Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/88d3b3-8257-47aa-a227-d02aafb832c4/1/bUPSR-2RnunKNz48ZILJU9nt6i0.roa
File: bUPSR-2RnunKNz48ZILJU9nt6i0.roa (raw, json)
Hash identifier: dQ7KAPaatSWHGXCb/MjIIaJaKeTr1TH+GatzvoulVE0=
Subject key identifier: 6D:43:D2:47:ED:91:9E:E9:CA:37:3E:3C:64:82:C9:53:D9:ED:EA:2D
Certificate issuer: /CN=05df1ca3b665f24cbe101cfc2f38344da8b1768d
Certificate serial: 01856F26D9D8B93D57AAA82F0CB9788FD8A1
Authority key identifier: 05:DF:1C:A3:B6:65:F2:4C:BE:10:1C:FC:2F:38:34:4D:A8:B1:76:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Bd8co7Zl8ky-EBz8Lzg0Taixdo0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7b/88d3b3-8257-47aa-a227-d02aafb832c4/1/bUPSR-2RnunKNz48ZILJU9nt6i0.roa
Signing time: Sun 01 Jan 2023 21:04:55 +0000
ROA not before: Sun 01 Jan 2023 21:04:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197190
IP address blocks: 185.209.217.0/24 maxlen: 24
185.209.219.0/24 maxlen: 24
185.209.216.0/24 maxlen: 24
185.209.218.0/24 maxlen: 24
2a0b:5240::/29 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:26:d9:d8:b9:3d:57:aa:a8:2f:0c:b9:78:8f:d8:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05df1ca3b665f24cbe101cfc2f38344da8b1768d
Validity
Not Before: Jan 1 21:04:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6d43d247ed919ee9ca373e3c6482c953d9edea2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:1c:d1:f8:7d:9a:b4:92:74:01:53:31:d5:d7:
75:a2:59:a0:91:a5:2e:c5:b1:cb:e0:cb:a1:97:51:
eb:99:7d:c8:e3:1f:67:3c:78:01:94:10:09:e9:51:
b8:5f:cd:c6:10:7c:08:d7:e2:bc:f0:24:66:c8:22:
14:12:0c:01:47:e8:4d:f1:d6:e9:a4:67:3a:da:4c:
66:60:e0:e1:cc:d4:94:92:c7:55:58:4e:08:79:d2:
2e:df:6a:d9:47:b8:ee:23:e3:69:25:65:31:5f:63:
df:c3:c8:29:6e:b2:45:9e:a8:75:ac:d0:e5:a6:7c:
7d:0c:83:e2:af:e6:9a:e5:d6:a1:59:bd:77:de:c4:
10:fa:01:09:00:e6:49:a7:02:75:71:6c:ee:20:48:
92:65:a6:dc:f2:d0:a4:80:24:3c:30:b1:e3:51:ad:
41:78:bb:eb:d9:9c:90:1e:f3:e6:73:34:46:40:c4:
a0:04:e2:8f:ac:ab:c7:64:86:68:cd:c1:af:25:dc:
c2:1d:5c:bc:7d:40:36:b3:cd:60:2f:f8:24:d3:e6:
88:d8:60:34:9c:1f:78:a2:dc:ee:43:e6:62:f8:e1:
66:72:87:42:0f:68:f7:e6:e1:94:bd:e6:86:0e:a0:
11:28:94:2c:80:4e:39:44:99:f4:9d:00:94:25:43:
3a:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6D:43:D2:47:ED:91:9E:E9:CA:37:3E:3C:64:82:C9:53:D9:ED:EA:2D
X509v3 Authority Key Identifier:
keyid:05:DF:1C:A3:B6:65:F2:4C:BE:10:1C:FC:2F:38:34:4D:A8:B1:76:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bd8co7Zl8ky-EBz8Lzg0Taixdo0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/88d3b3-8257-47aa-a227-d02aafb832c4/1/bUPSR-2RnunKNz48ZILJU9nt6i0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/88d3b3-8257-47aa-a227-d02aafb832c4/1/Bd8co7Zl8ky-EBz8Lzg0Taixdo0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.209.216.0/22
IPv6:
2a0b:5240::/29
Signature Algorithm: sha256WithRSAEncryption
43:bb:c6:d9:36:84:0a:14:03:64:d1:45:51:00:26:60:d2:c8:
ef:d1:f5:53:47:81:cf:3e:a9:ff:bf:16:b8:b9:f6:81:49:74:
63:53:7c:9d:b7:fa:1b:aa:e4:c1:86:df:0e:74:74:aa:53:18:
15:ab:34:38:c4:b3:5f:aa:7a:3c:0b:30:e7:fc:65:0f:3c:47:
25:45:a6:9f:28:9b:f6:54:81:03:42:22:9b:0c:ab:27:26:55:
9b:b0:ff:26:da:6d:6b:23:e9:c6:01:2c:77:75:9c:a7:0c:7e:
7b:af:47:4c:5e:52:88:44:a9:d6:b1:47:83:15:57:08:3a:77:
87:5b:af:0c:97:fa:80:5c:9b:f9:bb:38:da:27:ba:d0:3e:0d:
d6:d1:a3:f3:65:07:6d:e5:82:08:fc:73:64:ee:b6:16:15:8d:
4c:d4:19:3c:da:4a:78:6a:a4:1d:40:ef:5f:08:2f:06:98:a1:
c8:43:29:eb:52:96:b0:b0:53:df:07:12:65:1f:f7:5e:94:42:
d5:cb:60:48:c4:2b:9c:64:76:89:a3:9e:62:c0:ff:3b:37:1f:
a9:db:10:b4:44:68:d2:6c:b8:5e:e0:79:50:b3:ab:31:29:9b:
71:51:c5:95:21:34:49:78:b1:8c:d7:5b:0d:ec:75:31:ca:24:
f2:72:79:20
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVvJtnYuT1XqqgvDLl4j9ihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZGYxY2EzYjY2NWYyNGNiZTEwMWNmYzJmMzgzNDRkYThi
MTc2OGQwHhcNMjMwMTAxMjEwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDQzZDI0N2VkOTE5ZWU5Y2EzNzNlM2M2NDgyYzk1M2Q5ZWRlYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgRzR+H2atJJ0AVMx1dd1olmgkaUu
xbHL4Muhl1HrmX3I4x9nPHgBlBAJ6VG4X83GEHwI1+K88CRmyCIUEgwBR+hN8dbp
pGc62kxmYODhzNSUksdVWE4IedIu32rZR7juI+NpJWUxX2Pfw8gpbrJFnqh1rNDl
pnx9DIPir+aa5dahWb133sQQ+gEJAOZJpwJ1cWzuIEiSZabc8tCkgCQ8MLHjUa1B
eLvr2ZyQHvPmczRGQMSgBOKPrKvHZIZozcGvJdzCHVy8fUA2s81gL/gk0+aI2GA0
nB94otzuQ+Zi+OFmcodCD2j35uGUveaGDqARKJQsgE45RJn0nQCUJUM6mwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG1D0kftkZ7pyjc+PGSCyVPZ7eotMB8GA1UdIwQY
MBaAFAXfHKO2ZfJMvhAc/C84NE2osXaNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmQ4Y283Wmw4a3ktRUJ6OEx6ZzBUYWl4ZG8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84OGQzYjMtODI1Ny00N2FhLWEyMjct
ZDAyYWFmYjgzMmM0LzEvYlVQU1ItMlJudW5LTno0OFpJTEpVOW50NmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84OGQzYjMtODI1Ny00N2FhLWEyMjctZDAyYWFmYjgzMmM0
LzEvQmQ4Y283Wmw4a3ktRUJ6OEx6ZzBUYWl4ZG8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudHYMA0E
AgACMAcDBQMqC1JAMA0GCSqGSIb3DQEBCwUAA4IBAQBDu8bZNoQKFANk0UVRACZg
0sjv0fVTR4HPPqn/vxa4ufaBSXRjU3ydt/obquTBht8OdHSqUxgVqzQ4xLNfqno8
CzDn/GUPPEclRaafKJv2VIEDQiKbDKsnJlWbsP8m2m1rI+nGASx3dZynDH57r0dM
XlKIRKnWsUeDFVcIOneHW68Ml/qAXJv5uzjaJ7rQPg3W0aPzZQdt5YII/HNk7rYW
FY1M1Bk82kp4aqQdQO9fCC8GmKHIQynrUpawsFPfBxJlH/delELVy2BIxCucZHaJ
o55iwP87Nx+p2xC0RGjSbLhe4HlQs6sxKZtxUcWVITRJeLGM11sN7HUxyiTycnkg
-----END CERTIFICATE-----
Generated at Tue Jan 2 01:40:57 2024 by rpki-client on console-ams.rpki-client.org