Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/a01fd3-a867-42c6-9a0e-df651b966b2b/1/Sub1NNEnehUkwp7v2kaUtXlG1-M.roa
File: Sub1NNEnehUkwp7v2kaUtXlG1-M.roa (raw, json)
Hash identifier: yGFXviD2dNDItt4CsefRUWXWTmT5amTBOIQjCCQqcqE=
Subject key identifier: 4A:E6:F5:34:D1:27:7A:15:24:C2:9E:EF:DA:46:94:B5:79:46:D7:E3
Certificate issuer: /CN=2a36d678c4bbcac24ae6bea9a24c995c48d593f0
Certificate serial: 01856FD4ED9A065B0D63D19F8272F06DEE6E
Authority key identifier: 2A:36:D6:78:C4:BB:CA:C2:4A:E6:BE:A9:A2:4C:99:5C:48:D5:93:F0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KjbWeMS7ysJK5r6pokyZXEjVk_A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9c/a01fd3-a867-42c6-9a0e-df651b966b2b/1/Sub1NNEnehUkwp7v2kaUtXlG1-M.roa
Signing time: Mon 02 Jan 2023 00:15:03 +0000
ROA not before: Mon 02 Jan 2023 00:15:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204028
IP address blocks: 185.118.199.0/24 maxlen: 24
185.118.196.0/24 maxlen: 24
185.118.196.0/22 maxlen: 24
213.170.142.0/24 maxlen: 24
185.118.197.0/24 maxlen: 24
185.118.198.0/24 maxlen: 24
2a06:9500::/29 maxlen: 48
Validation: Failed, certificate revoked on Mon 01 Jan 2024 22:31:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:d4:ed:9a:06:5b:0d:63:d1:9f:82:72:f0:6d:ee:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a36d678c4bbcac24ae6bea9a24c995c48d593f0
Validity
Not Before: Jan 2 00:15:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4ae6f534d1277a1524c29eefda4694b57946d7e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:4a:b6:e7:07:53:4d:ad:7c:bb:88:3a:00:67:
6d:66:81:41:45:2e:9c:1b:a8:6f:50:9a:1b:6d:e1:
58:51:f7:77:ad:11:5a:85:ea:bd:55:56:e4:d5:fa:
44:75:4b:9e:3d:02:98:04:d6:50:d9:46:af:e4:dc:
60:67:d7:2b:16:ac:d7:24:09:16:e3:0f:27:4c:8c:
a5:75:02:6c:af:28:b3:ee:20:b1:bb:8c:00:1a:5e:
dc:fa:c6:ef:83:7c:74:7d:2d:1d:c4:e0:11:df:4b:
cb:9d:b1:2b:38:09:65:fc:65:75:e0:b5:ef:2c:f1:
67:4b:bb:67:de:6b:84:05:6c:68:e3:a3:fc:c5:d5:
c9:2c:29:21:bf:a9:71:22:01:69:3b:9b:c9:e9:1a:
68:6c:a3:12:c2:2f:2d:e6:f6:54:77:66:b7:43:8b:
58:15:df:6a:fe:8a:9c:2b:ce:f7:c0:1b:cd:19:b5:
3e:8e:42:13:5c:44:65:9f:21:6c:1c:a5:3f:f2:7a:
b7:fd:ae:f1:de:5f:06:be:e7:f7:3b:f8:88:00:9a:
5d:6e:22:12:fe:ec:f6:da:fd:9d:69:9d:6b:bc:f5:
98:2d:a5:09:d9:ba:ec:7d:39:50:63:cb:77:5a:a4:
63:65:e1:34:5c:0c:61:4d:0a:67:a1:7e:1f:61:33:
cb:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:E6:F5:34:D1:27:7A:15:24:C2:9E:EF:DA:46:94:B5:79:46:D7:E3
X509v3 Authority Key Identifier:
keyid:2A:36:D6:78:C4:BB:CA:C2:4A:E6:BE:A9:A2:4C:99:5C:48:D5:93:F0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KjbWeMS7ysJK5r6pokyZXEjVk_A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/a01fd3-a867-42c6-9a0e-df651b966b2b/1/Sub1NNEnehUkwp7v2kaUtXlG1-M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/a01fd3-a867-42c6-9a0e-df651b966b2b/1/KjbWeMS7ysJK5r6pokyZXEjVk_A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.118.196.0/22
213.170.142.0/24
IPv6:
2a06:9500::/29
Signature Algorithm: sha256WithRSAEncryption
89:15:d8:51:6f:a6:f3:26:18:cb:3b:73:0c:63:17:f5:bf:48:
d0:26:50:d7:5e:ee:6d:c0:a9:ab:9c:46:9d:97:a5:fa:cd:de:
c4:95:b7:09:3b:ea:c0:a2:a0:97:60:18:af:e5:60:1b:dc:d1:
ab:87:85:6b:d9:4f:92:4a:26:b4:ed:ce:78:46:28:f3:bb:c9:
92:4b:10:2e:97:6f:77:9d:d5:3b:ac:b3:8e:0c:3e:b3:be:24:
91:9c:04:1a:50:2a:94:fa:94:77:3b:b6:c5:23:ad:23:77:8e:
0f:b5:d9:45:b0:d4:61:39:a3:c2:4e:4d:86:ab:9d:f7:4a:74:
29:b8:5f:ec:7f:92:58:53:99:d1:b6:8e:65:d9:22:b7:19:5e:
b7:d0:f5:82:19:be:49:e3:99:32:41:7c:2a:59:30:5c:58:9f:
4d:17:3c:bc:9e:a8:eb:60:b3:65:20:2e:64:5b:56:13:a0:ea:
57:48:c2:0f:26:9b:3c:fb:98:da:f1:da:2e:10:8b:c6:f8:42:
9e:a9:17:8a:a0:61:c4:0f:07:57:71:02:a6:ce:4c:6d:4a:e8:
65:11:f7:b8:85:55:13:b8:5c:6b:b2:b9:f6:01:64:3d:fc:a5:
48:13:68:62:81:82:dd:a5:db:ad:8f:a4:f0:c0:ff:60:23:b1:
d9:b8:2c:4c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVv1O2aBlsNY9GfgnLwbe5uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMzZkNjc4YzRiYmNhYzI0YWU2YmVhOWEyNGM5OTVjNDhk
NTkzZjAwHhcNMjMwMTAyMDAxNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWU2ZjUzNGQxMjc3YTE1MjRjMjllZWZkYTQ2OTRiNTc5NDZkN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkq25wdTTa18u4g6AGdtZoFBRS6c
G6hvUJobbeFYUfd3rRFaheq9VVbk1fpEdUuePQKYBNZQ2Uav5NxgZ9crFqzXJAkW
4w8nTIyldQJsryiz7iCxu4wAGl7c+sbvg3x0fS0dxOAR30vLnbErOAll/GV14LXv
LPFnS7tn3muEBWxo46P8xdXJLCkhv6lxIgFpO5vJ6RpobKMSwi8t5vZUd2a3Q4tY
Fd9q/oqcK873wBvNGbU+jkITXERlnyFsHKU/8nq3/a7x3l8Gvuf3O/iIAJpdbiIS
/uz22v2daZ1rvPWYLaUJ2brsfTlQY8t3WqRjZeE0XAxhTQpnoX4fYTPLgwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFErm9TTRJ3oVJMKe79pGlLV5RtfjMB8GA1UdIwQY
MBaAFCo21njEu8rCSua+qaJMmVxI1ZPwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2piV2VNUzd5c0pLNXI2cG9reVpYRWpWa19BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9hMDFmZDMtYTg2Ny00MmM2LTlhMGUt
ZGY2NTFiOTY2YjJiLzEvU3ViMU5ORW5laFVrd3A3djJrYVV0WGxHMS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9hMDFmZDMtYTg2Ny00MmM2LTlhMGUtZGY2NTFiOTY2YjJi
LzEvS2piV2VNUzd5c0pLNXI2cG9reVpYRWpWa19BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuXbEAwQA
1aqOMA0EAgACMAcDBQMqBpUAMA0GCSqGSIb3DQEBCwUAA4IBAQCJFdhRb6bzJhjL
O3MMYxf1v0jQJlDXXu5twKmrnEadl6X6zd7ElbcJO+rAoqCXYBiv5WAb3NGrh4Vr
2U+SSia07c54Rijzu8mSSxAul293ndU7rLOODD6zviSRnAQaUCqU+pR3O7bFI60j
d44PtdlFsNRhOaPCTk2Gq533SnQpuF/sf5JYU5nRto5l2SK3GV630PWCGb5J45ky
QXwqWTBcWJ9NFzy8nqjrYLNlIC5kW1YToOpXSMIPJps8+5ja8douEIvG+EKeqReK
oGHEDwdXcQKmzkxtSuhlEfe4hVUTuFxrsrn2AWQ9/KVIE2higYLdpdutj6TwwP9g
I7HZuCxM
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:50 2024 by rpki-client on console-fra.rpki-client.org