Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b0dc52-416e-4a02-8993-fbc5a1e382c5/1/3S3lNMK7WGCBqbVPad4YAxZpdC8.roa
File: 3S3lNMK7WGCBqbVPad4YAxZpdC8.roa (raw, json)
Hash identifier: hra9kQVgvo0UWnAsSn9AA7jzoLgnELCrhGNuLbAUnXE=
Subject key identifier: DD:2D:E5:34:C2:BB:58:60:81:A9:B5:4F:69:DE:18:03:16:69:74:2F
Certificate issuer: /CN=aedc8f327a461964c0a87a9c7809401c57c86d41
Certificate serial: 018CC3B72BC34161600E0EB846B2B3BE5F6B
Authority key identifier: AE:DC:8F:32:7A:46:19:64:C0:A8:7A:9C:78:09:40:1C:57:C8:6D:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rtyPMnpGGWTAqHqceAlAHFfIbUE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/b0dc52-416e-4a02-8993-fbc5a1e382c5/1/3S3lNMK7WGCBqbVPad4YAxZpdC8.roa
Signing time: Mon 01 Jan 2024 06:30:10 +0000
ROA not before: Mon 01 Jan 2024 06:30:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61189
IP address blocks: 85.194.201.0/24 maxlen: 24
85.194.200.0/22 maxlen: 22
185.7.252.0/22 maxlen: 22
185.7.252.0/23 maxlen: 23
2a03:29c0:2000::/36 maxlen: 36
2a03:29c0:1000::/36 maxlen: 36
2a03:29c0:a000::/35 maxlen: 35
2a03:29c0:8000::/33 maxlen: 33
2a03:29c0::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 07 Jun 2024 07:08:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b7:2b:c3:41:61:60:0e:0e:b8:46:b2:b3:be:5f:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=aedc8f327a461964c0a87a9c7809401c57c86d41
Validity
Not Before: Jan 1 06:30:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dd2de534c2bb586081a9b54f69de18031669742f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:30:54:7e:f5:14:0d:e2:8a:15:f6:e8:46:5a:
14:e0:ef:d7:65:83:05:5f:09:04:34:5a:68:25:ad:
b2:f6:8f:d3:c7:c6:00:02:08:40:8f:a7:04:7e:fd:
08:73:02:d6:cf:48:db:b5:9d:ad:ff:1d:11:f6:55:
6d:49:2a:58:68:38:c3:3b:58:8f:15:49:39:33:47:
9a:f2:c8:2b:5d:eb:ff:94:a7:36:c8:da:35:13:7b:
25:40:4b:16:db:c7:6a:ef:45:e1:fc:b7:bc:72:14:
c8:de:93:6d:2c:7b:92:9d:73:35:74:e5:d6:a7:d3:
ca:af:d3:c6:b8:22:36:b3:81:8c:67:f5:90:a3:da:
a2:5c:a0:75:ef:f0:31:0d:f7:bc:21:4d:91:d2:99:
da:9d:4e:fa:c9:fa:ad:f5:a4:0a:1e:4d:ee:b4:25:
bb:5f:2d:c4:7b:f6:f7:42:09:ce:4c:96:08:e3:cd:
e8:21:b5:4f:19:97:4d:59:fd:04:ad:42:b9:fe:d4:
c6:45:c3:a5:06:ca:bd:09:45:97:77:68:ce:1d:c5:
5a:55:b4:7b:d3:72:97:98:37:d1:fe:98:59:60:c3:
67:8b:f1:35:0c:47:64:e6:bc:e6:b0:42:a0:e6:18:
8a:98:90:83:3f:6f:41:30:7e:08:7c:fd:d2:9f:9e:
b4:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:2D:E5:34:C2:BB:58:60:81:A9:B5:4F:69:DE:18:03:16:69:74:2F
X509v3 Authority Key Identifier:
keyid:AE:DC:8F:32:7A:46:19:64:C0:A8:7A:9C:78:09:40:1C:57:C8:6D:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rtyPMnpGGWTAqHqceAlAHFfIbUE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0dc52-416e-4a02-8993-fbc5a1e382c5/1/3S3lNMK7WGCBqbVPad4YAxZpdC8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b0dc52-416e-4a02-8993-fbc5a1e382c5/1/rtyPMnpGGWTAqHqceAlAHFfIbUE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.194.200.0/22
185.7.252.0/22
IPv6:
2a03:29c0::/32
Signature Algorithm: sha256WithRSAEncryption
5d:77:3a:95:f7:e3:67:d9:5f:24:e1:88:54:68:67:c6:6d:ed:
3d:62:df:67:5b:1f:d4:bc:bd:db:f0:82:bf:23:39:e7:4d:b7:
49:ed:64:af:09:e6:9f:8b:7a:41:a0:c0:cf:11:24:1a:93:ed:
a0:5a:08:59:c6:a4:65:02:62:80:0f:75:89:49:30:11:29:07:
96:1f:fc:52:ec:a0:93:d3:75:20:ab:7d:73:c3:63:00:86:6c:
ec:d8:38:f3:e8:1c:88:9a:46:94:da:ac:3a:82:fa:d5:6a:7f:
e9:64:53:f5:cf:7c:61:29:34:10:be:3c:38:5e:1e:92:27:e3:
fc:48:90:18:c6:71:6b:10:19:56:a0:b6:fa:cc:31:9e:31:f2:
53:11:b0:5e:74:c9:8b:80:72:8b:c7:a4:58:1f:5b:ae:e6:12:
8f:04:13:f3:a7:f6:25:4e:12:7a:a5:2b:71:5f:27:3b:ce:d9:
5c:7f:6f:ef:17:98:9f:24:50:dd:ed:25:f6:5e:46:0c:8b:77:
cc:5b:6a:b7:00:04:ab:98:dc:d2:3e:72:f9:e4:69:36:bb:53:
62:fc:46:fe:51:05:44:18:cb:62:da:3a:ea:6b:54:4e:76:1a:
b6:83:d5:21:49:13:67:bc:30:c7:71:fb:3b:66:ac:7a:e8:f6:
01:b2:ac:53
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzDtyvDQWFgDg64RrKzvl9rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZGM4ZjMyN2E0NjE5NjRjMGE4N2E5Yzc4MDk0MDFjNTdj
ODZkNDEwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDJkZTUzNGMyYmI1ODYwODFhOWI1NGY2OWRlMTgwMzE2Njk3NDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzBUfvUUDeKKFfboRloU4O/XZYMF
XwkENFpoJa2y9o/Tx8YAAghAj6cEfv0IcwLWz0jbtZ2t/x0R9lVtSSpYaDjDO1iP
FUk5M0ea8sgrXev/lKc2yNo1E3slQEsW28dq70Xh/Le8chTI3pNtLHuSnXM1dOXW
p9PKr9PGuCI2s4GMZ/WQo9qiXKB17/AxDfe8IU2R0pnanU76yfqt9aQKHk3utCW7
Xy3Ee/b3QgnOTJYI483oIbVPGZdNWf0ErUK5/tTGRcOlBsq9CUWXd2jOHcVaVbR7
03KXmDfR/phZYMNni/E1DEdk5rzmsEKg5hiKmJCDP29BMH4IfP3Sn560AQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFN0t5TTCu1hggam1T2neGAMWaXQvMB8GA1UdIwQY
MBaAFK7cjzJ6RhlkwKh6nHgJQBxXyG1BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnR5UE1ucEdHV1RBcUhxY2VBbEFIRmZJYlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iMGRjNTItNDE2ZS00YTAyLTg5OTMt
ZmJjNWExZTM4MmM1LzEvM1MzbE5NSzdXR0NCcWJWUGFkNFlBeFpwZEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iMGRjNTItNDE2ZS00YTAyLTg5OTMtZmJjNWExZTM4MmM1
LzEvcnR5UE1ucEdHV1RBcUhxY2VBbEFIRmZJYlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCVcLIAwQC
uQf8MA0EAgACMAcDBQAqAynAMA0GCSqGSIb3DQEBCwUAA4IBAQBddzqV9+Nn2V8k
4YhUaGfGbe09Yt9nWx/UvL3b8IK/IznnTbdJ7WSvCeafi3pBoMDPESQak+2gWghZ
xqRlAmKAD3WJSTARKQeWH/xS7KCT03Ugq31zw2MAhmzs2Djz6ByImkaU2qw6gvrV
an/pZFP1z3xhKTQQvjw4Xh6SJ+P8SJAYxnFrEBlWoLb6zDGeMfJTEbBedMmLgHKL
x6RYH1uu5hKPBBPzp/YlThJ6pStxXyc7ztlcf2/vF5ifJFDd7SX2XkYMi3fMW2q3
AASrmNzSPnL55Gk2u1Ni/Eb+UQVEGMti2jrqa1ROdhq2g9UhSRNnvDDHcfs7Zqx6
6PYBsqxT
-----END CERTIFICATE-----
Generated at Mon Apr 21 05:27:19 2025 by rpki-client