Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DjPjel7UiXcRPbiaStsxXE2CtPQ.roa
File: DjPjel7UiXcRPbiaStsxXE2CtPQ.roa (raw, json)
Hash identifier: oPKiAirjgiEsmhSIroDcs2IJ/LMbkJGg5faKHzD0xzA=
Subject key identifier: 0E:33:E3:7A:5E:D4:89:77:11:3D:B8:9A:4A:DB:31:5C:4D:82:B4:F4
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 01951DE2E28D4B36DD3B840500D93764A2A5
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DjPjel7UiXcRPbiaStsxXE2CtPQ.roa
Signing time: Wed 19 Feb 2025 11:06:03 +0000
ROA not before: Wed 19 Feb 2025 11:06:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 20473
IP address blocks: 185.209.38.0/24 maxlen: 24
185.209.73.0/24 maxlen: 24
185.210.235.0/24 maxlen: 24
185.218.20.0/24 maxlen: 24
185.222.29.0/24 maxlen: 24
185.222.30.0/24 maxlen: 24
185.246.112.0/24 maxlen: 24
193.58.146.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 16 Mar 2025 15:50:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:1d:e2:e2:8d:4b:36:dd:3b:84:05:00:d9:37:64:a2:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Feb 19 11:06:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0e33e37a5ed48977113db89a4adb315c4d82b4f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:f4:56:c8:ea:b9:ca:e4:e1:39:8c:21:ed:37:
9a:1d:e2:b4:65:54:af:7a:cf:8b:e2:f6:56:70:90:
3a:92:17:63:6f:2a:e6:29:38:a4:72:c9:c8:cc:54:
c2:c7:fc:55:aa:0e:cd:a6:24:90:95:50:c8:af:d8:
b0:45:8a:92:49:8c:11:da:ac:c5:65:e9:d1:03:53:
67:fb:a6:ac:44:7d:fa:e5:01:ea:46:2c:d4:1c:81:
94:6f:22:08:09:dc:73:79:39:eb:b7:d5:5c:fb:5c:
d3:99:fe:e1:76:83:61:0f:22:56:7b:9f:8a:e8:36:
ce:33:10:b8:9e:57:fe:0a:71:1e:b7:59:d6:bc:a8:
a4:47:c2:77:69:7f:09:d5:81:9e:86:21:c3:59:5a:
cf:18:bc:e5:2e:b4:bf:7b:53:89:41:3e:56:e2:7a:
1e:cc:68:a8:c1:47:a9:d3:61:81:44:6b:03:f8:1d:
64:26:b4:82:3d:91:86:49:4c:a6:7d:be:f0:3a:0d:
65:e2:14:80:37:9a:e4:ea:63:51:c2:ef:06:1e:1f:
dc:9d:9a:82:18:ef:bb:37:0d:09:fa:df:43:f2:e1:
13:85:63:09:0e:f3:3d:c2:ce:92:53:41:c4:88:3d:
c4:9f:29:39:f7:b6:ca:ad:c1:98:96:e3:0c:81:81:
0b:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:33:E3:7A:5E:D4:89:77:11:3D:B8:9A:4A:DB:31:5C:4D:82:B4:F4
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/DjPjel7UiXcRPbiaStsxXE2CtPQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.209.38.0/24
185.209.73.0/24
185.210.235.0/24
185.218.20.0/24
185.222.29.0-185.222.30.255
185.246.112.0/24
193.58.146.0/24
Signature Algorithm: sha256WithRSAEncryption
97:27:c2:4e:24:b8:eb:d4:ea:92:74:7a:24:f7:9b:88:37:81:
67:28:bf:1a:bc:8a:14:db:71:0f:86:2c:3f:bf:7f:1f:aa:c1:
0b:3e:67:d3:59:d7:2c:f6:61:fe:93:6d:28:18:82:77:09:4e:
4f:73:df:6a:54:ba:d4:a3:01:9f:02:af:63:ea:7c:d6:20:f8:
37:dc:1d:a3:df:b0:55:62:47:9f:65:5f:1b:f2:77:58:e5:30:
20:f0:5b:1f:97:1e:4e:37:60:5a:bc:fe:dd:60:49:5d:cf:78:
ee:a3:17:92:51:57:a9:6f:2e:ca:d0:c2:18:9f:66:10:28:46:
16:09:90:32:42:56:a8:7b:89:e3:a7:34:4f:c6:df:03:b9:43:
b6:eb:9f:0b:0b:64:ff:e6:de:68:0b:16:00:98:ba:05:f9:46:
f2:78:62:46:96:09:5d:bf:ea:c6:33:55:18:de:94:e5:a0:45:
8a:e1:0f:fc:0e:db:39:a8:1f:fb:9b:b2:10:e4:27:7a:9f:0d:
5e:b2:8e:ec:4a:a6:1b:cd:29:7b:e1:47:7e:bd:78:8b:f3:59:
7e:16:30:50:54:98:1e:bf:d4:38:d5:81:ca:c8:45:72:62:43:
dc:45:3a:91:47:7f:f6:69:8c:a3:93:c8:db:c3:5d:2e:f1:34:
59:d4:19:44
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZUd4uKNSzbdO4QFANk3ZKKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMjE5MTEwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTMzZTM3YTVlZDQ4OTc3MTEzZGI4OWE0YWRiMzE1YzRkODJiNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PRWyOq5yuThOYwh7TeaHeK0ZVSv
es+L4vZWcJA6khdjbyrmKTikcsnIzFTCx/xVqg7NpiSQlVDIr9iwRYqSSYwR2qzF
ZenRA1Nn+6asRH365QHqRizUHIGUbyIICdxzeTnrt9Vc+1zTmf7hdoNhDyJWe5+K
6DbOMxC4nlf+CnEet1nWvKikR8J3aX8J1YGehiHDWVrPGLzlLrS/e1OJQT5W4noe
zGiowUep02GBRGsD+B1kJrSCPZGGSUymfb7wOg1l4hSAN5rk6mNRwu8GHh/cnZqC
GO+7Nw0J+t9D8uEThWMJDvM9ws6SU0HEiD3Enyk597bKrcGYluMMgYELjQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFA4z43pe1Il3ET24mkrbMVxNgrT0MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRGpQamVsN1VpWGNSUGJpYVN0c3hYRTJDdFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAudEmAwQA
udFJAwQAudLrAwQAudoUMAwDBAC53h0DBAC53h4DBAC59nADBADBOpIwDQYJKoZI
hvcNAQELBQADggEBAJcnwk4kuOvU6pJ0eiT3m4g3gWcovxq8ihTbcQ+GLD+/fx+q
wQs+Z9NZ1yz2Yf6TbSgYgncJTk9z32pUutSjAZ8Cr2PqfNYg+DfcHaPfsFViR59l
Xxvyd1jlMCDwWx+XHk43YFq8/t1gSV3PeO6jF5JRV6lvLsrQwhifZhAoRhYJkDJC
Vqh7ieOnNE/G3wO5Q7brnwsLZP/m3mgLFgCYugX5RvJ4YkaWCV2/6sYzVRjelOWg
RYrhD/wO2zmoH/ubshDkJ3qfDV6yjuxKphvNKXvhR369eIvzWX4WMFBUmB6/1DjV
gcrIRXJiQ9xFOpFHf/ZpjKOTyNvDXS7xNFnUGUQ=
-----END CERTIFICATE-----
Generated at Sun Apr 20 13:12:57 2025 by rpki-client