Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/9680c7-57d7-49c6-8b63-40153c5d0a47/1/NxA1OEMwVyKwjXxchTSqsLNPnaE.roa
File: NxA1OEMwVyKwjXxchTSqsLNPnaE.roa (raw, json)
Hash identifier: CjpuKWkwHytTj0fuQRS47ob7gPaAqmYJWeHNp4BKGgs=
Subject key identifier: 37:10:35:38:43:30:57:22:B0:8D:7C:5C:85:34:AA:B0:B3:4F:9D:A1
Certificate issuer: /CN=ff8208b129c53e87c3f0d0ed1bca85730140f390
Certificate serial: 018CC6BBB00B2783C5F2272ABEE5B67C22AD
Authority key identifier: FF:82:08:B1:29:C5:3E:87:C3:F0:D0:ED:1B:CA:85:73:01:40:F3:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_4IIsSnFPofD8NDtG8qFcwFA85A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/9680c7-57d7-49c6-8b63-40153c5d0a47/1/NxA1OEMwVyKwjXxchTSqsLNPnaE.roa
Signing time: Mon 01 Jan 2024 20:33:58 +0000
ROA not before: Mon 01 Jan 2024 20:33:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211309
IP address blocks: 46.227.152.0/21 maxlen: 21
185.190.36.0/24 maxlen: 24
185.176.245.0/24 maxlen: 24
185.176.244.0/23 maxlen: 23
185.176.244.0/24 maxlen: 24
2a0a:2780::/31 maxlen: 31
2a0a:2781::/32 maxlen: 32
2a0a:2780::/32 maxlen: 32
2a10:d640::/29 maxlen: 29
Validation: Failed, certificate revoked on Thu 01 Feb 2024 10:16:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:bb:b0:0b:27:83:c5:f2:27:2a:be:e5:b6:7c:22:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ff8208b129c53e87c3f0d0ed1bca85730140f390
Validity
Not Before: Jan 1 20:33:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3710353843305722b08d7c5c8534aab0b34f9da1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:d5:36:a7:dd:aa:4c:6c:5b:0b:b6:98:5d:1d:
90:11:cf:20:b0:bf:6f:4f:c8:ec:2d:59:f5:89:f8:
8b:b4:28:d2:0e:c3:3c:a7:bb:84:55:4f:45:8f:d4:
b6:80:f5:8e:c2:6a:e5:30:61:a6:09:3c:26:8f:49:
a0:33:d7:05:f1:8b:da:f1:4e:0a:ac:97:1e:93:87:
45:b1:29:f0:40:73:b1:be:ea:13:8c:ff:17:9f:4d:
c4:21:95:eb:04:d3:0a:c4:14:76:f8:5d:55:cf:8c:
5d:be:18:05:fe:24:01:12:1f:71:95:96:d9:8b:39:
57:a1:25:2a:a8:86:f5:33:a7:bd:bd:0d:2b:20:e7:
3f:91:9e:19:3e:c3:ce:17:2d:06:1b:83:b4:7b:42:
1f:d9:62:af:13:e3:53:d0:fe:da:9c:43:5e:bb:30:
70:10:c6:59:7d:5f:22:88:02:e6:68:13:f8:fa:f4:
f5:6e:74:d8:6d:05:03:34:ad:7d:60:9e:e1:ac:a7:
2a:3b:e2:f3:75:c0:3a:fc:04:d7:11:90:73:26:a3:
c1:b7:39:f9:03:3b:0e:d8:25:cc:82:38:cd:50:98:
c5:64:70:9e:61:2b:12:16:2d:cd:dd:25:89:81:06:
9c:91:15:26:a5:fe:a3:ba:fb:b1:f6:7b:80:e7:39:
51:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:10:35:38:43:30:57:22:B0:8D:7C:5C:85:34:AA:B0:B3:4F:9D:A1
X509v3 Authority Key Identifier:
keyid:FF:82:08:B1:29:C5:3E:87:C3:F0:D0:ED:1B:CA:85:73:01:40:F3:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IIsSnFPofD8NDtG8qFcwFA85A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/9680c7-57d7-49c6-8b63-40153c5d0a47/1/NxA1OEMwVyKwjXxchTSqsLNPnaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/9680c7-57d7-49c6-8b63-40153c5d0a47/1/_4IIsSnFPofD8NDtG8qFcwFA85A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.227.152.0/21
185.176.244.0/23
185.190.36.0/24
IPv6:
2a0a:2780::/31
2a10:d640::/29
Signature Algorithm: sha256WithRSAEncryption
90:5f:81:da:d0:ce:4c:7b:dd:b5:9b:86:dc:c2:7d:d6:3f:cf:
9d:91:76:f2:e7:06:30:e0:72:8a:86:68:95:64:bb:c5:7d:ae:
77:c9:b4:59:31:a3:06:ca:07:6d:99:18:79:25:c4:a0:54:0d:
62:b4:fa:8a:87:34:bb:44:b7:ed:95:b5:5e:84:a7:57:9c:a1:
1a:3e:f9:aa:b4:21:68:5b:d2:27:af:0c:ab:1c:b5:f0:94:4e:
e1:2f:1c:f3:ef:07:16:f6:94:9d:99:0a:0e:ef:97:4d:97:4e:
9b:cc:51:20:63:0c:ae:c9:7d:67:cb:0d:ab:6d:4b:e3:bb:2e:
dd:b0:63:28:ce:b1:04:a6:4b:e7:1d:1b:f9:c5:ca:f1:27:1e:
cf:5b:0c:c3:0a:57:15:19:35:6b:f1:1f:24:74:53:f9:e6:a1:
85:7a:dd:93:59:5d:66:f3:cc:b7:e8:50:32:78:62:30:6c:3b:
bb:c3:d6:04:ff:b4:33:ff:6a:4d:cc:a9:cb:43:cd:9f:3b:f7:
62:d8:d3:2e:dc:3d:c0:2f:5e:5e:ea:bb:21:70:f7:43:61:40:
43:9a:5a:e3:62:94:48:af:b0:cd:c8:5c:0b:f9:a6:51:f4:69:
51:5f:61:e2:7a:83:c8:28:7f:1a:3b:40:a4:b0:41:ee:a1:a7:
f8:33:e2:ee
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzGu7ALJ4PF8icqvuW2fCKtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIwOGIxMjljNTNlODdjM2YwZDBlZDFiY2E4NTczMDE0
MGYzOTAwHhcNMjQwMTAxMjAzMzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzEwMzUzODQzMzA1NzIyYjA4ZDdjNWM4NTM0YWFiMGIzNGY5ZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29U2p92qTGxbC7aYXR2QEc8gsL9v
T8jsLVn1ifiLtCjSDsM8p7uEVU9Fj9S2gPWOwmrlMGGmCTwmj0mgM9cF8Yva8U4K
rJcek4dFsSnwQHOxvuoTjP8Xn03EIZXrBNMKxBR2+F1Vz4xdvhgF/iQBEh9xlZbZ
izlXoSUqqIb1M6e9vQ0rIOc/kZ4ZPsPOFy0GG4O0e0If2WKvE+NT0P7anENeuzBw
EMZZfV8iiALmaBP4+vT1bnTYbQUDNK19YJ7hrKcqO+LzdcA6/ATXEZBzJqPBtzn5
AzsO2CXMgjjNUJjFZHCeYSsSFi3N3SWJgQackRUmpf6juvux9nuA5zlRFQIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFDcQNThDMFcisI18XIU0qrCzT52hMB8GA1UdIwQY
MBaAFP+CCLEpxT6Hw/DQ7RvKhXMBQPOQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJSXNTbkZQb2ZEOE5EdEc4cUZjd0ZBODVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS85NjgwYzctNTdkNy00OWM2LThiNjMt
NDAxNTNjNWQwYTQ3LzEvTnhBMU9FTXdWeUt3alh4Y2hUU3FzTE5QbmFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS85NjgwYzctNTdkNy00OWM2LThiNjMtNDAxNTNjNWQwYTQ3
LzEvXzRJSXNTbkZQb2ZEOE5EdEc4cUZjd0ZBODVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQDLuOYAwQB
ubD0AwQAub4kMBQEAgACMA4DBQEqCieAAwUDKhDWQDANBgkqhkiG9w0BAQsFAAOC
AQEAkF+B2tDOTHvdtZuG3MJ91j/PnZF28ucGMOByioZolWS7xX2ud8m0WTGjBsoH
bZkYeSXEoFQNYrT6ioc0u0S37ZW1XoSnV5yhGj75qrQhaFvSJ68Mqxy18JRO4S8c
8+8HFvaUnZkKDu+XTZdOm8xRIGMMrsl9Z8sNq21L47su3bBjKM6xBKZL5x0b+cXK
8Scez1sMwwpXFRk1a/EfJHRT+eahhXrdk1ldZvPMt+hQMnhiMGw7u8PWBP+0M/9q
Tcypy0PNnzv3YtjTLtw9wC9eXuq7IXD3Q2FAQ5pa42KUSK+wzchcC/mmUfRpUV9h
4nqDyCh/GjtApLBB7qGn+DPi7g==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:46:56 2025 by rpki-client