Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/NAZghymQIJJB-a1xCf_IEJrlXeY.roa
File: NAZghymQIJJB-a1xCf_IEJrlXeY.roa (raw, json)
Hash identifier: QgzZg1tNaN1A/u7AOXbllgP+GXAwR2DHEp21WX30grc=
Subject key identifier: 34:06:60:87:29:90:20:92:41:F9:AD:71:09:FF:C8:10:9A:E5:5D:E6
Certificate issuer: /CN=27b8dbd97de4cd4059b52e513dcf35cd381a32b3
Certificate serial: 01856DC1AE926030B675F94B48264BC683C9
Authority key identifier: 27:B8:DB:D9:7D:E4:CD:40:59:B5:2E:51:3D:CF:35:CD:38:1A:32:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J7jb2X3kzUBZtS5RPc81zTgaMrM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/NAZghymQIJJB-a1xCf_IEJrlXeY.roa
Signing time: Sun 01 Jan 2023 14:34:47 +0000
ROA not before: Sun 01 Jan 2023 14:34:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205862
IP address blocks: 185.204.43.0/24 maxlen: 24
185.204.40.0/24 maxlen: 24
185.204.42.0/24 maxlen: 24
185.204.41.0/24 maxlen: 24
2a0d:b00:2901::/48 maxlen: 48
2a0d:b00:3501::/48 maxlen: 48
2a0d:b00:9201::/48 maxlen: 48
2a0d:b00:3502::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 02 Jan 2024 10:34:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:ae:92:60:30:b6:75:f9:4b:48:26:4b:c6:83:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27b8dbd97de4cd4059b52e513dcf35cd381a32b3
Validity
Not Before: Jan 1 14:34:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=340660872990209241f9ad7109ffc8109ae55de6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:83:e0:4d:d5:e3:02:f2:5b:5b:b7:9a:ac:6c:
a4:d4:6d:f2:e8:2d:bb:60:7b:d6:f5:94:88:e1:7b:
18:8f:81:5e:3f:a6:b4:f6:fd:0a:87:e5:93:8b:b1:
b6:58:bd:e0:bd:85:cb:e7:11:c3:cf:dc:58:73:5e:
67:59:f7:8b:bf:68:90:af:ef:8d:a8:b8:1e:aa:79:
a1:9a:3e:b4:6b:db:9f:c2:36:52:31:98:6a:9c:0d:
72:f4:65:35:80:dc:29:dc:7e:a2:25:40:e9:ec:ae:
3d:de:b4:28:e4:69:9f:6d:25:f4:d6:5d:93:40:dc:
71:6c:70:87:c1:48:44:59:ef:cb:35:fb:4b:71:f3:
f8:9d:11:db:a5:ec:7f:2d:6f:06:63:92:3b:2a:57:
f5:14:fd:01:56:4d:65:6b:1a:ce:be:e8:69:a3:93:
46:0d:16:3c:7a:57:d5:8e:c6:11:a9:d0:5d:5e:0a:
4b:a4:a7:a6:a4:94:5c:89:a7:03:d5:98:6a:ea:b8:
f7:fa:0f:42:ec:ce:7d:f0:20:e9:b9:c9:c2:3e:39:
b7:d7:fd:a5:66:df:50:f2:66:2c:c5:a8:53:e3:d2:
5b:ba:58:47:c9:e7:77:74:1c:2b:ac:65:40:5e:13:
f4:c2:1c:4c:d8:d9:54:58:43:a6:fa:79:c8:4d:5f:
ec:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:06:60:87:29:90:20:92:41:F9:AD:71:09:FF:C8:10:9A:E5:5D:E6
X509v3 Authority Key Identifier:
keyid:27:B8:DB:D9:7D:E4:CD:40:59:B5:2E:51:3D:CF:35:CD:38:1A:32:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J7jb2X3kzUBZtS5RPc81zTgaMrM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/NAZghymQIJJB-a1xCf_IEJrlXeY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/85928f-5f19-41d9-8238-5c54cdad19f1/1/J7jb2X3kzUBZtS5RPc81zTgaMrM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.204.40.0/22
IPv6:
2a0d:b00:2901::/48
2a0d:b00:3501::-2a0d:b00:3502:ffff:ffff:ffff:ffff:ffff
2a0d:b00:9201::/48
Signature Algorithm: sha256WithRSAEncryption
a2:52:e9:38:dc:c4:44:b6:df:a4:99:0f:f1:28:09:ca:a0:62:
2f:7e:0d:de:00:47:6f:44:6b:6e:67:99:e4:55:3e:d7:74:90:
56:2e:56:46:a9:fd:d8:a8:f4:2a:93:69:2f:22:82:fc:0c:b2:
8e:94:0a:15:c0:3e:da:b3:de:2c:c8:7b:6b:14:40:5e:16:3f:
c0:02:8a:cd:ee:f2:c6:72:5e:1a:41:19:6e:f5:ca:c8:ad:56:
93:6d:68:2e:8d:74:c1:39:aa:77:9f:74:5f:a8:b7:f0:f8:15:
ab:f5:9d:cc:41:c9:ac:90:ee:7b:a5:0e:3e:0a:7a:82:53:38:
91:f0:ab:a1:17:2e:ce:a5:50:dd:60:0e:55:d7:b5:3f:8f:99:
6e:9c:8c:73:b0:58:8f:15:f0:6e:0d:12:d1:60:be:0f:40:12:
c9:17:58:b4:fb:e9:5d:3f:50:13:0d:98:b5:92:2a:e9:0d:ad:
77:a0:24:0e:6d:82:04:0f:67:28:ef:1b:d4:9c:2d:8e:a5:8c:
17:9a:9a:04:49:4c:21:9e:4b:74:e7:3b:d4:cb:21:ad:34:6d:
a0:09:a7:d9:31:f4:e8:cc:a6:a2:2a:19:7d:7f:41:49:e1:b5:
04:fc:34:77:ee:21:13:1f:55:e6:b4:c7:96:cb:d7:7f:15:10:
8b:51:17:f8
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYVtwa6SYDC2dflLSCZLxoPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YjhkYmQ5N2RlNGNkNDA1OWI1MmU1MTNkY2YzNWNkMzgx
YTMyYjMwHhcNMjMwMTAxMTQzNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA2NjA4NzI5OTAyMDkyNDFmOWFkNzEwOWZmYzgxMDlhZTU1ZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioPgTdXjAvJbW7earGyk1G3y6C27
YHvW9ZSI4XsYj4FeP6a09v0Kh+WTi7G2WL3gvYXL5xHDz9xYc15nWfeLv2iQr++N
qLgeqnmhmj60a9ufwjZSMZhqnA1y9GU1gNwp3H6iJUDp7K493rQo5GmfbSX01l2T
QNxxbHCHwUhEWe/LNftLcfP4nRHbpex/LW8GY5I7Klf1FP0BVk1laxrOvuhpo5NG
DRY8elfVjsYRqdBdXgpLpKempJRciacD1Zhq6rj3+g9C7M598CDpucnCPjm31/2l
Zt9Q8mYsxahT49JbulhHyed3dBwrrGVAXhP0whxM2NlUWEOm+nnITV/sWQIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFDQGYIcpkCCSQfmtcQn/yBCa5V3mMB8GA1UdIwQY
MBaAFCe429l95M1AWbUuUT3PNc04GjKzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjdqYjJYM2t6VUJadFM1UlBjODF6VGdhTXJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy84NTkyOGYtNWYxOS00MWQ5LTgyMzgt
NWM1NGNkYWQxOWYxLzEvTkFaZ2h5bVFJSkpCLWExeENmX0lFSnJsWGVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy84NTkyOGYtNWYxOS00MWQ5LTgyMzgtNWM1NGNkYWQxOWYx
LzEvSjdqYjJYM2t6VUJadFM1UlBjODF6VGdhTXJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDAMBAIAATAGAwQCucwoMCwE
AgACMCYDBwAqDQsAKQEwEgMHACoNCwA1AQMHACoNCwA1AgMHACoNCwCSATANBgkq
hkiG9w0BAQsFAAOCAQEAolLpONzERLbfpJkP8SgJyqBiL34N3gBHb0RrbmeZ5FU+
13SQVi5WRqn92Kj0KpNpLyKC/AyyjpQKFcA+2rPeLMh7axRAXhY/wAKKze7yxnJe
GkEZbvXKyK1Wk21oLo10wTmqd590X6i38PgVq/WdzEHJrJDue6UOPgp6glM4kfCr
oRcuzqVQ3WAOVde1P4+ZbpyMc7BYjxXwbg0S0WC+D0ASyRdYtPvpXT9QEw2YtZIq
6Q2td6AkDm2CBA9nKO8b1JwtjqWMF5qaBElMIZ5LdOc71MshrTRtoAmn2TH06Mym
oioZfX9BSeG1BPw0d+4hEx9V5rTHlsvXfxUQi1EX+A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:51:08 2024 by rpki-client on console-ams.rpki-client.org