Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/eAY2eBwgHZk1NlvNCxBM0gaT9WU.roa
File: eAY2eBwgHZk1NlvNCxBM0gaT9WU.roa (raw, json)
Hash identifier: WXB9aOuPNoQpUTL7uyJ/K7A/s13+nn22kIsLcPxHm88=
Subject key identifier: 78:06:36:78:1C:20:1D:99:35:36:5B:CD:0B:10:4C:D2:06:93:F5:65
Certificate issuer: /CN=581ecc1a74cf92ab619c5f710123937ce50d9c43
Certificate serial: 018CCF69DC2F00FB9ABC30B42FB78F4B9202
Authority key identifier: 58:1E:CC:1A:74:CF:92:AB:61:9C:5F:71:01:23:93:7C:E5:0D:9C:43
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/eAY2eBwgHZk1NlvNCxBM0gaT9WU.roa
Signing time: Wed 03 Jan 2024 13:01:10 +0000
ROA not before: Wed 03 Jan 2024 13:01:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208041
IP address blocks: 193.160.10.0/23 maxlen: 23
193.160.14.0/23 maxlen: 23
109.197.32.0/23 maxlen: 23
185.222.4.0/24 maxlen: 24
185.222.5.0/24 maxlen: 24
185.222.6.0/24 maxlen: 24
185.222.7.0/24 maxlen: 24
2a0f:d181::/32 maxlen: 32
2a0c:8440::/48 maxlen: 48
2a0f:d180::/32 maxlen: 32
Validation: Failed, certificate revoked on Sat 13 Jan 2024 02:02:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:cf:69:dc:2f:00:fb:9a:bc:30:b4:2f:b7:8f:4b:92:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=581ecc1a74cf92ab619c5f710123937ce50d9c43
Validity
Not Before: Jan 3 13:01:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=780636781c201d9935365bcd0b104cd20693f565
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:ac:fd:ff:33:37:38:d3:b7:81:a1:dd:6e:90:
15:21:b7:61:2c:de:ee:fa:66:96:0d:60:7e:16:6e:
75:7f:79:86:14:53:96:29:cf:a6:7c:83:2f:10:7d:
16:46:5a:30:87:76:93:1e:ed:29:bd:0d:8a:3e:f1:
fe:3a:02:d1:27:0d:d5:2a:08:bd:8a:f5:df:1c:95:
e5:20:72:84:03:ce:31:80:68:39:e2:28:36:f9:98:
96:58:14:dc:d4:e3:e7:62:3c:d6:d6:4c:b8:bf:59:
b7:6c:13:47:c9:1a:9b:0c:1a:da:2c:7a:97:7d:1a:
43:e1:d2:e3:60:cc:25:8f:f9:6c:20:ad:f9:6e:72:
63:b9:a9:b7:69:40:51:58:fc:ae:30:65:fa:9d:8a:
8e:67:84:73:a5:c3:4f:6c:ef:ac:31:b4:45:5b:9e:
33:65:46:b6:20:1d:2f:29:af:51:3d:48:53:89:a7:
59:03:f6:fb:7a:19:4d:1d:2f:4e:27:88:38:94:bd:
6e:a1:1b:7a:43:e8:b5:24:c5:42:ae:77:fd:92:7b:
96:fc:f0:fa:05:c7:af:53:b6:6a:72:48:8e:e1:e6:
d8:c8:a1:14:cf:14:0e:ee:d1:c0:df:29:9f:ad:93:
45:4c:2b:cd:db:38:5c:57:8e:94:0f:f9:79:b7:62:
67:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:06:36:78:1C:20:1D:99:35:36:5B:CD:0B:10:4C:D2:06:93:F5:65
X509v3 Authority Key Identifier:
keyid:58:1E:CC:1A:74:CF:92:AB:61:9C:5F:71:01:23:93:7C:E5:0D:9C:43
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WB7MGnTPkqthnF9xASOTfOUNnEM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/eAY2eBwgHZk1NlvNCxBM0gaT9WU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/77/c71daf-dd66-41d8-b04f-da88b6bdb316/1/WB7MGnTPkqthnF9xASOTfOUNnEM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.197.32.0/23
185.222.4.0/22
193.160.10.0/23
193.160.14.0/23
IPv6:
2a0c:8440::/48
2a0f:d180::/31
Signature Algorithm: sha256WithRSAEncryption
65:8b:e1:a5:c2:7c:9b:8f:50:d4:e2:e0:4f:14:81:60:6c:98:
88:ab:17:d9:e2:8e:f2:ff:5f:86:4b:cd:18:c4:d9:b7:cf:e0:
d4:e0:63:97:ff:ac:cb:ac:36:d3:cf:95:11:e6:9f:79:f8:55:
eb:f8:90:28:59:ac:9e:0a:dd:2a:52:35:e5:50:14:a9:82:61:
a6:33:5e:c0:c8:3d:3d:8e:6a:ec:f2:42:8e:12:c6:e5:4a:a2:
64:78:f5:28:07:71:a1:c4:b5:6a:fa:af:90:53:b9:b4:cd:02:
87:f0:f0:4f:0f:0b:29:e4:6a:85:59:47:66:9f:a6:97:dd:43:
5e:ff:f5:f1:05:dc:f8:c2:32:49:c8:3d:98:aa:3e:67:e5:b7:
09:79:43:87:43:77:1a:ec:26:9d:ee:7c:92:ee:e4:08:76:11:
23:3d:1f:ae:49:fc:44:7f:b2:9e:da:93:06:20:3b:c1:42:b5:
86:5f:e6:02:53:f7:c4:34:6f:9d:e3:57:fe:6d:be:6e:db:b2:
63:e6:f9:6e:66:fa:0f:7d:f5:be:4a:d5:be:cb:50:d0:a1:fe:
25:62:b6:c9:c1:ff:6f:fd:2b:67:01:d9:7d:fa:68:f5:1f:fd:
37:33:43:b8:c7:be:d3:45:67:b8:5d:f5:c9:d8:fa:09:f9:d4:
d7:c5:7b:00
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzPadwvAPuavDC0L7ePS5ICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MWVjYzFhNzRjZjkyYWI2MTljNWY3MTAxMjM5MzdjZTUw
ZDljNDMwHhcNMjQwMTAzMTMwMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODA2MzY3ODFjMjAxZDk5MzUzNjViY2QwYjEwNGNkMjA2OTNmNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgqz9/zM3ONO3gaHdbpAVIbdhLN7u
+maWDWB+Fm51f3mGFFOWKc+mfIMvEH0WRlowh3aTHu0pvQ2KPvH+OgLRJw3VKgi9
ivXfHJXlIHKEA84xgGg54ig2+ZiWWBTc1OPnYjzW1ky4v1m3bBNHyRqbDBraLHqX
fRpD4dLjYMwlj/lsIK35bnJjuam3aUBRWPyuMGX6nYqOZ4RzpcNPbO+sMbRFW54z
ZUa2IB0vKa9RPUhTiadZA/b7ehlNHS9OJ4g4lL1uoRt6Q+i1JMVCrnf9knuW/PD6
BcevU7ZqckiO4ebYyKEUzxQO7tHA3ymfrZNFTCvN2zhcV46UD/l5t2Jn0QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHgGNngcIB2ZNTZbzQsQTNIGk/VlMB8GA1UdIwQY
MBaAFFgezBp0z5KrYZxfcQEjk3zlDZxDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0I3TUduVFBrcXRobkY5eEFTT1RmT1VObkVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9jNzFkYWYtZGQ2Ni00MWQ4LWIwNGYt
ZGE4OGI2YmRiMzE2LzEvZUFZMmVCd2dIWmsxTmx2TkN4Qk0wZ2FUOVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9jNzFkYWYtZGQ2Ni00MWQ4LWIwNGYtZGE4OGI2YmRiMzE2
LzEvV0I3TUduVFBrcXRobkY5eEFTT1RmT1VObkVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAeBAIAATAYAwQBbcUgAwQC
ud4EAwQBwaAKAwQBwaAOMBYEAgACMBADBwAqDIRAAAADBQEqD9GAMA0GCSqGSIb3
DQEBCwUAA4IBAQBli+Glwnybj1DU4uBPFIFgbJiIqxfZ4o7y/1+GS80YxNm3z+DU
4GOX/6zLrDbTz5UR5p95+FXr+JAoWayeCt0qUjXlUBSpgmGmM17AyD09jmrs8kKO
EsblSqJkePUoB3GhxLVq+q+QU7m0zQKH8PBPDwsp5GqFWUdmn6aX3UNe//XxBdz4
wjJJyD2Yqj5n5bcJeUOHQ3ca7Cad7nyS7uQIdhEjPR+uSfxEf7Ke2pMGIDvBQrWG
X+YCU/fENG+d41f+bb5u27Jj5vluZvoPffW+StW+y1DQof4lYrbJwf9v/StnAdl9
+mj1H/03M0O4x77TRWe4XfXJ2PoJ+dTXxXsA
Generated at Sat Jan 13 03:25:54 2024 by rpki-client on console-fra.rpki-client.org