Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/1129de-bf43-4967-8c04-f22610e63c92/1/izM4A8471Iq8MvRpCywCACkVNWc.roa
File: izM4A8471Iq8MvRpCywCACkVNWc.roa (raw, json)
Hash identifier: VuFx3dme4jZYX9eLA21N3okATN8Eooud6gzbSqrWzFQ=
Subject key identifier: 8B:33:38:03:CE:3B:D4:8A:BC:32:F4:69:0B:2C:02:00:29:15:35:67
Certificate issuer: /CN=3841abaa3e75c46d98b6fa8678d34fef2ac385b0
Certificate serial: 018CC56DF2697F54BBAFEFF73AD04074A0F9
Authority key identifier: 38:41:AB:AA:3E:75:C4:6D:98:B6:FA:86:78:D3:4F:EF:2A:C3:85:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OEGrqj51xG2YtvqGeNNP7yrDhbA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/53/1129de-bf43-4967-8c04-f22610e63c92/1/izM4A8471Iq8MvRpCywCACkVNWc.roa
Signing time: Mon 01 Jan 2024 14:29:26 +0000
ROA not before: Mon 01 Jan 2024 14:29:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35175
IP address blocks: 85.194.208.0/21 maxlen: 21
85.194.216.0/22 maxlen: 22
185.117.220.0/22 maxlen: 22
2a06:8680::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 01 Jan 2025 23:47:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6d:f2:69:7f:54:bb:af:ef:f7:3a:d0:40:74:a0:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3841abaa3e75c46d98b6fa8678d34fef2ac385b0
Validity
Not Before: Jan 1 14:29:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8b333803ce3bd48abc32f4690b2c020029153567
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:49:e8:be:ab:85:be:47:f9:e4:14:9d:2a:1d:
2e:44:fd:79:7a:d8:ea:16:e0:67:d5:cd:bf:e3:86:
4a:30:60:f4:33:6d:49:a4:57:1d:1f:77:2e:23:78:
ae:ad:b3:8b:92:e5:7e:1b:76:44:3c:56:5b:3b:f5:
c3:be:b4:25:4a:03:cc:f2:2c:eb:fa:2b:6b:7c:7a:
30:3d:e5:07:0d:d0:94:e6:a3:0d:7b:3d:14:20:53:
30:e3:5d:90:e7:91:7f:19:9e:a3:d8:1d:76:9d:a8:
50:e4:21:a3:31:23:42:2d:20:f1:74:43:84:04:00:
ff:0f:0b:2e:db:d2:af:db:fd:da:f2:cc:67:4f:02:
17:77:ee:7a:ed:20:4c:1d:fb:5f:aa:8f:e4:7e:e7:
8e:1d:34:bc:1f:16:73:cd:0c:7a:e1:f5:b0:e8:1e:
4b:70:bc:a1:36:c3:94:d4:48:c6:9c:af:5d:d0:e6:
5c:40:4e:65:54:be:ca:72:5f:86:a0:59:36:22:63:
21:3f:0e:5a:a2:94:f1:52:7b:0f:bf:3b:f4:b7:77:
bb:d2:8d:ef:5d:25:2f:73:78:eb:ff:1c:6a:2f:7f:
29:4b:e7:57:b1:e8:4d:f7:86:41:50:64:7b:3d:52:
60:8d:cb:5e:e2:8d:5f:63:77:04:b4:4b:b8:d4:75:
1c:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8B:33:38:03:CE:3B:D4:8A:BC:32:F4:69:0B:2C:02:00:29:15:35:67
X509v3 Authority Key Identifier:
keyid:38:41:AB:AA:3E:75:C4:6D:98:B6:FA:86:78:D3:4F:EF:2A:C3:85:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OEGrqj51xG2YtvqGeNNP7yrDhbA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1129de-bf43-4967-8c04-f22610e63c92/1/izM4A8471Iq8MvRpCywCACkVNWc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1129de-bf43-4967-8c04-f22610e63c92/1/OEGrqj51xG2YtvqGeNNP7yrDhbA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.194.208.0-85.194.219.255
185.117.220.0/22
IPv6:
2a06:8680::/29
Signature Algorithm: sha256WithRSAEncryption
3c:1b:24:c8:c0:5e:ee:84:08:b1:6e:f7:d1:a5:3b:b7:8e:2d:
42:f7:0b:f0:ac:0e:7e:b1:17:78:c4:59:cc:f9:48:ad:2f:27:
f0:91:5f:11:77:77:99:25:58:09:ba:31:57:6f:8a:45:0b:cd:
e4:07:51:b5:9f:c0:8c:01:fb:ea:74:b4:f2:ee:5b:e6:72:8c:
a2:9d:5a:6b:2f:88:43:5b:41:67:93:03:30:0d:12:63:f4:0d:
46:ee:25:c4:a4:a2:33:9b:df:42:75:7a:d8:af:52:ea:98:02:
a1:79:ec:36:6b:de:6f:20:5e:1d:48:04:90:ad:e9:00:ea:0c:
c5:5e:4f:57:94:ff:1b:41:f1:9b:51:b4:b1:ff:5b:e1:23:06:
1f:ce:80:0a:98:92:91:b3:2e:18:59:d4:c5:07:a3:6c:83:0b:
f8:b2:ab:89:31:4a:e0:d7:40:fc:bc:bb:f8:59:1f:00:03:97:
bf:59:c2:6f:1d:88:ff:9d:e5:12:3d:e0:79:22:17:12:60:9a:
b5:5b:1c:ce:63:93:e0:37:c7:29:4f:44:64:a4:c5:81:0d:9d:
22:83:3e:15:27:06:8a:3a:5b:64:02:1c:79:70:19:69:71:a1:
f1:27:57:69:75:0c:2a:d2:d5:05:f2:f3:9a:cb:3e:ff:86:5f:
a4:b0:86:d9
-----BEGIN CERTIFICATE-----
MIIFGjCCBAKgAwIBAgISAYzFbfJpf1S7r+/3OtBAdKD5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4NDFhYmFhM2U3NWM0NmQ5OGI2ZmE4Njc4ZDM0ZmVmMmFj
Mzg1YjAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjMzMzgwM2NlM2JkNDhhYmMzMmY0NjkwYjJjMDIwMDI5MTUzNTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwEnovquFvkf55BSdKh0uRP15etjq
FuBn1c2/44ZKMGD0M21JpFcdH3cuI3iurbOLkuV+G3ZEPFZbO/XDvrQlSgPM8izr
+itrfHowPeUHDdCU5qMNez0UIFMw412Q55F/GZ6j2B12nahQ5CGjMSNCLSDxdEOE
BAD/Dwsu29Kv2/3a8sxnTwIXd+567SBMHftfqo/kfueOHTS8HxZzzQx64fWw6B5L
cLyhNsOU1EjGnK9d0OZcQE5lVL7Kcl+GoFk2ImMhPw5aopTxUnsPvzv0t3e70o3v
XSUvc3jr/xxqL38pS+dXsehN94ZBUGR7PVJgjcte4o1fY3cEtEu41HUcCwIDAQAB
o4ICJjCCAiIwHQYDVR0OBBYEFIszOAPOO9SKvDL0aQssAgApFTVnMB8GA1UdIwQY
MBaAFDhBq6o+dcRtmLb6hnjTT+8qw4WwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0VHcnFqNTF4RzJZdHZxR2VOTlA3eXJEaGJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8xMTI5ZGUtYmY0My00OTY3LThjMDQt
ZjIyNjEwZTYzYzkyLzEvaXpNNEE4NDcxSXE4TXZScEN5d0NBQ2tWTldjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8xMTI5ZGUtYmY0My00OTY3LThjMDQtZjIyNjEwZTYzYzky
LzEvT0VHcnFqNTF4RzJZdHZxR2VOTlA3eXJEaGJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUMAwDBARVwtAD
BAJVwtgDBAK5ddwwDQQCAAIwBwMFAyoGhoAwDQYJKoZIhvcNAQELBQADggEBADwb
JMjAXu6ECLFu99GlO7eOLUL3C/CsDn6xF3jEWcz5SK0vJ/CRXxF3d5klWAm6MVdv
ikULzeQHUbWfwIwB++p0tPLuW+ZyjKKdWmsviENbQWeTAzANEmP0DUbuJcSkojOb
30J1etivUuqYAqF57DZr3m8gXh1IBJCt6QDqDMVeT1eU/xtB8ZtRtLH/W+EjBh/O
gAqYkpGzLhhZ1MUHo2yDC/iyq4kxSuDXQPy8u/hZHwADl79Zwm8diP+d5RI94Hki
FxJgmrVbHM5jk+A3xylPRGSkxYENnSKDPhUnBoo6W2QCHHlwGWlxofEnV2l1DCrS
1QXy85rLPv+GX6Swhtk=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:43:35 2025 by rpki-client