Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9aaf24-5346-4480-bbf3-a6410919e898/1/pkCaCH0DHz3GMjUDOtIgZ4Fvm00.roa
File: pkCaCH0DHz3GMjUDOtIgZ4Fvm00.roa (raw, json)
Hash identifier: /BklfLXioXsfCBFC1+ug+zN/Ft/ZEhDpS33Uu0ZXGsA=
Subject key identifier: A6:40:9A:08:7D:03:1F:3D:C6:32:35:03:3A:D2:20:67:81:6F:9B:4D
Certificate issuer: /CN=0b2ce7fd2f5b1b79757c8973ae3f7b0be686385b
Certificate serial: 018570028A1EF143A9F5C2AEBC5878BDE338
Authority key identifier: 0B:2C:E7:FD:2F:5B:1B:79:75:7C:89:73:AE:3F:7B:0B:E6:86:38:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Cyzn_S9bG3l1fIlzrj97C-aGOFs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/9aaf24-5346-4480-bbf3-a6410919e898/1/pkCaCH0DHz3GMjUDOtIgZ4Fvm00.roa
Signing time: Mon 02 Jan 2023 01:04:52 +0000
ROA not before: Mon 02 Jan 2023 01:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202921
IP address blocks: 185.148.214.0/24 maxlen: 24
185.148.215.0/24 maxlen: 24
147.161.24.0/22 maxlen: 22
212.69.128.0/24 maxlen: 24
212.69.129.0/24 maxlen: 24
212.69.130.0/24 maxlen: 24
212.69.131.0/24 maxlen: 24
185.148.212.0/24 maxlen: 24
185.148.213.0/24 maxlen: 24
2a0d:f780::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 20 Nov 2023 15:02:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:02:8a:1e:f1:43:a9:f5:c2:ae:bc:58:78:bd:e3:38
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0b2ce7fd2f5b1b79757c8973ae3f7b0be686385b
Validity
Not Before: Jan 2 01:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a6409a087d031f3dc63235033ad22067816f9b4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:c9:ee:2c:9b:19:81:4e:fd:32:6c:46:5c:13:
aa:06:28:ba:10:6c:9b:d5:44:78:8d:db:6f:bb:21:
89:86:a0:b8:1a:4c:62:a4:67:55:cb:6c:bb:d1:99:
13:2e:5f:0e:36:0d:2e:64:ab:5f:bd:bb:c9:fe:2f:
d1:2c:9d:9a:6d:8a:1a:d8:13:89:d7:d3:93:aa:84:
46:54:c1:a3:1a:50:aa:ab:c3:da:d6:19:1b:d8:3f:
8a:d1:9d:3d:cf:d8:59:23:4d:dd:f5:f8:2e:cd:d8:
3d:f0:17:97:42:68:18:43:10:65:29:40:3b:69:5a:
d5:4a:eb:6d:ec:a3:32:9a:db:9e:e8:41:28:bf:ad:
e2:df:73:0a:66:10:a2:a4:a9:a8:40:29:f2:e3:0d:
09:c0:a8:a2:01:f2:9b:0e:b1:65:f3:4f:28:50:77:
77:d9:6d:cb:0f:0a:58:fa:9e:5c:0e:0f:3e:55:75:
95:68:cf:9b:c7:ab:79:75:cb:11:7b:15:ff:df:10:
8b:63:a8:4f:18:c7:d5:d0:77:c7:6c:38:5e:f5:15:
48:4a:9b:59:60:8f:4b:17:dd:a1:98:1f:e1:46:c7:
dc:3a:b8:f6:1a:9a:7e:19:5d:aa:a4:1d:37:81:fe:
1b:77:2e:93:e2:7b:78:17:45:1e:50:e4:a5:69:14:
b7:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:40:9A:08:7D:03:1F:3D:C6:32:35:03:3A:D2:20:67:81:6F:9B:4D
X509v3 Authority Key Identifier:
keyid:0B:2C:E7:FD:2F:5B:1B:79:75:7C:89:73:AE:3F:7B:0B:E6:86:38:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cyzn_S9bG3l1fIlzrj97C-aGOFs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9aaf24-5346-4480-bbf3-a6410919e898/1/pkCaCH0DHz3GMjUDOtIgZ4Fvm00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9aaf24-5346-4480-bbf3-a6410919e898/1/Cyzn_S9bG3l1fIlzrj97C-aGOFs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.161.24.0/22
185.148.212.0/22
212.69.128.0/22
IPv6:
2a0d:f780::/29
Signature Algorithm: sha256WithRSAEncryption
55:69:54:0d:96:34:2a:ce:e1:00:70:1f:53:ce:ae:40:f3:a7:
09:84:1e:6a:e2:89:b3:41:56:12:57:ae:d3:22:5d:f4:f4:9c:
0a:01:6b:b9:fd:3f:97:24:d3:20:9d:f9:3d:0f:02:d3:69:bc:
cc:e8:c3:8c:56:84:16:7d:b4:64:ac:00:70:a8:cc:7c:ff:0b:
b0:d6:b7:2b:cd:64:76:62:3a:ac:3e:cf:cf:97:40:ae:fd:97:
d9:5c:e2:0b:25:2e:05:96:c1:61:a4:07:0f:c0:3a:15:60:a9:
01:be:04:6d:ce:10:3e:55:f3:c6:cf:67:65:00:56:f0:9c:16:
cc:a6:5e:08:b4:c5:39:c1:87:ce:93:a7:fb:13:0b:5f:7b:ad:
5f:7c:69:39:1f:fe:d4:7f:53:8d:55:8f:20:21:c0:5b:02:47:
ba:a3:b9:48:dc:8e:02:4a:16:89:3f:8e:54:8a:91:e6:96:c9:
fc:4b:c2:49:6a:39:06:10:d7:84:ed:6b:a5:29:fb:5e:a7:9f:
c0:f1:03:d3:53:b0:62:69:7e:87:17:58:fd:5a:de:2a:10:5f:
85:32:d9:f3:38:45:7d:60:4f:b2:f9:b9:8e:08:73:9a:8e:e2:
a0:dc:85:47:51:49:51:1f:48:3a:04:8e:03:7e:4a:0a:18:5a:
8d:ab:50:5e
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVwAooe8UOp9cKuvFh4veM4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiMmNlN2ZkMmY1YjFiNzk3NTdjODk3M2FlM2Y3YjBiZTY4
NjM4NWIwHhcNMjMwMTAyMDEwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjQwOWEwODdkMDMxZjNkYzYzMjM1MDMzYWQyMjA2NzgxNmY5YjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcnuLJsZgU79MmxGXBOqBii6EGyb
1UR4jdtvuyGJhqC4GkxipGdVy2y70ZkTLl8ONg0uZKtfvbvJ/i/RLJ2abYoa2BOJ
19OTqoRGVMGjGlCqq8Pa1hkb2D+K0Z09z9hZI03d9fguzdg98BeXQmgYQxBlKUA7
aVrVSutt7KMymtue6EEov63i33MKZhCipKmoQCny4w0JwKiiAfKbDrFl808oUHd3
2W3LDwpY+p5cDg8+VXWVaM+bx6t5dcsRexX/3xCLY6hPGMfV0HfHbDhe9RVISptZ
YI9LF92hmB/hRsfcOrj2Gpp+GV2qpB03gf4bdy6T4nt4F0UeUOSlaRS3iQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKZAmgh9Ax89xjI1AzrSIGeBb5tNMB8GA1UdIwQY
MBaAFAss5/0vWxt5dXyJc64/ewvmhjhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3l6bl9TOWJHM2wxZklsenJqOTdDLWFHT0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85YWFmMjQtNTM0Ni00NDgwLWJiZjMt
YTY0MTA5MTllODk4LzEvcGtDYUNIMERIejNHTWpVRE90SWdaNEZ2bTAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85YWFmMjQtNTM0Ni00NDgwLWJiZjMtYTY0MTA5MTllODk4
LzEvQ3l6bl9TOWJHM2wxZklsenJqOTdDLWFHT0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQCk6EYAwQC
uZTUAwQC1EWAMA0EAgACMAcDBQMqDfeAMA0GCSqGSIb3DQEBCwUAA4IBAQBVaVQN
ljQqzuEAcB9Tzq5A86cJhB5q4omzQVYSV67TIl309JwKAWu5/T+XJNMgnfk9DwLT
abzM6MOMVoQWfbRkrABwqMx8/wuw1rcrzWR2YjqsPs/Pl0Cu/ZfZXOILJS4FlsFh
pAcPwDoVYKkBvgRtzhA+VfPGz2dlAFbwnBbMpl4ItMU5wYfOk6f7Ewtfe61ffGk5
H/7Uf1ONVY8gIcBbAke6o7lI3I4CShaJP45UipHmlsn8S8JJajkGENeE7WulKfte
p5/A8QPTU7BiaX6HF1j9Wt4qEF+FMtnzOEV9YE+y+bmOCHOajuKg3IVHUUlRH0g6
BI4DfkoKGFqNq1Be
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:33 2024 by rpki-client on console-ams.rpki-client.org