Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/C-ejcqONB8RKMh892EwclnAVQxc.roa
File: C-ejcqONB8RKMh892EwclnAVQxc.roa (raw, json)
Hash identifier: d28W9YT8CdHc7KvPKUhOzqBI18ZAdF+IM3c910OPA1o=
Subject key identifier: 0B:E7:A3:72:A3:8D:07:C4:4A:32:1F:3D:D8:4C:1C:96:70:15:43:17
Certificate issuer: /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial: 018CC7276281726B0BA183CC64DCFF7D9F4F
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/C-ejcqONB8RKMh892EwclnAVQxc.roa
Signing time: Mon 01 Jan 2024 22:31:36 +0000
ROA not before: Mon 01 Jan 2024 22:31:36 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12912
IP address blocks: 217.8.160.0/19 maxlen: 19
94.42.0.0/16 maxlen: 16
195.94.192.0/19 maxlen: 19
78.133.128.0/17 maxlen: 17
85.219.128.0/17 maxlen: 17
89.174.0.0/16 maxlen: 16
157.25.0.0/16 maxlen: 16
217.153.0.0/16 maxlen: 16
2001:4190::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 24 May 2024 11:09:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:62:81:72:6b:0b:a1:83:cc:64:dc:ff:7d:9f:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Validity
Not Before: Jan 1 22:31:36 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0be7a372a38d07c44a321f3dd84c1c9670154317
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:24:5c:6f:3e:5c:f7:70:f9:32:1a:cf:d4:d0:
87:05:8c:6a:d7:16:4b:ea:c6:cd:34:04:8a:d4:5d:
5d:e3:e1:94:29:d2:db:a4:25:4a:de:0a:c5:ae:cf:
b3:3b:60:13:b1:9f:d9:f2:0f:c8:1c:5d:c6:a5:97:
70:1c:8f:3b:25:e6:fd:76:10:6c:8d:b6:7a:62:2b:
31:23:a3:81:80:6f:7c:d2:38:90:b9:8d:af:91:04:
80:31:3b:b0:99:51:fa:28:98:b9:8c:fa:ba:92:9d:
60:bb:ff:9d:a2:42:67:19:66:55:88:7c:21:97:a7:
33:b4:6a:3d:39:fc:31:9b:dc:36:5b:c5:b2:7f:ea:
5e:23:4f:55:57:a4:c9:34:46:04:3a:e3:85:79:4a:
ca:2a:3d:96:2f:9c:28:b2:53:51:7b:3a:6b:3f:84:
07:ef:8e:d1:8e:4b:a6:8a:b4:e7:9a:62:5e:1f:f6:
71:7c:cc:a9:31:33:3e:c3:35:33:02:6c:2b:e1:cb:
54:bb:67:f6:c0:e1:34:1e:9f:bf:fb:08:c2:d6:c8:
36:a4:90:3f:68:ea:38:cf:37:66:1e:9e:97:cf:8d:
d9:06:ac:d5:fd:d7:69:6f:f8:40:d9:b8:9c:d1:35:
c3:3e:a6:a6:56:a7:9d:ab:6f:51:4f:e0:be:d7:ef:
95:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:E7:A3:72:A3:8D:07:C4:4A:32:1F:3D:D8:4C:1C:96:70:15:43:17
X509v3 Authority Key Identifier:
keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/C-ejcqONB8RKMh892EwclnAVQxc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.133.128.0/17
85.219.128.0/17
89.174.0.0/16
94.42.0.0/16
157.25.0.0/16
195.94.192.0/19
217.8.160.0/19
217.153.0.0/16
IPv6:
2001:4190::/32
Signature Algorithm: sha256WithRSAEncryption
4d:91:27:5a:e5:7b:2f:61:69:94:f0:da:b5:e4:89:29:a8:3c:
b4:ce:c8:16:3c:ab:55:d6:ea:ef:6f:73:34:a3:84:b7:64:60:
bb:66:6a:d4:80:d7:80:91:4b:e6:12:9f:6a:06:80:3d:82:ef:
6a:1d:d9:5c:a3:e9:30:fe:0f:a7:1c:a5:d1:4b:b8:a8:61:b8:
e3:a4:fa:5b:7b:df:17:a4:0c:f0:b9:14:d3:ee:a3:b8:bb:cb:
e2:ee:a1:e0:49:f8:c6:d1:76:44:4b:c8:f4:3d:91:49:a4:1c:
44:6c:73:9d:bb:90:d2:96:c6:51:e0:4f:91:2d:f6:66:9f:41:
42:95:cc:18:c3:46:f7:2b:4d:5c:39:50:41:ac:b0:8f:5e:82:
a2:72:6d:c8:93:8f:70:e0:60:67:0d:03:51:c2:40:c9:5f:61:
be:15:f8:08:67:15:cf:6c:2a:f7:b8:10:13:75:d0:51:90:f2:
ee:bf:3b:33:7d:1b:c1:54:a9:ac:ec:04:ed:3f:6e:a5:b1:ff:
20:dd:cc:fa:12:5b:6f:d5:99:b4:a3:ff:96:08:57:d6:ea:c3:
c5:94:75:2b:f5:34:02:13:87:33:db:56:7b:f3:fb:6c:61:d3:
f4:ca:14:59:b5:be:7e:1b:9c:ab:e2:67:b1:52:ba:41:cb:fa:
52:4c:17:3e
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYzHJ2KBcmsLoYPMZNz/fZ9PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmU3YTM3MmEzOGQwN2M0NGEzMjFmM2RkODRjMWM5NjcwMTU0MzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAniRcbz5c93D5MhrP1NCHBYxq1xZL
6sbNNASK1F1d4+GUKdLbpCVK3grFrs+zO2ATsZ/Z8g/IHF3GpZdwHI87Jeb9dhBs
jbZ6YisxI6OBgG980jiQuY2vkQSAMTuwmVH6KJi5jPq6kp1gu/+dokJnGWZViHwh
l6cztGo9Ofwxm9w2W8Wyf+peI09VV6TJNEYEOuOFeUrKKj2WL5woslNRezprP4QH
747RjkumirTnmmJeH/ZxfMypMTM+wzUzAmwr4ctUu2f2wOE0Hp+/+wjC1sg2pJA/
aOo4zzdmHp6Xz43ZBqzV/ddpb/hA2bic0TXDPqamVqedq29RT+C+1++V3QIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFAvno3KjjQfESjIfPdhMHJZwFUMXMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvQy1lamNxT05COFJLTWg4OTJFd2NsbkFWUXhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQHToWAAwQH
VduAAwMAWa4DAwBeKgMDAJ0ZAwQFw17AAwQF2QigAwMA2ZkwDQQCAAIwBwMFACAB
QZAwDQYJKoZIhvcNAQELBQADggEBAE2RJ1rley9haZTw2rXkiSmoPLTOyBY8q1XW
6u9vczSjhLdkYLtmatSA14CRS+YSn2oGgD2C72od2Vyj6TD+D6ccpdFLuKhhuOOk
+lt73xekDPC5FNPuo7i7y+LuoeBJ+MbRdkRLyPQ9kUmkHERsc527kNKWxlHgT5Et
9mafQUKVzBjDRvcrTVw5UEGssI9egqJybciTj3DgYGcNA1HCQMlfYb4V+AhnFc9s
Kve4EBN10FGQ8u6/OzN9G8FUqazsBO0/bqWx/yDdzPoSW2/VmbSj/5YIV9bqw8WU
dSv1NAIThzPbVnvz+2xh0/TKFFm1vn4bnKviZ7FSukHL+lJMFz4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:32 2024 by rpki-client on console-ams.rpki-client.org