz/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:06:44 2024 by rpki-client on console-ams.rpki-client.org