Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/608e21-6a40-4711-9c83-d024ad4b7beb/1/7lMWFRIq0hwyeRYapnToxTrMK4s.roa
File: 7lMWFRIq0hwyeRYapnToxTrMK4s.roa (raw, json)
Hash identifier: q/5h5J3g/6CpgtG8DsCdCUZwgvfIf+rbaE5BGjaZggg=
Subject key identifier: EE:53:16:15:12:2A:D2:1C:32:79:16:1A:A6:74:E8:C5:3A:CC:2B:8B
Certificate issuer: /CN=3e332dd2994c6ee89436158a2eac1f482922cd2a
Certificate serial: 018CE5D5DFF3110873776B2E1F2EA5F2492E
Authority key identifier: 3E:33:2D:D2:99:4C:6E:E8:94:36:15:8A:2E:AC:1F:48:29:22:CD:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PjMt0plMbuiUNhWKLqwfSCkizSo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c4/608e21-6a40-4711-9c83-d024ad4b7beb/1/7lMWFRIq0hwyeRYapnToxTrMK4s.roa
Signing time: Sun 07 Jan 2024 21:30:48 +0000
ROA not before: Sun 07 Jan 2024 21:30:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205049
IP address blocks: 185.230.43.0/24 maxlen: 24
185.230.41.0/24 maxlen: 24
185.230.42.0/24 maxlen: 24
185.230.40.0/24 maxlen: 24
185.230.40.0/22 maxlen: 22
2a13:3686::/32 maxlen: 32
2a13:3687::/32 maxlen: 32
2a13:3681::/32 maxlen: 32
2a13:3684::/32 maxlen: 32
2a13:3680::/32 maxlen: 32
2a13:3683::/32 maxlen: 32
2a13:3685::/32 maxlen: 32
2a13:3680::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 08 Jan 2024 21:49:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:e5:d5:df:f3:11:08:73:77:6b:2e:1f:2e:a5:f2:49:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e332dd2994c6ee89436158a2eac1f482922cd2a
Validity
Not Before: Jan 7 21:30:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ee531615122ad21c3279161aa674e8c53acc2b8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:55:f0:60:52:fc:95:3a:89:13:11:d1:f5:7a:
00:be:7c:d7:9e:6b:e6:e0:77:e1:b7:2b:32:57:5e:
f2:e7:af:a3:b0:70:ac:c6:dd:1e:a4:b6:58:7b:6d:
09:05:05:7e:1c:88:96:d7:5d:e4:db:c6:65:d9:cf:
a1:29:2e:95:99:07:0a:e9:fe:c6:d0:e6:40:03:67:
f2:6b:18:11:4c:21:ec:d4:39:7b:b0:bb:6b:cb:e3:
82:31:27:02:9b:6a:b6:1c:55:68:c0:62:db:78:95:
3f:0c:44:a7:97:da:63:4e:b0:a1:00:5e:f4:69:8f:
7c:76:b5:7a:7c:f9:43:15:01:4c:8f:cd:7f:64:6e:
23:c5:c7:49:3f:c9:18:62:81:19:da:85:a5:ea:2b:
53:41:04:a9:6a:5b:a8:82:6d:93:6a:28:c2:2f:5f:
b9:d8:60:28:c6:46:7b:73:0a:13:28:0b:ef:49:74:
5b:6b:84:8d:f7:97:97:c3:b2:11:e4:7c:39:0b:1c:
e5:a2:99:bc:55:58:77:a9:0c:8a:7e:29:f0:b6:63:
c7:86:53:71:59:95:0c:06:46:18:d6:78:95:6c:21:
bf:c3:d7:65:02:22:dd:a5:94:cb:8a:98:45:e6:eb:
72:8d:77:32:0e:43:1f:ad:92:39:fe:69:0e:2f:89:
4b:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:53:16:15:12:2A:D2:1C:32:79:16:1A:A6:74:E8:C5:3A:CC:2B:8B
X509v3 Authority Key Identifier:
keyid:3E:33:2D:D2:99:4C:6E:E8:94:36:15:8A:2E:AC:1F:48:29:22:CD:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PjMt0plMbuiUNhWKLqwfSCkizSo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/608e21-6a40-4711-9c83-d024ad4b7beb/1/7lMWFRIq0hwyeRYapnToxTrMK4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/608e21-6a40-4711-9c83-d024ad4b7beb/1/PjMt0plMbuiUNhWKLqwfSCkizSo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.230.40.0/22
IPv6:
2a13:3680::/29
Signature Algorithm: sha256WithRSAEncryption
70:e7:3f:59:b4:d5:c5:c0:54:ca:7d:96:f3:20:11:b6:2f:62:
cc:a0:dd:12:a7:e3:8d:fb:e6:bf:84:22:de:03:49:f0:dc:5c:
78:22:ce:ed:50:62:6d:c5:93:ee:ad:1a:31:31:08:9b:c7:ac:
37:42:25:ee:ef:e1:a3:39:8f:89:58:3e:56:56:97:7c:92:3f:
97:6b:bb:bd:54:84:0f:66:3e:2e:ac:22:a1:7d:3c:d6:34:79:
0a:61:a9:b8:18:09:01:2b:98:86:58:eb:52:8e:cd:23:8b:86:
f5:a6:4e:00:94:de:63:0f:38:ca:38:b8:9d:d4:b3:3d:5a:9d:
ea:8e:f4:7e:a5:b2:f4:a4:7d:d6:ef:da:c4:d2:41:33:df:96:
43:25:e1:37:cf:13:59:19:9d:d7:69:9d:01:8b:7e:24:45:d1:
4e:06:de:99:00:0f:9e:97:f6:74:77:d1:b8:29:6d:3b:f8:69:
25:88:89:ee:14:2b:32:f6:9a:6c:c0:49:36:0c:33:ac:47:7a:
d9:0a:4d:5d:29:7a:d8:59:7b:90:27:75:81:44:6c:5f:d1:bf:
24:be:c5:e1:db:ca:bc:8b:76:d4:7c:1c:0a:2d:cf:d6:a0:bb:
71:6a:6a:55:22:2c:8a:7b:5f:33:20:9b:99:be:0f:32:7c:3c:
2c:53:37:25
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzl1d/zEQhzd2suHy6l8kkuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMzMyZGQyOTk0YzZlZTg5NDM2MTU4YTJlYWMxZjQ4Mjky
MmNkMmEwHhcNMjQwMTA3MjEzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTUzMTYxNTEyMmFkMjFjMzI3OTE2MWFhNjc0ZThjNTNhY2MyYjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAilXwYFL8lTqJExHR9XoAvnzXnmvm
4HfhtysyV17y56+jsHCsxt0epLZYe20JBQV+HIiW113k28Zl2c+hKS6VmQcK6f7G
0OZAA2fyaxgRTCHs1Dl7sLtry+OCMScCm2q2HFVowGLbeJU/DESnl9pjTrChAF70
aY98drV6fPlDFQFMj81/ZG4jxcdJP8kYYoEZ2oWl6itTQQSpaluogm2TaijCL1+5
2GAoxkZ7cwoTKAvvSXRba4SN95eXw7IR5Hw5Cxzlopm8VVh3qQyKfinwtmPHhlNx
WZUMBkYY1niVbCG/w9dlAiLdpZTLiphF5utyjXcyDkMfrZI5/mkOL4lLOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO5TFhUSKtIcMnkWGqZ06MU6zCuLMB8GA1UdIwQY
MBaAFD4zLdKZTG7olDYVii6sH0gpIs0qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGpNdDBwbE1idWlVTmhXS0xxd2ZTQ2tpelNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC82MDhlMjEtNmE0MC00NzExLTljODMt
ZDAyNGFkNGI3YmViLzEvN2xNV0ZSSXEwaHd5ZVJZYXBuVG94VHJNSzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC82MDhlMjEtNmE0MC00NzExLTljODMtZDAyNGFkNGI3YmVi
LzEvUGpNdDBwbE1idWlVTmhXS0xxd2ZTQ2tpelNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueYoMA0E
AgACMAcDBQMqEzaAMA0GCSqGSIb3DQEBCwUAA4IBAQBw5z9ZtNXFwFTKfZbzIBG2
L2LMoN0Sp+ON++a/hCLeA0nw3Fx4Is7tUGJtxZPurRoxMQibx6w3QiXu7+GjOY+J
WD5WVpd8kj+Xa7u9VIQPZj4urCKhfTzWNHkKYam4GAkBK5iGWOtSjs0ji4b1pk4A
lN5jDzjKOLid1LM9Wp3qjvR+pbL0pH3W79rE0kEz35ZDJeE3zxNZGZ3XaZ0Bi34k
RdFOBt6ZAA+el/Z0d9G4KW07+GkliInuFCsy9ppswEk2DDOsR3rZCk1dKXrYWXuQ
J3WBRGxf0b8kvsXh28q8i3bUfBwKLc/WoLtxampVIiyKe18zIJuZvg8yfDwsUzcl
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:42:55 2024 by rpki-client on console-ams.rpki-client.org