Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/eac1f4-ace1-4ce1-a181-cfcabb19f989/1/iAsiK9nuDuQk1-Bc9raw-LLPjvE.roa
File: iAsiK9nuDuQk1-Bc9raw-LLPjvE.roa (raw, json)
Hash identifier: 1YpqwMcotWZ/BboC1sepn3l/FX+EhpSnPGwzCRQB3Vo=
Subject key identifier: 88:0B:22:2B:D9:EE:0E:E4:24:D7:E0:5C:F6:B6:B0:F8:B2:CF:8E:F1
Certificate issuer: /CN=a768bbec5a9e11bfbdaed84aa8d3aacda29889f9
Certificate serial: 01856D9CFDAED066DF8AB2569E839E26662E
Authority key identifier: A7:68:BB:EC:5A:9E:11:BF:BD:AE:D8:4A:A8:D3:AA:CD:A2:98:89:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p2i77FqeEb-9rthKqNOqzaKYifk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/eac1f4-ace1-4ce1-a181-cfcabb19f989/1/iAsiK9nuDuQk1-Bc9raw-LLPjvE.roa
Signing time: Sun 01 Jan 2023 13:54:43 +0000
ROA not before: Sun 01 Jan 2023 13:54:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197731
IP address blocks: 185.119.28.0/22 maxlen: 22
185.119.28.0/24 maxlen: 24
185.119.29.0/24 maxlen: 24
185.119.30.0/24 maxlen: 24
185.119.31.0/24 maxlen: 24
31.3.105.0/24 maxlen: 24
31.3.104.0/21 maxlen: 21
31.3.104.0/24 maxlen: 24
31.3.106.0/24 maxlen: 24
31.3.107.0/24 maxlen: 24
31.3.108.0/24 maxlen: 24
31.3.109.0/24 maxlen: 24
31.3.110.0/24 maxlen: 24
31.3.111.0/24 maxlen: 24
2a03:7900::/32 maxlen: 32
2a03:7900:500::/40 maxlen: 40
Validation: Failed, certificate revoked on Mon 01 Jan 2024 06:29:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:9c:fd:ae:d0:66:df:8a:b2:56:9e:83:9e:26:66:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a768bbec5a9e11bfbdaed84aa8d3aacda29889f9
Validity
Not Before: Jan 1 13:54:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=880b222bd9ee0ee424d7e05cf6b6b0f8b2cf8ef1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:6e:99:20:b1:a9:7f:50:dc:3c:d9:51:d0:ea:
1b:ce:09:61:4d:fc:90:96:16:94:51:8f:f7:ba:10:
0a:69:42:bc:34:1a:bf:b1:d7:53:10:62:0c:38:4b:
e9:e6:0f:ce:72:32:8e:d3:5d:30:3e:cd:45:7c:27:
e0:0c:8e:7c:1b:c6:bc:1b:32:21:91:03:16:35:4c:
3d:f7:09:3f:35:0d:f8:21:d6:75:65:07:a3:29:5c:
cb:b1:2c:ac:6f:22:c2:ca:8a:b5:e9:f4:87:fb:44:
72:1f:b4:35:39:92:08:29:50:da:00:b1:07:7f:15:
d3:24:9f:ae:ab:8a:ae:33:d3:34:62:aa:2e:68:56:
a2:ab:ce:d3:e9:e5:c2:5d:d5:2f:74:83:7a:54:be:
70:f7:7d:01:11:79:0c:12:3b:53:ba:26:e4:e5:37:
5e:93:b3:26:be:9f:09:37:43:cd:fc:a2:29:c2:b8:
f0:8e:95:1c:64:73:74:88:b6:46:bd:a1:e1:45:d0:
58:b6:1f:64:3f:fc:2a:b3:32:ae:7c:33:aa:ee:62:
ef:09:57:28:be:78:b0:52:1e:7c:ca:35:fb:d1:fd:
9d:2e:03:9b:df:9f:b2:96:9f:16:aa:21:ae:66:fe:
d3:33:af:28:91:42:44:c0:4e:ba:71:1c:d0:52:98:
84:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:0B:22:2B:D9:EE:0E:E4:24:D7:E0:5C:F6:B6:B0:F8:B2:CF:8E:F1
X509v3 Authority Key Identifier:
keyid:A7:68:BB:EC:5A:9E:11:BF:BD:AE:D8:4A:A8:D3:AA:CD:A2:98:89:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p2i77FqeEb-9rthKqNOqzaKYifk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/eac1f4-ace1-4ce1-a181-cfcabb19f989/1/iAsiK9nuDuQk1-Bc9raw-LLPjvE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/eac1f4-ace1-4ce1-a181-cfcabb19f989/1/p2i77FqeEb-9rthKqNOqzaKYifk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.3.104.0/21
185.119.28.0/22
IPv6:
2a03:7900::/32
Signature Algorithm: sha256WithRSAEncryption
83:2f:2f:1f:af:90:52:a2:98:1f:92:3a:e4:ea:77:eb:16:a2:
cd:11:5e:13:15:a8:13:0e:f7:8c:41:1b:c5:48:ac:53:27:25:
f3:65:48:c4:a2:7e:14:7d:f5:0d:19:4c:c4:77:51:62:91:b7:
03:01:84:2b:f4:05:8c:cc:c7:da:c0:91:50:de:8e:10:d9:29:
75:0e:d1:0c:9d:78:db:a2:f4:cb:24:59:c6:b8:e4:e5:ef:f5:
67:16:91:a1:26:c3:dc:27:88:56:6c:c2:03:80:49:37:7e:98:
39:c6:97:36:1b:91:23:8e:f6:e1:60:48:4a:1d:09:32:94:c8:
45:aa:d7:0a:14:77:aa:5c:03:1a:c3:86:4c:d6:c7:8a:9c:92:
fc:0d:f8:b5:78:bd:c8:0e:71:89:0c:1b:a1:e9:4c:21:36:0a:
e0:e7:db:18:ec:21:bf:40:fd:fc:69:44:28:86:0f:9e:b3:41:
a7:4b:a3:53:f3:ea:6e:19:6e:a7:41:68:08:2a:aa:a1:3b:88:
b3:0a:af:d2:15:9b:c6:55:72:3f:26:e7:07:6f:21:65:d9:d6:
89:29:c2:cc:04:ee:1f:56:65:a7:44:24:9d:03:e5:d4:fb:06:
bb:01:d6:e6:bb:bb:4f:e4:1a:3e:e9:8a:69:ea:0b:00:b1:aa:
9b:c8:77:53
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVtnP2u0GbfirJWnoOeJmYuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NjhiYmVjNWE5ZTExYmZiZGFlZDg0YWE4ZDNhYWNkYTI5
ODg5ZjkwHhcNMjMwMTAxMTM1NDQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODBiMjIyYmQ5ZWUwZWU0MjRkN2UwNWNmNmI2YjBmOGIyY2Y4ZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW6ZILGpf1DcPNlR0OobzglhTfyQ
lhaUUY/3uhAKaUK8NBq/sddTEGIMOEvp5g/OcjKO010wPs1FfCfgDI58G8a8GzIh
kQMWNUw99wk/NQ34IdZ1ZQejKVzLsSysbyLCyoq16fSH+0RyH7Q1OZIIKVDaALEH
fxXTJJ+uq4quM9M0YqouaFaiq87T6eXCXdUvdIN6VL5w930BEXkMEjtTuibk5Tde
k7Mmvp8JN0PN/KIpwrjwjpUcZHN0iLZGvaHhRdBYth9kP/wqszKufDOq7mLvCVco
vniwUh58yjX70f2dLgOb35+ylp8WqiGuZv7TM68okUJEwE66cRzQUpiEBwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIgLIivZ7g7kJNfgXPa2sPiyz47xMB8GA1UdIwQY
MBaAFKdou+xanhG/va7YSqjTqs2imIn5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDJpNzdGcWVFYi05cnRoS3FOT3F6YUtZaWZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy9lYWMxZjQtYWNlMS00Y2UxLWExODEt
Y2ZjYWJiMTlmOTg5LzEvaUFzaUs5bnVEdVFrMS1CYzlyYXctTExQanZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy9lYWMxZjQtYWNlMS00Y2UxLWExODEtY2ZjYWJiMTlmOTg5
LzEvcDJpNzdGcWVFYi05cnRoS3FOT3F6YUtZaWZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDHwNoAwQC
uXccMA0EAgACMAcDBQAqA3kAMA0GCSqGSIb3DQEBCwUAA4IBAQCDLy8fr5BSopgf
kjrk6nfrFqLNEV4TFagTDveMQRvFSKxTJyXzZUjEon4UffUNGUzEd1FikbcDAYQr
9AWMzMfawJFQ3o4Q2Sl1DtEMnXjbovTLJFnGuOTl7/VnFpGhJsPcJ4hWbMIDgEk3
fpg5xpc2G5EjjvbhYEhKHQkylMhFqtcKFHeqXAMaw4ZM1seKnJL8Dfi1eL3IDnGJ
DBuh6UwhNgrg59sY7CG/QP38aUQohg+es0GnS6NT8+puGW6nQWgIKqqhO4izCq/S
FZvGVXI/JucHbyFl2daJKcLMBO4fVmWnRCSdA+XU+wa7Adbmu7tP5Bo+6Ypp6gsA
saqbyHdT
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:18 2024 by rpki-client on console-ams.rpki-client.org