Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/apeS2JNpYteZ_6NXTfQdPTkkRhs.roa
File: apeS2JNpYteZ_6NXTfQdPTkkRhs.roa (raw, json)
Hash identifier: hPJdaQK765E0ozzgMq8oBdxciSp8e4i29wsRIc88lFw=
Subject key identifier: 6A:97:92:D8:93:69:62:D7:99:FF:A3:57:4D:F4:1D:3D:39:24:46:1B
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 018D74C117294019D785BB182FFDC4367EC9
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/apeS2JNpYteZ_6NXTfQdPTkkRhs.roa
Signing time: Sun 04 Feb 2024 15:33:47 +0000
ROA not before: Sun 04 Feb 2024 15:33:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 45.8.21.0/24 maxlen: 24
185.218.101.0/24 maxlen: 24
185.220.250.0/23 maxlen: 24
185.223.82.0/24 maxlen: 24
185.225.0.0/23 maxlen: 23
185.227.146.0/23 maxlen: 24
185.251.229.0/24 maxlen: 24
193.58.146.0/23 maxlen: 24
Validation: Failed, certificate revoked on Tue 06 Feb 2024 12:00:07 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:74:c1:17:29:40:19:d7:85:bb:18:2f:fd:c4:36:7e:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Feb 4 15:33:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6a9792d8936962d799ffa3574df41d3d3924461b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:c0:d7:78:f0:11:b9:35:93:5b:2c:36:84:3b:
44:ef:e7:e6:7c:f5:15:e7:b0:91:b7:3d:75:9f:72:
fe:70:7f:9c:50:4b:62:6b:24:78:52:2a:79:6c:b6:
4e:40:fd:eb:c2:8b:32:9c:e0:58:00:38:a7:f4:f6:
34:21:e3:67:75:ed:e5:d0:65:92:da:25:1f:c8:a6:
bd:e6:16:5d:a6:fd:72:02:3a:63:a5:12:72:fd:4d:
5c:b7:0b:82:02:a2:db:7e:9e:05:66:27:1e:fa:2f:
ac:78:a4:95:9b:64:a7:f2:72:aa:da:c2:31:ed:89:
5c:47:82:86:65:5f:1b:56:92:c8:a7:d2:76:e2:e4:
d4:6c:6d:fa:d4:e7:95:8d:94:09:8f:8d:59:5c:cb:
6c:5f:3d:cd:f3:8c:35:c8:25:15:ce:17:85:c9:7c:
9a:ef:32:b2:a3:19:4f:0a:45:cf:31:f0:9f:94:11:
c0:1f:22:80:81:96:df:33:a0:df:b6:05:b9:23:e6:
73:ab:d4:56:f0:9e:94:e9:d9:ae:40:c8:4f:05:88:
90:f4:29:b7:14:26:d3:a6:48:83:d4:92:c7:c2:11:
1e:32:02:45:d2:b1:73:f2:06:b2:52:a5:d8:a8:73:
9e:e7:4f:a8:05:7c:65:d0:1e:ad:a6:e2:8f:6c:26:
9b:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:97:92:D8:93:69:62:D7:99:FF:A3:57:4D:F4:1D:3D:39:24:46:1B
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/apeS2JNpYteZ_6NXTfQdPTkkRhs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.21.0/24
185.218.101.0/24
185.220.250.0/23
185.223.82.0/24
185.225.0.0/23
185.227.146.0/23
185.251.229.0/24
193.58.146.0/23
Signature Algorithm: sha256WithRSAEncryption
15:cb:a0:05:af:c9:4c:a3:4f:82:ce:37:56:91:67:a7:e8:a9:
54:e2:33:77:6b:f9:a2:c2:3e:e9:27:d7:86:6d:16:08:66:89:
42:8b:f2:df:e7:2b:a9:df:7c:e9:c0:4a:1f:73:46:6e:9a:50:
e5:92:f2:4a:a6:7f:bf:45:dd:b9:b7:0a:52:fc:79:fa:54:ed:
bc:56:7e:4a:b6:ff:8c:63:c7:12:69:ee:24:ac:15:89:00:dd:
b7:0e:b8:5b:6e:60:cb:15:b2:bd:3a:30:c1:ec:ab:c0:7e:32:
38:dd:af:62:f0:64:8b:29:85:d2:56:f6:f2:29:1d:be:47:8b:
81:8d:e5:93:84:7e:2e:e8:f9:07:95:85:d1:20:db:0b:6f:c1:
fc:b3:2d:9a:7e:10:41:b7:dc:7a:6f:5a:a7:45:dc:3b:a9:03:
e6:89:6f:25:97:02:d9:48:29:a7:ae:71:a8:27:fe:d6:de:ee:
29:7c:b6:bf:b2:d0:6d:26:d0:bd:e3:b1:e0:f6:07:22:d9:ca:
6e:b2:3a:f7:09:ad:50:66:bd:83:c8:a7:cb:ea:a0:b7:38:66:
6b:5e:27:4f:72:ff:ad:41:99:16:f6:bf:5c:d3:d0:0d:e6:d7:
29:3d:2b:dc:44:fd:aa:3b:b5:cc:cc:f2:b0:4b:95:f4:c1:b4:
2a:91:47:12
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY10wRcpQBnXhbsYL/3ENn7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjA0MTUzMzQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk3OTJkODkzNjk2MmQ3OTlmZmEzNTc0ZGY0MWQzZDM5MjQ0NjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncDXePARuTWTWyw2hDtE7+fmfPUV
57CRtz11n3L+cH+cUEtiayR4Uip5bLZOQP3rwosynOBYADin9PY0IeNnde3l0GWS
2iUfyKa95hZdpv1yAjpjpRJy/U1ctwuCAqLbfp4FZice+i+seKSVm2Sn8nKq2sIx
7YlcR4KGZV8bVpLIp9J24uTUbG361OeVjZQJj41ZXMtsXz3N84w1yCUVzheFyXya
7zKyoxlPCkXPMfCflBHAHyKAgZbfM6DftgW5I+Zzq9RW8J6U6dmuQMhPBYiQ9Cm3
FCbTpkiD1JLHwhEeMgJF0rFz8gayUqXYqHOe50+oBXxl0B6tpuKPbCabZwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGqXktiTaWLXmf+jV030HT05JEYbMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvYXBlUzJKTnBZdGVaXzZOWFRmUWRQVGtrUmhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQgVAwQA
udplAwQBudz6AwQAud9SAwQBueEAAwQBueOSAwQAufvlAwQBwTqSMA0GCSqGSIb3
DQEBCwUAA4IBAQAVy6AFr8lMo0+CzjdWkWen6KlU4jN3a/miwj7pJ9eGbRYIZolC
i/Lf5yup33zpwEofc0ZumlDlkvJKpn+/Rd25twpS/Hn6VO28Vn5Ktv+MY8cSae4k
rBWJAN23DrhbbmDLFbK9OjDB7KvAfjI43a9i8GSLKYXSVvbyKR2+R4uBjeWThH4u
6PkHlYXRINsLb8H8sy2afhBBt9x6b1qnRdw7qQPmiW8llwLZSCmnrnGoJ/7W3u4p
fLa/stBtJtC947Hg9gci2cpusjr3Ca1QZr2DyKfL6qC3OGZrXidPcv+tQZkW9r9c
09AN5tcpPSvcRP2qO7XMzPKwS5X0wbQqkUcS
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:42 2024 by rpki-client on console-fra.rpki-client.org