Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/GsTUpyuLZqa0Sdw1QXUOHOJFyKM.roa
File: GsTUpyuLZqa0Sdw1QXUOHOJFyKM.roa (raw, json)
Hash identifier: pB9hOiAFQd/dI/1YAB/ppEgMz843s17iGfMm7+WOYrU=
Subject key identifier: 1A:C4:D4:A7:2B:8B:66:A6:B4:49:DC:35:41:75:0E:1C:E2:45:C8:A3
Certificate issuer: /CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Certificate serial: 0194F54AB9E1D95E93377A07A9AC7B154C84
Authority key identifier: A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/GsTUpyuLZqa0Sdw1QXUOHOJFyKM.roa
Signing time: Tue 11 Feb 2025 13:55:02 +0000
ROA not before: Tue 11 Feb 2025 13:55:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 210099
IP address blocks: 85.117.236.0/24 maxlen: 24
85.117.237.0/24 maxlen: 24
185.17.113.0/24 maxlen: 24
185.73.200.0/22 maxlen: 22
185.73.200.0/24 maxlen: 24
185.73.201.0/24 maxlen: 24
185.73.202.0/24 maxlen: 24
185.165.77.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 12 Feb 2025 11:21:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:f5:4a:b9:e1:d9:5e:93:37:7a:07:a9:ac:7b:15:4c:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a76dd9dad75877f7d28d14e08dc55b1330bd13b7
Validity
Not Before: Feb 11 13:55:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1ac4d4a72b8b66a6b449dc3541750e1ce245c8a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f7:37:8f:99:d3:2f:da:0e:27:9a:90:ed:25:
18:27:e6:a5:fe:e9:ea:4d:11:85:76:5b:a9:12:df:
c3:08:ef:12:a5:ed:fb:31:d6:80:e4:5c:51:80:9b:
4c:59:d6:60:42:e6:f8:d0:01:54:19:6a:40:84:59:
44:ec:04:52:95:1b:22:82:58:27:14:35:10:16:b1:
cb:f3:0a:fd:56:b2:41:79:28:5e:60:86:44:aa:1c:
e6:0d:47:14:e2:43:5d:b2:0e:51:b0:a0:23:1f:09:
4b:3e:3f:8f:57:fb:96:70:47:91:96:b6:ed:bb:c0:
ef:36:9f:86:9b:a4:33:bc:58:cb:16:66:e7:79:92:
0b:72:7c:d9:01:f5:ef:cf:1e:6e:77:60:07:4f:45:
35:65:50:f3:62:4e:1f:71:14:0a:14:3e:92:77:73:
e4:bd:26:ec:92:2c:d0:8c:74:f1:ab:fe:ff:f6:86:
e7:73:36:e0:42:07:60:65:88:27:d8:94:b4:e4:bb:
d2:03:ed:41:06:89:77:73:0c:56:54:86:47:d9:98:
cf:cb:2d:73:fe:67:f9:b7:6f:79:be:7d:0e:a2:c1:
19:0d:e2:79:73:a9:5f:fa:08:06:d2:c5:f3:82:0f:
5d:1f:5d:7f:83:05:53:38:d8:42:3a:89:d5:6a:5e:
f6:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:C4:D4:A7:2B:8B:66:A6:B4:49:DC:35:41:75:0E:1C:E2:45:C8:A3
X509v3 Authority Key Identifier:
keyid:A7:6D:D9:DA:D7:58:77:F7:D2:8D:14:E0:8D:C5:5B:13:30:BD:13:B7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p23Z2tdYd_fSjRTgjcVbEzC9E7c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/GsTUpyuLZqa0Sdw1QXUOHOJFyKM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d00889-e5ca-4090-a6a4-2ac6ff75beb0/1/p23Z2tdYd_fSjRTgjcVbEzC9E7c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.117.236.0/23
185.17.113.0/24
185.73.200.0/22
185.165.77.0/24
Signature Algorithm: sha256WithRSAEncryption
cd:6a:de:1d:50:0f:c3:80:8e:64:17:34:24:ca:57:ff:49:f9:
ac:20:e9:f8:90:a3:86:2d:65:c8:5e:ea:36:9f:72:58:9f:f8:
5e:12:a4:5d:e7:42:ec:a3:2a:00:9b:00:87:b3:5e:cb:a2:54:
c5:ab:4c:34:a5:19:6a:44:e7:48:dd:03:7a:fd:54:87:3d:6e:
13:f9:da:32:cd:a0:bb:0e:be:ca:78:29:e9:92:be:28:10:b9:
20:ca:32:cd:54:8f:20:2a:62:63:c8:43:ec:91:c2:4f:5b:2d:
be:ed:bb:3c:81:ff:78:04:bc:0e:b4:01:12:f5:07:a9:49:94:
48:61:ac:d7:19:32:9b:96:63:7d:ef:60:8b:e1:2b:e3:0e:96:
cd:c0:fa:cb:31:2e:34:c3:90:23:02:02:bf:e7:82:47:4a:3f:
76:95:c9:10:bd:88:e0:00:e2:ad:2b:65:f2:84:0b:08:d8:5b:
7b:3c:5c:c1:f5:0e:6c:11:78:21:5f:42:b8:a0:f2:0d:6d:04:
10:bf:11:ce:6c:86:73:cc:8c:c4:4c:df:78:17:13:93:e6:32:
ba:c1:60:9c:fa:28:45:24:9a:f1:80:c6:b8:45:d1:b6:f5:6e:
4f:f0:a2:b9:e1:13:ec:db:0d:98:c2:f2:e5:5a:b3:85:a9:79:
fe:c5:82:d6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZT1Srnh2V6TN3oHqax7FUyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3NmRkOWRhZDc1ODc3ZjdkMjhkMTRlMDhkYzU1YjEzMzBi
ZDEzYjcwHhcNMjUwMjExMTM1NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWM0ZDRhNzJiOGI2NmE2YjQ0OWRjMzU0MTc1MGUxY2UyNDVjOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/c3j5nTL9oOJ5qQ7SUYJ+al/unq
TRGFdlupEt/DCO8Spe37MdaA5FxRgJtMWdZgQub40AFUGWpAhFlE7ARSlRsiglgn
FDUQFrHL8wr9VrJBeSheYIZEqhzmDUcU4kNdsg5RsKAjHwlLPj+PV/uWcEeRlrbt
u8DvNp+Gm6QzvFjLFmbneZILcnzZAfXvzx5ud2AHT0U1ZVDzYk4fcRQKFD6Sd3Pk
vSbskizQjHTxq/7/9obnczbgQgdgZYgn2JS05LvSA+1BBol3cwxWVIZH2ZjPyy1z
/mf5t295vn0OosEZDeJ5c6lf+ggG0sXzgg9dH11/gwVTONhCOonVal72WwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBrE1Kcri2amtEncNUF1DhziRcijMB8GA1UdIwQY
MBaAFKdt2drXWHf30o0U4I3FWxMwvRO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQt
MmFjNmZmNzViZWIwLzEvR3NUVXB5dUxacWEwU2R3MVFYVU9IT0pGeUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kMDA4ODktZTVjYS00MDkwLWE2YTQtMmFjNmZmNzViZWIw
LzEvcDIzWjJ0ZFlkX2ZTalJUZ2pjVmJFekM5RTdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBVXXsAwQA
uRFxAwQCuUnIAwQAuaVNMA0GCSqGSIb3DQEBCwUAA4IBAQDNat4dUA/DgI5kFzQk
ylf/SfmsIOn4kKOGLWXIXuo2n3JYn/heEqRd50LsoyoAmwCHs17LolTFq0w0pRlq
ROdI3QN6/VSHPW4T+doyzaC7Dr7KeCnpkr4oELkgyjLNVI8gKmJjyEPskcJPWy2+
7bs8gf94BLwOtAES9QepSZRIYazXGTKblmN972CL4SvjDpbNwPrLMS40w5AjAgK/
54JHSj92lckQvYjgAOKtK2XyhAsI2Ft7PFzB9Q5sEXghX0K4oPINbQQQvxHObIZz
zIzETN94FxOT5jK6wWCc+ihFJJrxgMa4RdG29W5P8KK54RPs2w2YwvLlWrOFqXn+
xYLW
-----END CERTIFICATE-----
Generated at Tue May 6 15:52:30 2025 by rpki-client