Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/y1ES5OvLHB3ErERak0tw9l-ozhs.roa
File: y1ES5OvLHB3ErERak0tw9l-ozhs.roa (raw, json)
Hash identifier: JKiDvqmfz2TUuDcLkRvOGhFBSp1iG/3mpOqdVDuPUd4=
Subject key identifier: CB:51:12:E4:EB:CB:1C:1D:C4:AC:44:5A:93:4B:70:F6:5F:A8:CE:1B
Certificate issuer: /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial: 0194F9E4181C6AAF0CF3271A50DFA12F5396
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/y1ES5OvLHB3ErERak0tw9l-ozhs.roa
Signing time: Wed 12 Feb 2025 11:21:02 +0000
ROA not before: Wed 12 Feb 2025 11:21:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210099
IP address blocks: 85.117.236.0/24 maxlen: 24
85.117.237.0/24 maxlen: 24
185.17.113.0/24 maxlen: 24
185.73.200.0/22 maxlen: 22
185.73.200.0/24 maxlen: 24
185.73.201.0/24 maxlen: 24
185.73.202.0/24 maxlen: 24
185.165.77.0/24 maxlen: 24
2a04:7c1::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 21 Feb 2025 16:19:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:f9:e4:18:1c:6a:af:0c:f3:27:1a:50:df:a1:2f:53:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Validity
Not Before: Feb 12 11:21:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cb5112e4ebcb1c1dc4ac445a934b70f65fa8ce1b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:23:10:7a:b5:64:60:38:e1:02:e0:57:fd:95:
31:47:49:f7:b2:bb:6d:cf:30:97:e5:4b:ed:8e:e9:
23:ed:b2:f6:fa:32:92:8e:10:fa:1a:6a:c2:6d:1d:
c0:21:92:3f:f4:ff:e1:a1:1d:74:a3:d3:84:5d:e8:
d5:5f:da:bf:a4:5f:63:ad:69:4f:d8:4c:c4:8e:74:
30:57:c9:34:c7:4e:c9:b6:d4:1e:95:77:7b:3b:b1:
c8:e6:fb:2c:f9:c6:13:45:e7:11:e8:85:b8:77:fd:
e4:1b:d9:c1:2e:3f:0c:e7:66:d0:35:ca:3f:91:69:
96:50:54:34:a4:e9:81:32:f8:f7:d1:63:7d:c5:e5:
2d:a9:fe:75:55:d8:25:b2:e8:81:e9:17:31:d4:7f:
46:cd:c9:69:c5:50:5a:82:c8:08:3e:c1:0a:13:02:
cb:25:f6:e8:12:ed:17:53:10:8d:99:85:11:50:74:
54:a0:b7:d7:c2:33:4c:0b:50:46:8e:8c:37:fa:06:
53:6c:06:3f:4c:67:4e:c8:d8:1e:c9:c5:19:1d:3a:
34:c4:2e:0d:7d:fd:96:46:3e:84:de:48:50:36:30:
2b:46:f4:5e:42:bd:25:2c:31:97:bb:e8:75:de:c2:
29:47:ed:88:aa:48:38:c6:e8:c8:2f:5e:4a:8a:9f:
6e:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:51:12:E4:EB:CB:1C:1D:C4:AC:44:5A:93:4B:70:F6:5F:A8:CE:1B
X509v3 Authority Key Identifier:
keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/y1ES5OvLHB3ErERak0tw9l-ozhs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.117.236.0/23
185.17.113.0/24
185.73.200.0/22
185.165.77.0/24
IPv6:
2a04:7c1::/32
Signature Algorithm: sha256WithRSAEncryption
23:5e:87:88:64:8e:1e:7c:7d:c7:52:61:06:ee:9e:49:67:d9:
df:23:72:cd:9e:ee:b8:cc:47:6c:5c:70:19:33:fc:43:b7:e7:
a0:23:14:1d:ff:f3:b4:a2:b1:59:27:47:a7:15:c4:33:b9:c2:
29:4d:dc:fa:cb:4c:be:8e:df:87:82:86:ba:73:e3:48:a5:87:
52:3c:35:e0:27:63:97:09:fd:c4:7d:5e:0c:b2:ba:16:4c:a9:
e3:e8:fe:78:5b:61:2b:fe:9b:3f:b6:36:bf:6d:7b:e4:49:32:
92:49:eb:4c:8e:90:87:9a:d7:92:6a:72:32:50:50:28:d2:fa:
41:55:72:17:9e:d9:d7:2b:71:33:d7:30:6e:cd:5f:0a:83:ff:
0e:79:35:4a:1e:18:9a:90:fd:ce:f2:a4:9e:4b:58:59:7a:8e:
16:cd:80:d6:79:9c:f7:e2:8f:9d:f2:e9:06:6d:f4:89:ae:de:
1e:f4:fd:db:96:bb:c3:9f:f8:a9:98:ca:7a:89:47:ea:19:12:
b8:df:3e:b0:fb:30:60:e5:d5:6f:ed:d3:34:af:00:d3:90:9c:
ab:22:01:bf:64:23:7c:c0:45:60:a2:98:58:62:67:ec:d4:1e:
ad:cb:22:eb:20:17:a6:ec:f2:d5:aa:1b:88:6e:eb:73:ed:be:
ca:5a:7a:22
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAZT55Bgcaq8M8ycaUN+hL1OWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjUwMjEyMTEyMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUxMTJlNGViY2IxYzFkYzRhYzQ0NWE5MzRiNzBmNjVmYThjZTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyMQerVkYDjhAuBX/ZUxR0n3srtt
zzCX5Uvtjukj7bL2+jKSjhD6GmrCbR3AIZI/9P/hoR10o9OEXejVX9q/pF9jrWlP
2EzEjnQwV8k0x07JttQelXd7O7HI5vss+cYTRecR6IW4d/3kG9nBLj8M52bQNco/
kWmWUFQ0pOmBMvj30WN9xeUtqf51VdglsuiB6Rcx1H9GzclpxVBagsgIPsEKEwLL
JfboEu0XUxCNmYURUHRUoLfXwjNMC1BGjow3+gZTbAY/TGdOyNgeycUZHTo0xC4N
ff2WRj6E3khQNjArRvReQr0lLDGXu+h13sIpR+2Iqkg4xujIL15Kip9uUwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFMtREuTryxwdxKxEWpNLcPZfqM4bMB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEveTFFUzVPdkxIQjNFckVSYWswdHc5bC1vemhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBVXXsAwQA
uRFxAwQCuUnIAwQAuaVNMA0EAgACMAcDBQAqBAfBMA0GCSqGSIb3DQEBCwUAA4IB
AQAjXoeIZI4efH3HUmEG7p5JZ9nfI3LNnu64zEdsXHAZM/xDt+egIxQd//O0orFZ
J0enFcQzucIpTdz6y0y+jt+Hgoa6c+NIpYdSPDXgJ2OXCf3EfV4MsroWTKnj6P54
W2Er/ps/tja/bXvkSTKSSetMjpCHmteSanIyUFAo0vpBVXIXntnXK3Ez1zBuzV8K
g/8OeTVKHhiakP3O8qSeS1hZeo4WzYDWeZz34o+d8ukGbfSJrt4e9P3blrvDn/ip
mMp6iUfqGRK43z6w+zBg5dVv7dM0rwDTkJyrIgG/ZCN8wEVgophYYmfs1B6tyyLr
IBem7PLVqhuIbutz7b7KWnoi
-----END CERTIFICATE-----
Generated at Wed Apr 16 23:16:20 2025 by rpki-client