Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rAFmkKn1CciKK2PhTcZ4GuvNd-Y.roa
File: rAFmkKn1CciKK2PhTcZ4GuvNd-Y.roa (raw, json)
Hash identifier: HSGNtdiF2Dosvs3gkpxiojVyekaZrKwcyDmYEtW9TCE=
Subject key identifier: AC:01:66:90:A9:F5:09:C8:8A:2B:63:E1:4D:C6:78:1A:EB:CD:77:E6
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 018C8BCF760BBB3DC83FA6F7F07633E6ED91
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rAFmkKn1CciKK2PhTcZ4GuvNd-Y.roa
Signing time: Thu 21 Dec 2023 09:57:58 +0000
ROA not before: Thu 21 Dec 2023 09:57:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.227.146.0/23 maxlen: 24
185.220.249.0/24 maxlen: 24
185.220.250.0/23 maxlen: 24
193.58.146.0/23 maxlen: 24
45.8.21.0/24 maxlen: 24
185.251.229.0/24 maxlen: 24
185.223.82.0/24 maxlen: 24
185.225.0.0/23 maxlen: 23
Validation: Failed, certificate revoked on Sat 23 Dec 2023 11:26:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:8b:cf:76:0b:bb:3d:c8:3f:a6:f7:f0:76:33:e6:ed:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Dec 21 09:57:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac016690a9f509c88a2b63e14dc6781aebcd77e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:bd:5a:1f:02:74:c5:34:06:76:38:f9:c7:36:
58:f7:27:1c:d9:c3:98:63:c1:70:4a:4e:72:27:65:
54:ad:89:86:72:77:b2:3e:96:53:82:7a:72:8d:af:
18:54:4b:df:8c:99:6d:57:d0:c2:36:33:55:e1:34:
1c:dd:66:8b:9f:0e:79:2a:38:a8:11:28:ef:4d:a5:
69:b8:d6:76:ab:ad:c4:ff:67:25:0f:5c:53:88:61:
b3:f5:3b:42:9a:9c:d5:16:20:da:8c:5d:6b:42:a6:
4d:94:76:5c:3f:3c:d2:da:c8:d0:b2:68:c9:81:81:
31:1d:e2:0a:f2:1c:18:14:c0:ba:26:44:7e:00:b3:
ab:36:43:57:a1:08:1d:b7:98:f5:df:12:0e:ab:56:
b8:ac:d5:a6:eb:e6:ca:3e:ff:d8:50:9d:33:d5:53:
01:7f:b5:2a:a1:6e:99:02:9a:cd:c4:81:83:7d:94:
8c:e1:cf:39:ca:b3:a3:80:f3:6a:dc:4a:51:83:64:
b8:c0:55:76:23:a1:d6:cd:5a:e5:94:13:9f:2c:ad:
63:6b:04:7f:b5:63:4a:01:58:8c:6b:7c:b7:03:d2:
bc:9c:d5:04:34:c9:d4:09:ff:4e:cc:80:1d:f6:a9:
81:83:7e:19:cf:7c:a1:3b:5d:34:e5:e1:62:f7:06:
93:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:01:66:90:A9:F5:09:C8:8A:2B:63:E1:4D:C6:78:1A:EB:CD:77:E6
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/rAFmkKn1CciKK2PhTcZ4GuvNd-Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.21.0/24
185.220.249.0-185.220.251.255
185.223.82.0/24
185.225.0.0/23
185.227.146.0/23
185.251.229.0/24
193.58.146.0/23
Signature Algorithm: sha256WithRSAEncryption
1b:64:97:21:ef:8c:1a:38:6e:b7:4d:3a:a8:f0:8f:ad:33:36:
35:1b:ff:b0:82:09:b8:8c:a4:ce:50:55:ba:dc:eb:4f:e4:33:
84:5e:70:26:e0:55:dd:3e:2e:1c:b0:30:6f:7a:6e:f4:04:82:
46:03:1b:02:ea:fb:ca:af:e7:3e:11:b2:4e:cb:4a:45:2f:b3:
38:46:e7:62:ee:d7:10:3f:36:f4:67:37:33:94:a4:f3:c3:b2:
22:69:6c:93:a9:24:03:65:a2:c5:28:e4:4b:e9:dc:88:55:1c:
35:71:43:17:46:ce:21:36:47:bd:c7:42:77:5c:e7:bc:39:e2:
d9:46:68:52:a2:b3:30:0c:8a:76:b5:2b:b3:c9:f5:d2:98:eb:
68:be:ba:07:ae:6e:03:b6:cd:a2:7d:69:c1:1f:29:82:27:f8:
76:85:94:75:69:99:f0:45:dc:c9:89:04:36:68:b1:63:5b:03:
fd:91:45:0e:36:e6:20:2c:84:9b:02:55:09:b6:a9:47:50:0c:
a2:2e:01:d6:ca:58:af:38:8c:6f:5f:0b:48:81:5b:d1:8e:4f:
89:32:17:6f:8d:e1:1e:c9:78:41:08:a7:0b:2b:98:76:6c:e6:
1a:e3:f1:b6:ef:d6:e6:51:5e:c0:71:1c:18:fe:3b:73:2e:27:
e6:65:6f:49
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYyLz3YLuz3IP6b38HYz5u2RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMxMjIxMDk1NzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzAxNjY5MGE5ZjUwOWM4OGEyYjYzZTE0ZGM2NzgxYWViY2Q3N2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvr1aHwJ0xTQGdjj5xzZY9ycc2cOY
Y8FwSk5yJ2VUrYmGcneyPpZTgnpyja8YVEvfjJltV9DCNjNV4TQc3WaLnw55Kjio
ESjvTaVpuNZ2q63E/2clD1xTiGGz9TtCmpzVFiDajF1rQqZNlHZcPzzS2sjQsmjJ
gYExHeIK8hwYFMC6JkR+ALOrNkNXoQgdt5j13xIOq1a4rNWm6+bKPv/YUJ0z1VMB
f7UqoW6ZAprNxIGDfZSM4c85yrOjgPNq3EpRg2S4wFV2I6HWzVrllBOfLK1jawR/
tWNKAViMa3y3A9K8nNUENMnUCf9OzIAd9qmBg34Zz3yhO1005eFi9waTAQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFKwBZpCp9QnIiitj4U3GeBrrzXfmMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvckFGbWtLbjFDY2lLSzJQaFRjWjRHdXZOZC1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALQgVMAwD
BAC53PkDBAK53PgDBAC531IDBAG54QADBAG545IDBAC5++UDBAHBOpIwDQYJKoZI
hvcNAQELBQADggEBABtklyHvjBo4brdNOqjwj60zNjUb/7CCCbiMpM5QVbrc60/k
M4RecCbgVd0+LhywMG96bvQEgkYDGwLq+8qv5z4Rsk7LSkUvszhG52Lu1xA/NvRn
NzOUpPPDsiJpbJOpJANlosUo5Evp3IhVHDVxQxdGziE2R73HQndc57w54tlGaFKi
szAMina1K7PJ9dKY62i+ugeubgO2zaJ9acEfKYIn+HaFlHVpmfBF3MmJBDZosWNb
A/2RRQ425iAshJsCVQm2qUdQDKIuAdbKWK84jG9fC0iBW9GOT4kyF2+N4R7JeEEI
pwsrmHZs5hrj8bbv1uZRXsBxHBj+O3MuJ+Zlb0k=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:29 2024 by rpki-client on console-ams.rpki-client.org