Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/my77mAmNfw-XrMGNWQ1DSMp7hCA.roa
File: my77mAmNfw-XrMGNWQ1DSMp7hCA.roa (raw, json)
Hash identifier: 7HhRZGeyK20xbS0l52DuhzUyK8xLQMlpGHswdtrOc9A=
Subject key identifier: 9B:2E:FB:98:09:8D:7F:0F:97:AC:C1:8D:59:0D:43:48:CA:7B:84:20
Certificate issuer: /CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Certificate serial: 01856C01072CD092CE19A527243C237A7AEE
Authority key identifier: A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/my77mAmNfw-XrMGNWQ1DSMp7hCA.roa
Signing time: Sun 01 Jan 2023 06:24:44 +0000
ROA not before: Sun 01 Jan 2023 06:24:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39650
IP address blocks: 185.161.36.0/22 maxlen: 24
185.229.28.0/24 maxlen: 24
185.229.29.0/24 maxlen: 24
185.229.30.0/24 maxlen: 24
185.229.31.0/24 maxlen: 24
185.164.75.0/24 maxlen: 24
185.164.74.0/24 maxlen: 24
2a0d:6600::/29 maxlen: 29
2a0a:d400::/29 maxlen: 29
2a06:5a40::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 01 Jan 2024 16:29:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:01:07:2c:d0:92:ce:19:a5:27:24:3c:23:7a:7a:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Validity
Not Before: Jan 1 06:24:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9b2efb98098d7f0f97acc18d590d4348ca7b8420
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:77:fd:15:50:a9:40:23:ba:f0:64:e6:df:10:
d8:01:ca:78:2c:c1:aa:b2:91:d2:ca:14:a7:9d:79:
ab:2f:e9:73:0c:c2:ba:5d:4a:da:ee:09:01:46:e1:
4e:76:21:fc:9d:12:b0:b2:71:87:da:9e:9e:de:23:
16:ac:f6:ff:c2:6e:de:22:1f:05:63:1c:76:d5:30:
6b:57:8f:68:8b:bf:47:72:51:8f:00:30:00:eb:4f:
19:c5:8a:f4:de:4d:15:56:a1:16:1d:e0:5d:73:ba:
fd:6a:ab:c9:e2:7c:aa:e6:5e:5e:e2:de:16:85:70:
51:55:90:6d:08:8f:76:8b:20:ce:2e:c0:ee:dc:c2:
1f:38:a0:46:b4:7c:31:3b:08:f3:6f:86:b0:68:16:
3a:84:28:d0:0d:87:b1:05:59:d9:e6:ba:a7:d0:ba:
a8:e9:69:8e:1f:88:ba:8c:d1:b3:4f:97:4e:26:ee:
21:e3:d7:12:4e:1d:4d:73:ad:cd:86:19:23:9d:3f:
1b:8e:de:7b:57:15:92:f7:0d:cb:45:ad:96:a6:12:
75:23:31:dd:1a:a7:2b:fb:c8:b2:54:b2:27:9b:0f:
cd:a4:b6:14:e3:81:ba:a0:5d:47:05:99:df:6e:d9:
f8:19:10:75:33:a7:68:ac:6e:3d:13:ad:c7:3f:1e:
2d:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:2E:FB:98:09:8D:7F:0F:97:AC:C1:8D:59:0D:43:48:CA:7B:84:20
X509v3 Authority Key Identifier:
keyid:A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/my77mAmNfw-XrMGNWQ1DSMp7hCA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.161.36.0/22
185.164.74.0/23
185.229.28.0/22
IPv6:
2a06:5a40::/29
2a0a:d400::/29
2a0d:6600::/29
Signature Algorithm: sha256WithRSAEncryption
65:78:e7:a9:a2:e7:43:e4:dd:12:73:e6:e7:d3:07:53:eb:c7:
58:3c:a7:82:32:c1:fb:c8:11:28:3f:80:2d:19:1d:61:89:b6:
ce:0c:39:0b:8c:83:3b:47:66:c6:ea:ca:74:38:97:53:34:c1:
4f:b7:61:f1:3f:4f:bc:73:6e:f6:1f:ad:8a:3d:ed:3d:c2:1d:
9f:04:f2:f6:40:fe:2a:ab:7c:37:a5:94:38:e1:9f:ec:f9:9c:
15:04:b2:44:d7:82:16:45:76:20:90:17:53:3e:ee:15:8e:1e:
83:99:1e:d6:b6:b0:1e:89:80:65:18:87:c2:38:1d:eb:15:bc:
37:7d:ff:aa:e4:b9:c2:81:a9:3c:19:3b:1d:40:74:19:b9:a5:
1e:f0:8a:f6:4b:58:d7:66:1c:9a:bc:fb:dc:b1:45:f2:a2:4b:
34:c4:e4:40:0f:4c:56:09:91:ef:56:10:fc:f5:d7:b5:31:df:
85:d8:9e:80:64:ee:8b:96:20:d3:c1:98:7d:53:a4:3c:d1:51:
58:42:88:d0:44:20:1a:a0:6f:40:38:86:58:dc:4c:2f:c3:2c:
07:91:a4:e3:07:58:69:8c:43:20:37:64:9e:4b:bb:ed:b9:09:
5f:75:1d:25:17:e3:ed:db:2b:d9:ec:d2:4c:04:50:98:9d:3c:
59:de:23:b4
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVsAQcs0JLOGaUnJDwjenruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZTM4MWI2ZTc2Y2I5NTIwZThkOGY1Njc3NmVjYTBmZTE3
NmNjNDAwHhcNMjMwMTAxMDYyNDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjJlZmI5ODA5OGQ3ZjBmOTdhY2MxOGQ1OTBkNDM0OGNhN2I4NDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3f9FVCpQCO68GTm3xDYAcp4LMGq
spHSyhSnnXmrL+lzDMK6XUra7gkBRuFOdiH8nRKwsnGH2p6e3iMWrPb/wm7eIh8F
Yxx21TBrV49oi79HclGPADAA608ZxYr03k0VVqEWHeBdc7r9aqvJ4nyq5l5e4t4W
hXBRVZBtCI92iyDOLsDu3MIfOKBGtHwxOwjzb4awaBY6hCjQDYexBVnZ5rqn0Lqo
6WmOH4i6jNGzT5dOJu4h49cSTh1Nc63NhhkjnT8bjt57VxWS9w3LRa2WphJ1IzHd
Gqcr+8iyVLInmw/NpLYU44G6oF1HBZnfbtn4GRB1M6dorG49E63HPx4tgQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJsu+5gJjX8Pl6zBjVkNQ0jKe4QgMB8GA1UdIwQY
MBaAFKDjgbbnbLlSDo2PVnduyg/hdsxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEt
YTljMzg0MTI4ZDQyLzEvbXk3N21BbU5mdy1Yck1HTldRMURTTXA3aENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS84ZTZmMDgtMzBmMC00NmRkLWE3YTEtYTljMzg0MTI4ZDQy
LzEvb09PQnR1ZHN1VklPalk5V2QyN0tELUYyekVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAYBAIAATASAwQCuaEkAwQB
uaRKAwQCueUcMBsEAgACMBUDBQMqBlpAAwUDKgrUAAMFAyoNZgAwDQYJKoZIhvcN
AQELBQADggEBAGV456mi50Pk3RJz5ufTB1Prx1g8p4IywfvIESg/gC0ZHWGJts4M
OQuMgztHZsbqynQ4l1M0wU+3YfE/T7xzbvYfrYo97T3CHZ8E8vZA/iqrfDellDjh
n+z5nBUEskTXghZFdiCQF1M+7hWOHoOZHta2sB6JgGUYh8I4HesVvDd9/6rkucKB
qTwZOx1AdBm5pR7wivZLWNdmHJq8+9yxRfKiSzTE5EAPTFYJke9WEPz117Ux34XY
noBk7ouWINPBmH1TpDzRUVhCiNBEIBqgb0A4hljcTC/DLAeRpOMHWGmMQyA3ZJ5L
u+25CV91HSUX4+3bK9ns0kwEUJidPFneI7Q=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:01 2024 by rpki-client on console-fra.rpki-client.org