Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/1cb9fc-6b33-42d5-9423-79ecd8a9b6d6/1/_x28Lnz6vJjvpwZVoWT3EzIVASM.roa
File: _x28Lnz6vJjvpwZVoWT3EzIVASM.roa (raw, json)
Hash identifier: yxyEjGqL796qiidcmfqB+p717uPWD5DpelPYlz84Fjg=
Subject key identifier: FF:1D:BC:2E:7C:FA:BC:98:EF:A7:06:55:A1:64:F7:13:32:15:01:23
Certificate issuer: /CN=7135e3894634482b08317775c79657e9b8312d4d
Certificate serial: 018ED204B3257137BCC87BB0ABDB681FCB3C
Authority key identifier: 71:35:E3:89:46:34:48:2B:08:31:77:75:C7:96:57:E9:B8:31:2D:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cTXjiUY0SCsIMXd1x5ZX6bgxLU0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/1cb9fc-6b33-42d5-9423-79ecd8a9b6d6/1/_x28Lnz6vJjvpwZVoWT3EzIVASM.roa
Signing time: Fri 12 Apr 2024 11:15:07 +0000
ROA not before: Fri 12 Apr 2024 11:15:07 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 41354
IP address blocks: 137.22.160.0/19 maxlen: 19
149.106.160.0/19 maxlen: 19
185.20.128.0/22 maxlen: 22
185.127.192.0/23 maxlen: 23
185.127.194.0/23 maxlen: 23
185.207.68.0/22 maxlen: 22
212.82.64.0/19 maxlen: 19
2a04:1700::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 17 Apr 2024 15:37:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:d2:04:b3:25:71:37:bc:c8:7b:b0:ab:db:68:1f:cb:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7135e3894634482b08317775c79657e9b8312d4d
Validity
Not Before: Apr 12 11:15:07 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ff1dbc2e7cfabc98efa70655a164f71332150123
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:c2:9d:75:8d:fa:74:4a:be:c7:bf:29:af:c3:
c0:79:ca:38:b2:ab:b5:46:18:b6:69:d8:f0:0d:4b:
3c:7e:c5:60:b5:3f:bf:1c:cd:39:9e:27:8d:f2:af:
f4:84:23:20:98:b5:89:e7:7c:4a:ed:fb:95:5a:4d:
3f:74:58:51:25:54:5e:6d:e8:58:13:2a:fe:44:fc:
59:e8:16:6b:10:b0:fc:83:85:e6:9e:50:fb:35:f1:
2a:ec:bd:ce:f8:ad:38:1a:87:fd:33:12:c2:9e:2f:
56:bc:f1:21:05:e9:cf:39:5d:4d:15:82:f8:47:28:
2d:15:69:98:60:d9:7b:0e:5f:c8:52:25:5b:94:ba:
92:6f:7e:93:b1:fb:a5:ca:4d:48:17:65:36:28:a0:
1c:bb:27:39:af:5e:a8:6b:96:2e:28:31:c8:73:9c:
6f:2b:8b:58:cf:d6:97:a9:ad:d9:d1:94:1b:09:03:
62:49:9b:a9:91:c2:a8:c2:d7:40:11:bc:87:4f:bd:
5d:88:94:55:bf:b9:83:14:c1:67:58:7a:cf:a1:ac:
63:c0:d9:96:1a:87:ac:b7:f7:dc:b2:7c:b6:94:55:
d4:47:93:33:21:d9:b6:8e:7a:5d:7e:9f:64:dc:e1:
c2:3a:9e:d7:57:12:9f:08:dd:68:59:15:03:a9:5c:
7e:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:1D:BC:2E:7C:FA:BC:98:EF:A7:06:55:A1:64:F7:13:32:15:01:23
X509v3 Authority Key Identifier:
keyid:71:35:E3:89:46:34:48:2B:08:31:77:75:C7:96:57:E9:B8:31:2D:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cTXjiUY0SCsIMXd1x5ZX6bgxLU0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1cb9fc-6b33-42d5-9423-79ecd8a9b6d6/1/_x28Lnz6vJjvpwZVoWT3EzIVASM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/1cb9fc-6b33-42d5-9423-79ecd8a9b6d6/1/cTXjiUY0SCsIMXd1x5ZX6bgxLU0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
137.22.160.0/19
149.106.160.0/19
185.20.128.0/22
185.127.192.0/22
185.207.68.0/22
212.82.64.0/19
IPv6:
2a04:1700::/29
Signature Algorithm: sha256WithRSAEncryption
62:3a:a8:e2:ec:aa:5d:8e:da:45:b2:a6:00:24:3a:42:f9:7b:
46:4c:0e:f3:fa:4b:9d:61:fb:7c:92:15:7e:80:3f:2f:5a:24:
6a:3b:31:41:af:4a:32:d9:63:b6:b5:44:1c:65:b0:b7:ec:cb:
1e:bb:07:49:48:f5:61:c9:ec:df:30:40:23:0d:5c:04:e2:f1:
41:87:ca:c1:bf:8a:e0:d1:a6:9d:b2:1c:a9:e9:13:69:1f:82:
e9:22:6a:8c:0e:48:b8:fe:5b:69:58:2e:a4:97:b4:b2:27:cd:
d2:b7:57:62:1a:0a:cb:7a:e1:ee:14:07:11:14:e9:0c:b9:f2:
30:a1:84:a4:f1:26:a4:ab:4a:45:8a:4e:df:99:6b:e8:8e:27:
ac:18:80:1b:4d:0d:20:6f:bc:d9:05:d7:78:5f:be:de:fa:c3:
90:69:97:72:11:3c:67:d6:ea:75:62:71:b1:90:67:bf:e7:c0:
4f:38:b3:35:e5:5c:cc:f8:02:b4:d9:65:05:96:22:a4:3d:9f:
99:64:1c:ed:2d:3b:2f:75:5b:d3:0e:11:a3:87:85:82:20:7e:
5d:36:9f:11:8f:2c:e3:d2:fb:b6:dd:54:ec:c9:d9:ad:1c:f2:
f1:08:58:82:1c:a8:a2:0b:08:04:09:f9:9a:0d:f9:68:0d:f8:
8e:1e:ff:09
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAY7SBLMlcTe8yHuwq9toH8s8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxMzVlMzg5NDYzNDQ4MmIwODMxNzc3NWM3OTY1N2U5Yjgz
MTJkNGQwHhcNMjQwNDEyMTExNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjFkYmMyZTdjZmFiYzk4ZWZhNzA2NTVhMTY0ZjcxMzMyMTUwMTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsKddY36dEq+x78pr8PAeco4squ1
Rhi2adjwDUs8fsVgtT+/HM05nieN8q/0hCMgmLWJ53xK7fuVWk0/dFhRJVRebehY
Eyr+RPxZ6BZrELD8g4XmnlD7NfEq7L3O+K04Gof9MxLCni9WvPEhBenPOV1NFYL4
RygtFWmYYNl7Dl/IUiVblLqSb36Tsfulyk1IF2U2KKAcuyc5r16oa5YuKDHIc5xv
K4tYz9aXqa3Z0ZQbCQNiSZupkcKowtdAEbyHT71diJRVv7mDFMFnWHrPoaxjwNmW
Goest/fcsny2lFXUR5MzIdm2jnpdfp9k3OHCOp7XVxKfCN1oWRUDqVx+VwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFP8dvC58+ryY76cGVaFk9xMyFQEjMB8GA1UdIwQY
MBaAFHE144lGNEgrCDF3dceWV+m4MS1NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1RYamlVWTBTQ3NJTVhkMXg1Wlg2Ymd4TFUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8xY2I5ZmMtNmIzMy00MmQ1LTk0MjMt
NzllY2Q4YTliNmQ2LzEvX3gyOExuejZ2Smp2cHdaVm9XVDNFeklWQVNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8xY2I5ZmMtNmIzMy00MmQ1LTk0MjMtNzllY2Q4YTliNmQ2
LzEvY1RYamlVWTBTQ3NJTVhkMXg1Wlg2Ymd4TFUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQFiRagAwQF
lWqgAwQCuRSAAwQCuX/AAwQCuc9EAwQF1FJAMA0EAgACMAcDBQMqBBcAMA0GCSqG
SIb3DQEBCwUAA4IBAQBiOqji7KpdjtpFsqYAJDpC+XtGTA7z+kudYft8khV+gD8v
WiRqOzFBr0oy2WO2tUQcZbC37MseuwdJSPVhyezfMEAjDVwE4vFBh8rBv4rg0aad
shyp6RNpH4LpImqMDki4/ltpWC6kl7SyJ83St1diGgrLeuHuFAcRFOkMufIwoYSk
8Sakq0pFik7fmWvojiesGIAbTQ0gb7zZBdd4X77e+sOQaZdyETxn1up1YnGxkGe/
58BPOLM15VzM+AK02WUFliKkPZ+ZZBztLTsvdVvTDhGjh4WCIH5dNp8Rjyzj0vu2
3VTsydmtHPLxCFiCHKiiCwgECfmaDfloDfiOHv8J
-----END CERTIFICATE-----
Generated at Wed Apr 17 20:28:55 2024 by rpki-client on console-ams.rpki-client.org