Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/d79c98-c27d-45b3-86d9-dad3bb13c0a2/1/syXCCT7If8yaYfgY-afP7_J3TJQ.roa
File: syXCCT7If8yaYfgY-afP7_J3TJQ.roa (raw, json)
Hash identifier: u7NUcdpw+ymiS1CiJFfriz99p2dmUMThskV3LzW0h/A=
Subject key identifier: B3:25:C2:09:3E:C8:7F:CC:9A:61:F8:18:F9:A7:CF:EF:F2:77:4C:94
Certificate issuer: /CN=d79da465615c60094370833892da84c886e1c4ef
Certificate serial: 01856C53E77C60B9DDC997F72B00B1E97846
Authority key identifier: D7:9D:A4:65:61:5C:60:09:43:70:83:38:92:DA:84:C8:86:E1:C4:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/152kZWFcYAlDcIM4ktqEyIbhxO8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/d79c98-c27d-45b3-86d9-dad3bb13c0a2/1/syXCCT7If8yaYfgY-afP7_J3TJQ.roa
Signing time: Sun 01 Jan 2023 07:55:15 +0000
ROA not before: Sun 01 Jan 2023 07:55:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.1.231.0/24 maxlen: 24
217.29.66.0/23 maxlen: 23
217.29.68.0/23 maxlen: 23
185.1.186.0/24 maxlen: 24
2001:7f8:b:100::/64 maxlen: 64
2001:7f8:101:7::/64 maxlen: 64
2001:7f8:101:13::/64 maxlen: 64
2001:7f8:b:101::/64 maxlen: 64
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:53:e7:7c:60:b9:dd:c9:97:f7:2b:00:b1:e9:78:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d79da465615c60094370833892da84c886e1c4ef
Validity
Not Before: Jan 1 07:55:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b325c2093ec87fcc9a61f818f9a7cfeff2774c94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:d3:1f:0e:72:61:12:60:9d:dc:17:02:9b:a4:
05:3a:36:df:34:b0:cb:c1:4e:30:63:1d:10:69:9d:
cb:ee:f0:3b:88:37:f5:dd:af:ce:2f:ff:a3:8b:e9:
a8:c3:22:54:a8:fb:c0:38:5d:5c:a9:56:4a:9d:94:
f3:6b:12:48:03:c3:0f:64:61:59:29:df:25:9c:6d:
06:f0:3a:ce:67:9d:67:3c:03:11:2a:b5:3b:6e:9b:
0b:17:ae:e7:f5:db:40:c1:39:6f:9c:c3:0f:3d:32:
ba:87:41:71:7c:64:1d:34:db:fb:00:66:28:5f:5f:
62:f0:0a:60:39:9f:a6:12:25:b6:a3:45:41:ea:77:
fe:4e:43:3d:00:53:9a:ed:3c:e3:ca:42:95:d4:ec:
c4:55:79:7f:c1:9a:7b:99:58:79:20:2c:ed:1f:22:
0e:2b:64:66:fb:90:1a:c2:38:79:8b:68:6a:40:83:
f0:da:7b:a8:b7:71:5e:fd:91:d8:f1:a5:cf:58:91:
ad:99:d7:bf:7a:b2:56:0d:24:f7:6a:cd:d0:01:e4:
96:3e:1b:41:1e:ac:9f:d8:cd:0d:fa:ab:4d:ad:ef:
dc:20:8b:14:26:db:c4:7d:9b:c6:a5:af:62:30:c0:
1b:25:7f:76:35:7c:d1:49:3d:6d:a5:f1:fa:86:3c:
af:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:25:C2:09:3E:C8:7F:CC:9A:61:F8:18:F9:A7:CF:EF:F2:77:4C:94
X509v3 Authority Key Identifier:
keyid:D7:9D:A4:65:61:5C:60:09:43:70:83:38:92:DA:84:C8:86:E1:C4:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/152kZWFcYAlDcIM4ktqEyIbhxO8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d79c98-c27d-45b3-86d9-dad3bb13c0a2/1/syXCCT7If8yaYfgY-afP7_J3TJQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d79c98-c27d-45b3-86d9-dad3bb13c0a2/1/152kZWFcYAlDcIM4ktqEyIbhxO8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.1.186.0/24
185.1.231.0/24
217.29.66.0-217.29.69.255
IPv6:
2001:7f8:b:100::/63
2001:7f8:101:7::/64
2001:7f8:101:13::/64
Signature Algorithm: sha256WithRSAEncryption
ce:aa:7f:2d:3e:25:76:73:57:e0:44:30:fe:cf:33:56:0c:bd:
a1:5b:6d:29:9f:08:97:b0:e7:de:4a:c3:91:86:4f:4e:ef:1b:
60:eb:dd:92:88:76:e3:c9:1e:f5:d4:09:cc:be:d4:16:32:21:
59:c0:a8:f4:9d:8b:e6:65:6f:f3:d1:d4:f5:23:77:95:30:7f:
dd:f9:98:72:bb:3c:fc:1a:25:40:1a:e3:29:0a:fb:c4:7c:71:
a0:bc:a1:e5:5d:59:c7:31:7d:1c:5f:e3:b3:43:fd:36:12:e2:
08:48:21:6b:6e:c8:ea:f6:9b:a9:cc:28:02:eb:91:d4:55:66:
7f:c2:ab:b5:68:ea:b1:06:32:71:37:3d:0e:31:0b:a1:17:d7:
e8:1c:97:f4:3c:1a:bb:87:8a:4f:27:4e:92:c1:5d:77:cb:da:
93:6c:c3:4c:4c:11:01:5e:d4:ac:8b:03:c0:c0:54:82:ad:ad:
7a:fb:e7:3d:e3:b4:8e:7b:61:74:f7:ea:fb:07:2a:ca:a1:90:
9b:b2:6e:3f:4e:0b:22:ee:0b:7c:65:c0:93:3d:80:29:c4:1f:
c7:4a:c4:13:be:22:ee:d6:04:2f:53:e0:c8:35:72:13:24:7f:
c3:4d:c7:68:56:28:a1:5c:9e:bd:c0:97:a3:cf:a0:b6:6b:92:
c3:8b:b4:d0
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYVsU+d8YLndyZf3KwCx6XhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3OWRhNDY1NjE1YzYwMDk0MzcwODMzODkyZGE4NGM4ODZl
MWM0ZWYwHhcNMjMwMTAxMDc1NTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI1YzIwOTNlYzg3ZmNjOWE2MWY4MThmOWE3Y2ZlZmYyNzc0Yzk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmdMfDnJhEmCd3BcCm6QFOjbfNLDL
wU4wYx0QaZ3L7vA7iDf13a/OL/+ji+mowyJUqPvAOF1cqVZKnZTzaxJIA8MPZGFZ
Kd8lnG0G8DrOZ51nPAMRKrU7bpsLF67n9dtAwTlvnMMPPTK6h0FxfGQdNNv7AGYo
X19i8ApgOZ+mEiW2o0VB6nf+TkM9AFOa7TzjykKV1OzEVXl/wZp7mVh5ICztHyIO
K2Rm+5Aawjh5i2hqQIPw2nuot3Fe/ZHY8aXPWJGtmde/erJWDST3as3QAeSWPhtB
Hqyf2M0N+qtNre/cIIsUJtvEfZvGpa9iMMAbJX92NXzRST1tpfH6hjyvAwIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFLMlwgk+yH/MmmH4GPmnz+/yd0yUMB8GA1UdIwQY
MBaAFNedpGVhXGAJQ3CDOJLahMiG4cTvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTUya1pXRmNZQWxEY0lNNGt0cUV5SWJoeE84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9kNzljOTgtYzI3ZC00NWIzLTg2ZDkt
ZGFkM2JiMTNjMGEyLzEvc3lYQ0NUN0lmOHlhWWZnWS1hZlA3X0ozVEpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9kNzljOTgtYzI3ZC00NWIzLTg2ZDktZGFkM2JiMTNjMGEy
LzEvMTUya1pXRmNZQWxEY0lNNGt0cUV5SWJoeE84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzAgBAIAATAaAwQAuQG6AwQA
uQHnMAwDBAHZHUIDBAHZHUQwJwQCAAIwIQMJASABB/gACwEAAwkAIAEH+AEBAAcD
CQAgAQf4AQEAEzANBgkqhkiG9w0BAQsFAAOCAQEAzqp/LT4ldnNX4EQw/s8zVgy9
oVttKZ8Il7Dn3krDkYZPTu8bYOvdkoh248ke9dQJzL7UFjIhWcCo9J2L5mVv89HU
9SN3lTB/3fmYcrs8/BolQBrjKQr7xHxxoLyh5V1ZxzF9HF/js0P9NhLiCEgha27I
6vabqcwoAuuR1FVmf8KrtWjqsQYycTc9DjELoRfX6ByX9Dwau4eKTydOksFdd8va
k2zDTEwRAV7UrIsDwMBUgq2tevvnPeO0jnthdPfq+wcqyqGQm7JuP04LIu4LfGXA
kz2AKcQfx0rEE74i7tYEL1PgyDVyEyR/w03HaFYooVyevcCXo8+gtmuSw4u00A==
-----END CERTIFICATE-----
Generated at Tue Jan 2 15:23:16 2024 by rpki-client on console-ams.rpki-client.org