Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/_gzI9vAJnK-pW7BsCx3VuEeQFR0.roa
File: _gzI9vAJnK-pW7BsCx3VuEeQFR0.roa (raw, json)
Hash identifier: s0Q4zBBG2l/2IkS3fJ+CYbf8EA9q6xFhysLcvQ2YbHo=
Subject key identifier: FE:0C:C8:F6:F0:09:9C:AF:A9:5B:B0:6C:0B:1D:D5:B8:47:90:15:1D
Certificate issuer: /CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Certificate serial: 0187315A87EBF7F4EC9F2E5F9AF0C4D4F46A
Authority key identifier: CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/_gzI9vAJnK-pW7BsCx3VuEeQFR0.roa
Signing time: Thu 30 Mar 2023 07:10:29 +0000
ROA not before: Thu 30 Mar 2023 07:10:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 45033
IP address blocks: 185.138.196.0/24 maxlen: 24
185.138.197.0/24 maxlen: 24
185.138.198.0/24 maxlen: 24
185.138.199.0/24 maxlen: 24
185.43.131.0/24 maxlen: 24
185.43.128.0/24 maxlen: 24
185.43.130.0/24 maxlen: 24
2a07:f80::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 01 Jan 2024 16:29:33 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:31:5a:87:eb:f7:f4:ec:9f:2e:5f:9a:f0:c4:d4:f4:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Validity
Not Before: Mar 30 07:10:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fe0cc8f6f0099cafa95bb06c0b1dd5b84790151d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:81:6d:ff:79:d7:a0:23:df:3c:4b:e7:9e:55:
ba:10:f8:05:35:5d:da:0f:26:f7:7e:1b:58:35:72:
1f:da:de:41:3d:2a:19:5c:1a:51:43:3c:28:2d:e2:
de:23:fe:15:69:20:13:97:82:42:e7:9c:0e:f3:8d:
b5:1e:eb:76:f7:61:d2:4a:8c:e8:40:6a:21:7e:0e:
83:f1:16:8f:cd:f5:38:09:ab:93:99:4e:7d:20:24:
48:00:a8:cd:48:59:72:70:2a:cd:2a:74:cd:f9:ee:
2e:d1:e0:3f:b1:1c:69:42:a2:c9:99:79:33:52:4c:
f6:22:6d:8b:58:42:5e:0d:92:a8:3b:7a:2f:f5:b9:
05:18:27:5e:69:08:ef:48:ee:76:46:9a:ba:bf:71:
f2:f3:f0:f8:77:b0:cc:b9:2a:49:f7:ea:42:6f:a2:
7c:8a:6d:43:85:20:aa:77:78:c7:cf:3b:06:19:99:
0a:b0:8f:fb:4a:6a:16:40:40:85:48:8b:fa:9e:8d:
8d:67:14:ed:09:33:c6:ae:47:15:f8:95:1f:30:57:
5b:82:df:ab:67:2c:1c:b1:37:09:58:75:87:f6:38:
4d:8f:ff:20:16:cd:25:e0:0a:e5:8d:e4:8d:c1:e3:
51:a8:d9:5c:85:37:0d:15:0a:69:18:d0:67:b8:26:
4d:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FE:0C:C8:F6:F0:09:9C:AF:A9:5B:B0:6C:0B:1D:D5:B8:47:90:15:1D
X509v3 Authority Key Identifier:
keyid:CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/_gzI9vAJnK-pW7BsCx3VuEeQFR0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.43.128.0/24
185.43.130.0/23
185.138.196.0/22
IPv6:
2a07:f80::/29
Signature Algorithm: sha256WithRSAEncryption
70:16:5e:98:aa:ae:35:c5:94:2d:d9:e1:a5:32:e5:83:f3:2f:
23:ca:02:b4:2e:70:10:1f:47:12:41:5b:0e:5f:7a:81:1d:0d:
72:01:af:96:9f:f7:e2:6c:13:65:ba:17:4d:f3:35:4b:03:5c:
0a:e6:c0:d0:bd:c8:d0:73:b9:82:97:29:db:c7:ca:cc:20:35:
d7:67:3e:75:78:f7:1d:a3:5f:c7:ee:4a:c0:3a:40:8f:71:0e:
e0:88:ec:d8:5e:21:af:a0:aa:bc:58:42:bd:41:15:e3:d4:08:
c1:0f:a3:ad:90:32:dc:2d:96:4e:eb:22:57:62:c7:86:63:b7:
0b:b1:1c:88:12:4d:da:52:82:b0:22:54:7b:5d:64:3c:a0:b1:
5f:9c:4e:eb:b7:58:f6:1d:03:da:49:7b:ce:ae:f8:b4:c3:d6:
d7:43:32:29:3d:f6:c5:b6:e4:85:44:83:3a:08:8e:d0:a5:30:
0e:b2:59:f2:c6:59:a4:39:02:77:4b:f4:f4:44:bc:d7:7a:c6:
7e:6c:63:33:7c:92:26:66:95:7e:88:2f:09:47:8b:42:27:cb:
e9:16:18:ba:d7:f1:3c:f1:52:47:6d:e6:fd:b7:da:46:66:2a:
3e:cb:77:be:a8:a0:16:4e:89:aa:20:a1:97:93:b1:17:59:5b:
07:3b:f5:6f
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYcxWofr9/Tsny5fmvDE1PRqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTYyNTU0MWFiZTZiNWFlOTI2NjcxZGFhOThhYzZkODA5
NGVjN2IwHhcNMjMwMzMwMDcxMDI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTBjYzhmNmYwMDk5Y2FmYTk1YmIwNmMwYjFkZDViODQ3OTAxNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1IFt/3nXoCPfPEvnnlW6EPgFNV3a
Dyb3fhtYNXIf2t5BPSoZXBpRQzwoLeLeI/4VaSATl4JC55wO8421Hut292HSSozo
QGohfg6D8RaPzfU4CauTmU59ICRIAKjNSFlycCrNKnTN+e4u0eA/sRxpQqLJmXkz
Ukz2Im2LWEJeDZKoO3ov9bkFGCdeaQjvSO52Rpq6v3Hy8/D4d7DMuSpJ9+pCb6J8
im1DhSCqd3jHzzsGGZkKsI/7SmoWQECFSIv6no2NZxTtCTPGrkcV+JUfMFdbgt+r
ZywcsTcJWHWH9jhNj/8gFs0l4ArljeSNweNRqNlchTcNFQppGNBnuCZNTwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFP4MyPbwCZyvqVuwbAsd1bhHkBUdMB8GA1UdIwQY
MBaAFM+WJVQavmta6SZnHaqYrG2AlOx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2Et
NTlhNTg3YmRlYTNmLzEvX2d6STl2QUpuSy1wVzdCc0N4M1Z1RWVRRlIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2EtNTlhNTg3YmRlYTNm
LzEvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAuSuAAwQB
uSuCAwQCuYrEMA0EAgACMAcDBQMqBw+AMA0GCSqGSIb3DQEBCwUAA4IBAQBwFl6Y
qq41xZQt2eGlMuWD8y8jygK0LnAQH0cSQVsOX3qBHQ1yAa+Wn/fibBNluhdN8zVL
A1wK5sDQvcjQc7mClynbx8rMIDXXZz51ePcdo1/H7krAOkCPcQ7giOzYXiGvoKq8
WEK9QRXj1AjBD6OtkDLcLZZO6yJXYseGY7cLsRyIEk3aUoKwIlR7XWQ8oLFfnE7r
t1j2HQPaSXvOrvi0w9bXQzIpPfbFtuSFRIM6CI7QpTAOslnyxlmkOQJ3S/T0RLzX
esZ+bGMzfJImZpV+iC8JR4tCJ8vpFhi61/E88VJHbeb9t9pGZio+y3e+qKAWTomq
IKGXk7EXWVsHO/Vv
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:48 2024 by rpki-client on console-fra.rpki-client.org