Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/74aee8-41a8-4ee7-ae4c-2183bc3844d2/1/IO7gWUH4XqaNFLduls5lQ-kL89s.roa
File: IO7gWUH4XqaNFLduls5lQ-kL89s.roa (raw, json)
Hash identifier: 7ns0vfaWbfmWUtn2Ld55BYxmH2ypHElRrg9HiTIZYC8=
Subject key identifier: 20:EE:E0:59:41:F8:5E:A6:8D:14:B7:6E:96:CE:65:43:E9:0B:F3:DB
Certificate issuer: /CN=95b85e5ac055a12188ae50cdb007fa488b6aa88b
Certificate serial: 018CC5DC27F9B812ABD9433937E642FF4087
Authority key identifier: 95:B8:5E:5A:C0:55:A1:21:88:AE:50:CD:B0:07:FA:48:8B:6A:A8:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lbheWsBVoSGIrlDNsAf6SItqqIs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/74aee8-41a8-4ee7-ae4c-2183bc3844d2/1/IO7gWUH4XqaNFLduls5lQ-kL89s.roa
Signing time: Mon 01 Jan 2024 16:29:48 +0000
ROA not before: Mon 01 Jan 2024 16:29:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39637
IP address blocks: 37.203.56.0/21 maxlen: 21
94.124.136.0/21 maxlen: 21
91.201.164.0/22 maxlen: 22
185.215.252.0/22 maxlen: 22
195.246.236.0/23 maxlen: 23
2a00:dc8::/32 maxlen: 32
Validation: Failed, certificate revoked on Wed 01 Jan 2025 01:48:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:27:f9:b8:12:ab:d9:43:39:37:e6:42:ff:40:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=95b85e5ac055a12188ae50cdb007fa488b6aa88b
Validity
Not Before: Jan 1 16:29:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=20eee05941f85ea68d14b76e96ce6543e90bf3db
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:40:9d:70:f2:71:a4:97:14:de:d4:6f:48:a8:
69:e7:20:92:66:b5:74:cb:ea:c4:23:d3:7b:fb:91:
46:14:34:4c:e6:93:c0:ff:b9:b9:ba:4d:9a:3e:95:
b7:73:c6:ae:5e:78:be:ff:4a:20:86:7b:ee:e7:11:
84:70:ab:2f:ca:96:f5:e7:48:e2:63:a6:6e:df:29:
c0:9d:45:3d:5c:81:b0:80:e8:18:2c:9d:87:52:29:
62:a2:0a:60:4c:0d:fa:59:33:c8:00:6d:7b:63:9b:
b6:ac:ed:75:02:77:a8:c3:60:03:1e:c7:7b:ef:54:
7f:8a:fd:5a:75:56:3b:a8:31:fa:04:a9:e0:b5:1f:
e7:10:25:3c:34:36:41:0c:71:72:80:24:20:38:c6:
9d:48:28:3e:e0:10:5c:ab:e0:b6:50:f1:39:91:cb:
3b:69:ea:05:e8:b9:36:0e:79:20:69:9e:f5:d6:e0:
58:c4:57:11:fd:64:c7:29:d1:55:77:4a:b1:b1:12:
6d:05:b3:ca:94:d9:c1:a3:23:38:c4:ed:38:44:53:
e2:c5:ea:2d:83:a1:e1:86:5d:50:8f:5e:09:3d:1a:
98:74:f1:98:af:26:0e:1d:44:23:55:dc:42:74:b9:
6c:71:d3:00:5b:bd:77:04:10:ac:33:a7:76:a6:de:
48:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:EE:E0:59:41:F8:5E:A6:8D:14:B7:6E:96:CE:65:43:E9:0B:F3:DB
X509v3 Authority Key Identifier:
keyid:95:B8:5E:5A:C0:55:A1:21:88:AE:50:CD:B0:07:FA:48:8B:6A:A8:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbheWsBVoSGIrlDNsAf6SItqqIs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74aee8-41a8-4ee7-ae4c-2183bc3844d2/1/IO7gWUH4XqaNFLduls5lQ-kL89s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/74aee8-41a8-4ee7-ae4c-2183bc3844d2/1/lbheWsBVoSGIrlDNsAf6SItqqIs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.203.56.0/21
91.201.164.0/22
94.124.136.0/21
185.215.252.0/22
195.246.236.0/23
IPv6:
2a00:dc8::/32
Signature Algorithm: sha256WithRSAEncryption
14:e3:bd:d6:8f:d7:53:13:63:b8:3a:dc:93:f0:3d:a3:ff:3e:
f8:ac:c0:37:f4:cb:94:24:04:99:45:57:fa:db:5e:73:3b:01:
0f:1c:94:f4:35:94:90:5b:47:18:93:04:64:5d:1b:39:d8:2e:
b8:fe:37:45:e1:a0:90:60:b9:f7:2e:1f:1b:28:d2:b2:cc:04:
57:8c:4f:85:95:69:97:b4:19:a0:5f:e9:b9:75:9c:1d:aa:47:
d2:08:a4:1d:37:26:32:d3:7c:df:2f:1d:09:9e:a0:af:92:a9:
51:d4:c0:35:1c:1d:d2:e5:8a:6b:fc:91:59:21:e5:c6:85:d4:
fb:cc:be:7d:3d:01:46:c9:8a:35:f0:09:41:3c:0f:3b:4d:2d:
94:1a:52:60:c9:21:4c:d3:50:40:cf:1c:60:11:a2:cb:87:fd:
f1:98:d0:27:25:78:2d:88:b6:bf:41:1d:76:38:0d:ae:cc:24:
9f:41:e7:e3:5a:da:76:41:31:7d:63:a0:d5:09:92:37:09:ad:
ad:96:25:6e:51:f6:9c:07:7f:e1:d6:12:43:13:31:a5:c4:b3:
ec:2c:d0:5c:bf:a3:b9:65:9a:9d:14:2a:cd:c7:bf:41:5a:27:
72:ef:7d:85:4f:cd:3c:0f:db:33:2b:ba:37:b3:96:8d:36:b9:
d7:2d:37:69
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzF3Cf5uBKr2UM5N+ZC/0CHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1Yjg1ZTVhYzA1NWExMjE4OGFlNTBjZGIwMDdmYTQ4OGI2
YWE4OGIwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGVlZTA1OTQxZjg1ZWE2OGQxNGI3NmU5NmNlNjU0M2U5MGJmM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkCdcPJxpJcU3tRvSKhp5yCSZrV0
y+rEI9N7+5FGFDRM5pPA/7m5uk2aPpW3c8auXni+/0oghnvu5xGEcKsvypb150ji
Y6Zu3ynAnUU9XIGwgOgYLJ2HUiliogpgTA36WTPIAG17Y5u2rO11Aneow2ADHsd7
71R/iv1adVY7qDH6BKngtR/nECU8NDZBDHFygCQgOMadSCg+4BBcq+C2UPE5kcs7
aeoF6Lk2DnkgaZ711uBYxFcR/WTHKdFVd0qxsRJtBbPKlNnBoyM4xO04RFPixeot
g6Hhhl1Qj14JPRqYdPGYryYOHUQjVdxCdLlscdMAW713BBCsM6d2pt5IywIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFCDu4FlB+F6mjRS3bpbOZUPpC/PbMB8GA1UdIwQY
MBaAFJW4XlrAVaEhiK5QzbAH+kiLaqiLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJoZVdzQlZvU0dJcmxETnNBZjZTSXRxcUlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NGFlZTgtNDFhOC00ZWU3LWFlNGMt
MjE4M2JjMzg0NGQyLzEvSU83Z1dVSDRYcWFORkxkdWxzNWxRLWtMODlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NGFlZTgtNDFhOC00ZWU3LWFlNGMtMjE4M2JjMzg0NGQy
LzEvbGJoZVdzQlZvU0dJcmxETnNBZjZTSXRxcUlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDJcs4AwQC
W8mkAwQDXnyIAwQCudf8AwQBw/bsMA0EAgACMAcDBQAqAA3IMA0GCSqGSIb3DQEB
CwUAA4IBAQAU473Wj9dTE2O4OtyT8D2j/z74rMA39MuUJASZRVf6215zOwEPHJT0
NZSQW0cYkwRkXRs52C64/jdF4aCQYLn3Lh8bKNKyzARXjE+FlWmXtBmgX+m5dZwd
qkfSCKQdNyYy03zfLx0JnqCvkqlR1MA1HB3S5Ypr/JFZIeXGhdT7zL59PQFGyYo1
8AlBPA87TS2UGlJgySFM01BAzxxgEaLLh/3xmNAnJXgtiLa/QR12OA2uzCSfQefj
Wtp2QTF9Y6DVCZI3Ca2tliVuUfacB3/h1hJDEzGlxLPsLNBcv6O5ZZqdFCrNx79B
Widy732FT808D9szK7o3s5aNNrnXLTdp
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:33:11 2025 by rpki-client