Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/4pXdLyReI-2pqHeHX_C1C136WfU.roa
File: 4pXdLyReI-2pqHeHX_C1C136WfU.roa (raw, json)
Hash identifier: L1GTgAZ084MKd01pY2fwUs1pN8xzP2s1IfJXGeZINIo=
Subject key identifier: E2:95:DD:2F:24:5E:23:ED:A9:A8:77:87:5F:F0:B5:0B:5D:FA:59:F5
Certificate issuer: /CN=22f344a63dcb70e89057deb8e2761dc45165881a
Certificate serial: 018CC79362F44F6EAF605F96B4E9EDE2FD52
Authority key identifier: 22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/4pXdLyReI-2pqHeHX_C1C136WfU.roa
Signing time: Tue 02 Jan 2024 00:29:34 +0000
ROA not before: Tue 02 Jan 2024 00:29:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 9009
IP address blocks: 85.28.56.0/22 maxlen: 22
85.28.56.0/24 maxlen: 24
85.28.58.0/24 maxlen: 24
109.238.196.0/23 maxlen: 23
109.238.201.0/24 maxlen: 24
109.238.202.0/24 maxlen: 24
109.238.203.0/24 maxlen: 24
109.238.204.0/24 maxlen: 24
109.238.206.0/24 maxlen: 24
109.238.207.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 30 Jul 2024 15:40:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:93:62:f4:4f:6e:af:60:5f:96:b4:e9:ed:e2:fd:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22f344a63dcb70e89057deb8e2761dc45165881a
Validity
Not Before: Jan 2 00:29:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e295dd2f245e23eda9a877875ff0b50b5dfa59f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:ef:2b:b8:9b:e9:57:7f:46:23:b2:7f:82:d2:
db:9c:7b:de:4e:ee:cb:c4:11:dd:91:99:c1:ac:c5:
ca:b5:78:21:0d:e8:49:df:48:4e:0a:87:11:c7:39:
c3:16:bb:89:44:a9:8a:d6:79:ad:9e:07:c0:e0:ba:
f5:f6:c1:95:91:05:70:27:87:3f:0b:87:dc:20:4e:
55:72:b5:45:1d:cc:3f:e6:37:fb:fb:1f:dc:8f:2a:
13:e6:30:91:19:07:bc:41:82:bc:68:3b:85:a6:7c:
a8:4b:64:ef:96:6c:6c:e0:1c:3d:c3:15:76:f2:f8:
50:8b:2a:f7:32:70:9b:01:15:69:64:4a:0e:e9:16:
a8:3e:7f:f5:a9:9b:91:54:f7:1d:7f:ec:1b:31:85:
14:eb:30:8d:8f:30:14:fb:d9:d2:22:b1:ad:0d:60:
b0:a9:33:0b:42:45:a5:17:ef:66:17:fb:62:8f:3a:
22:ef:b0:06:ad:5e:93:35:94:d9:f8:a8:4e:56:00:
42:fd:60:5b:bd:3c:1b:fe:cb:53:7a:2b:43:0a:62:
64:c1:67:db:86:c9:f7:dc:bf:53:84:d9:a2:cc:a2:
c3:62:47:e5:f7:10:1a:7b:7d:49:52:19:ee:4f:32:
a6:ac:72:33:bd:4b:22:13:25:7c:24:f8:b7:7c:fe:
b5:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:95:DD:2F:24:5E:23:ED:A9:A8:77:87:5F:F0:B5:0B:5D:FA:59:F5
X509v3 Authority Key Identifier:
keyid:22:F3:44:A6:3D:CB:70:E8:90:57:DE:B8:E2:76:1D:C4:51:65:88:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNEpj3LcOiQV9644nYdxFFliBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/4pXdLyReI-2pqHeHX_C1C136WfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/5360e7-f02a-4737-99c7-febb64b5e164/1/IvNEpj3LcOiQV9644nYdxFFliBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.28.56.0/22
109.238.196.0/23
109.238.201.0-109.238.204.255
109.238.206.0/23
Signature Algorithm: sha256WithRSAEncryption
04:88:a8:f4:c8:4d:ed:b1:b4:78:af:56:f0:b2:31:12:23:90:
75:ab:26:dc:c7:ad:82:78:84:51:d4:51:02:88:b6:9d:94:b6:
c4:a7:dd:0e:34:de:de:25:0c:50:9f:98:97:0a:3e:a2:fb:f7:
5b:d1:84:a8:7c:c2:38:64:2c:21:ea:d5:04:d6:b7:e7:cf:0d:
dc:bd:d5:62:d1:34:5d:80:56:62:dd:72:cd:8b:7c:8a:4f:ca:
88:f4:cd:7e:63:d1:d2:5b:4f:79:d4:f5:c9:c1:00:97:3a:f9:
32:9e:c1:71:3a:20:8b:5f:34:2e:f5:4b:88:c1:23:f9:88:95:
8a:9d:aa:34:f1:36:1f:5b:25:1d:6e:cf:79:52:03:a0:58:fa:
39:4c:91:79:c6:c9:86:e1:a4:d7:d7:aa:ea:98:3d:30:9c:e5:
61:21:06:06:fb:e3:5e:b9:f6:e5:c5:bf:fc:9a:2e:87:19:92:
4b:a0:bc:5a:ae:e3:24:ae:d0:2e:28:ef:a0:40:1a:05:a0:8f:
5e:2f:16:02:8e:0d:e8:9f:c4:cc:67:08:24:52:2b:05:a9:ac:
10:21:b8:0d:d8:b9:05:a1:b9:67:16:10:d1:c2:e1:04:3f:87:
bf:95:fd:7f:67:e9:48:cb:49:61:e8:ba:6b:e9:3c:d3:62:9c:
e6:4f:6d:77
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzHk2L0T26vYF+WtOnt4v1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM0NGE2M2RjYjcwZTg5MDU3ZGViOGUyNzYxZGM0NTE2
NTg4MWEwHhcNMjQwMTAyMDAyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjk1ZGQyZjI0NWUyM2VkYTlhODc3ODc1ZmYwYjUwYjVkZmE1OWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAje8ruJvpV39GI7J/gtLbnHveTu7L
xBHdkZnBrMXKtXghDehJ30hOCocRxznDFruJRKmK1nmtngfA4Lr19sGVkQVwJ4c/
C4fcIE5VcrVFHcw/5jf7+x/cjyoT5jCRGQe8QYK8aDuFpnyoS2Tvlmxs4Bw9wxV2
8vhQiyr3MnCbARVpZEoO6RaoPn/1qZuRVPcdf+wbMYUU6zCNjzAU+9nSIrGtDWCw
qTMLQkWlF+9mF/tijzoi77AGrV6TNZTZ+KhOVgBC/WBbvTwb/stTeitDCmJkwWfb
hsn33L9ThNmizKLDYkfl9xAae31JUhnuTzKmrHIzvUsiEyV8JPi3fP613wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOKV3S8kXiPtqah3h1/wtQtd+ln1MB8GA1UdIwQY
MBaAFCLzRKY9y3DokFfeuOJ2HcRRZYgaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5Yzct
ZmViYjY0YjVlMTY0LzEvNHBYZEx5UmVJLTJwcUhlSFhfQzFDMTM2V2ZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi81MzYwZTctZjAyYS00NzM3LTk5YzctZmViYjY0YjVlMTY0
LzEvSXZORXBqM0xjT2lRVjk2NDRuWWR4RkZsaUJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQCVRw4AwQB
be7EMAwDBABt7skDBABt7swDBAFt7s4wDQYJKoZIhvcNAQELBQADggEBAASIqPTI
Te2xtHivVvCyMRIjkHWrJtzHrYJ4hFHUUQKItp2UtsSn3Q403t4lDFCfmJcKPqL7
91vRhKh8wjhkLCHq1QTWt+fPDdy91WLRNF2AVmLdcs2LfIpPyoj0zX5j0dJbT3nU
9cnBAJc6+TKewXE6IItfNC71S4jBI/mIlYqdqjTxNh9bJR1uz3lSA6BY+jlMkXnG
yYbhpNfXquqYPTCc5WEhBgb741659uXFv/yaLocZkkugvFqu4ySu0C4o76BAGgWg
j14vFgKODeifxMxnCCRSKwWprBAhuA3YuQWhuWcWENHC4QQ/h7+V/X9n6UjLSWHo
umvpPNNinOZPbXc=
-----END CERTIFICATE-----
Generated at Tue Jul 30 19:59:41 2024 by rpki-client on console-ams.rpki-client.org