Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/YCDCQAau9nn8UcJELZjCqzeCMeY.roa
File: YCDCQAau9nn8UcJELZjCqzeCMeY.roa (raw, json)
Hash identifier: LtCFVQK0Lx94lga34iiIEdEv6aC18DiV3rkaJi7yKnY=
Subject key identifier: 60:20:C2:40:06:AE:F6:79:FC:51:C2:44:2D:98:C2:AB:37:82:31:E6
Certificate issuer: /CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Certificate serial: 0186366E1478D57A1CEB7BF66955757CC602
Authority key identifier: AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/YCDCQAau9nn8UcJELZjCqzeCMeY.roa
Signing time: Thu 09 Feb 2023 13:47:09 +0000
ROA not before: Thu 09 Feb 2023 13:47:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200000
IP address blocks: 185.233.120.0/22 maxlen: 22
185.124.8.0/22 maxlen: 22
185.233.136.0/22 maxlen: 22
37.139.64.0/21 maxlen: 21
185.39.224.0/22 maxlen: 22
185.233.152.0/22 maxlen: 23
185.149.40.0/22 maxlen: 22
185.233.116.0/22 maxlen: 22
185.235.168.0/22 maxlen: 22
109.205.96.0/21 maxlen: 21
45.154.218.0/24 maxlen: 24
173.242.48.0/20 maxlen: 20
185.104.44.0/22 maxlen: 22
185.104.45.0/24 maxlen: 24
185.65.244.0/22 maxlen: 22
217.173.208.0/20 maxlen: 20
185.226.24.0/22 maxlen: 22
185.225.212.0/22 maxlen: 22
185.25.116.0/22 maxlen: 22
185.68.16.0/24 maxlen: 24
185.68.16.0/22 maxlen: 22
185.233.36.0/22 maxlen: 22
185.233.40.0/22 maxlen: 22
185.233.44.0/22 maxlen: 22
185.130.120.0/22 maxlen: 22
185.209.168.0/22 maxlen: 22
185.69.152.0/22 maxlen: 22
185.239.180.0/22 maxlen: 22
185.234.176.0/22 maxlen: 22
2a0c:c80::/29 maxlen: 29
2a0c:6080::/29 maxlen: 29
2a0c:684::/30 maxlen: 30
2a0c:d80::/29 maxlen: 29
2a0c:e80::/29 maxlen: 29
2a04:8000::/29 maxlen: 29
2a0d:6500::/29 maxlen: 29
2a0d:1100::/29 maxlen: 29
2a05:480::/29 maxlen: 29
2a0c:680::/29 maxlen: 29
2a0c:780::/29 maxlen: 29
2a00:7a60::/32 maxlen: 32
2a06:6440::/29 maxlen: 29
2a0c:681::/32 maxlen: 32
2a0c:682::/31 maxlen: 31
2a0c:a80::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 14 Feb 2023 08:52:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:36:6e:14:78:d5:7a:1c:eb:7b:f6:69:55:75:7c:c6:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ac8a0e0b1b21f093333c0748145b1628418cf2b5
Validity
Not Before: Feb 9 13:47:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6020c24006aef679fc51c2442d98c2ab378231e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:32:1a:d0:b2:68:4e:6a:ff:a7:25:f3:42:fd:
12:da:df:2e:16:da:eb:5e:64:47:06:44:71:c0:1b:
b7:8c:50:65:5b:95:5b:04:f2:40:4e:b2:21:f1:19:
a8:cc:33:06:3b:bf:7a:03:46:8a:bc:b6:46:e7:2d:
5a:60:cc:46:dc:54:56:4b:02:9c:72:1b:77:3c:10:
94:47:d1:11:cf:37:47:60:7b:72:98:a8:a1:15:3d:
85:32:17:8d:e2:03:52:0d:86:0c:d4:04:5c:d3:f8:
6d:84:fb:b9:a5:ac:26:e7:88:fa:1f:14:36:39:4d:
21:7d:7e:a8:51:7f:a9:dc:c7:14:c5:eb:80:de:1d:
c5:dc:11:3f:7c:e4:df:df:a2:e0:c5:63:9c:4f:c1:
43:03:95:51:1c:9f:67:97:cc:6f:7b:09:23:99:16:
b4:bd:e2:34:53:78:fd:12:a5:41:c8:c2:aa:45:44:
63:4b:8d:b4:d8:a7:26:2e:61:88:90:65:e8:e4:75:
84:11:1a:7e:52:9d:e5:d5:c8:a1:9c:7f:67:cf:d4:
bd:4f:bd:88:e1:ec:ee:74:a7:a6:97:ae:0b:ba:f8:
38:10:22:b0:ba:6c:b4:66:5a:4d:a3:8a:65:05:e4:
e8:4a:01:34:46:53:bc:6f:db:78:87:0f:a6:56:09:
73:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:20:C2:40:06:AE:F6:79:FC:51:C2:44:2D:98:C2:AB:37:82:31:E6
X509v3 Authority Key Identifier:
keyid:AC:8A:0E:0B:1B:21:F0:93:33:3C:07:48:14:5B:16:28:41:8C:F2:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rIoOCxsh8JMzPAdIFFsWKEGM8rU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/YCDCQAau9nn8UcJELZjCqzeCMeY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8ce6a1-130c-480e-a903-db8eff1b11a0/1/rIoOCxsh8JMzPAdIFFsWKEGM8rU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.64.0/21
45.154.218.0/24
109.205.96.0/21
173.242.48.0/20
185.25.116.0/22
185.39.224.0/22
185.65.244.0/22
185.68.16.0/22
185.69.152.0/22
185.104.44.0/22
185.124.8.0/22
185.130.120.0/22
185.149.40.0/22
185.209.168.0/22
185.225.212.0/22
185.226.24.0/22
185.233.36.0-185.233.47.255
185.233.116.0-185.233.123.255
185.233.136.0/22
185.233.152.0/22
185.234.176.0/22
185.235.168.0/22
185.239.180.0/22
217.173.208.0/20
IPv6:
2a00:7a60::/32
2a04:8000::/29
2a05:480::/29
2a06:6440::/29
2a0c:680::/29
2a0c:780::/29
2a0c:a80::/29
2a0c:c80::/29
2a0c:d80::/29
2a0c:e80::/29
2a0c:6080::/29
2a0d:1100::/29
2a0d:6500::/29
Signature Algorithm: sha256WithRSAEncryption
92:b5:d1:a8:05:b9:1c:46:37:01:54:a4:98:73:76:c9:9c:3d:
48:12:74:70:81:77:5d:df:b2:cc:1d:80:63:55:34:9f:32:99:
5c:1e:e2:09:dc:91:4a:93:08:c6:af:41:99:e8:4d:10:1a:c1:
2f:6d:b5:bb:c9:ab:2e:07:26:b1:3b:10:97:64:78:07:8c:94:
64:05:e2:bd:94:eb:7c:63:c2:01:b9:de:f7:4c:78:5a:f5:ca:
5e:b3:68:42:51:90:b5:37:14:3f:b8:ad:fb:75:f6:68:42:96:
46:17:cb:73:93:52:db:ca:e2:f6:89:fb:32:9a:94:08:ed:5a:
81:90:e6:64:ee:e0:c1:fb:db:03:2b:44:df:64:40:4c:56:9a:
dc:06:9a:54:af:df:57:52:71:62:ed:b1:c2:59:c7:27:8c:0f:
42:04:69:53:47:27:68:8a:de:38:5a:27:04:2e:9d:79:31:3f:
76:f2:bc:c0:ad:f5:43:9a:1f:c6:92:15:b0:cb:20:15:dc:11:
55:82:78:7d:3d:2d:1e:f6:fb:54:14:17:c0:50:0e:db:90:42:
77:5b:7a:ba:d1:ed:f6:5b:82:bd:0e:87:2d:dc:fd:ee:8a:c4:
52:48:9c:7b:a4:f3:16:30:f7:2a:7f:89:ea:af:b8:53:e8:dd:
25:c8:f7:bf
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISAYY2bhR41Xoc63v2aVV1fMYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjOGEwZTBiMWIyMWYwOTMzMzNjMDc0ODE0NWIxNjI4NDE4
Y2YyYjUwHhcNMjMwMjA5MTM0NzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDIwYzI0MDA2YWVmNjc5ZmM1MWMyNDQyZDk4YzJhYjM3ODIzMWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujIa0LJoTmr/pyXzQv0S2t8uFtrr
XmRHBkRxwBu3jFBlW5VbBPJATrIh8RmozDMGO796A0aKvLZG5y1aYMxG3FRWSwKc
cht3PBCUR9ERzzdHYHtymKihFT2FMheN4gNSDYYM1ARc0/hthPu5pawm54j6HxQ2
OU0hfX6oUX+p3McUxeuA3h3F3BE/fOTf36LgxWOcT8FDA5VRHJ9nl8xvewkjmRa0
veI0U3j9EqVByMKqRURjS4202KcmLmGIkGXo5HWEERp+Up3l1cihnH9nz9S9T72I
4ezudKeml64Luvg4ECKwumy0ZlpNo4plBeToSgE0RlO8b9t4hw+mVglzbwIDAQAB
o4IDDjCCAwowHQYDVR0OBBYEFGAgwkAGrvZ5/FHCRC2Ywqs3gjHmMB8GA1UdIwQY
MBaAFKyKDgsbIfCTMzwHSBRbFihBjPK1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMt
ZGI4ZWZmMWIxMWEwLzEvWUNEQ1FBYXU5bm44VWNKRUxaakNxemVDTWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84Y2U2YTEtMTMwYy00ODBlLWE5MDMtZGI4ZWZmMWIxMWEw
LzEvcklvT0N4c2g4Sk16UEFkSUZGc1dLRUdNOHJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIgYIKwYBBQUHAQcBAf8EggERMIIBDTCBpwQCAAEwgaAD
BAMli0ADBAAtmtoDBANtzWADBASt8jADBAK5GXQDBAK5J+ADBAK5QfQDBAK5RBAD
BAK5RZgDBAK5aCwDBAK5fAgDBAK5gngDBAK5lSgDBAK50agDBAK54dQDBAK54hgw
DAMEArnpJAMEBLnpIDAMAwQCuel0AwQCuel4AwQCuemIAwQCuemYAwQCueqwAwQC
ueuoAwQCue+0AwQE2a3QMGEEAgACMFsDBQAqAHpgAwUDKgSAAAMFAyoFBIADBQMq
BmRAAwUDKgwGgAMFAyoMB4ADBQMqDAqAAwUDKgwMgAMFAyoMDYADBQMqDA6AAwUD
KgxggAMFAyoNEQADBQMqDWUAMA0GCSqGSIb3DQEBCwUAA4IBAQCStdGoBbkcRjcB
VKSYc3bJnD1IEnRwgXdd37LMHYBjVTSfMplcHuIJ3JFKkwjGr0GZ6E0QGsEvbbW7
yasuByaxOxCXZHgHjJRkBeK9lOt8Y8IBud73THha9cpes2hCUZC1NxQ/uK37dfZo
QpZGF8tzk1LbyuL2ifsympQI7VqBkOZk7uDB+9sDK0TfZEBMVprcBppUr99XUnFi
7bHCWccnjA9CBGlTRydoit44WicELp15MT928rzArfVDmh/GkhWwyyAV3BFVgnh9
PS0e9vtUFBfAUA7bkEJ3W3q60e32W4K9Doct3P3uisRSSJx7pPMWMPcqf4nqr7hT
6N0lyPe/
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:07 2024 by rpki-client on console-ams.rpki-client.org