Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/068cb9-6cba-453d-858a-c5bbf95f8584/1/BoX8sgKlS_EhdV-2MKxS9r9axaQ.roa
File: BoX8sgKlS_EhdV-2MKxS9r9axaQ.roa (raw, json)
Hash identifier: FAC1ENPAbBDBrrcW7XAUsBR3Lemu/e4Wegbwy7a8oqk=
Subject key identifier: 06:85:FC:B2:02:A5:4B:F1:21:75:5F:B6:30:AC:52:F6:BF:5A:C5:A4
Certificate issuer: /CN=700c030930a9d2e4da88d81852a44c3f78bfb440
Certificate serial: 018CC492268F4ACABC354E093F90B009A936
Authority key identifier: 70:0C:03:09:30:A9:D2:E4:DA:88:D8:18:52:A4:4C:3F:78:BF:B4:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cAwDCTCp0uTaiNgYUqRMP3i_tEA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/068cb9-6cba-453d-858a-c5bbf95f8584/1/BoX8sgKlS_EhdV-2MKxS9r9axaQ.roa
Signing time: Mon 01 Jan 2024 10:29:21 +0000
ROA not before: Mon 01 Jan 2024 10:29:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207009
IP address blocks: 209.251.196.0/23 maxlen: 23
209.251.195.0/24 maxlen: 24
2a06:6747::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 01 Jan 2025 19:47:55 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:92:26:8f:4a:ca:bc:35:4e:09:3f:90:b0:09:a9:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=700c030930a9d2e4da88d81852a44c3f78bfb440
Validity
Not Before: Jan 1 10:29:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0685fcb202a54bf121755fb630ac52f6bf5ac5a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:a4:f8:56:57:a4:f3:9d:2b:7d:aa:53:be:02:
06:be:ba:60:04:24:54:e2:91:74:be:cf:65:35:33:
6f:75:cd:f0:55:a9:8f:45:ae:b3:22:85:80:a5:d9:
4c:8b:a3:06:b6:ec:e1:25:3b:a0:c6:4d:0c:c0:ea:
09:89:ed:f0:b2:10:e4:6a:b0:f0:d0:78:c9:2f:9b:
c0:aa:5e:2e:06:94:57:14:a6:69:e9:af:d2:12:78:
ca:8f:85:c7:fa:f0:a9:cc:be:4f:c0:42:44:7d:0c:
f8:4e:0e:1d:13:87:8c:1d:1f:12:7e:b1:f4:c5:a0:
18:1e:b6:68:0a:45:11:a8:3f:6b:98:37:6d:aa:6c:
69:45:2e:72:c1:ed:e3:7a:30:12:aa:85:08:93:90:
74:b5:b6:45:e1:91:ac:d1:ad:59:5d:af:c5:45:59:
9e:c0:79:e1:2e:6b:73:fe:84:ff:09:95:89:1a:d0:
16:39:07:2d:64:d7:f1:04:f4:1c:62:0d:8a:6f:cf:
61:cf:2d:84:04:98:01:d9:19:a9:78:94:46:74:69:
74:fa:0f:02:53:00:29:86:bc:94:cf:e9:7b:0a:9b:
50:e1:a1:03:ce:2e:0a:c1:61:a3:98:37:92:12:a2:
74:f8:bb:a2:d3:08:d3:bb:e3:ad:09:88:02:e5:e7:
de:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:85:FC:B2:02:A5:4B:F1:21:75:5F:B6:30:AC:52:F6:BF:5A:C5:A4
X509v3 Authority Key Identifier:
keyid:70:0C:03:09:30:A9:D2:E4:DA:88:D8:18:52:A4:4C:3F:78:BF:B4:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAwDCTCp0uTaiNgYUqRMP3i_tEA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/068cb9-6cba-453d-858a-c5bbf95f8584/1/BoX8sgKlS_EhdV-2MKxS9r9axaQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/068cb9-6cba-453d-858a-c5bbf95f8584/1/cAwDCTCp0uTaiNgYUqRMP3i_tEA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
209.251.195.0-209.251.197.255
IPv6:
2a06:6747::/32
Signature Algorithm: sha256WithRSAEncryption
60:42:f7:3d:70:dd:63:bf:8f:9a:bd:7a:af:28:a4:7b:ff:79:
b5:35:ff:48:a0:80:1c:b7:3c:7d:95:72:1b:e0:a9:fd:93:c0:
de:cc:13:f0:fb:91:c2:2e:bc:21:67:aa:0e:c8:2b:c7:8b:c7:
7a:17:e2:fb:37:a1:66:21:7e:54:62:14:41:e2:b4:cc:07:9c:
c3:22:0b:37:15:f8:ff:ba:9f:5c:50:72:24:9b:bb:76:e6:06:
f3:80:98:c1:b1:27:5c:fb:01:93:c3:f5:96:f7:f6:1b:8c:cf:
1c:42:20:72:ef:34:14:80:b5:4f:de:6a:76:bb:41:c7:f0:0b:
af:41:99:fa:0b:bd:9b:41:37:4b:e3:07:45:e5:56:9b:04:3f:
72:e6:06:b5:d8:ee:75:86:28:0d:72:c7:60:04:5e:8a:7a:74:
36:5e:18:15:53:9d:87:e4:2a:4f:09:28:38:56:c8:06:07:33:
72:bf:76:4d:ee:3f:f0:d9:bb:2f:12:88:7d:45:63:5d:b0:47:
e8:e0:9a:97:65:64:b7:e1:4e:0d:22:be:c8:8c:bc:a9:22:a1:
e6:05:43:6f:f4:59:6a:30:f0:04:03:d7:f4:d4:b8:2c:89:ac:
9d:9b:0e:d4:fa:a5:85:b6:f2:e1:40:3c:43:26:69:66:fc:72:
67:51:d5:ff
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzEkiaPSsq8NU4JP5CwCak2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMGMwMzA5MzBhOWQyZTRkYTg4ZDgxODUyYTQ0YzNmNzhi
ZmI0NDAwHhcNMjQwMTAxMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjg1ZmNiMjAyYTU0YmYxMjE3NTVmYjYzMGFjNTJmNmJmNWFjNWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaT4Vlek850rfapTvgIGvrpgBCRU
4pF0vs9lNTNvdc3wVamPRa6zIoWApdlMi6MGtuzhJTugxk0MwOoJie3wshDkarDw
0HjJL5vAql4uBpRXFKZp6a/SEnjKj4XH+vCpzL5PwEJEfQz4Tg4dE4eMHR8SfrH0
xaAYHrZoCkURqD9rmDdtqmxpRS5ywe3jejASqoUIk5B0tbZF4ZGs0a1ZXa/FRVme
wHnhLmtz/oT/CZWJGtAWOQctZNfxBPQcYg2Kb89hzy2EBJgB2RmpeJRGdGl0+g8C
UwAphryUz+l7CptQ4aEDzi4KwWGjmDeSEqJ0+Lui0wjTu+OtCYgC5efehwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAaF/LICpUvxIXVftjCsUva/WsWkMB8GA1UdIwQY
MBaAFHAMAwkwqdLk2ojYGFKkTD94v7RAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0F3RENUQ3AwdVRhaU5nWVVxUk1QM2lfdEVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS8wNjhjYjktNmNiYS00NTNkLTg1OGEt
YzViYmY5NWY4NTg0LzEvQm9YOHNnS2xTX0VoZFYtMk1LeFM5cjlheGFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS8wNjhjYjktNmNiYS00NTNkLTg1OGEtYzViYmY5NWY4NTg0
LzEvY0F3RENUQ3AwdVRhaU5nWVVxUk1QM2lfdEVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAUBAIAATAOMAwDBADR+8MD
BAHR+8QwDQQCAAIwBwMFACoGZ0cwDQYJKoZIhvcNAQELBQADggEBAGBC9z1w3WO/
j5q9eq8opHv/ebU1/0iggBy3PH2Vchvgqf2TwN7ME/D7kcIuvCFnqg7IK8eLx3oX
4vs3oWYhflRiFEHitMwHnMMiCzcV+P+6n1xQciSbu3bmBvOAmMGxJ1z7AZPD9Zb3
9huMzxxCIHLvNBSAtU/eana7QcfwC69BmfoLvZtBN0vjB0XlVpsEP3LmBrXY7nWG
KA1yx2AEXop6dDZeGBVTnYfkKk8JKDhWyAYHM3K/dk3uP/DZuy8SiH1FY12wR+jg
mpdlZLfhTg0ivsiMvKkioeYFQ2/0WWow8AQD1/TUuCyJrJ2bDtT6pYW28uFAPEMm
aWb8cmdR1f8=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:51:48 2025 by rpki-client