Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/va3Mds0SSTSsKQbyC0i7Q5G0DvU.roa
File: va3Mds0SSTSsKQbyC0i7Q5G0DvU.roa (raw, json)
Hash identifier: YIDACVfxX2oFED9k3XQ8FpTIvtrRjULepg4VglF45Gc=
Subject key identifier: BD:AD:CC:76:CD:12:49:34:AC:29:06:F2:0B:48:BB:43:91:B4:0E:F5
Certificate issuer: /CN=33a9c7bdf2b82e343ec42667d6eede4b80610c84
Certificate serial: 018C79B52F71F3A39F7FC8AF09CDCA1A0C00
Authority key identifier: 33:A9:C7:BD:F2:B8:2E:34:3E:C4:26:67:D6:EE:DE:4B:80:61:0C:84
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/va3Mds0SSTSsKQbyC0i7Q5G0DvU.roa
Signing time: Sun 17 Dec 2023 21:36:06 +0000
ROA not before: Sun 17 Dec 2023 21:36:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207464
IP address blocks: 147.161.16.0/22 maxlen: 23
109.72.160.0/20 maxlen: 21
62.241.32.0/20 maxlen: 21
185.135.134.0/23 maxlen: 23
185.154.16.0/22 maxlen: 23
85.113.72.0/21 maxlen: 22
185.36.212.0/22 maxlen: 23
2a00:f0a0::/29 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 04:29:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:79:b5:2f:71:f3:a3:9f:7f:c8:af:09:cd:ca:1a:0c:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=33a9c7bdf2b82e343ec42667d6eede4b80610c84
Validity
Not Before: Dec 17 21:36:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bdadcc76cd124934ac2906f20b48bb4391b40ef5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:18:e0:15:10:44:a5:80:a9:a6:59:0e:dc:fe:
46:de:b2:93:d7:ff:cf:d9:05:30:33:0e:f9:9f:18:
06:41:e9:00:b6:fc:39:e8:80:92:dc:30:be:f6:fe:
53:92:6f:27:a4:e3:1e:c2:b4:d3:6a:85:b7:65:c7:
ba:af:34:14:cf:d7:47:0b:0c:9d:e5:73:5c:83:96:
3b:49:87:f8:a5:fd:9b:7b:2c:1c:ec:42:d9:e5:04:
1e:ff:20:3f:09:55:3d:23:ee:fd:b7:17:14:c6:30:
fb:c6:1e:a1:95:79:a1:88:f0:b0:b5:c0:6e:a7:3d:
22:d8:01:82:5b:07:08:74:dc:dc:d4:32:4a:fa:f7:
95:ca:58:bc:c4:70:b1:03:35:a9:4e:f6:a9:15:76:
56:12:d4:46:17:a4:3f:5c:db:fd:8b:4c:0e:20:71:
25:80:af:0a:9a:6e:03:af:12:b6:42:5b:a5:ef:7d:
0d:4e:81:64:ed:0b:d1:57:e4:8a:c9:83:b7:c2:05:
47:3f:31:47:01:79:dd:4e:e8:a3:d5:99:7c:cc:43:
83:8b:15:c6:66:07:a0:e6:06:5a:5b:34:0b:50:b4:
c6:ae:9f:eb:14:fe:f6:27:6d:f7:c6:27:4e:06:c4:
44:06:e7:a3:76:a8:67:47:06:2f:a1:70:a8:93:62:
cd:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:AD:CC:76:CD:12:49:34:AC:29:06:F2:0B:48:BB:43:91:B4:0E:F5
X509v3 Authority Key Identifier:
keyid:33:A9:C7:BD:F2:B8:2E:34:3E:C4:26:67:D6:EE:DE:4B:80:61:0C:84
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/va3Mds0SSTSsKQbyC0i7Q5G0DvU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/2f6595-d3d1-43ea-a4a3-ab3b7c3e8215/1/M6nHvfK4LjQ-xCZn1u7eS4BhDIQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.241.32.0/20
85.113.72.0/21
109.72.160.0/20
147.161.16.0/22
185.36.212.0/22
185.135.134.0/23
185.154.16.0/22
IPv6:
2a00:f0a0::/29
Signature Algorithm: sha256WithRSAEncryption
5e:93:db:66:65:ca:5d:1b:19:ef:24:60:f8:bf:8d:ed:28:92:
63:dd:d7:52:bb:05:dd:17:25:b1:5d:06:13:82:51:13:25:e3:
3e:00:63:6a:89:08:d5:03:05:79:03:d8:0a:45:a3:b6:ee:10:
03:2f:20:dc:6e:0f:3a:94:93:56:fb:7f:26:98:88:5e:e6:7c:
c7:ba:9b:9f:ad:9d:59:60:f6:97:64:3a:44:d0:5b:0f:0a:0a:
e2:c3:ed:48:a6:b0:c1:13:ab:a7:e9:fb:4b:be:37:90:a3:27:
41:6b:82:e9:61:78:45:e0:73:21:4f:15:02:36:9a:ea:dc:02:
62:4f:c1:33:7e:9b:7b:53:de:e9:07:ec:36:cd:52:32:44:05:
dd:45:73:09:e6:cb:7e:b5:4a:86:05:09:82:72:55:da:d2:1d:
3e:b4:30:9b:88:ea:67:4f:0c:e8:a7:37:a9:5d:7f:56:2c:da:
71:2d:00:f8:fa:09:80:9c:a9:b2:4d:14:99:80:ea:e4:bc:a8:
c2:38:7f:cb:79:19:8a:7b:65:9f:d7:34:c7:aa:f5:4b:ee:19:
3a:07:af:15:6e:46:f2:40:ec:cd:17:22:20:38:1d:8e:a2:d7:
28:d9:e2:93:5e:46:3a:d3:d4:d7:71:7e:bf:50:a8:bd:27:53:
4f:b5:d1:f7
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYx5tS9x86Off8ivCc3KGgwAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYTljN2JkZjJiODJlMzQzZWM0MjY2N2Q2ZWVkZTRiODA2
MTBjODQwHhcNMjMxMjE3MjEzNjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGFkY2M3NmNkMTI0OTM0YWMyOTA2ZjIwYjQ4YmI0MzkxYjQwZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRjgFRBEpYCpplkO3P5G3rKT1//P
2QUwMw75nxgGQekAtvw56ICS3DC+9v5Tkm8npOMewrTTaoW3Zce6rzQUz9dHCwyd
5XNcg5Y7SYf4pf2beywc7ELZ5QQe/yA/CVU9I+79txcUxjD7xh6hlXmhiPCwtcBu
pz0i2AGCWwcIdNzc1DJK+veVyli8xHCxAzWpTvapFXZWEtRGF6Q/XNv9i0wOIHEl
gK8Kmm4DrxK2Qlul730NToFk7QvRV+SKyYO3wgVHPzFHAXndTuij1Zl8zEODixXG
Zgeg5gZaWzQLULTGrp/rFP72J233xidOBsREBuejdqhnRwYvoXCok2LNIwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFL2tzHbNEkk0rCkG8gtIu0ORtA71MB8GA1UdIwQY
MBaAFDOpx73yuC40PsQmZ9bu3kuAYQyEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTZuSHZmSzRMalEteENabjF1N2VTNEJoRElRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8yZjY1OTUtZDNkMS00M2VhLWE0YTMt
YWIzYjdjM2U4MjE1LzEvdmEzTWRzMFNTVFNzS1FieUMwaTdRNUcwRHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8yZjY1OTUtZDNkMS00M2VhLWE0YTMtYWIzYjdjM2U4MjE1
LzEvTTZuSHZmSzRMalEteENabjF1N2VTNEJoRElRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEPvEgAwQD
VXFIAwQEbUigAwQCk6EQAwQCuSTUAwQBuYeGAwQCuZoQMA0EAgACMAcDBQMqAPCg
MA0GCSqGSIb3DQEBCwUAA4IBAQBek9tmZcpdGxnvJGD4v43tKJJj3ddSuwXdFyWx
XQYTglETJeM+AGNqiQjVAwV5A9gKRaO27hADLyDcbg86lJNW+38mmIhe5nzHupuf
rZ1ZYPaXZDpE0FsPCgriw+1IprDBE6un6ftLvjeQoydBa4LpYXhF4HMhTxUCNprq
3AJiT8Ezfpt7U97pB+w2zVIyRAXdRXMJ5st+tUqGBQmCclXa0h0+tDCbiOpnTwzo
pzepXX9WLNpxLQD4+gmAnKmyTRSZgOrkvKjCOH/LeRmKe2Wf1zTHqvVL7hk6B68V
bkbyQOzNFyIgOB2Ootco2eKTXkY609TXcX6/UKi9J1NPtdH3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:50 2024 by rpki-client on console-ams.rpki-client.org