Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KuUWZOLXalNtNhHvwZEokwNvP74.roa
File: KuUWZOLXalNtNhHvwZEokwNvP74.roa (raw, json)
Hash identifier: oRQM2XuTpzIroz1eyW/Ya80++Jfoqk7fXPS3lsJBFJ0=
Subject key identifier: 2A:E5:16:64:E2:D7:6A:53:6D:36:11:EF:C1:91:28:93:03:6F:3F:BE
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 0187EBC985907B9C722988A67BC4AD6BDABC
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KuUWZOLXalNtNhHvwZEokwNvP74.roa
Signing time: Fri 05 May 2023 12:01:05 +0000
ROA not before: Fri 05 May 2023 12:01:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.225.20.0/24 maxlen: 24
185.199.159.0/24 maxlen: 24
45.147.224.0/24 maxlen: 24
45.8.21.0/24 maxlen: 24
185.246.112.0/24 maxlen: 24
185.214.108.0/24 maxlen: 24
185.251.229.0/24 maxlen: 24
185.225.0.0/23 maxlen: 23
Validation: Failed, certificate revoked on Mon 08 May 2023 11:05:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:eb:c9:85:90:7b:9c:72:29:88:a6:7b:c4:ad:6b:da:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: May 5 12:01:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2ae51664e2d76a536d3611efc1912893036f3fbe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:58:ae:29:96:3e:9a:47:3f:dd:c9:d6:f9:fa:
2e:b8:e8:1a:0f:2c:1d:8b:64:7c:63:bc:1b:72:cc:
4d:15:e6:25:65:36:84:f2:d5:ff:5b:0c:ab:f2:c0:
fd:5f:0d:d3:ec:e3:52:17:a3:ba:39:e4:07:61:92:
82:13:3a:ae:f1:b7:8e:0f:8f:ac:60:eb:0e:13:26:
fe:ad:ba:89:3c:f1:29:8f:57:27:43:9e:03:4f:9e:
3f:fb:40:aa:7e:b3:bb:b3:64:98:7c:98:48:1b:c0:
4e:17:3f:81:15:39:73:e6:cb:07:83:4e:96:fa:79:
50:e8:db:5a:c2:45:73:a0:f4:36:83:6f:f1:b8:a7:
1a:13:3d:6e:ff:28:71:58:84:eb:33:81:95:af:1a:
5d:33:dc:6f:a0:16:a9:30:7c:0b:df:a0:92:6f:ea:
f3:cf:1f:1b:4d:4b:06:2a:3f:56:ef:c7:a7:d9:87:
2a:4e:7e:e4:c2:78:19:33:d9:c3:76:cc:a2:69:21:
f0:1a:94:8e:5e:a1:a8:d4:d9:34:0e:55:75:42:a5:
9f:72:c4:78:45:9e:7d:f8:41:26:11:f9:09:74:b5:
0f:94:e9:ed:10:54:61:de:a1:6a:e3:70:30:fb:95:
5d:e8:09:24:91:a9:54:f3:1e:3c:78:35:e5:41:ef:
8e:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:E5:16:64:E2:D7:6A:53:6D:36:11:EF:C1:91:28:93:03:6F:3F:BE
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KuUWZOLXalNtNhHvwZEokwNvP74.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.21.0/24
45.147.224.0/24
185.199.159.0/24
185.214.108.0/24
185.225.0.0/23
185.225.20.0/24
185.246.112.0/24
185.251.229.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:1a:b6:45:2d:b4:50:9d:08:4a:58:48:f2:e2:2b:5d:92:f2:
d4:1b:7e:64:85:d6:ad:09:c8:0e:2a:6c:dd:b6:41:d3:7e:82:
ca:cb:e1:d3:ab:3a:55:87:18:53:11:0f:61:9c:a1:e9:8f:0c:
1c:80:6c:a4:7d:fe:3f:f9:42:7b:74:e9:ef:82:fe:cb:5c:6a:
f0:91:76:9b:ba:89:e0:dd:bf:ed:3b:a7:8f:98:e0:b6:90:d6:
a3:ed:56:a7:b5:ba:db:8d:67:24:d7:11:8d:7b:b7:67:2e:f1:
98:25:53:8e:f6:06:64:f8:82:c1:fc:8e:c8:5d:0b:ff:8f:ae:
84:d1:6d:44:82:fb:8d:7a:c1:69:f5:dd:c2:ef:d5:8a:13:13:
c1:8a:ef:f8:9c:61:17:64:33:f1:5d:4a:b9:80:9d:08:ae:eb:
4d:ec:c8:40:22:65:84:8d:f5:10:37:e5:7f:de:96:af:d6:eb:
07:c2:e1:e8:2a:b7:e2:af:3e:8b:2b:39:9a:c9:ed:79:77:89:
9d:30:79:cc:1d:03:0c:fe:e5:0d:a4:7f:3d:d6:66:57:e6:6e:
cb:7c:80:ec:0a:50:2f:d7:89:2a:4d:a1:a7:b3:2e:f6:83:03:
9d:42:a3:b5:97:33:5c:f3:44:02:39:fd:fd:cf:35:29:8f:f0:
76:7b:60:85
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYfryYWQe5xyKYime8Sta9q8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwNTA1MTIwMTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWU1MTY2NGUyZDc2YTUzNmQzNjExZWZjMTkxMjg5MzAzNmYzZmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFiuKZY+mkc/3cnW+fouuOgaDywd
i2R8Y7wbcsxNFeYlZTaE8tX/Wwyr8sD9Xw3T7ONSF6O6OeQHYZKCEzqu8beOD4+s
YOsOEyb+rbqJPPEpj1cnQ54DT54/+0CqfrO7s2SYfJhIG8BOFz+BFTlz5ssHg06W
+nlQ6NtawkVzoPQ2g2/xuKcaEz1u/yhxWITrM4GVrxpdM9xvoBapMHwL36CSb+rz
zx8bTUsGKj9W78en2YcqTn7kwngZM9nDdsyiaSHwGpSOXqGo1Nk0DlV1QqWfcsR4
RZ59+EEmEfkJdLUPlOntEFRh3qFq43Aw+5Vd6AkkkalU8x48eDXlQe+OBwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFCrlFmTi12pTbTYR78GRKJMDbz++MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvS3VVV1pPTFhhbE50TmhIdndaRW9rd052UDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQgVAwQA
LZPgAwQAucefAwQAudZsAwQBueEAAwQAueEUAwQAufZwAwQAufvlMA0GCSqGSIb3
DQEBCwUAA4IBAQCeGrZFLbRQnQhKWEjy4itdkvLUG35khdatCcgOKmzdtkHTfoLK
y+HTqzpVhxhTEQ9hnKHpjwwcgGykff4/+UJ7dOnvgv7LXGrwkXabuong3b/tO6eP
mOC2kNaj7VantbrbjWck1xGNe7dnLvGYJVOO9gZk+ILB/I7IXQv/j66E0W1EgvuN
esFp9d3C79WKExPBiu/4nGEXZDPxXUq5gJ0IrutN7MhAImWEjfUQN+V/3pav1usH
wuHoKrfirz6LKzmaye15d4mdMHnMHQMM/uUNpH891mZX5m7LfIDsClAv14kqTaGn
sy72gwOdQqO1lzNc80QCOf39zzUpj/B2e2CF
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:41 2024 by rpki-client on console-fra.rpki-client.org