Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/7Nw8MPRlvBt1eqVsgO362zmUwJU.roa
File: 7Nw8MPRlvBt1eqVsgO362zmUwJU.roa (raw, json)
Hash identifier: 0Jr8net6KFE44UGOdyuqSMdCwF5qOoYa05KB7u2uv94=
Subject key identifier: EC:DC:3C:30:F4:65:BC:1B:75:7A:A5:6C:80:ED:FA:DB:39:94:C0:95
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 018D0D730F7E0604EF3F20355A65861ACD30
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/7Nw8MPRlvBt1eqVsgO362zmUwJU.roa
Signing time: Mon 15 Jan 2024 14:07:40 +0000
ROA not before: Mon 15 Jan 2024 14:07:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43260
IP address blocks: 193.30.241.0/24 maxlen: 24
85.209.120.0/23 maxlen: 24
193.57.41.0/24 maxlen: 24
45.94.170.0/24 maxlen: 24
45.94.171.0/24 maxlen: 24
195.177.95.0/24 maxlen: 24
45.88.139.0/24 maxlen: 24
146.19.125.0/24 maxlen: 24
45.81.112.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 15 Jan 2024 17:40:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:0d:73:0f:7e:06:04:ef:3f:20:35:5a:65:86:1a:cd:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Jan 15 14:07:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ecdc3c30f465bc1b757aa56c80edfadb3994c095
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:7d:df:a1:fc:96:f0:cb:d0:b3:b8:f4:6e:3c:
d0:2c:2b:cb:89:65:3a:f3:38:c5:e0:f6:83:05:05:
01:1c:2d:58:84:b4:f8:39:5c:11:2a:f3:a7:6e:3a:
73:44:2a:0d:c7:bc:16:07:46:95:06:63:7e:bc:bd:
f0:83:ea:f9:0d:e7:8b:28:f5:56:ae:47:4f:50:2b:
5e:7f:8b:40:91:7c:20:b4:4a:08:62:a5:d2:c1:f2:
74:0d:f9:7f:5e:28:f0:bd:91:8e:2a:0d:28:a1:a7:
bf:d9:80:ce:9f:f0:46:3d:b9:6e:0e:68:aa:e3:75:
54:56:14:96:41:4d:b0:53:42:14:85:4d:11:bc:44:
75:91:ac:9b:6c:9a:de:1f:29:f0:f2:98:0b:aa:88:
24:41:91:61:00:56:70:27:87:b0:51:50:8f:28:bd:
4a:d5:b0:7d:fa:34:6f:0a:1e:81:f1:4b:f7:20:02:
cf:fc:b3:6c:4d:e7:54:31:ea:c5:f7:e9:62:bf:1d:
5b:e3:77:30:4b:9f:19:a2:50:21:bc:4d:5b:d1:71:
c9:db:7d:e2:50:87:6a:e4:d8:87:dd:91:7a:ff:43:
2b:46:84:ab:e1:fe:67:6b:14:88:33:0e:c5:34:2c:
0d:e3:5b:b5:42:50:a9:47:f9:05:91:67:5b:83:01:
c0:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:DC:3C:30:F4:65:BC:1B:75:7A:A5:6C:80:ED:FA:DB:39:94:C0:95
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/7Nw8MPRlvBt1eqVsgO362zmUwJU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.112.0/24
45.88.139.0/24
45.94.170.0/23
85.209.120.0/23
146.19.125.0/24
193.30.241.0/24
193.57.41.0/24
195.177.95.0/24
Signature Algorithm: sha256WithRSAEncryption
5c:61:c0:de:7c:98:5e:62:f4:10:d2:3c:fd:11:ec:3a:64:ae:
76:6a:33:6f:27:23:a6:08:e4:5a:9a:dd:95:93:f9:eb:ad:9d:
e3:49:6a:8c:0e:c5:58:50:14:19:00:8d:e2:0b:38:b9:b1:ad:
dd:64:e8:10:a2:4f:d2:9c:9a:27:09:77:b7:3d:b5:86:e2:02:
0d:90:b1:f1:40:df:89:2d:b8:27:be:9b:da:fa:1d:ea:ce:7f:
4f:21:eb:06:7a:0e:61:0c:ea:ec:5a:03:5f:bd:f3:1c:4c:8b:
9a:e4:05:f4:ac:80:ec:12:fa:0b:12:c3:9f:e4:59:9c:02:f4:
5a:c8:ab:f4:73:3b:22:cb:d5:1b:42:37:bf:44:17:14:e1:2a:
80:63:f7:18:ab:2f:36:44:64:93:e4:0c:5a:8f:af:48:40:06:
01:6f:45:83:83:35:13:3c:5a:6f:c8:ac:de:bb:6b:a2:b6:8f:
08:6f:35:ff:f8:13:8b:c2:2b:0a:9d:e1:b3:96:7b:33:56:dc:
e0:c6:63:cd:01:20:07:50:94:aa:50:61:c2:42:1e:1f:25:e4:
d4:af:47:7d:1e:fa:68:bf:b4:4e:7b:d2:cd:d8:c6:b3:1f:3e:
32:fd:cf:04:dd:80:59:63:32:6b:77:43:1c:46:37:d0:1e:86:
59:1f:23:c5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY0Ncw9+BgTvPyA1WmWGGs0wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTE1MTQwNzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2RjM2MzMGY0NjViYzFiNzU3YWE1NmM4MGVkZmFkYjM5OTRjMDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjn3fofyW8MvQs7j0bjzQLCvLiWU6
8zjF4PaDBQUBHC1YhLT4OVwRKvOnbjpzRCoNx7wWB0aVBmN+vL3wg+r5DeeLKPVW
rkdPUCtef4tAkXwgtEoIYqXSwfJ0Dfl/XijwvZGOKg0ooae/2YDOn/BGPbluDmiq
43VUVhSWQU2wU0IUhU0RvER1kaybbJreHynw8pgLqogkQZFhAFZwJ4ewUVCPKL1K
1bB9+jRvCh6B8Uv3IALP/LNsTedUMerF9+livx1b43cwS58ZolAhvE1b0XHJ233i
UIdq5NiH3ZF6/0MrRoSr4f5naxSIMw7FNCwN41u1QlCpR/kFkWdbgwHAfQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOzcPDD0ZbwbdXqlbIDt+ts5lMCVMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvN053OE1QUmx2QnQxZXFWc2dPMzYyem1Vd0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVFwAwQA
LViLAwQBLV6qAwQBVdF4AwQAkhN9AwQAwR7xAwQAwTkpAwQAw7FfMA0GCSqGSIb3
DQEBCwUAA4IBAQBcYcDefJheYvQQ0jz9Eew6ZK52ajNvJyOmCORamt2Vk/nrrZ3j
SWqMDsVYUBQZAI3iCzi5sa3dZOgQok/SnJonCXe3PbWG4gINkLHxQN+JLbgnvpva
+h3qzn9PIesGeg5hDOrsWgNfvfMcTIua5AX0rIDsEvoLEsOf5FmcAvRayKv0czsi
y9UbQje/RBcU4SqAY/cYqy82RGST5Axaj69IQAYBb0WDgzUTPFpvyKzeu2uito8I
bzX/+BOLwisKneGzlnszVtzgxmPNASAHUJSqUGHCQh4fJeTUr0d9Hvpov7ROe9LN
2MazHz4y/c8E3YBZYzJrd0McRjfQHoZZHyPF
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:17 2024 by rpki-client on console-ams.rpki-client.org