Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/8b532f-6782-4044-9efb-6725d98196c6/1/IZlGx8pSZxSEQeu06YTq4821p5s.roa
File: IZlGx8pSZxSEQeu06YTq4821p5s.roa (raw, json)
Hash identifier: CvQ1yXmVhBLkOmTBPNJF4m/HQSnprDfB3eyxGVrqcmA=
Subject key identifier: 21:99:46:C7:CA:52:67:14:84:41:EB:B4:E9:84:EA:E3:CD:B5:A7:9B
Certificate issuer: /CN=d6ce49255f406a725593c62e1c408779586d56ef
Certificate serial: 018CC5DC53D27AF111C2A65136687448B759
Authority key identifier: D6:CE:49:25:5F:40:6A:72:55:93:C6:2E:1C:40:87:79:58:6D:56:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1s5JJV9AanJVk8YuHECHeVhtVu8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/8b532f-6782-4044-9efb-6725d98196c6/1/IZlGx8pSZxSEQeu06YTq4821p5s.roa
Signing time: Mon 01 Jan 2024 16:30:00 +0000
ROA not before: Mon 01 Jan 2024 16:30:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43372
IP address blocks: 185.186.152.0/23 maxlen: 23
185.186.154.0/23 maxlen: 23
45.158.4.0/23 maxlen: 23
45.158.6.0/23 maxlen: 23
185.236.96.0/23 maxlen: 23
185.236.98.0/23 maxlen: 23
2a0b:7e80::/29 maxlen: 29
2a0b:7e80:0:100::/56 maxlen: 56
Validation: Failed, certificate revoked on Thu 21 Nov 2024 09:09:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:53:d2:7a:f1:11:c2:a6:51:36:68:74:48:b7:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d6ce49255f406a725593c62e1c408779586d56ef
Validity
Not Before: Jan 1 16:30:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=219946c7ca5267148441ebb4e984eae3cdb5a79b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:9c:33:ad:b2:d7:4f:5e:1a:73:c8:e5:b6:7d:
87:d2:4f:6c:98:5f:78:8c:97:27:0d:eb:4f:c8:7d:
0d:9f:da:a5:25:b4:bc:3f:e7:ad:a8:7a:e7:f2:1f:
4d:fd:4f:f2:b0:18:1b:38:f0:4c:8b:69:3c:c9:a3:
00:99:56:be:67:9d:0c:28:ff:cb:89:da:e7:e7:e1:
f2:43:96:98:be:8e:0b:4f:38:80:a5:7a:b5:44:a9:
9e:75:22:61:67:a5:1b:c6:95:a8:0f:d2:f1:d0:fb:
73:32:81:cd:02:0e:6b:ff:29:d7:bd:cb:47:85:0c:
2b:a9:24:31:d9:17:2b:72:d6:88:93:88:9b:4a:ca:
3f:e6:a9:db:3e:db:0e:e8:2e:48:86:92:fd:7e:3e:
6f:e4:14:a8:0c:e4:c8:c3:f6:6d:69:05:7a:4e:1c:
bf:61:9c:f9:2a:85:8d:6e:e9:eb:be:d3:c9:5d:95:
db:ec:17:d0:28:a4:67:9d:e7:10:bc:1e:63:21:7f:
a0:73:a3:d3:62:1f:f2:c6:af:ad:aa:dc:b8:51:a8:
8a:0c:5e:8d:90:32:48:60:66:99:21:c8:c9:d6:11:
68:68:18:85:c6:d9:e3:f3:9e:80:96:fd:8e:cc:c2:
82:6e:c1:f0:14:d4:c2:2b:19:06:2f:cd:b4:05:01:
03:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:99:46:C7:CA:52:67:14:84:41:EB:B4:E9:84:EA:E3:CD:B5:A7:9B
X509v3 Authority Key Identifier:
keyid:D6:CE:49:25:5F:40:6A:72:55:93:C6:2E:1C:40:87:79:58:6D:56:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1s5JJV9AanJVk8YuHECHeVhtVu8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8b532f-6782-4044-9efb-6725d98196c6/1/IZlGx8pSZxSEQeu06YTq4821p5s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/8b532f-6782-4044-9efb-6725d98196c6/1/1s5JJV9AanJVk8YuHECHeVhtVu8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.158.4.0/22
185.186.152.0/22
185.236.96.0/22
IPv6:
2a0b:7e80::/29
Signature Algorithm: sha256WithRSAEncryption
0d:b1:7f:f9:6d:83:0b:de:bd:38:a0:fd:99:85:06:d6:cc:ad:
75:99:42:4d:b8:52:47:be:0a:28:59:26:5f:fa:bf:63:65:0b:
8b:19:33:4a:1d:44:1e:81:dc:1d:54:18:a8:ec:8d:2b:d7:e3:
3f:d2:98:cb:a8:47:55:1c:00:a3:3b:8f:cf:31:2d:8d:d5:dc:
a2:d6:5b:09:6c:72:77:19:a8:55:a2:30:23:e1:2a:79:fa:93:
3a:91:ca:2a:d8:2d:58:90:47:39:77:e7:6a:41:18:34:37:bb:
5e:86:e4:40:70:53:76:ee:65:39:3e:a1:5a:cc:60:45:0b:c2:
55:49:9f:e4:81:2f:19:9d:89:b7:ab:d5:53:52:5e:d4:90:d1:
f6:bf:4d:4a:b1:5b:7d:6b:58:35:23:d9:3d:fe:44:1e:80:02:
a2:b1:fe:be:ef:a5:a2:a4:19:2e:69:d2:b4:be:69:5d:ec:2f:
85:ec:de:91:12:60:07:12:11:3c:aa:9f:3d:f6:9b:85:6f:83:
e1:7e:75:c1:02:bc:ec:1f:82:6f:f2:07:40:08:61:5f:69:9e:
5e:a7:b5:5b:71:0e:56:af:20:d9:c3:53:65:4a:9e:d0:a6:9f:
dc:18:93:e9:28:cb:b4:41:04:a2:54:51:cb:47:a2:a6:f3:e5:
c3:c2:7d:ce
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzF3FPSevERwqZRNmh0SLdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2Y2U0OTI1NWY0MDZhNzI1NTkzYzYyZTFjNDA4Nzc5NTg2
ZDU2ZWYwHhcNMjQwMTAxMTYzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTk5NDZjN2NhNTI2NzE0ODQ0MWViYjRlOTg0ZWFlM2NkYjVhNzliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5pwzrbLXT14ac8jltn2H0k9smF94
jJcnDetPyH0Nn9qlJbS8P+etqHrn8h9N/U/ysBgbOPBMi2k8yaMAmVa+Z50MKP/L
idrn5+HyQ5aYvo4LTziApXq1RKmedSJhZ6UbxpWoD9Lx0PtzMoHNAg5r/ynXvctH
hQwrqSQx2RcrctaIk4ibSso/5qnbPtsO6C5IhpL9fj5v5BSoDOTIw/ZtaQV6Thy/
YZz5KoWNbunrvtPJXZXb7BfQKKRnnecQvB5jIX+gc6PTYh/yxq+tqty4UaiKDF6N
kDJIYGaZIcjJ1hFoaBiFxtnj856Alv2OzMKCbsHwFNTCKxkGL820BQEDZQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCGZRsfKUmcUhEHrtOmE6uPNtaebMB8GA1UdIwQY
MBaAFNbOSSVfQGpyVZPGLhxAh3lYbVbvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXM1SkpWOUFhbkpWazhZdUhFQ0hlVmh0VnU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84YjUzMmYtNjc4Mi00MDQ0LTllZmIt
NjcyNWQ5ODE5NmM2LzEvSVpsR3g4cFNaeFNFUWV1MDZZVHE0ODIxcDVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84YjUzMmYtNjc4Mi00MDQ0LTllZmItNjcyNWQ5ODE5NmM2
LzEvMXM1SkpWOUFhbkpWazhZdUhFQ0hlVmh0VnU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCLZ4EAwQC
ubqYAwQCuexgMA0EAgACMAcDBQMqC36AMA0GCSqGSIb3DQEBCwUAA4IBAQANsX/5
bYML3r04oP2ZhQbWzK11mUJNuFJHvgooWSZf+r9jZQuLGTNKHUQegdwdVBio7I0r
1+M/0pjLqEdVHACjO4/PMS2N1dyi1lsJbHJ3GahVojAj4Sp5+pM6kcoq2C1YkEc5
d+dqQRg0N7tehuRAcFN27mU5PqFazGBFC8JVSZ/kgS8ZnYm3q9VTUl7UkNH2v01K
sVt9a1g1I9k9/kQegAKisf6+76WipBkuadK0vmld7C+F7N6REmAHEhE8qp899puF
b4PhfnXBArzsH4Jv8gdACGFfaZ5ep7VbcQ5WryDZw1NlSp7Qpp/cGJPpKMu0QQSi
VFHLR6Km8+XDwn3O
-----END CERTIFICATE-----
Generated at Tue Apr 22 19:01:01 2025 by rpki-client