Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/opsw1u-zGXlSRX2Gz06a0NgPHcs.roa
File: opsw1u-zGXlSRX2Gz06a0NgPHcs.roa (raw, json)
Hash identifier: /PzpQLwiNL9VPaMBB/c96IrhEIVZ6oxNODITdJiPkB4=
Subject key identifier: A2:9B:30:D6:EF:B3:19:79:52:45:7D:86:CF:4E:9A:D0:D8:0F:1D:CB
Certificate issuer: /CN=f0cc7a447482e57b0604babb82a52409cde3b36d
Certificate serial: 0190B460B2229E13639938F309244EFCF6CA
Authority key identifier: F0:CC:7A:44:74:82:E5:7B:06:04:BA:BB:82:A5:24:09:CD:E3:B3:6D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/opsw1u-zGXlSRX2Gz06a0NgPHcs.roa
Signing time: Mon 15 Jul 2024 03:12:34 +0000
ROA not before: Mon 15 Jul 2024 03:12:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 396356
IP address blocks: 85.198.36.0/24 maxlen: 24
85.198.41.0/24 maxlen: 24
85.198.46.0/24 maxlen: 24
91.123.9.0/24 maxlen: 24
190.106.176.0/24 maxlen: 24
206.195.143.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 01 Jan 2025 15:48:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:b4:60:b2:22:9e:13:63:99:38:f3:09:24:4e:fc:f6:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f0cc7a447482e57b0604babb82a52409cde3b36d
Validity
Not Before: Jul 15 03:12:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a29b30d6efb3197952457d86cf4e9ad0d80f1dcb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:11:2e:20:35:4a:1a:4f:13:39:93:33:20:64:
7c:04:54:d3:a8:91:02:ac:ed:45:9d:7b:7b:ca:01:
c1:d1:22:d6:57:16:17:1b:96:8a:ff:ce:51:25:b9:
8c:34:3b:98:61:4f:d7:24:55:aa:e0:3d:bb:35:e5:
e2:a0:19:3e:e5:32:42:fd:59:8b:f0:4d:4f:a1:22:
9c:18:67:fc:77:21:28:86:5e:9e:45:8d:7f:52:c3:
e7:24:e7:1d:5e:f7:90:fb:26:bc:82:0b:5e:58:d7:
8f:00:2d:6d:c9:da:d6:dc:31:ad:5a:e8:49:71:3d:
3f:12:66:06:15:73:05:49:27:b1:5e:c3:62:ea:e4:
41:47:f5:7c:7f:fe:26:ae:04:fd:97:a1:2b:57:35:
a0:34:19:2a:f5:84:af:ef:fe:e5:e1:f3:80:4d:dd:
75:34:bb:47:ed:4c:5e:1d:d4:cd:9b:3b:76:ef:83:
69:70:38:c5:10:ba:4e:54:dc:5c:60:d3:5d:be:6d:
17:56:20:b7:f6:11:1d:30:ac:0a:0f:22:2e:d8:28:
52:7f:2b:55:c1:97:17:1f:b5:a4:4e:48:37:6f:26:
7f:21:fc:0e:72:b5:e7:4b:5d:17:1c:f4:64:21:2b:
a3:62:15:c1:b4:03:4e:c5:37:e6:b3:d0:45:7a:7d:
3f:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:9B:30:D6:EF:B3:19:79:52:45:7D:86:CF:4E:9A:D0:D8:0F:1D:CB
X509v3 Authority Key Identifier:
keyid:F0:CC:7A:44:74:82:E5:7B:06:04:BA:BB:82:A5:24:09:CD:E3:B3:6D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Mx6RHSC5XsGBLq7gqUkCc3js20.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/opsw1u-zGXlSRX2Gz06a0NgPHcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/0e58dc-7c90-49d7-8855-fa32d2d52968/1/8Mx6RHSC5XsGBLq7gqUkCc3js20.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.198.36.0/24
85.198.41.0/24
85.198.46.0/24
91.123.9.0/24
190.106.176.0/24
206.195.143.0/24
Signature Algorithm: sha256WithRSAEncryption
7e:88:fb:fe:47:2f:ac:36:d9:1f:8f:86:f8:dc:42:75:a6:9b:
8b:d1:05:b2:43:44:bb:83:a4:08:de:d2:61:f9:b6:d2:76:52:
f9:31:f7:f4:fe:1c:99:5e:ae:e8:b9:c4:13:e3:f0:40:d8:80:
a6:17:27:54:c9:ac:ee:91:49:35:c9:d8:c7:ff:3a:b3:ff:17:
96:d4:4e:9b:3f:aa:c9:db:aa:ad:9f:04:a7:6a:5f:f7:d7:1d:
87:f0:6f:14:3c:18:3b:23:af:e0:de:ed:11:70:6c:d2:9d:6a:
29:28:5d:d8:df:b6:87:21:8c:93:b6:b1:b8:05:e0:d9:95:4b:
47:e0:31:66:6a:60:7b:37:2e:51:a4:f5:4e:c8:7e:b9:50:63:
0c:a9:1b:73:b1:a2:d2:fd:4b:7b:a9:aa:2b:18:c0:6b:4d:77:
cc:9c:ed:74:2f:9e:aa:f3:ae:93:f3:62:9d:7a:7f:58:4a:ca:
02:ff:40:94:57:f4:f4:1d:4e:1d:79:19:a1:ab:78:23:47:63:
0f:a7:e8:ff:25:16:52:ba:fe:2d:d3:e5:9a:78:e2:64:25:a6:
b3:7c:6f:20:96:16:b8:62:9c:86:61:7c:0f:ee:e7:3c:4c:7b:
30:da:cf:d8:6e:63:9d:e0:ea:7e:38:a8:3a:03:d6:af:57:ba:
d2:ae:ed:45
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZC0YLIinhNjmTjzCSRO/PbKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwY2M3YTQ0NzQ4MmU1N2IwNjA0YmFiYjgyYTUyNDA5Y2Rl
M2IzNmQwHhcNMjQwNzE1MDMxMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjliMzBkNmVmYjMxOTc5NTI0NTdkODZjZjRlOWFkMGQ4MGYxZGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBEuIDVKGk8TOZMzIGR8BFTTqJEC
rO1FnXt7ygHB0SLWVxYXG5aK/85RJbmMNDuYYU/XJFWq4D27NeXioBk+5TJC/VmL
8E1PoSKcGGf8dyEohl6eRY1/UsPnJOcdXveQ+ya8ggteWNePAC1tydrW3DGtWuhJ
cT0/EmYGFXMFSSexXsNi6uRBR/V8f/4mrgT9l6ErVzWgNBkq9YSv7/7l4fOATd11
NLtH7UxeHdTNmzt274NpcDjFELpOVNxcYNNdvm0XViC39hEdMKwKDyIu2ChSfytV
wZcXH7WkTkg3byZ/IfwOcrXnS10XHPRkISujYhXBtANOxTfms9BFen0/BwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKKbMNbvsxl5UkV9hs9OmtDYDx3LMB8GA1UdIwQY
MBaAFPDMekR0guV7BgS6u4KlJAnN47NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOE14NlJIU0M1WHNHQkxxN2dxVWtDYzNqczIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8wZTU4ZGMtN2M5MC00OWQ3LTg4NTUt
ZmEzMmQyZDUyOTY4LzEvb3BzdzF1LXpHWGxTUlgyR3owNmEwTmdQSGNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8wZTU4ZGMtN2M5MC00OWQ3LTg4NTUtZmEzMmQyZDUyOTY4
LzEvOE14NlJIU0M1WHNHQkxxN2dxVWtDYzNqczIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVcYkAwQA
VcYpAwQAVcYuAwQAW3sJAwQAvmqwAwQAzsOPMA0GCSqGSIb3DQEBCwUAA4IBAQB+
iPv+Ry+sNtkfj4b43EJ1ppuL0QWyQ0S7g6QI3tJh+bbSdlL5Mff0/hyZXq7oucQT
4/BA2ICmFydUyazukUk1ydjH/zqz/xeW1E6bP6rJ26qtnwSnal/31x2H8G8UPBg7
I6/g3u0RcGzSnWopKF3Y37aHIYyTtrG4BeDZlUtH4DFmamB7Ny5RpPVOyH65UGMM
qRtzsaLS/Ut7qaorGMBrTXfMnO10L56q866T82Kden9YSsoC/0CUV/T0HU4deRmh
q3gjR2MPp+j/JRZSuv4t0+WaeOJkJaazfG8glha4YpyGYXwP7uc8THsw2s/YbmOd
4Op+OKg6A9avV7rSru1F
-----END CERTIFICATE-----
Generated at Sun Feb 16 15:38:30 2025 by rpki-client