Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/RDBEqloyZunvGwo4Z5CPW86xLn0.roa
File: RDBEqloyZunvGwo4Z5CPW86xLn0.roa (raw, json)
Hash identifier: V53guJ6zmDs2E3JovT88CiO3XUdRpxpmg9nH4E+l+4I=
Subject key identifier: 44:30:44:AA:5A:32:66:E9:EF:1B:0A:38:67:90:8F:5B:CE:B1:2E:7D
Certificate issuer: /CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Certificate serial: 01856F1DAA21C1A28637A48B5E402BD01F6D
Authority key identifier: 18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/RDBEqloyZunvGwo4Z5CPW86xLn0.roa
Signing time: Sun 01 Jan 2023 20:54:53 +0000
ROA not before: Sun 01 Jan 2023 20:54:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209811
IP address blocks: 2.57.232.0/23 maxlen: 23
95.215.202.0/23 maxlen: 23
95.215.200.0/23 maxlen: 23
2.57.234.0/23 maxlen: 23
185.151.230.0/23 maxlen: 23
185.151.228.0/23 maxlen: 23
185.208.8.0/24 maxlen: 24
194.31.160.0/23 maxlen: 23
194.31.162.0/23 maxlen: 23
2a09:1680::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 01 Jan 2024 00:29:35 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:1d:aa:21:c1:a2:86:37:a4:8b:5e:40:2b:d0:1f:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Validity
Not Before: Jan 1 20:54:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=443044aa5a3266e9ef1b0a3867908f5bceb12e7d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f4:25:16:f0:a8:c4:6e:a0:5c:a4:92:75:1c:b9:
f3:8a:17:b7:08:58:ad:87:97:3c:60:70:3f:70:4d:
85:0e:7a:4e:e2:8b:88:20:27:8e:e0:e8:de:23:e2:
46:07:6c:de:02:85:56:7a:d4:82:89:f2:0e:5a:a2:
50:99:f9:3e:c9:63:bb:28:19:a4:93:ec:dc:4a:0a:
16:45:e4:c7:9d:4b:62:d1:77:62:c0:f7:a1:ce:7b:
c7:66:e4:01:fd:68:58:20:89:e4:50:d9:e6:e3:26:
a3:4c:ab:7d:37:8d:19:1e:21:ee:34:f0:8a:de:9c:
88:9f:05:96:91:da:54:97:51:b1:d7:f5:02:13:12:
2b:af:6d:f9:93:5b:40:74:9c:74:50:11:49:6b:65:
9c:1b:87:cb:18:db:e6:ac:f5:24:be:1b:a9:f7:30:
49:e8:5c:6d:d8:52:59:a1:a7:e4:16:a6:f6:88:97:
9c:1f:fb:36:db:68:39:4e:c1:cb:41:39:88:7b:45:
1a:1b:a8:74:7a:be:0b:59:ce:3f:fa:40:ba:fb:fb:
2a:77:29:24:8f:4a:9f:de:28:bd:aa:65:da:62:bf:
2d:c5:ad:bf:55:78:70:61:45:89:1f:e9:67:65:84:
fd:5f:74:47:31:33:e4:71:b7:3b:9d:77:0b:d0:14:
4f:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:30:44:AA:5A:32:66:E9:EF:1B:0A:38:67:90:8F:5B:CE:B1:2E:7D
X509v3 Authority Key Identifier:
keyid:18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/RDBEqloyZunvGwo4Z5CPW86xLn0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.232.0/22
95.215.200.0/22
185.151.228.0/22
185.208.8.0/24
194.31.160.0/22
IPv6:
2a09:1680::/48
Signature Algorithm: sha256WithRSAEncryption
15:be:12:81:86:55:82:53:88:25:ae:b8:e7:eb:5c:fb:13:bb:
6a:0b:47:fa:62:86:7a:22:38:33:65:38:56:0c:59:93:26:25:
0c:50:9f:02:7f:6f:fc:9c:1c:ee:d5:05:47:27:0f:86:12:a7:
c6:22:f7:d8:47:27:8a:17:a5:30:62:6b:05:29:e4:5f:1b:e7:
34:05:6e:ef:cd:2f:0e:90:2f:79:1b:36:90:23:94:08:c9:1a:
e7:9a:97:69:aa:7e:99:64:18:c6:46:86:6d:62:23:01:e2:49:
db:ac:56:22:c3:ad:df:20:d4:68:45:67:f9:14:50:f1:74:d9:
23:84:12:2c:08:f4:a6:32:c7:52:58:36:69:e9:ce:86:6d:0c:
d1:c6:77:85:cf:c7:70:d5:0a:c5:36:cd:00:4e:d3:d8:f2:cd:
68:89:61:55:75:e3:1c:6c:ec:47:ae:9d:9e:c2:41:5b:3f:23:
a1:fa:5e:ee:63:84:b3:2e:d5:a8:13:71:93:6a:24:ee:a1:0a:
8b:ab:e5:d9:25:90:09:2d:c2:a5:43:35:d6:bc:fd:0b:a1:a9:
04:da:bc:15:ec:2d:38:ed:bc:de:3f:74:a0:15:e3:53:e1:b2:
24:bd:57:88:23:10:ff:3b:c1:ae:f0:05:0b:13:fb:14:c7:59:
33:58:aa:c2
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYVvHaohwaKGN6SLXkAr0B9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YTg0YThlNDc1ZjY2MDZlN2ExMmY5MmIzMzBkNjNkOGY4
ODBiZTAwHhcNMjMwMTAxMjA1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDMwNDRhYTVhMzI2NmU5ZWYxYjBhMzg2NzkwOGY1YmNlYjEyZTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9CUW8KjEbqBcpJJ1HLnzihe3CFit
h5c8YHA/cE2FDnpO4ouIICeO4OjeI+JGB2zeAoVWetSCifIOWqJQmfk+yWO7KBmk
k+zcSgoWReTHnUti0XdiwPehznvHZuQB/WhYIInkUNnm4yajTKt9N40ZHiHuNPCK
3pyInwWWkdpUl1Gx1/UCExIrr235k1tAdJx0UBFJa2WcG4fLGNvmrPUkvhup9zBJ
6Fxt2FJZoafkFqb2iJecH/s222g5TsHLQTmIe0UaG6h0er4LWc4/+kC6+/sqdykk
j0qf3ii9qmXaYr8txa2/VXhwYUWJH+lnZYT9X3RHMTPkcbc7nXcL0BRPFQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFEQwRKpaMmbp7xsKOGeQj1vOsS59MB8GA1UdIwQY
MBaAFBioSo5HX2YG56EvkrMw1j2PiAvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEt
ODdmNWI2NDc5ZDFlLzEvUkRCRXFsb3ladW52R3dvNFo1Q1BXODZ4TG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEtODdmNWI2NDc5ZDFl
LzEvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQCAjnoAwQC
X9fIAwQCuZfkAwQAudAIAwQCwh+gMA8EAgACMAkDBwAqCRaAAAAwDQYJKoZIhvcN
AQELBQADggEBABW+EoGGVYJTiCWuuOfrXPsTu2oLR/pihnoiODNlOFYMWZMmJQxQ
nwJ/b/ycHO7VBUcnD4YSp8Yi99hHJ4oXpTBiawUp5F8b5zQFbu/NLw6QL3kbNpAj
lAjJGueal2mqfplkGMZGhm1iIwHiSdusViLDrd8g1GhFZ/kUUPF02SOEEiwI9KYy
x1JYNmnpzoZtDNHGd4XPx3DVCsU2zQBO09jyzWiJYVV14xxs7EeunZ7CQVs/I6H6
Xu5jhLMu1agTcZNqJO6hCour5dklkAktwqVDNda8/QuhqQTavBXsLTjtvN4/dKAV
41PhsiS9V4gjEP87wa7wBQsT+xTHWTNYqsI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:55:47 2024 by rpki-client on console-fra.rpki-client.org