Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/rCTDNvSTU6UckdmJTW7MAEO6oMA.roa
File: rCTDNvSTU6UckdmJTW7MAEO6oMA.roa (raw, json)
Hash identifier: Ah36vnfCLKlh9YU8NvNCd2La+XVt6f3crasYjGYP5GI=
Subject key identifier: AC:24:C3:36:F4:93:53:A5:1C:91:D9:89:4D:6E:CC:00:43:BA:A0:C0
Certificate issuer: /CN=038b9963c972c1d7a03df96fad25f68ebd4fa149
Certificate serial: 018CC50062D1CA3E1A072D95D37EB9137326
Authority key identifier: 03:8B:99:63:C9:72:C1:D7:A0:3D:F9:6F:AD:25:F6:8E:BD:4F:A1:49
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/A4uZY8lywdegPflvrSX2jr1PoUk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/rCTDNvSTU6UckdmJTW7MAEO6oMA.roa
Signing time: Mon 01 Jan 2024 12:29:45 +0000
ROA not before: Mon 01 Jan 2024 12:29:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31662
IP address blocks: 185.251.56.0/22 maxlen: 22
217.151.112.0/20 maxlen: 20
94.228.144.0/20 maxlen: 20
185.27.4.0/22 maxlen: 22
2a00:d28::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 Jan 2025 11:49:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:62:d1:ca:3e:1a:07:2d:95:d3:7e:b9:13:73:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=038b9963c972c1d7a03df96fad25f68ebd4fa149
Validity
Not Before: Jan 1 12:29:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ac24c336f49353a51c91d9894d6ecc0043baa0c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:e9:0e:d8:15:da:d9:39:c0:19:00:28:d1:e5:
4a:25:d1:62:7b:2f:aa:7f:11:16:bf:32:d4:72:77:
5f:f4:a9:f7:b0:59:17:20:1b:2a:95:1a:30:0f:23:
e5:0d:52:9b:75:84:f6:7f:9d:c9:0a:49:bb:fb:d4:
94:ba:60:e0:3b:f5:b9:5e:bf:04:16:63:72:69:8d:
78:c2:98:d5:c2:34:c1:ae:06:4e:eb:51:0e:c0:b2:
2b:79:2f:03:3b:94:5e:93:9b:22:de:9c:c9:f8:5c:
b0:44:eb:af:63:55:94:59:88:e2:90:16:3c:5a:c8:
56:ff:4d:36:18:83:50:35:4f:b5:e2:d3:55:d8:64:
4d:92:e5:25:82:24:b2:14:b9:95:7a:3f:b4:8f:f9:
8f:05:80:df:17:e5:3f:da:74:fb:78:34:a0:80:5d:
59:72:c7:e9:79:4c:98:d3:44:90:53:a1:69:33:20:
a5:1f:30:ea:8f:95:04:6e:09:4f:c0:ba:8e:1c:a6:
c2:13:b1:09:cd:fd:ad:b9:3a:f3:8b:65:28:9b:1a:
8f:76:de:fa:e8:2a:f3:c7:65:ff:a4:0c:14:c9:8b:
bc:e7:7d:ac:47:94:63:4b:ab:a6:28:9f:6c:ec:c0:
e3:c2:9d:10:7d:46:12:16:2a:ea:95:b7:03:ab:b7:
bd:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:24:C3:36:F4:93:53:A5:1C:91:D9:89:4D:6E:CC:00:43:BA:A0:C0
X509v3 Authority Key Identifier:
keyid:03:8B:99:63:C9:72:C1:D7:A0:3D:F9:6F:AD:25:F6:8E:BD:4F:A1:49
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A4uZY8lywdegPflvrSX2jr1PoUk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/rCTDNvSTU6UckdmJTW7MAEO6oMA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/506801-b94d-4b5d-94ab-6163b997b642/1/A4uZY8lywdegPflvrSX2jr1PoUk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.228.144.0/20
185.27.4.0/22
185.251.56.0/22
217.151.112.0/20
IPv6:
2a00:d28::/32
Signature Algorithm: sha256WithRSAEncryption
00:d8:eb:5f:33:58:d8:80:06:db:c4:21:fa:40:55:4c:91:35:
3a:64:6c:71:b8:fc:3f:20:ff:b6:0e:a3:d0:6a:e7:f4:85:0c:
4d:02:23:0f:32:fb:9c:34:6d:f7:46:83:80:5c:9e:b9:6b:48:
56:5b:9e:4e:2a:e3:1b:74:8f:df:0e:4a:96:ae:5c:d9:43:fd:
c8:47:34:ad:38:8b:8a:e8:33:46:1b:13:22:10:97:8d:3a:f3:
79:61:d9:93:a3:21:b5:cb:d0:75:ca:da:2a:1a:07:97:77:3f:
98:25:c0:ad:38:b3:24:a1:45:27:ea:bd:70:77:99:96:3a:3e:
42:c5:74:59:5b:00:65:20:15:4b:3f:ba:3e:12:00:13:4e:ef:
c0:65:06:b4:42:2f:72:39:63:91:f3:23:6a:c7:3a:48:ef:bd:
07:21:0b:bb:32:00:16:10:49:4e:3b:40:a2:b1:78:9f:06:ad:
38:1c:96:12:d7:a0:ad:8d:d8:35:04:cf:c6:69:87:f6:0c:4c:
5f:2f:06:6e:82:3c:d4:ae:a5:51:93:74:c8:d2:ef:ff:38:e7:
b7:c9:8d:94:fc:65:be:12:6c:17:c8:62:29:b0:7c:8b:46:7e:
b1:0e:a7:e3:ea:aa:17:bf:0c:72:29:26:dc:1d:18:f8:97:ac:
46:ff:52:b6
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzFAGLRyj4aBy2V0365E3MmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzOGI5OTYzYzk3MmMxZDdhMDNkZjk2ZmFkMjVmNjhlYmQ0
ZmExNDkwHhcNMjQwMTAxMTIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzI0YzMzNmY0OTM1M2E1MWM5MWQ5ODk0ZDZlY2MwMDQzYmFhMGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+kO2BXa2TnAGQAo0eVKJdFiey+q
fxEWvzLUcndf9Kn3sFkXIBsqlRowDyPlDVKbdYT2f53JCkm7+9SUumDgO/W5Xr8E
FmNyaY14wpjVwjTBrgZO61EOwLIreS8DO5Rek5si3pzJ+FywROuvY1WUWYjikBY8
WshW/002GINQNU+14tNV2GRNkuUlgiSyFLmVej+0j/mPBYDfF+U/2nT7eDSggF1Z
csfpeUyY00SQU6FpMyClHzDqj5UEbglPwLqOHKbCE7EJzf2tuTrzi2UomxqPdt76
6Crzx2X/pAwUyYu8532sR5RjS6umKJ9s7MDjwp0QfUYSFirqlbcDq7e9WwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFKwkwzb0k1OlHJHZiU1uzABDuqDAMB8GA1UdIwQY
MBaAFAOLmWPJcsHXoD35b60l9o69T6FJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTR1Wlk4bHl3ZGVnUGZsdnJTWDJqcjFQb1VrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81MDY4MDEtYjk0ZC00YjVkLTk0YWIt
NjE2M2I5OTdiNjQyLzEvckNURE52U1RVNlVja2RtSlRXN01BRU82b01BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81MDY4MDEtYjk0ZC00YjVkLTk0YWItNjE2M2I5OTdiNjQy
LzEvQTR1Wlk4bHl3ZGVnUGZsdnJTWDJqcjFQb1VrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQEXuSQAwQC
uRsEAwQCufs4AwQE2ZdwMA0EAgACMAcDBQAqAA0oMA0GCSqGSIb3DQEBCwUAA4IB
AQAA2OtfM1jYgAbbxCH6QFVMkTU6ZGxxuPw/IP+2DqPQauf0hQxNAiMPMvucNG33
RoOAXJ65a0hWW55OKuMbdI/fDkqWrlzZQ/3IRzStOIuK6DNGGxMiEJeNOvN5YdmT
oyG1y9B1ytoqGgeXdz+YJcCtOLMkoUUn6r1wd5mWOj5CxXRZWwBlIBVLP7o+EgAT
Tu/AZQa0Qi9yOWOR8yNqxzpI770HIQu7MgAWEElOO0CisXifBq04HJYS16Ctjdg1
BM/GaYf2DExfLwZugjzUrqVRk3TI0u//OOe3yY2U/GW+EmwXyGIpsHyLRn6xDqfj
6qoXvwxyKSbcHRj4l6xG/1K2
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:56:54 2025 by rpki-client