Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/G3idqYZkG-CuY_N3lNsVdjgle_E.roa
File: G3idqYZkG-CuY_N3lNsVdjgle_E.roa (raw, json)
Hash identifier: SSQ9fz68skAo5qrqykhXlqJP/8tJxZMAY/HNcm7VHEo=
Subject key identifier: 1B:78:9D:A9:86:64:1B:E0:AE:63:F3:77:94:DB:15:76:38:25:7B:F1
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018CED4E4C3B1DF8711543454DB06A618C92
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/G3idqYZkG-CuY_N3lNsVdjgle_E.roa
Signing time: Tue 09 Jan 2024 08:19:40 +0000
ROA not before: Tue 09 Jan 2024 08:19:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 60808
IP address blocks: 5.34.208.0/21 maxlen: 21
188.253.96.0/19 maxlen: 24
5.34.216.0/21 maxlen: 21
185.215.246.0/24 maxlen: 24
188.253.12.0/22 maxlen: 22
91.247.177.0/24 maxlen: 24
146.19.135.0/24 maxlen: 24
2a05:ec80::/29 maxlen: 48
Validation: Failed, certificate revoked on Thu 11 Jan 2024 03:32:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ed:4e:4c:3b:1d:f8:71:15:43:45:4d:b0:6a:61:8c:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 9 08:19:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1b789da986641be0ae63f37794db157638257bf1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:84:8e:9f:34:d8:09:3a:7d:db:fe:5f:3a:83:
4f:db:15:72:8d:33:ee:8e:7f:50:c7:ed:05:f9:22:
92:e3:ec:52:39:80:df:fb:25:4f:41:78:83:3a:a9:
a4:11:87:5f:4b:38:c5:85:02:bb:3e:cf:96:c0:a9:
ad:eb:ca:b5:46:0a:53:ad:7a:55:1c:62:2d:73:c7:
08:df:1c:09:b5:54:5c:4e:d4:ef:5a:d2:48:52:00:
c9:e2:be:91:35:b5:9f:9b:c0:19:3b:9a:97:14:82:
f8:c4:0c:5d:82:70:18:da:77:38:12:6b:ee:d9:71:
b4:20:2c:8b:ec:1f:98:84:4d:c0:8d:98:bd:35:d0:
63:55:cb:6b:2b:24:c6:24:ee:f1:32:85:d2:99:fc:
a9:f9:ca:37:09:46:c3:9d:78:a4:64:a9:89:b9:3c:
ec:64:e9:28:ed:4d:a1:98:8d:e5:3b:13:af:1b:ed:
7a:50:a0:63:27:0f:d1:c0:15:42:ed:f0:45:95:55:
c0:ae:6a:7f:e4:a5:8f:86:b5:2a:35:d6:e6:8b:b3:
88:a4:08:32:ff:e4:b6:46:bf:0b:7d:f1:0d:1d:54:
16:2a:30:27:53:db:23:40:be:67:07:39:6d:c1:8c:
f7:1c:cd:f3:11:2f:91:6b:b1:bb:a3:14:2b:4c:3d:
71:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:78:9D:A9:86:64:1B:E0:AE:63:F3:77:94:DB:15:76:38:25:7B:F1
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/G3idqYZkG-CuY_N3lNsVdjgle_E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.208.0/20
91.247.177.0/24
146.19.135.0/24
185.215.246.0/24
188.253.12.0/22
188.253.96.0/19
IPv6:
2a05:ec80::/29
Signature Algorithm: sha256WithRSAEncryption
aa:8c:53:ec:17:0f:77:2f:a4:13:8b:aa:4b:80:ca:25:73:03:
db:3f:67:2e:b9:83:b6:2d:2a:cb:30:7d:2e:07:fd:ea:7c:d7:
e3:6f:cc:ac:85:92:fe:37:ee:50:07:7d:f2:7a:f0:86:7f:78:
6c:a9:e0:e3:89:4c:79:c2:d2:72:f7:39:28:7b:c4:59:1a:46:
27:63:b6:5c:0a:32:f5:9b:b9:3e:b5:0c:d4:00:34:a1:06:8a:
1a:06:75:26:b0:d1:2e:53:e8:5c:be:e9:3a:cf:f8:e3:cb:5f:
2c:f4:82:3f:95:1f:b0:38:6a:01:ef:fc:cf:56:73:dd:c7:85:
58:54:c6:2a:be:8c:05:9d:27:a0:9d:7c:96:1a:f8:ef:93:e5:
8f:0a:b7:a5:49:a0:de:a4:8b:e0:63:a7:98:37:a4:40:43:ad:
f0:88:49:a4:03:23:14:8a:b8:16:e7:b9:2d:b0:70:bd:5f:d3:
5a:1a:7a:92:93:e7:f4:d7:88:53:a1:d6:e6:8b:54:fe:ef:84:
70:6a:a4:00:02:2e:37:cc:74:0e:81:ca:3f:50:eb:cd:50:1f:
eb:30:2b:4b:da:74:d1:82:b9:06:10:7d:85:af:7a:6a:6e:86:
90:4f:12:25:ce:e6:0c:44:48:61:b8:86:66:38:ca:1b:64:d2:
55:bf:03:29
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYztTkw7HfhxFUNFTbBqYYySMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTA5MDgxOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjc4OWRhOTg2NjQxYmUwYWU2M2YzNzc5NGRiMTU3NjM4MjU3YmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYSOnzTYCTp92/5fOoNP2xVyjTPu
jn9Qx+0F+SKS4+xSOYDf+yVPQXiDOqmkEYdfSzjFhQK7Ps+WwKmt68q1RgpTrXpV
HGItc8cI3xwJtVRcTtTvWtJIUgDJ4r6RNbWfm8AZO5qXFIL4xAxdgnAY2nc4Emvu
2XG0ICyL7B+YhE3AjZi9NdBjVctrKyTGJO7xMoXSmfyp+co3CUbDnXikZKmJuTzs
ZOko7U2hmI3lOxOvG+16UKBjJw/RwBVC7fBFlVXArmp/5KWPhrUqNdbmi7OIpAgy
/+S2Rr8LffENHVQWKjAnU9sjQL5nBzltwYz3HM3zES+Ra7G7oxQrTD1xQwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFBt4namGZBvgrmPzd5TbFXY4JXvxMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRzNpZHFZWmtHLUN1WV9OM2xOc1ZkamdsZV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQEBSLQAwQA
W/exAwQAkhOHAwQAudf2AwQCvP0MAwQFvP1gMA0EAgACMAcDBQMqBeyAMA0GCSqG
SIb3DQEBCwUAA4IBAQCqjFPsFw93L6QTi6pLgMolcwPbP2cuuYO2LSrLMH0uB/3q
fNfjb8yshZL+N+5QB33yevCGf3hsqeDjiUx5wtJy9zkoe8RZGkYnY7ZcCjL1m7k+
tQzUADShBooaBnUmsNEuU+hcvuk6z/jjy18s9II/lR+wOGoB7/zPVnPdx4VYVMYq
vowFnSegnXyWGvjvk+WPCrelSaDepIvgY6eYN6RAQ63wiEmkAyMUirgW57ktsHC9
X9NaGnqSk+f014hTodbmi1T+74RwaqQAAi43zHQOgco/UOvNUB/rMCtL2nTRgrkG
EH2Fr3pqboaQTxIlzuYMREhhuIZmOMobZNJVvwMp
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:17:15 2024 by rpki-client on console-ams.rpki-client.org