Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/_NBgKXw1y-_MA8JLXC6-e638GsU.roa
File: _NBgKXw1y-_MA8JLXC6-e638GsU.roa (raw, json)
Hash identifier: 1Au2Y5sLQkU9WGKvNsPuDu9FG1h3HcOQmZc+FT/JGwM=
Subject key identifier: FC:D0:60:29:7C:35:CB:EF:CC:03:C2:4B:5C:2E:BE:7B:AD:FC:1A:C5
Certificate issuer: /CN=b266e6e4d5df7f8a25654144755d7bd992e73539
Certificate serial: 018CCA2B88DB1F5B2AFA13DB84C063F51F17
Authority key identifier: B2:66:E6:E4:D5:DF:7F:8A:25:65:41:44:75:5D:7B:D9:92:E7:35:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/smbm5NXff4olZUFEdV172ZLnNTk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/_NBgKXw1y-_MA8JLXC6-e638GsU.roa
Signing time: Tue 02 Jan 2024 12:34:59 +0000
ROA not before: Tue 02 Jan 2024 12:34:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204332
IP address blocks: 185.252.88.0/22 maxlen: 22
185.252.88.0/23 maxlen: 23
185.252.90.0/23 maxlen: 23
2a0c:2440::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 01 Jan 2025 09:48:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:2b:88:db:1f:5b:2a:fa:13:db:84:c0:63:f5:1f:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b266e6e4d5df7f8a25654144755d7bd992e73539
Validity
Not Before: Jan 2 12:34:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=fcd060297c35cbefcc03c24b5c2ebe7badfc1ac5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:b8:4a:87:de:67:5c:d8:f9:91:cc:d5:ea:e8:
67:df:0b:85:92:a9:c2:fa:1e:bc:61:47:8e:a3:16:
7f:ed:36:fa:80:c7:bf:b8:4c:43:55:d6:72:41:58:
cb:42:47:12:8b:44:3a:26:4e:f2:72:0a:59:1e:0f:
d5:bf:58:3c:c3:39:de:cb:95:ad:6a:4c:91:7c:bc:
44:16:0e:77:43:96:8f:69:ba:30:7a:96:91:3b:8e:
0b:b5:3b:5c:6d:44:69:6a:81:26:40:b3:c6:a9:f1:
b1:a1:18:f1:99:5e:34:78:e0:c3:00:19:e0:08:c0:
a1:be:7a:3c:64:a3:81:dd:44:7c:86:c0:a4:28:82:
10:01:03:83:86:24:7e:71:ac:05:75:a9:b1:eb:cd:
bd:02:be:3e:6a:14:6a:cc:00:ed:c3:78:83:ae:cc:
14:00:fa:72:9b:f7:91:99:77:eb:f2:25:a9:57:8b:
cb:bc:c9:f3:69:fc:29:ad:a7:fc:32:1d:41:68:b6:
a9:16:6a:31:3b:3f:79:4d:48:05:7d:4b:44:5d:54:
c4:f8:16:03:db:41:80:2b:88:53:72:8d:a3:57:1e:
c0:e4:09:b4:1e:7e:68:49:23:a9:17:2e:fc:e4:5a:
bc:de:7b:e2:27:33:2a:10:93:e0:68:9a:ac:f1:a5:
19:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:D0:60:29:7C:35:CB:EF:CC:03:C2:4B:5C:2E:BE:7B:AD:FC:1A:C5
X509v3 Authority Key Identifier:
keyid:B2:66:E6:E4:D5:DF:7F:8A:25:65:41:44:75:5D:7B:D9:92:E7:35:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/smbm5NXff4olZUFEdV172ZLnNTk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/_NBgKXw1y-_MA8JLXC6-e638GsU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/94/ec8801-0a7c-487e-a103-525d7e22c788/1/smbm5NXff4olZUFEdV172ZLnNTk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.252.88.0/22
IPv6:
2a0c:2440::/29
Signature Algorithm: sha256WithRSAEncryption
34:65:07:01:35:e3:af:8c:17:44:5a:44:75:f1:ab:27:04:4c:
c1:ba:c1:93:d5:52:de:79:17:9c:f7:04:e4:fc:88:df:2e:de:
00:7d:e4:d0:8e:56:3c:b3:ed:2d:7a:ca:9e:9c:8d:3d:55:8e:
20:13:eb:35:da:11:75:fb:51:db:d8:7b:7d:4c:07:72:16:5b:
86:03:8c:e6:e7:1f:9e:c5:c3:56:f6:6f:78:a8:25:c0:ab:46:
32:1c:3e:72:8e:82:fd:34:3a:c4:88:6c:ae:67:55:ed:cf:59:
a6:d6:be:78:30:d4:2d:f4:d3:94:24:4c:61:12:aa:36:0b:c9:
39:5e:22:e3:d2:0a:44:1d:3d:f0:ee:5e:9b:74:df:e1:7a:54:
45:6d:d1:42:84:3b:60:44:ce:f8:ec:e6:e0:e1:d0:df:61:f1:
d3:3e:65:c0:85:a6:6f:cb:e5:5d:f9:02:10:c1:d3:37:08:c6:
0f:e5:5e:59:55:fa:32:a3:53:35:37:fe:3d:4c:10:55:26:37:
41:86:dd:aa:ff:95:37:3a:69:a3:1b:7d:48:77:57:ac:e9:33:
e2:56:e3:0c:8e:2f:c8:ff:fb:12:ff:08:1e:bc:ff:4a:84:1c:
a0:0b:c9:7b:36:2e:86:0c:98:e9:9d:8c:9e:3e:56:b8:48:99:
05:46:5a:a1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKK4jbH1sq+hPbhMBj9R8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNjZlNmU0ZDVkZjdmOGEyNTY1NDE0NDc1NWQ3YmQ5OTJl
NzM1MzkwHhcNMjQwMTAyMTIzNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2QwNjAyOTdjMzVjYmVmY2MwM2MyNGI1YzJlYmU3YmFkZmMxYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7rhKh95nXNj5kczV6uhn3wuFkqnC
+h68YUeOoxZ/7Tb6gMe/uExDVdZyQVjLQkcSi0Q6Jk7ycgpZHg/Vv1g8wzney5Wt
akyRfLxEFg53Q5aPabowepaRO44LtTtcbURpaoEmQLPGqfGxoRjxmV40eODDABng
CMChvno8ZKOB3UR8hsCkKIIQAQODhiR+cawFdamx6829Ar4+ahRqzADtw3iDrswU
APpym/eRmXfr8iWpV4vLvMnzafwpraf8Mh1BaLapFmoxOz95TUgFfUtEXVTE+BYD
20GAK4hTco2jVx7A5Am0Hn5oSSOpFy785Fq83nviJzMqEJPgaJqs8aUZxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPzQYCl8NcvvzAPCS1wuvnut/BrFMB8GA1UdIwQY
MBaAFLJm5uTV33+KJWVBRHVde9mS5zU5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc21ibTVOWGZmNG9sWlVGRWRWMTcyWkxuTlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9lYzg4MDEtMGE3Yy00ODdlLWExMDMt
NTI1ZDdlMjJjNzg4LzEvX05CZ0tYdzF5LV9NQThKTFhDNi1lNjM4R3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9lYzg4MDEtMGE3Yy00ODdlLWExMDMtNTI1ZDdlMjJjNzg4
LzEvc21ibTVOWGZmNG9sWlVGRWRWMTcyWkxuTlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCufxYMA0E
AgACMAcDBQMqDCRAMA0GCSqGSIb3DQEBCwUAA4IBAQA0ZQcBNeOvjBdEWkR18asn
BEzBusGT1VLeeRec9wTk/IjfLt4AfeTQjlY8s+0tesqenI09VY4gE+s12hF1+1Hb
2Ht9TAdyFluGA4zm5x+excNW9m94qCXAq0YyHD5yjoL9NDrEiGyuZ1Xtz1mm1r54
MNQt9NOUJExhEqo2C8k5XiLj0gpEHT3w7l6bdN/helRFbdFChDtgRM747Obg4dDf
YfHTPmXAhaZvy+Vd+QIQwdM3CMYP5V5ZVfoyo1M1N/49TBBVJjdBht2q/5U3Ommj
G31Id1es6TPiVuMMji/I//sS/wgevP9KhBygC8l7Ni6GDJjpnYyePla4SJkFRlqh
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:25:34 2025 by rpki-client