Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/xa0_J20Lpxw7TFw9-u4Dz54-0JI.roa
File: xa0_J20Lpxw7TFw9-u4Dz54-0JI.roa (raw, json)
Hash identifier: KiGZuaO0W8p4lFJBL9sj5B6PI6DNoKgCzWSllDoSvIk=
Subject key identifier: C5:AD:3F:27:6D:0B:A7:1C:3B:4C:5C:3D:FA:EE:03:CF:9E:3E:D0:92
Certificate issuer: /CN=efe691427c6e41806f6ceb1e218a7dc6320fdeed
Certificate serial: 018E0E46DA820744C0C1AAB89ACD2500BA86
Authority key identifier: EF:E6:91:42:7C:6E:41:80:6F:6C:EB:1E:21:8A:7D:C6:32:0F:DE:ED
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7-aRQnxuQYBvbOseIYp9xjIP3u0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/xa0_J20Lpxw7TFw9-u4Dz54-0JI.roa
Signing time: Tue 05 Mar 2024 11:01:48 +0000
ROA not before: Tue 05 Mar 2024 11:01:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 51262
IP address blocks: 185.147.8.0/24 maxlen: 24
185.147.9.0/24 maxlen: 24
185.147.10.0/23 maxlen: 23
185.147.10.0/24 maxlen: 24
185.147.11.0/24 maxlen: 24
2a0a:dc00::/32 maxlen: 32
2a0a:dc01::/32 maxlen: 32
2a0a:dc02::/32 maxlen: 32
2a0a:dc03::/32 maxlen: 32
2a0a:dc04::/32 maxlen: 32
2a0a:dc05::/32 maxlen: 32
2a0a:dc06::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 02 Jan 2025 07:49:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:0e:46:da:82:07:44:c0:c1:aa:b8:9a:cd:25:00:ba:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=efe691427c6e41806f6ceb1e218a7dc6320fdeed
Validity
Not Before: Mar 5 11:01:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c5ad3f276d0ba71c3b4c5c3dfaee03cf9e3ed092
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:08:75:74:cd:b0:f2:0b:90:70:1a:a5:1e:eb:
ab:53:96:5d:ca:8f:ff:34:b4:fc:ec:4d:08:37:a5:
18:df:eb:c0:24:dc:2b:fd:8d:26:30:b0:84:3b:db:
7b:b7:23:5e:79:12:a5:4e:14:a8:dd:3b:11:76:43:
fd:6e:cc:0f:3a:2d:82:81:28:7b:95:bb:b3:b3:6f:
b7:95:ea:1f:62:4e:4e:60:3a:b7:ce:31:a6:7f:7d:
df:80:e2:12:80:75:3d:5c:0d:4a:b8:72:dd:9c:c1:
c0:1d:6e:e3:87:e0:8c:44:de:51:19:7a:4a:34:e2:
a4:bd:b8:84:c4:6f:05:03:27:ba:4d:53:42:2b:5a:
74:f0:28:2f:f1:b7:57:00:7d:09:13:ac:e8:5b:ac:
8c:f7:ae:85:39:47:e9:f5:21:b8:e7:f1:c5:c3:59:
ee:0c:8d:a5:ba:30:9f:04:64:2d:5f:9c:16:b1:ef:
92:bf:27:ee:2d:b6:ad:46:f5:66:62:5d:87:fb:b0:
7a:c3:7c:28:e7:e5:90:d1:36:bd:c1:d9:b0:d8:5f:
5b:70:04:14:b8:8b:d8:84:7f:46:71:25:0b:26:96:
80:c0:be:18:a2:8e:52:71:9a:54:91:29:7a:a8:2b:
59:b9:2b:2c:e1:0f:65:51:3e:6a:23:ed:16:a8:00:
41:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:AD:3F:27:6D:0B:A7:1C:3B:4C:5C:3D:FA:EE:03:CF:9E:3E:D0:92
X509v3 Authority Key Identifier:
keyid:EF:E6:91:42:7C:6E:41:80:6F:6C:EB:1E:21:8A:7D:C6:32:0F:DE:ED
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7-aRQnxuQYBvbOseIYp9xjIP3u0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/xa0_J20Lpxw7TFw9-u4Dz54-0JI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/059975-ef90-421b-8af3-3814c57fe9bb/1/7-aRQnxuQYBvbOseIYp9xjIP3u0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.147.8.0/22
IPv6:
2a0a:dc00::-2a0a:dc06:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
5e:2e:c5:8d:0a:47:28:d9:3f:06:a3:a5:7a:b9:a6:e5:71:95:
39:a6:10:7f:7b:9f:fe:9e:d1:d3:c4:a2:ac:33:29:d0:68:85:
69:af:20:9b:bb:75:71:77:37:de:08:ff:e0:b8:83:da:7d:4e:
6c:64:a7:eb:60:3c:a8:e9:6a:d8:5e:af:7b:c9:b6:8e:d6:68:
84:ca:4f:8f:01:6a:42:25:68:87:2d:bf:ac:b2:2b:d8:6d:f7:
36:df:23:b0:f0:b2:3d:a2:83:34:17:35:c5:42:0e:8c:2b:3c:
91:b0:61:22:e8:b0:06:ad:08:fd:59:9b:c7:1f:38:6d:be:08:
d8:54:dd:e9:55:7e:cc:2b:08:b6:06:ad:84:d4:40:fe:a0:0e:
e4:8c:fa:f5:43:aa:79:6f:8b:db:a1:4d:c9:75:3f:f6:ab:e3:
b4:03:3b:d7:c0:aa:06:ac:8d:b5:5d:48:6e:a0:95:a4:0a:21:
92:d1:7c:47:f4:93:aa:77:9a:bc:f9:3c:eb:b2:09:a8:de:2f:
0f:fe:13:20:94:05:bb:16:4f:21:71:70:0e:8b:2e:be:47:54:
88:7d:dd:ac:0b:ea:e4:ac:db:88:1f:65:94:b0:ca:20:7f:7d:
5b:31:8e:c7:4d:81:d3:4b:db:53:14:76:e9:fe:e0:4d:6a:1e:
a7:c2:52:a3
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY4ORtqCB0TAwaq4ms0lALqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmZTY5MTQyN2M2ZTQxODA2ZjZjZWIxZTIxOGE3ZGM2MzIw
ZmRlZWQwHhcNMjQwMzA1MTEwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWFkM2YyNzZkMGJhNzFjM2I0YzVjM2RmYWVlMDNjZjllM2VkMDkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwh1dM2w8guQcBqlHuurU5Zdyo//
NLT87E0IN6UY3+vAJNwr/Y0mMLCEO9t7tyNeeRKlThSo3TsRdkP9bswPOi2CgSh7
lbuzs2+3leofYk5OYDq3zjGmf33fgOISgHU9XA1KuHLdnMHAHW7jh+CMRN5RGXpK
NOKkvbiExG8FAye6TVNCK1p08Cgv8bdXAH0JE6zoW6yM966FOUfp9SG45/HFw1nu
DI2lujCfBGQtX5wWse+SvyfuLbatRvVmYl2H+7B6w3wo5+WQ0Ta9wdmw2F9bcAQU
uIvYhH9GcSULJpaAwL4Yoo5ScZpUkSl6qCtZuSss4Q9lUT5qI+0WqABBRQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMWtPydtC6ccO0xcPfruA8+ePtCSMB8GA1UdIwQY
MBaAFO/mkUJ8bkGAb2zrHiGKfcYyD97tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNy1hUlFueHVRWUJ2Yk9zZUlZcDl4aklQM3UwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8wNTk5NzUtZWY5MC00MjFiLThhZjMt
MzgxNGM1N2ZlOWJiLzEveGEwX0oyMExweHc3VEZ3OS11NER6NTQtMEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8wNTk5NzUtZWY5MC00MjFiLThhZjMtMzgxNGM1N2ZlOWJi
LzEvNy1hUlFueHVRWUJ2Yk9zZUlZcDl4aklQM3UwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAMBAIAATAGAwQCuZMIMBUE
AgACMA8wDQMEAioK3AMFACoK3AYwDQYJKoZIhvcNAQELBQADggEBAF4uxY0KRyjZ
PwajpXq5puVxlTmmEH97n/6e0dPEoqwzKdBohWmvIJu7dXF3N94I/+C4g9p9Tmxk
p+tgPKjpather3vJto7WaITKT48BakIlaIctv6yyK9ht9zbfI7Dwsj2igzQXNcVC
DowrPJGwYSLosAatCP1Zm8cfOG2+CNhU3elVfswrCLYGrYTUQP6gDuSM+vVDqnlv
i9uhTcl1P/ar47QDO9fAqgasjbVdSG6glaQKIZLRfEf0k6p3mrz5POuyCajeLw/+
EyCUBbsWTyFxcA6LLr5HVIh93awL6uSs24gfZZSwyiB/fVsxjsdNgdNL21MUdun+
4E1qHqfCUqM=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:59:41 2025 by rpki-client