Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/IR8Z4gtmUtBuopCWW2e1k-LYAbU.roa
File: IR8Z4gtmUtBuopCWW2e1k-LYAbU.roa (raw, json)
Hash identifier: sEA6n3WlGGs50bxkZVKaID8e3p5Id5tZINn2Ok+sc5I=
Subject key identifier: 21:1F:19:E2:0B:66:52:D0:6E:A2:90:96:5B:67:B5:93:E2:D8:01:B5
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 018D9C234CB6252CB0FE81697A01A1CA6ACA
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/IR8Z4gtmUtBuopCWW2e1k-LYAbU.roa
Signing time: Mon 12 Feb 2024 07:06:15 +0000
ROA not before: Mon 12 Feb 2024 07:06:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39074
IP address blocks: 85.133.128.0/17 maxlen: 24
85.133.128.0/22 maxlen: 22
85.133.128.0/24 maxlen: 24
85.133.129.0/24 maxlen: 24
85.133.130.0/24 maxlen: 24
85.133.131.0/24 maxlen: 24
85.133.133.0/24 maxlen: 24
85.133.134.0/24 maxlen: 24
85.133.135.0/24 maxlen: 24
85.133.136.0/24 maxlen: 24
85.133.138.0/24 maxlen: 24
85.133.139.0/24 maxlen: 24
85.133.140.0/22 maxlen: 22
85.133.140.0/24 maxlen: 24
85.133.141.0/24 maxlen: 24
85.133.142.0/24 maxlen: 24
85.133.144.0/22 maxlen: 22
85.133.144.0/24 maxlen: 24
85.133.145.0/24 maxlen: 24
85.133.147.0/24 maxlen: 24
85.133.148.0/22 maxlen: 22
85.133.148.0/24 maxlen: 24
85.133.149.0/24 maxlen: 24
85.133.150.0/24 maxlen: 24
85.133.152.0/22 maxlen: 22
85.133.152.0/24 maxlen: 24
85.133.154.0/24 maxlen: 24
85.133.155.0/24 maxlen: 24
85.133.157.0/24 maxlen: 24
85.133.158.0/24 maxlen: 24
85.133.159.0/24 maxlen: 24
85.133.164.0/24 maxlen: 24
85.133.165.0/24 maxlen: 24
85.133.168.0/22 maxlen: 24
85.133.172.0/22 maxlen: 24
85.133.172.0/24 maxlen: 24
85.133.176.0/22 maxlen: 24
85.133.180.0/22 maxlen: 24
85.133.184.0/22 maxlen: 24
85.133.188.0/22 maxlen: 22
85.133.189.0/24 maxlen: 24
85.133.192.0/22 maxlen: 22
85.133.196.0/22 maxlen: 22
85.133.196.0/24 maxlen: 24
85.133.197.0/24 maxlen: 24
85.133.200.0/24 maxlen: 24
85.133.201.0/24 maxlen: 24
85.133.202.0/24 maxlen: 24
85.133.203.0/24 maxlen: 24
85.133.204.0/24 maxlen: 24
85.133.205.0/24 maxlen: 24
85.133.206.0/24 maxlen: 24
85.133.207.0/24 maxlen: 24
85.133.209.0/24 maxlen: 24
85.133.210.0/23 maxlen: 24
85.133.211.0/24 maxlen: 24
85.133.212.0/22 maxlen: 22
85.133.212.0/24 maxlen: 24
85.133.213.0/24 maxlen: 24
85.133.217.0/24 maxlen: 24
85.133.218.0/24 maxlen: 24
85.133.220.0/22 maxlen: 22
85.133.220.0/24 maxlen: 24
85.133.223.0/24 maxlen: 24
85.133.224.0/22 maxlen: 22
85.133.224.0/24 maxlen: 24
85.133.225.0/24 maxlen: 24
85.133.226.0/24 maxlen: 24
85.133.227.0/24 maxlen: 24
85.133.228.0/24 maxlen: 24
85.133.229.0/24 maxlen: 24
85.133.230.0/24 maxlen: 24
85.133.231.0/24 maxlen: 24
85.133.232.0/22 maxlen: 22
85.133.232.0/24 maxlen: 24
85.133.235.0/24 maxlen: 24
85.133.239.0/24 maxlen: 24
85.133.240.0/22 maxlen: 22
85.133.240.0/24 maxlen: 24
85.133.243.0/24 maxlen: 24
85.133.244.0/24 maxlen: 24
85.133.245.0/24 maxlen: 24
85.133.246.0/24 maxlen: 24
85.133.247.0/24 maxlen: 24
85.133.248.0/23 maxlen: 24
85.133.249.0/24 maxlen: 24
85.133.251.0/24 maxlen: 24
85.133.252.0/22 maxlen: 22
85.133.254.0/24 maxlen: 24
85.133.255.0/24 maxlen: 24
185.41.0.0/24 maxlen: 24
185.41.1.0/24 maxlen: 24
185.41.2.0/24 maxlen: 24
185.41.3.0/24 maxlen: 24
2a04:87c0::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 12 Feb 2024 14:30:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:9c:23:4c:b6:25:2c:b0:fe:81:69:7a:01:a1:ca:6a:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Feb 12 07:06:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=211f19e20b6652d06ea290965b67b593e2d801b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:f8:36:3c:c3:9e:50:40:04:ae:d3:27:cb:dc:
28:02:70:23:bb:26:20:3f:32:89:a2:35:04:05:6c:
e1:13:82:dc:62:a1:47:ae:53:d4:5f:1b:99:dd:2e:
dd:87:67:5b:1a:07:11:ca:24:ec:fd:01:35:b0:36:
59:95:78:6a:85:2a:82:dd:79:12:3a:68:ec:3f:0a:
8b:53:f6:5d:8d:df:c7:b8:e1:2f:fd:8c:91:64:84:
b7:00:d4:7d:d7:1a:e8:07:46:c5:d9:e9:ff:97:ac:
9d:e8:6c:99:82:f6:7d:87:a6:ef:55:f1:26:1a:31:
20:9c:08:3f:88:17:70:aa:7d:a2:86:07:05:b1:d2:
3f:ad:6f:e4:83:d2:cf:cc:3d:65:39:37:2d:2b:92:
45:b1:5c:b3:4c:6e:fa:07:49:d8:93:51:e6:4a:21:
9b:74:6d:2d:26:ef:16:dd:1a:12:59:7c:fa:e0:28:
6c:ec:87:d0:a0:47:b8:98:16:4b:c1:9f:fe:54:09:
af:5c:70:c7:a2:98:ee:3d:9f:02:30:3d:cf:14:5a:
9f:c3:50:68:fa:c4:7c:98:9b:45:9b:a7:99:bb:54:
f5:28:c4:35:b4:9f:fd:ae:01:39:81:57:4c:96:97:
84:bc:cd:d8:5a:69:9d:f2:63:4f:f9:2b:81:aa:c6:
70:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:1F:19:E2:0B:66:52:D0:6E:A2:90:96:5B:67:B5:93:E2:D8:01:B5
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/IR8Z4gtmUtBuopCWW2e1k-LYAbU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.128.0/17
185.41.0.0/22
IPv6:
2a04:87c0::/29
Signature Algorithm: sha256WithRSAEncryption
56:94:a2:e7:47:62:23:d7:76:cf:bc:b2:64:89:5d:5a:11:af:
93:5e:cc:f8:c3:a9:3c:ea:cf:79:cc:1b:48:89:14:d6:5e:f0:
24:23:e7:81:b8:d0:0e:b5:ae:b7:46:20:94:96:96:ae:7b:a0:
51:8e:03:8d:82:18:29:90:d7:e4:22:a9:36:0e:91:50:4e:c6:
99:64:d1:54:36:ef:a7:ce:aa:9b:bb:70:0f:50:a4:d2:30:09:
92:d3:1d:6c:95:e4:e0:a0:cf:4a:4c:dc:b9:46:7a:f5:d3:14:
3e:8c:e6:b5:f7:02:d3:26:66:48:04:da:ed:c6:04:a6:7f:a4:
43:83:07:3a:a2:73:d5:91:ae:1f:3b:45:ca:8f:fc:e6:a8:6e:
68:5e:5e:89:d8:fc:f0:ec:78:e8:76:2a:5c:72:b7:fa:1c:3b:
5e:73:3e:d1:08:de:44:df:03:72:e8:c1:9e:38:3f:e6:18:a8:
5f:d0:2e:d5:be:b6:84:72:37:ea:76:c4:13:09:37:22:43:49:
80:d7:27:74:7d:b9:56:f3:6c:1e:63:9a:f8:f5:b0:91:ad:54:
a5:95:51:22:14:9c:c4:ff:6f:71:d5:d7:ca:9b:1f:e2:43:46:
5f:6e:df:c1:c2:82:e1:7c:95:a1:80:e2:f0:89:fd:6c:11:44:
80:7a:3d:15
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY2cI0y2JSyw/oFpegGhymrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjQwMjEyMDcwNjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFmMTllMjBiNjY1MmQwNmVhMjkwOTY1YjY3YjU5M2UyZDgwMWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovg2PMOeUEAErtMny9woAnAjuyYg
PzKJojUEBWzhE4LcYqFHrlPUXxuZ3S7dh2dbGgcRyiTs/QE1sDZZlXhqhSqC3XkS
OmjsPwqLU/Zdjd/HuOEv/YyRZIS3ANR91xroB0bF2en/l6yd6GyZgvZ9h6bvVfEm
GjEgnAg/iBdwqn2ihgcFsdI/rW/kg9LPzD1lOTctK5JFsVyzTG76B0nYk1HmSiGb
dG0tJu8W3RoSWXz64Chs7IfQoEe4mBZLwZ/+VAmvXHDHopjuPZ8CMD3PFFqfw1Bo
+sR8mJtFm6eZu1T1KMQ1tJ/9rgE5gVdMlpeEvM3YWmmd8mNP+SuBqsZwpQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCEfGeILZlLQbqKQlltntZPi2AG1MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvSVI4WjRndG1VdEJ1b3BDV1cyZTFrLUxZQWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQHVYWAAwQC
uSkAMA0EAgACMAcDBQMqBIfAMA0GCSqGSIb3DQEBCwUAA4IBAQBWlKLnR2Ij13bP
vLJkiV1aEa+TXsz4w6k86s95zBtIiRTWXvAkI+eBuNAOta63RiCUlpaue6BRjgON
ghgpkNfkIqk2DpFQTsaZZNFUNu+nzqqbu3APUKTSMAmS0x1sleTgoM9KTNy5Rnr1
0xQ+jOa19wLTJmZIBNrtxgSmf6RDgwc6onPVka4fO0XKj/zmqG5oXl6J2Pzw7Hjo
dipccrf6HDtecz7RCN5E3wNy6MGeOD/mGKhf0C7VvraEcjfqdsQTCTciQ0mA1yd0
fblW82weY5r49bCRrVSllVEiFJzE/29x1dfKmx/iQ0Zfbt/BwoLhfJWhgOLwif1s
EUSAej0V
-----END CERTIFICATE-----
Generated at Mon Feb 12 18:07:11 2024 by rpki-client on console-fra.rpki-client.org