Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/2AyEONqRznBDJkMnQvT4d5BTNqc.roa
File: 2AyEONqRznBDJkMnQvT4d5BTNqc.roa (raw, json)
Hash identifier: ndaZOAbgGDY3PYdv/Kxnft+Ct5jhX/xT0HkJ1YXDcDA=
Subject key identifier: D8:0C:84:38:DA:91:CE:70:43:26:43:27:42:F4:F8:77:90:53:36:A7
Certificate issuer: /CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Certificate serial: 018E582A84118A0D4072ED606CD80CD5C8BB
Authority key identifier: F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/2AyEONqRznBDJkMnQvT4d5BTNqc.roa
Signing time: Tue 19 Mar 2024 19:22:45 +0000
ROA not before: Tue 19 Mar 2024 19:22:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31586
IP address blocks: 81.21.136.0/21 maxlen: 24
141.255.180.0/22 maxlen: 24
185.69.232.0/22 maxlen: 24
185.84.72.0/22 maxlen: 24
185.105.204.0/22 maxlen: 24
185.105.216.0/22 maxlen: 24
2a05:2500::/32 maxlen: 32
2a05:a282::/32 maxlen: 48
Validation: Failed, certificate revoked on Wed 10 Apr 2024 08:43:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:58:2a:84:11:8a:0d:40:72:ed:60:6c:d8:0c:d5:c8:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f51369ccbf86b1e84e1aeb46e6d336d39f752ae7
Validity
Not Before: Mar 19 19:22:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d80c8438da91ce704326432742f4f877905336a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:26:39:2a:95:32:4a:31:53:5f:c8:43:45:69:
f0:97:f9:89:b2:3b:d2:04:7b:4d:6f:34:c5:72:bf:
df:e3:ec:6a:8c:f9:00:38:b2:70:6f:9c:83:04:fa:
98:38:d3:15:dd:21:5b:c7:81:00:61:69:d1:c9:cb:
79:f2:65:46:01:db:eb:c0:cb:bc:e4:62:0d:2a:4b:
31:bc:54:a5:c8:ce:6a:f6:4d:1c:d6:4c:fc:d5:a5:
9c:9f:ab:2e:87:1e:99:f8:b1:41:0e:4b:7f:bc:ca:
15:45:c1:1e:3a:56:3d:84:8d:27:b2:be:9b:4b:dd:
ae:2c:37:cf:0d:77:d4:d2:81:9b:bf:c7:22:90:bb:
24:4e:95:b3:cf:ae:27:db:27:ad:c0:6a:ee:40:4f:
b5:6c:2f:c5:48:36:a7:77:bf:68:45:8e:db:d4:ab:
20:45:da:2e:17:70:37:61:a5:2c:5e:95:86:da:67:
f6:05:bc:8a:19:26:ac:5b:74:d6:a6:28:a6:eb:30:
db:de:55:1a:19:87:6a:02:ec:14:f7:a0:52:42:ad:
1a:cd:31:1e:fc:ca:53:1a:31:1c:af:87:3f:3e:5d:
ca:60:49:76:da:01:f7:76:60:d3:86:11:b8:01:aa:
06:da:02:25:9c:b8:25:12:92:28:f1:52:ff:c9:57:
61:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D8:0C:84:38:DA:91:CE:70:43:26:43:27:42:F4:F8:77:90:53:36:A7
X509v3 Authority Key Identifier:
keyid:F5:13:69:CC:BF:86:B1:E8:4E:1A:EB:46:E6:D3:36:D3:9F:75:2A:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9RNpzL-GsehOGutG5tM20591Kuc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/2AyEONqRznBDJkMnQvT4d5BTNqc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/2d5bdf-5265-49b8-8afe-2b920bde3990/1/9RNpzL-GsehOGutG5tM20591Kuc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.21.136.0/21
141.255.180.0/22
185.69.232.0/22
185.84.72.0/22
185.105.204.0/22
185.105.216.0/22
IPv6:
2a05:2500::/32
2a05:a282::/32
Signature Algorithm: sha256WithRSAEncryption
64:ca:47:54:ea:2b:f3:0f:c8:7d:54:f9:2e:19:41:ee:1f:d3:
69:3e:2b:2f:7c:4c:2d:75:f5:28:79:aa:e4:ab:27:d6:77:0a:
cc:4c:32:a5:08:75:6a:0f:ed:4a:c2:27:67:9b:bf:59:e0:f2:
03:70:78:ca:c4:78:06:2b:4f:a3:eb:b9:f2:68:84:70:78:0b:
53:ec:9a:f7:0d:3c:bb:fa:8f:1f:5f:b7:5d:71:6c:21:d7:d4:
4f:77:20:93:11:84:9a:0b:d7:3a:0f:00:d4:0a:b2:fc:0f:0e:
2c:81:5b:5f:20:15:77:f5:eb:17:45:b8:e7:fe:c7:d5:60:93:
e4:30:05:b5:aa:cd:3e:39:df:c3:07:8b:06:28:26:0d:16:9f:
f1:73:d4:00:47:ad:f6:0d:e2:d9:e1:6a:3d:81:c2:1d:96:94:
c0:06:53:cc:d3:dc:e6:bf:1d:69:76:f5:c4:8a:3f:11:30:e8:
0a:8e:59:bc:7c:eb:63:c3:e1:d7:db:ba:47:22:45:a2:c9:64:
4c:e3:1c:e5:46:d5:a8:a3:3a:04:4a:5c:62:6d:91:05:14:06:
a3:dc:77:18:55:67:48:4c:c6:fd:fc:ce:6b:b8:61:02:2b:59:
13:ea:57:66:57:c8:07:fa:1e:93:3d:2d:39:db:ec:fc:70:99:
fc:e5:35:ee
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAY5YKoQRig1Acu1gbNgM1ci7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTM2OWNjYmY4NmIxZTg0ZTFhZWI0NmU2ZDMzNmQzOWY3
NTJhZTcwHhcNMjQwMzE5MTkyMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODBjODQzOGRhOTFjZTcwNDMyNjQzMjc0MmY0Zjg3NzkwNTMzNmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwyY5KpUySjFTX8hDRWnwl/mJsjvS
BHtNbzTFcr/f4+xqjPkAOLJwb5yDBPqYONMV3SFbx4EAYWnRyct58mVGAdvrwMu8
5GINKksxvFSlyM5q9k0c1kz81aWcn6suhx6Z+LFBDkt/vMoVRcEeOlY9hI0nsr6b
S92uLDfPDXfU0oGbv8cikLskTpWzz64n2yetwGruQE+1bC/FSDand79oRY7b1Ksg
RdouF3A3YaUsXpWG2mf2BbyKGSasW3TWpiim6zDb3lUaGYdqAuwU96BSQq0azTEe
/MpTGjEcr4c/Pl3KYEl22gH3dmDThhG4AaoG2gIlnLglEpIo8VL/yVdhTwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNgMhDjakc5wQyZDJ0L0+HeQUzanMB8GA1UdIwQY
MBaAFPUTacy/hrHoThrrRubTNtOfdSrnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUt
MmI5MjBiZGUzOTkwLzEvMkF5RU9OcVJ6bkJESmtNblF2VDRkNUJUTnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8yZDViZGYtNTI2NS00OWI4LThhZmUtMmI5MjBiZGUzOTkw
LzEvOVJOcHpMLUdzZWhPR3V0RzV0TTIwNTkxS3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQDURWIAwQC
jf+0AwQCuUXoAwQCuVRIAwQCuWnMAwQCuWnYMBQEAgACMA4DBQAqBSUAAwUAKgWi
gjANBgkqhkiG9w0BAQsFAAOCAQEAZMpHVOor8w/IfVT5LhlB7h/TaT4rL3xMLXX1
KHmq5Ksn1ncKzEwypQh1ag/tSsInZ5u/WeDyA3B4ysR4BitPo+u58miEcHgLU+ya
9w08u/qPH1+3XXFsIdfUT3cgkxGEmgvXOg8A1Aqy/A8OLIFbXyAVd/XrF0W45/7H
1WCT5DAFtarNPjnfwweLBigmDRaf8XPUAEet9g3i2eFqPYHCHZaUwAZTzNPc5r8d
aXb1xIo/ETDoCo5ZvHzrY8Ph19u6RyJFoslkTOMc5UbVqKM6BEpcYm2RBRQGo9x3
GFVnSEzG/fzOa7hhAitZE+pXZlfIB/oekz0tOdvs/HCZ/OU17g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:04 2024 by rpki-client on console-ams.rpki-client.org