Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/mZHkjVtrlDFyQjfO3aiXX_L1UTo.roa
File: mZHkjVtrlDFyQjfO3aiXX_L1UTo.roa (raw, json)
Hash identifier: 8FGCvZDsEo+NPqMtTajX3H72bTgkFjQemV0d8dQLBYI=
Subject key identifier: 99:91:E4:8D:5B:6B:94:31:72:42:37:CE:DD:A8:97:5F:F2:F5:51:3A
Certificate issuer: /CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Certificate serial: 018CC26D0D2127D6DB432BE0256F12CD0C8A
Authority key identifier: 18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/mZHkjVtrlDFyQjfO3aiXX_L1UTo.roa
Signing time: Mon 01 Jan 2024 00:29:35 +0000
ROA not before: Mon 01 Jan 2024 00:29:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209811
IP address blocks: 2.57.232.0/23 maxlen: 23
95.215.202.0/23 maxlen: 23
95.215.200.0/23 maxlen: 23
2.57.234.0/23 maxlen: 23
185.151.230.0/23 maxlen: 23
185.151.228.0/23 maxlen: 23
185.208.8.0/24 maxlen: 24
194.31.160.0/23 maxlen: 23
194.31.162.0/23 maxlen: 23
2a09:1680::/48 maxlen: 48
Validation: Failed, certificate revoked on Thu 02 Jan 2025 11:49:57 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:0d:21:27:d6:db:43:2b:e0:25:6f:12:cd:0c:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Validity
Not Before: Jan 1 00:29:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9991e48d5b6b9431724237cedda8975ff2f5513a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:b2:b8:c9:a9:dc:c6:b8:46:2a:64:eb:69:95:
2f:19:c3:1d:1d:37:1b:0f:f0:2b:3a:7d:b8:b0:d4:
6a:fa:07:de:e4:2e:c9:24:fa:3c:3e:3e:3b:aa:53:
4d:c3:71:f9:b1:3d:b0:35:c3:ca:59:9d:a6:be:5e:
eb:d1:47:44:7f:b9:2c:2f:b7:7c:5e:aa:50:86:98:
34:19:a8:f3:db:89:05:c5:12:40:72:ab:99:b8:8a:
c2:32:9c:64:e6:9a:fe:ee:ef:34:e7:bd:c7:6b:5b:
2b:35:ef:2a:7c:93:ef:9f:90:20:30:5c:64:be:6a:
e6:88:44:d8:ca:19:19:d7:e8:1a:a6:9d:d9:0b:ca:
82:1d:96:9f:52:2f:57:6d:c9:97:68:c9:b9:8e:23:
29:9d:eb:0e:11:5b:c9:b7:b5:4f:76:96:54:51:4f:
48:de:2f:e0:ea:a6:3b:2b:38:7f:95:79:d8:df:98:
8f:f4:38:55:d5:9d:52:47:86:af:19:79:38:4b:7b:
ed:cb:09:8a:5d:b1:8d:70:e7:6f:8e:f6:99:00:9f:
54:6f:84:4c:69:66:65:d7:ee:68:d9:df:ce:3c:aa:
34:fa:b3:78:c2:66:a7:07:b1:1a:55:ba:e2:2a:e0:
9c:a7:a8:e1:f4:9c:64:f8:95:ce:a7:a4:3e:2c:c5:
b2:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:91:E4:8D:5B:6B:94:31:72:42:37:CE:DD:A8:97:5F:F2:F5:51:3A
X509v3 Authority Key Identifier:
keyid:18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/mZHkjVtrlDFyQjfO3aiXX_L1UTo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.232.0/22
95.215.200.0/22
185.151.228.0/22
185.208.8.0/24
194.31.160.0/22
IPv6:
2a09:1680::/48
Signature Algorithm: sha256WithRSAEncryption
5e:0d:7b:bb:63:70:2e:c7:4c:0e:22:38:83:ea:31:ac:5c:02:
42:c0:7f:d8:c7:d6:93:03:51:b1:8c:5d:0c:66:8e:4d:8d:47:
03:40:92:13:a3:6d:ca:b0:b9:73:05:b9:25:37:ee:e8:3f:3c:
11:aa:ad:de:0b:b4:66:2b:45:6c:36:ad:ac:d4:77:1e:92:e8:
7d:4f:ed:f7:bf:ba:cd:65:71:cc:18:cc:3f:ca:3a:cd:59:7e:
84:82:dd:e3:81:14:1d:d0:a3:db:d2:f8:b4:8f:25:47:4b:e5:
3b:de:0f:c4:32:60:8b:81:34:56:37:a9:18:a4:d3:40:68:7d:
ca:c5:0b:7e:6f:66:5c:e8:c5:e4:7f:e2:c9:67:e5:e9:55:ac:
64:06:56:23:e2:51:7b:9b:8c:1f:ca:33:94:06:1b:19:7a:b0:
5d:60:fb:80:5c:d7:e9:72:9d:df:ba:3e:6a:40:ec:2d:dc:03:
aa:5c:5d:b0:43:99:6e:28:d8:d2:d4:92:a0:8d:26:c7:80:6e:
5b:0d:45:b7:df:f7:12:7d:b4:77:63:d9:1a:a5:76:34:22:87:
26:c9:ec:26:47:00:f2:53:bd:ba:5e:9f:1c:00:3c:ed:3c:d3:
3b:a2:f1:bc:f6:57:33:c4:4e:d5:d5:e8:5e:1c:2f:5b:11:8a:
2c:46:35:68
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzCbQ0hJ9bbQyvgJW8SzQyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YTg0YThlNDc1ZjY2MDZlN2ExMmY5MmIzMzBkNjNkOGY4
ODBiZTAwHhcNMjQwMTAxMDAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTkxZTQ4ZDViNmI5NDMxNzI0MjM3Y2VkZGE4OTc1ZmYyZjU1MTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7K4yancxrhGKmTraZUvGcMdHTcb
D/ArOn24sNRq+gfe5C7JJPo8Pj47qlNNw3H5sT2wNcPKWZ2mvl7r0UdEf7ksL7d8
XqpQhpg0Gajz24kFxRJAcquZuIrCMpxk5pr+7u80573Ha1srNe8qfJPvn5AgMFxk
vmrmiETYyhkZ1+gapp3ZC8qCHZafUi9XbcmXaMm5jiMpnesOEVvJt7VPdpZUUU9I
3i/g6qY7Kzh/lXnY35iP9DhV1Z1SR4avGXk4S3vtywmKXbGNcOdvjvaZAJ9Ub4RM
aWZl1+5o2d/OPKo0+rN4wmanB7EaVbriKuCcp6jh9Jxk+JXOp6Q+LMWy+wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFJmR5I1ba5QxckI3zt2ol1/y9VE6MB8GA1UdIwQY
MBaAFBioSo5HX2YG56EvkrMw1j2PiAvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEt
ODdmNWI2NDc5ZDFlLzEvbVpIa2pWdHJsREZ5UWpmTzNhaVhYX0wxVVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEtODdmNWI2NDc5ZDFl
LzEvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEgGCCsGAQUFBwEHAQH/BDkwNzAkBAIAATAeAwQCAjnoAwQC
X9fIAwQCuZfkAwQAudAIAwQCwh+gMA8EAgACMAkDBwAqCRaAAAAwDQYJKoZIhvcN
AQELBQADggEBAF4Ne7tjcC7HTA4iOIPqMaxcAkLAf9jH1pMDUbGMXQxmjk2NRwNA
khOjbcqwuXMFuSU37ug/PBGqrd4LtGYrRWw2razUdx6S6H1P7fe/us1lccwYzD/K
Os1ZfoSC3eOBFB3Qo9vS+LSPJUdL5TveD8QyYIuBNFY3qRik00BofcrFC35vZlzo
xeR/4sln5elVrGQGViPiUXubjB/KM5QGGxl6sF1g+4Bc1+lynd+6PmpA7C3cA6pc
XbBDmW4o2NLUkqCNJseAblsNRbff9xJ9tHdj2RqldjQihybJ7CZHAPJTvbpenxwA
PO080zui8bz2VzPETtXV6F4cL1sRiixGNWg=
-----END CERTIFICATE-----
Generated at Sun Feb 16 21:59:36 2025 by rpki-client