Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/6kP5mcPIMee6amCd8slvhMbE6CY.roa
File: 6kP5mcPIMee6amCd8slvhMbE6CY.roa (raw, json)
Hash identifier: HE2yqQZq6gqlk+3XlQTbjazYKrYjX3GrCs5E7AKYVCQ=
Subject key identifier: EA:43:F9:99:C3:C8:31:E7:BA:6A:60:9D:F2:C9:6F:84:C6:C4:E8:26
Certificate issuer: /CN=2a4472336c9d02a488cdd77534d65fb1465ec09a
Certificate serial: 01856CC1494AF1E9EEC2D9B9348AE3196AA9
Authority key identifier: 2A:44:72:33:6C:9D:02:A4:88:CD:D7:75:34:D6:5F:B1:46:5E:C0:9A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KkRyM2ydAqSIzdd1NNZfsUZewJo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/6kP5mcPIMee6amCd8slvhMbE6CY.roa
Signing time: Sun 01 Jan 2023 09:54:44 +0000
ROA not before: Sun 01 Jan 2023 09:54:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50837
IP address blocks: 185.12.4.0/22 maxlen: 24
178.22.64.0/21 maxlen: 24
93.123.82.0/23 maxlen: 24
91.92.71.0/24 maxlen: 24
93.123.14.0/23 maxlen: 24
31.171.240.0/20 maxlen: 24
94.156.200.0/22 maxlen: 24
2a01:9980::/32 maxlen: 64
Validation: Failed, certificate revoked on Fri 21 Apr 2023 13:58:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:c1:49:4a:f1:e9:ee:c2:d9:b9:34:8a:e3:19:6a:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a4472336c9d02a488cdd77534d65fb1465ec09a
Validity
Not Before: Jan 1 09:54:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ea43f999c3c831e7ba6a609df2c96f84c6c4e826
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:73:3c:95:28:c6:9f:e4:ff:e4:7d:57:fc:74:
39:36:99:b6:35:67:14:be:4c:c4:af:2c:cd:80:c1:
55:c2:05:a4:ea:45:4b:ce:39:2f:1a:8a:09:d6:32:
57:84:f3:11:c4:8e:e7:fa:c5:f7:11:df:8b:1d:85:
8c:fb:80:e4:07:06:25:de:21:38:12:ad:2b:94:b5:
2e:7a:36:b9:2a:a3:da:b5:a4:64:cd:b7:d4:56:36:
e3:57:af:94:6b:f7:40:44:ab:d6:c9:21:70:ed:d5:
7a:5f:62:2a:9e:a0:d4:b2:5a:55:5e:8c:7c:45:0b:
2b:df:d6:a8:03:06:67:79:16:c9:49:87:a4:5e:f7:
d3:11:64:55:22:30:c5:a2:fd:16:61:f5:d1:45:60:
4c:9e:da:cc:6d:14:ac:1d:ec:11:24:b9:50:81:6f:
c7:7d:7e:40:31:ec:bd:7b:81:8d:b1:0a:59:ac:b6:
2e:85:1f:7f:9a:ab:ce:c4:81:d2:33:52:98:7a:85:
7a:2d:ca:bd:36:b5:8d:26:a3:0f:d8:04:0b:45:dd:
17:24:27:7c:4f:ad:64:94:94:e7:fc:6f:8b:cc:c3:
d8:3c:76:60:03:57:d8:41:2a:f3:ea:c8:be:7b:10:
63:b1:82:1a:1d:e7:62:7e:c5:c8:26:1c:00:47:8d:
7d:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:43:F9:99:C3:C8:31:E7:BA:6A:60:9D:F2:C9:6F:84:C6:C4:E8:26
X509v3 Authority Key Identifier:
keyid:2A:44:72:33:6C:9D:02:A4:88:CD:D7:75:34:D6:5F:B1:46:5E:C0:9A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KkRyM2ydAqSIzdd1NNZfsUZewJo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/6kP5mcPIMee6amCd8slvhMbE6CY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/01db82-4172-4405-ab55-0086d02385d6/1/KkRyM2ydAqSIzdd1NNZfsUZewJo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.240.0/20
91.92.71.0/24
93.123.14.0/23
93.123.82.0/23
94.156.200.0/22
178.22.64.0/21
185.12.4.0/22
IPv6:
2a01:9980::/32
Signature Algorithm: sha256WithRSAEncryption
6a:87:e2:e7:e9:2d:64:04:96:47:3a:d1:84:d8:57:e0:b4:39:
f6:cc:a6:98:40:26:df:7c:dc:fd:2c:15:9e:88:94:c6:c4:38:
19:db:2f:60:c4:83:55:e9:c7:7e:fb:4e:d8:e1:37:95:d9:40:
6e:8b:8f:0f:8f:2b:41:2f:b6:e0:8a:1c:d1:84:9e:f7:af:20:
1f:d1:10:b8:1f:9b:2f:ce:b4:65:a2:b0:ed:d9:11:05:dc:96:
e4:c4:a3:90:3b:a1:cb:0d:a4:cb:c5:aa:31:d8:76:dd:e0:cd:
b1:49:49:a5:6f:12:7e:3a:a6:11:89:3c:eb:02:74:34:76:14:
0b:98:fe:c4:c3:58:58:20:ce:ad:27:96:2c:ea:ea:60:60:2e:
43:28:c0:39:0e:35:a5:fa:58:d9:27:61:a3:c6:c9:5e:3f:8b:
0b:d2:73:a9:14:90:c2:fe:06:21:06:fe:13:28:e8:34:e5:08:
dd:ee:0d:d4:de:4a:d3:04:02:8d:23:5b:bb:b2:7d:09:ab:01:
61:8f:0a:0d:c3:75:5c:c1:2f:25:6a:a3:72:0d:c6:f7:d3:b4:
ef:a3:99:f5:2c:7b:2e:1e:8c:c5:f6:f3:1c:34:46:b8:61:1a:
d8:b9:22:71:82:f9:ba:89:f4:8a:ce:58:9f:f2:7a:78:8e:a0:
30:01:08:aa
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVswUlK8enuwtm5NIrjGWqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhNDQ3MjMzNmM5ZDAyYTQ4OGNkZDc3NTM0ZDY1ZmIxNDY1
ZWMwOWEwHhcNMjMwMTAxMDk1NDQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTQzZjk5OWMzYzgzMWU3YmE2YTYwOWRmMmM5NmY4NGM2YzRlODI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHM8lSjGn+T/5H1X/HQ5Npm2NWcU
vkzEryzNgMFVwgWk6kVLzjkvGooJ1jJXhPMRxI7n+sX3Ed+LHYWM+4DkBwYl3iE4
Eq0rlLUueja5KqPataRkzbfUVjbjV6+Ua/dARKvWySFw7dV6X2IqnqDUslpVXox8
RQsr39aoAwZneRbJSYekXvfTEWRVIjDFov0WYfXRRWBMntrMbRSsHewRJLlQgW/H
fX5AMey9e4GNsQpZrLYuhR9/mqvOxIHSM1KYeoV6Lcq9NrWNJqMP2AQLRd0XJCd8
T61klJTn/G+LzMPYPHZgA1fYQSrz6si+exBjsYIaHedifsXIJhwAR419oQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFOpD+ZnDyDHnumpgnfLJb4TGxOgmMB8GA1UdIwQY
MBaAFCpEcjNsnQKkiM3XdTTWX7FGXsCaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2tSeU0yeWRBcVNJemRkMU5OWmZzVVpld0pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8wMWRiODItNDE3Mi00NDA1LWFiNTUt
MDA4NmQwMjM4NWQ2LzEvNmtQNW1jUElNZWU2YW1DZDhzbHZoTWJFNkNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8wMWRiODItNDE3Mi00NDA1LWFiNTUtMDA4NmQwMjM4NWQ2
LzEvS2tSeU0yeWRBcVNJemRkMU5OWmZzVVpld0pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEH6vwAwQA
W1xHAwQBXXsOAwQBXXtSAwQCXpzIAwQDshZAAwQCuQwEMA0EAgACMAcDBQAqAZmA
MA0GCSqGSIb3DQEBCwUAA4IBAQBqh+Ln6S1kBJZHOtGE2FfgtDn2zKaYQCbffNz9
LBWeiJTGxDgZ2y9gxINV6cd++07Y4TeV2UBui48PjytBL7bgihzRhJ73ryAf0RC4
H5svzrRlorDt2REF3JbkxKOQO6HLDaTLxaox2Hbd4M2xSUmlbxJ+OqYRiTzrAnQ0
dhQLmP7Ew1hYIM6tJ5Ys6upgYC5DKMA5DjWl+ljZJ2GjxsleP4sL0nOpFJDC/gYh
Bv4TKOg05Qjd7g3U3krTBAKNI1u7sn0JqwFhjwoNw3VcwS8laqNyDcb307Tvo5n1
LHsuHozF9vMcNEa4YRrYuSJxgvm6ifSKzlif8np4jqAwAQiq
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:33 2024 by rpki-client on console-ams.rpki-client.org