Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/b887da-44b9-4be2-866f-d3a85a71b029/1/2xh1PFDWgNCSWTbucZLGtxbhlCg.roa
File: 2xh1PFDWgNCSWTbucZLGtxbhlCg.roa (raw, json)
Hash identifier: lVCYs8aZhpw4hgjTia7Rz8UBgcQ16yPORU2gprv2pc4=
Subject key identifier: DB:18:75:3C:50:D6:80:D0:92:59:36:EE:71:92:C6:B7:16:E1:94:28
Certificate issuer: /CN=46acafe61343d710df60cd91de08901fdbba6f8f
Certificate serial: 018C3B37FFBC9D572DE42667CD1E7DD39027
Authority key identifier: 46:AC:AF:E6:13:43:D7:10:DF:60:CD:91:DE:08:90:1F:DB:BA:6F:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rqyv5hND1xDfYM2R3giQH9u6b48.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/b887da-44b9-4be2-866f-d3a85a71b029/1/2xh1PFDWgNCSWTbucZLGtxbhlCg.roa
Signing time: Tue 05 Dec 2023 18:22:54 +0000
ROA not before: Tue 05 Dec 2023 18:22:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61010
IP address blocks: 185.20.122.0/24 maxlen: 24
185.20.120.0/22 maxlen: 22
185.20.123.0/24 maxlen: 24
185.20.120.0/24 maxlen: 24
185.20.121.0/24 maxlen: 24
2a00:47a0::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 06:29:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3b:37:ff:bc:9d:57:2d:e4:26:67:cd:1e:7d:d3:90:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=46acafe61343d710df60cd91de08901fdbba6f8f
Validity
Not Before: Dec 5 18:22:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=db18753c50d680d0925936ee7192c6b716e19428
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:e6:08:44:ef:c9:2e:a7:34:db:de:a0:87:7e:
fe:31:34:1a:72:f5:af:bd:37:44:17:32:6d:b7:c4:
39:7a:bd:cc:f0:8d:56:88:55:1c:7b:c5:ac:f5:e9:
21:a7:c6:2e:ef:9e:17:6d:63:09:89:b4:4c:23:e1:
46:5c:24:80:8e:19:e5:29:0f:a3:85:8b:d3:76:33:
7c:f6:29:06:a6:98:a3:17:41:1b:b1:de:82:8b:64:
90:18:af:0f:ff:12:fe:0c:7d:73:07:7a:ca:e6:10:
46:ad:1f:da:f7:0e:c5:c8:dd:a5:e8:08:05:b5:4d:
f8:e2:84:f5:bf:03:8c:bc:d7:4d:6e:de:db:fc:a6:
17:5d:5c:00:88:8f:fa:46:15:15:6a:2c:0b:cd:8e:
97:e1:30:7c:ed:39:ba:99:83:68:78:b0:62:85:ee:
89:99:81:9e:25:67:c1:73:65:54:5b:46:4f:b6:d4:
b3:fb:f4:09:79:61:81:9c:21:f8:d2:fd:4a:05:70:
3a:97:7e:2b:e0:6a:1c:fa:67:e9:ac:19:25:7c:81:
ca:f4:29:ab:03:4c:b0:2c:25:3a:f8:00:d8:08:f8:
57:58:9b:fa:dd:70:45:4b:92:fe:38:85:a6:d4:5f:
23:58:92:53:a9:25:af:5b:fe:b0:9b:ed:1c:a6:7f:
04:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:18:75:3C:50:D6:80:D0:92:59:36:EE:71:92:C6:B7:16:E1:94:28
X509v3 Authority Key Identifier:
keyid:46:AC:AF:E6:13:43:D7:10:DF:60:CD:91:DE:08:90:1F:DB:BA:6F:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rqyv5hND1xDfYM2R3giQH9u6b48.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/b887da-44b9-4be2-866f-d3a85a71b029/1/2xh1PFDWgNCSWTbucZLGtxbhlCg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/b887da-44b9-4be2-866f-d3a85a71b029/1/Rqyv5hND1xDfYM2R3giQH9u6b48.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.20.120.0/22
IPv6:
2a00:47a0::/32
Signature Algorithm: sha256WithRSAEncryption
04:e3:4b:a3:a9:b4:5d:5a:c7:32:23:97:20:f4:7b:06:d5:78:
cb:9b:93:9e:aa:f5:97:36:d5:0a:38:41:8a:1f:86:76:a2:3e:
4d:3a:8a:b7:f0:5c:85:eb:c8:c4:3f:25:ee:75:0d:db:ed:a9:
65:fb:63:e0:16:ec:e7:9a:cd:fe:d0:14:60:34:96:63:58:67:
ca:fd:2d:b7:c8:1e:6b:7a:f6:ad:56:70:80:94:eb:91:f9:3d:
3d:d0:69:35:b8:c7:38:48:75:dc:a2:5c:3e:43:68:bd:36:17:
5c:fa:6e:f8:06:b2:1c:a6:e1:93:51:61:e6:bd:a8:f4:41:26:
61:32:82:ec:c2:0d:26:2f:cc:62:b2:5d:7c:96:10:e3:70:61:
9d:ab:c2:0e:32:36:83:18:e0:4c:60:b0:de:5c:81:02:79:26:
8f:21:92:ec:4c:79:20:80:ce:e1:38:43:68:eb:ef:ce:9b:c2:
54:66:73:8d:26:11:b2:ce:3f:da:b1:cb:d6:63:e9:aa:c3:61:
f0:b0:b0:4f:e4:45:a0:28:b0:46:63:51:78:7e:ce:20:42:2c:
98:b8:8f:02:f7:28:5b:ee:4d:b6:c7:98:4a:45:07:e6:6a:a1:
9b:f7:6c:ef:5b:6b:23:cf:1d:d4:e8:f1:f9:5c:3a:b4:cd:ea:
70:f7:bd:bc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYw7N/+8nVct5CZnzR5905AnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YWNhZmU2MTM0M2Q3MTBkZjYwY2Q5MWRlMDg5MDFmZGJi
YTZmOGYwHhcNMjMxMjA1MTgyMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjE4NzUzYzUwZDY4MGQwOTI1OTM2ZWU3MTkyYzZiNzE2ZTE5NDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOYIRO/JLqc0296gh37+MTQacvWv
vTdEFzJtt8Q5er3M8I1WiFUce8Ws9ekhp8Yu754XbWMJibRMI+FGXCSAjhnlKQ+j
hYvTdjN89ikGppijF0Ebsd6Ci2SQGK8P/xL+DH1zB3rK5hBGrR/a9w7FyN2l6AgF
tU344oT1vwOMvNdNbt7b/KYXXVwAiI/6RhUVaiwLzY6X4TB87Tm6mYNoeLBihe6J
mYGeJWfBc2VUW0ZPttSz+/QJeWGBnCH40v1KBXA6l34r4Goc+mfprBklfIHK9Cmr
A0ywLCU6+ADYCPhXWJv63XBFS5L+OIWm1F8jWJJTqSWvW/6wm+0cpn8E4QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNsYdTxQ1oDQklk27nGSxrcW4ZQoMB8GA1UdIwQY
MBaAFEasr+YTQ9cQ32DNkd4IkB/bum+PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnF5djVoTkQxeERmWU0yUjNnaVFIOXU2YjQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC9iODg3ZGEtNDRiOS00YmUyLTg2NmYt
ZDNhODVhNzFiMDI5LzEvMnhoMVBGRFdnTkNTV1RidWNaTEd0eGJobENnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC9iODg3ZGEtNDRiOS00YmUyLTg2NmYtZDNhODVhNzFiMDI5
LzEvUnF5djVoTkQxeERmWU0yUjNnaVFIOXU2YjQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuRR4MA0E
AgACMAcDBQAqAEegMA0GCSqGSIb3DQEBCwUAA4IBAQAE40ujqbRdWscyI5cg9HsG
1XjLm5OeqvWXNtUKOEGKH4Z2oj5NOoq38FyF68jEPyXudQ3b7all+2PgFuznms3+
0BRgNJZjWGfK/S23yB5revatVnCAlOuR+T090Gk1uMc4SHXcolw+Q2i9Nhdc+m74
BrIcpuGTUWHmvaj0QSZhMoLswg0mL8xisl18lhDjcGGdq8IOMjaDGOBMYLDeXIEC
eSaPIZLsTHkggM7hOENo6+/Om8JUZnONJhGyzj/ascvWY+mqw2HwsLBP5EWgKLBG
Y1F4fs4gQiyYuI8C9yhb7k22x5hKRQfmaqGb92zvW2sjzx3U6PH5XDq0zepw9728
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:58:01 2024 by rpki-client on console-fra.rpki-client.org