Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/1c9809-1f60-43c2-8103-dad0420b85d3/1/M34aMstOCKp_XSxp9MfPZ4Xm3t4.roa
File: M34aMstOCKp_XSxp9MfPZ4Xm3t4.roa (raw, json)
Hash identifier: Mf0x035qpd5zE7MvCUb3ETdrYksaOoOh1AFuczCZxYA=
Subject key identifier: 33:7E:1A:32:CB:4E:08:AA:7F:5D:2C:69:F4:C7:CF:67:85:E6:DE:DE
Certificate issuer: /CN=f919e1f3fe69b4ebdff02a9a857e7c6c2b25301a
Certificate serial: 01888AE2B063DD6EDEBB62C148A686B5C6A5
Authority key identifier: F9:19:E1:F3:FE:69:B4:EB:DF:F0:2A:9A:85:7E:7C:6C:2B:25:30:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-Rnh8_5ptOvf8CqahX58bCslMBo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/1c9809-1f60-43c2-8103-dad0420b85d3/1/M34aMstOCKp_XSxp9MfPZ4Xm3t4.roa
Signing time: Mon 05 Jun 2023 09:28:11 +0000
ROA not before: Mon 05 Jun 2023 09:28:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208677
IP address blocks: 178.170.242.0/24 maxlen: 24
87.242.84.0/22 maxlen: 22
87.242.88.0/21 maxlen: 21
87.242.120.0/21 maxlen: 21
188.72.108.0/23 maxlen: 23
37.230.192.0/21 maxlen: 21
188.72.106.0/23 maxlen: 23
188.72.118.0/24 maxlen: 24
188.72.117.0/24 maxlen: 24
37.230.224.0/24 maxlen: 24
37.230.233.0/24 maxlen: 24
94.139.252.0/22 maxlen: 22
178.170.192.0/22 maxlen: 22
178.170.191.0/24 maxlen: 24
45.9.24.0/22 maxlen: 22
178.170.196.0/23 maxlen: 23
45.89.224.0/22 maxlen: 22
46.243.172.0/24 maxlen: 24
37.18.8.0/23 maxlen: 23
37.18.10.0/24 maxlen: 24
37.18.22.0/24 maxlen: 24
46.243.141.0/24 maxlen: 24
46.243.142.0/23 maxlen: 23
37.230.139.0/24 maxlen: 24
37.18.102.0/24 maxlen: 24
37.18.100.0/23 maxlen: 23
37.18.112.0/23 maxlen: 23
37.18.108.0/22 maxlen: 22
37.18.107.0/24 maxlen: 24
37.18.115.0/24 maxlen: 24
37.18.114.0/24 maxlen: 24
37.18.116.0/22 maxlen: 22
37.18.120.0/23 maxlen: 23
37.230.179.0/24 maxlen: 24
37.18.122.0/24 maxlen: 24
188.72.96.0/24 maxlen: 24
37.230.186.0/24 maxlen: 24
37.230.184.0/23 maxlen: 23
37.230.180.0/23 maxlen: 23
46.243.206.0/24 maxlen: 24
46.243.205.0/24 maxlen: 24
46.243.201.0/24 maxlen: 24
46.243.226.0/23 maxlen: 23
46.243.244.0/23 maxlen: 23
37.18.72.0/23 maxlen: 23
89.232.160.0/21 maxlen: 21
89.232.168.0/22 maxlen: 22
89.232.176.0/22 maxlen: 22
141.101.201.0/24 maxlen: 24
141.101.152.0/24 maxlen: 24
141.101.151.0/24 maxlen: 24
2a0c:2b80::/29 maxlen: 29
Validation: Failed, certificate revoked on Thu 22 Jun 2023 13:46:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:8a:e2:b0:63:dd:6e:de:bb:62:c1:48:a6:86:b5:c6:a5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f919e1f3fe69b4ebdff02a9a857e7c6c2b25301a
Validity
Not Before: Jun 5 09:28:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=337e1a32cb4e08aa7f5d2c69f4c7cf6785e6dede
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:97:41:c3:68:84:1e:02:ac:55:1c:b7:c4:cf:
06:3c:f0:3d:6a:25:7a:cd:75:ae:75:a2:78:1f:a3:
6b:37:03:04:08:3b:fa:8c:74:b4:38:95:25:c8:18:
4b:bd:be:40:90:ea:78:d7:a3:fb:bc:b3:a6:65:b4:
7e:2d:f3:44:f0:8b:bf:84:51:a6:ce:e8:c2:0a:fd:
ef:e6:df:e9:df:f9:9c:a3:f8:37:10:a9:e5:3e:6e:
06:24:49:89:3c:ae:3d:52:a0:8f:4d:dc:11:fe:62:
cd:4c:4a:4a:10:cb:ee:ce:f5:98:e4:27:07:89:0b:
75:4d:be:a0:1a:04:0b:d6:a3:4a:40:1c:28:55:c4:
f8:91:c4:d1:c2:67:ba:d7:98:d1:ff:65:4b:53:4e:
6e:6c:e7:40:2a:d4:53:a5:bc:23:92:19:c5:8b:49:
ee:60:df:8b:90:f1:43:29:b3:84:d5:9a:f3:57:d9:
4f:db:a2:bb:c8:1f:e1:61:7c:84:51:7b:5e:f0:21:
03:d2:ff:78:8c:45:66:f3:93:36:b1:8b:1c:fa:c1:
66:93:fe:50:f0:9f:b5:68:d0:03:8f:ee:f9:0f:1e:
f1:9a:e2:e0:1f:d0:df:a8:38:37:51:62:dd:9f:42:
02:d6:f4:44:d8:bf:b8:fd:82:d5:b9:f7:b2:e6:7f:
25:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:7E:1A:32:CB:4E:08:AA:7F:5D:2C:69:F4:C7:CF:67:85:E6:DE:DE
X509v3 Authority Key Identifier:
keyid:F9:19:E1:F3:FE:69:B4:EB:DF:F0:2A:9A:85:7E:7C:6C:2B:25:30:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Rnh8_5ptOvf8CqahX58bCslMBo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1c9809-1f60-43c2-8103-dad0420b85d3/1/M34aMstOCKp_XSxp9MfPZ4Xm3t4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1c9809-1f60-43c2-8103-dad0420b85d3/1/1-Rnh8_5ptOvf8CqahX58bCslMBo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.18.8.0-37.18.10.255
37.18.22.0/24
37.18.72.0/23
37.18.100.0-37.18.102.255
37.18.107.0-37.18.122.255
37.230.139.0/24
37.230.179.0-37.230.181.255
37.230.184.0-37.230.186.255
37.230.192.0/21
37.230.224.0/24
37.230.233.0/24
45.9.24.0/22
45.89.224.0/22
46.243.141.0-46.243.143.255
46.243.172.0/24
46.243.201.0/24
46.243.205.0-46.243.206.255
46.243.226.0/23
46.243.244.0/23
87.242.84.0-87.242.95.255
87.242.120.0/21
89.232.160.0-89.232.171.255
89.232.176.0/22
94.139.252.0/22
141.101.151.0-141.101.152.255
141.101.201.0/24
178.170.191.0-178.170.197.255
178.170.242.0/24
188.72.96.0/24
188.72.106.0-188.72.109.255
188.72.117.0-188.72.118.255
IPv6:
2a0c:2b80::/29
Signature Algorithm: sha256WithRSAEncryption
2d:0c:c1:89:ae:2c:3e:1a:19:45:eb:b8:cd:6f:dd:6a:5e:39:
ef:33:41:01:86:5c:2c:e7:6e:66:2e:c3:02:c7:37:77:aa:93:
93:14:a5:db:4a:f0:16:f3:de:ae:33:8a:b7:d4:78:3c:db:70:
6e:00:d5:d2:1d:2b:08:08:71:c7:5d:96:d4:98:84:78:b4:ef:
f9:0f:7b:69:e1:ce:13:9d:94:61:78:97:5f:13:a3:20:2a:f8:
eb:d6:96:fa:24:a3:0f:08:7b:83:00:5b:86:13:cd:3a:ee:a4:
be:96:fb:88:79:1e:98:03:31:af:50:8b:6a:72:9e:83:fc:1c:
58:60:39:46:b8:c5:f1:e0:1a:7f:69:4f:4e:79:19:95:fd:c6:
03:2a:a1:8d:97:80:12:24:64:7d:89:29:b5:59:99:fa:51:9b:
03:16:9a:2f:d7:e0:e1:e6:48:76:0e:88:b4:38:11:27:d8:f4:
e9:9f:18:d5:b2:9c:87:2a:29:23:c0:1b:b3:1c:93:51:4f:b6:
0b:18:df:a3:d1:25:b0:cf:69:03:2b:46:2b:6b:7d:de:5e:48:
68:f9:69:93:ae:10:89:c8:45:d8:ec:d3:a3:2e:14:81:17:5c:
c5:e3:86:51:fa:a8:eb:33:4a:62:7a:c7:83:ab:b7:3a:63:07:
33:15:de:5d
-----BEGIN CERTIFICATE-----
MIIGNDCCBRygAwIBAgISAYiK4rBj3W7eu2LBSKaGtcalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5MTllMWYzZmU2OWI0ZWJkZmYwMmE5YTg1N2U3YzZjMmIy
NTMwMWEwHhcNMjMwNjA1MDkyODExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdlMWEzMmNiNGUwOGFhN2Y1ZDJjNjlmNGM3Y2Y2Nzg1ZTZkZWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZdBw2iEHgKsVRy3xM8GPPA9aiV6
zXWudaJ4H6NrNwMECDv6jHS0OJUlyBhLvb5AkOp416P7vLOmZbR+LfNE8Iu/hFGm
zujCCv3v5t/p3/mco/g3EKnlPm4GJEmJPK49UqCPTdwR/mLNTEpKEMvuzvWY5CcH
iQt1Tb6gGgQL1qNKQBwoVcT4kcTRwme615jR/2VLU05ubOdAKtRTpbwjkhnFi0nu
YN+LkPFDKbOE1ZrzV9lP26K7yB/hYXyEUXte8CED0v94jEVm85M2sYsc+sFmk/5Q
8J+1aNADj+75Dx7xmuLgH9DfqDg3UWLdn0IC1vRE2L+4/YLVufey5n8lawIDAQAB
o4IDQDCCAzwwHQYDVR0OBBYEFDN+GjLLTgiqf10safTHz2eF5t7eMB8GA1UdIwQY
MBaAFPkZ4fP+abTr3/AqmoV+fGwrJTAaMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1Sbmg4XzVwdE92ZjhDcWFoWDU4YkNzbE1Cby5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvMWM5ODA5LTFmNjAtNDNjMi04MTAz
LWRhZDA0MjBiODVkMy8xL00zNGFNc3RPQ0twX1hTeHA5TWZQWjRYbTN0NC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjYvMWM5ODA5LTFmNjAtNDNjMi04MTAzLWRhZDA0MjBiODVk
My8xLzEtUm5oOF81cHRPdmY4Q3FhaFg1OGJDc2xNQm8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwggFSBggrBgEFBQcBBwEB/wSCAUEwggE9MIIBKgQCAAEw
ggEiMAwDBAMlEggDBAAlEgoDBAAlEhYDBAElEkgwDAMEAiUSZAMEACUSZjAMAwQA
JRJrAwQAJRJ6AwQAJeaLMAwDBAAl5rMDBAEl5rQwDAMEAyXmuAMEACXmugMEAyXm
wAMEACXm4AMEACXm6QMEAi0JGAMEAi1Z4DAMAwQALvONAwQELvOAAwQALvOsAwQA
LvPJMAwDBAAu880DBAAu884DBAEu8+IDBAEu8/QwDAMEAlfyVAMEBVfyQAMEA1fy
eDAMAwQFWeigAwQCWeioAwQCWeiwAwQCXov8MAwDBACNZZcDBACNZZgDBACNZckw
DAMEALKqvwMEAbKqxAMEALKq8gMEALxIYDAMAwQBvEhqAwQBvEhsMAwDBAC8SHUD
BAC8SHYwDQQCAAIwBwMFAyoMK4AwDQYJKoZIhvcNAQELBQADggEBAC0MwYmuLD4a
GUXruM1v3WpeOe8zQQGGXCznbmYuwwLHN3eqk5MUpdtK8Bbz3q4zirfUeDzbcG4A
1dIdKwgIccddltSYhHi07/kPe2nhzhOdlGF4l18ToyAq+OvWlvokow8Ie4MAW4YT
zTrupL6W+4h5HpgDMa9Qi2pynoP8HFhgOUa4xfHgGn9pT055GZX9xgMqoY2XgBIk
ZH2JKbVZmfpRmwMWmi/X4OHmSHYOiLQ4ESfY9OmfGNWynIcqKSPAG7Mck1FPtgsY
36PRJbDPaQMrRitrfd5eSGj5aZOuEInIRdjs06MuFIEXXMXjhlH6qOszSmJ6x4Or
tzpjBzMV3l0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:55 2024 by rpki-client on console-ams.rpki-client.org