Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/lz7pTIEP1XoCN90RBjRF-1s0m3E.roa
File: lz7pTIEP1XoCN90RBjRF-1s0m3E.roa (raw, json)
Hash identifier: qD9aBpnu2QEjIAUfImdWkhxBDIvwP4VWShYLHg7NvzM=
Subject key identifier: 97:3E:E9:4C:81:0F:D5:7A:02:37:DD:11:06:34:45:FB:5B:34:9B:71
Certificate issuer: /CN=8a16618b71ffc80e1c3f41ed0dfc89ab5e963fd2
Certificate serial: 018CC80117F2C354BA79AEBDE027623D6615
Authority key identifier: 8A:16:61:8B:71:FF:C8:0E:1C:3F:41:ED:0D:FC:89:AB:5E:96:3F:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ihZhi3H_yA4cP0HtDfyJq16WP9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/lz7pTIEP1XoCN90RBjRF-1s0m3E.roa
Signing time: Tue 02 Jan 2024 02:29:23 +0000
ROA not before: Tue 02 Jan 2024 02:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208033
IP address blocks: 185.132.236.0/22 maxlen: 22
185.132.236.0/24 maxlen: 24
45.158.204.0/22 maxlen: 22
2a0c:dc80::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 22 Feb 2024 07:05:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:01:17:f2:c3:54:ba:79:ae:bd:e0:27:62:3d:66:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8a16618b71ffc80e1c3f41ed0dfc89ab5e963fd2
Validity
Not Before: Jan 2 02:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=973ee94c810fd57a0237dd11063445fb5b349b71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:b8:cc:82:bd:7e:77:cf:80:09:f2:ca:09:9c:
fc:49:dc:b5:0f:0c:71:96:44:31:45:31:05:73:9b:
02:52:92:8a:d4:59:e5:9e:df:5f:4b:cc:b9:c8:68:
2a:83:aa:ee:e5:ef:e5:3e:a0:87:f8:5c:30:8f:ea:
b1:40:a3:d5:d7:2d:ea:61:d5:66:11:be:75:c9:bb:
40:9c:0a:86:ad:de:8f:d1:b2:1c:c4:d4:25:b4:63:
78:b3:51:0c:55:f0:c4:a9:42:f6:a2:8f:e2:ea:a1:
31:0b:ce:70:22:a2:4c:87:ae:0b:7b:fb:96:07:17:
d9:81:e1:80:06:d7:fd:a2:ba:48:47:8c:a7:23:4c:
fe:0b:f8:ef:33:65:ad:c4:ea:de:82:26:ff:f1:69:
99:11:ad:a9:a6:9b:17:32:7b:09:ec:af:1d:e8:97:
b9:ef:09:fc:1b:ef:ff:50:4a:4c:a1:a4:1c:9d:37:
7d:8a:32:00:12:80:4d:8e:e1:68:61:1b:c3:0c:d6:
32:d9:73:33:12:17:2c:95:2a:16:3e:43:c4:4c:64:
08:f0:fb:45:ed:d8:e1:96:ef:6c:18:a2:35:3f:0b:
fc:57:eb:ea:a2:c4:45:9b:40:13:15:88:04:23:30:
6f:0f:db:cc:63:0d:71:c3:98:33:95:30:ef:f9:44:
63:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:3E:E9:4C:81:0F:D5:7A:02:37:DD:11:06:34:45:FB:5B:34:9B:71
X509v3 Authority Key Identifier:
keyid:8A:16:61:8B:71:FF:C8:0E:1C:3F:41:ED:0D:FC:89:AB:5E:96:3F:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ihZhi3H_yA4cP0HtDfyJq16WP9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/lz7pTIEP1XoCN90RBjRF-1s0m3E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/55cf77-6394-4812-9fb5-291aaedd58cc/1/ihZhi3H_yA4cP0HtDfyJq16WP9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.158.204.0/22
185.132.236.0/22
IPv6:
2a0c:dc80::/32
Signature Algorithm: sha256WithRSAEncryption
b7:a1:15:ac:7b:ca:53:32:7b:91:49:f4:4a:db:d5:a6:35:51:
a4:fa:93:4e:79:9e:85:01:f9:3e:ba:82:22:bf:8a:71:95:ae:
27:ed:a0:7a:55:62:c9:67:e5:a9:32:93:e6:f9:76:96:b5:fa:
bb:95:4f:bd:ec:67:45:0e:7c:9a:59:c6:e9:94:37:be:ae:8e:
fe:85:08:05:5e:ba:0a:85:be:c5:be:22:99:2c:60:28:3c:48:
f1:c0:92:21:97:6f:03:83:99:34:29:eb:36:44:54:6b:ca:d2:
3d:80:8b:cc:9d:17:15:3a:a7:9b:b4:31:d8:a4:b2:3b:60:06:
09:13:bd:af:4f:ed:dd:4b:45:ef:09:3b:30:36:0b:20:03:24:
86:2c:66:0a:d4:4c:e5:0d:0a:a5:aa:24:58:60:c7:55:6b:5f:
b1:f4:45:79:0f:7f:ed:bf:31:dd:6d:9f:93:6a:10:d6:07:4a:
c2:6a:ba:f1:38:7d:e8:32:99:76:78:93:b0:30:27:32:b7:d6:
5e:2f:d0:73:ba:d9:cf:c4:9a:1c:0a:69:46:64:8e:c3:15:92:
1f:03:c3:db:d1:33:7c:ce:10:70:48:91:3e:d6:1a:22:12:f5:
5d:e5:66:ea:19:22:7a:86:37:e8:6d:c7:77:21:97:02:f6:6e:
e1:d2:31:24
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIARfyw1S6ea694CdiPWYVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMTY2MThiNzFmZmM4MGUxYzNmNDFlZDBkZmM4OWFiNWU5
NjNmZDIwHhcNMjQwMTAyMDIyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzNlZTk0YzgxMGZkNTdhMDIzN2RkMTEwNjM0NDVmYjViMzQ5YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7jMgr1+d8+ACfLKCZz8Sdy1Dwxx
lkQxRTEFc5sCUpKK1Fnlnt9fS8y5yGgqg6ru5e/lPqCH+Fwwj+qxQKPV1y3qYdVm
Eb51ybtAnAqGrd6P0bIcxNQltGN4s1EMVfDEqUL2oo/i6qExC85wIqJMh64Le/uW
BxfZgeGABtf9orpIR4ynI0z+C/jvM2WtxOregib/8WmZEa2pppsXMnsJ7K8d6Je5
7wn8G+//UEpMoaQcnTd9ijIAEoBNjuFoYRvDDNYy2XMzEhcslSoWPkPETGQI8PtF
7djhlu9sGKI1Pwv8V+vqosRFm0ATFYgEIzBvD9vMYw1xw5gzlTDv+URjOwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJc+6UyBD9V6AjfdEQY0RftbNJtxMB8GA1UdIwQY
MBaAFIoWYYtx/8gOHD9B7Q38iatelj/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWhaaGkzSF95QTRjUDBIdERmeUpxMTZXUDlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC81NWNmNzctNjM5NC00ODEyLTlmYjUt
MjkxYWFlZGQ1OGNjLzEvbHo3cFRJRVAxWG9DTjkwUkJqUkYtMXMwbTNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC81NWNmNzctNjM5NC00ODEyLTlmYjUtMjkxYWFlZGQ1OGNj
LzEvaWhaaGkzSF95QTRjUDBIdERmeUpxMTZXUDlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLZ7MAwQC
uYTsMA0EAgACMAcDBQAqDNyAMA0GCSqGSIb3DQEBCwUAA4IBAQC3oRWse8pTMnuR
SfRK29WmNVGk+pNOeZ6FAfk+uoIiv4pxla4n7aB6VWLJZ+WpMpPm+XaWtfq7lU+9
7GdFDnyaWcbplDe+ro7+hQgFXroKhb7FviKZLGAoPEjxwJIhl28Dg5k0Kes2RFRr
ytI9gIvMnRcVOqebtDHYpLI7YAYJE72vT+3dS0XvCTswNgsgAySGLGYK1EzlDQql
qiRYYMdVa1+x9EV5D3/tvzHdbZ+TahDWB0rCarrxOH3oMpl2eJOwMCcyt9ZeL9Bz
utnPxJocCmlGZI7DFZIfA8Pb0TN8zhBwSJE+1hoiEvVd5WbqGSJ6hjfobcd3IZcC
9m7h0jEk
-----END CERTIFICATE-----
Generated at Tue Apr 22 01:38:32 2025 by rpki-client