Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BcI3USZv0sNipcGHeyXxd4CYm1s.roa
File: BcI3USZv0sNipcGHeyXxd4CYm1s.roa (raw, json)
Hash identifier: JZWnEcGKkQcKZoNYQLs1O639jpo08gHYoIWhIV4glCk=
Subject key identifier: 05:C2:37:51:26:6F:D2:C3:62:A5:C1:87:7B:25:F1:77:80:98:9B:5B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01856F670BB76616A29563D634640ABF50F1
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BcI3USZv0sNipcGHeyXxd4CYm1s.roa
Signing time: Sun 01 Jan 2023 22:15:02 +0000
ROA not before: Sun 01 Jan 2023 22:15:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207713
IP address blocks: 194.87.218.0/24 maxlen: 24
194.87.216.0/24 maxlen: 24
62.76.233.0/24 maxlen: 24
195.133.88.0/24 maxlen: 24
194.87.31.0/24 maxlen: 24
194.87.45.0/24 maxlen: 24
212.192.14.0/24 maxlen: 24
194.87.71.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 30 Jan 2023 05:46:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:67:0b:b7:66:16:a2:95:63:d6:34:64:0a:bf:50:f1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 1 22:15:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=05c23751266fd2c362a5c1877b25f17780989b5b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:3b:81:0c:a4:8d:17:c8:09:09:44:32:8e:94:
af:61:eb:c3:ae:ad:f0:ff:6b:19:f1:0e:47:54:4a:
e7:99:e6:11:36:f6:8a:ae:3a:df:8c:5a:19:34:ea:
cb:1e:0a:17:2f:21:45:5e:3b:c0:fc:c9:5b:2a:8b:
b3:97:4f:e0:d2:e0:e6:6a:f1:0c:30:4e:3d:8b:e9:
a8:60:4c:3c:8b:db:55:2b:88:28:9c:5d:5a:a2:14:
5d:c9:41:54:fd:d8:44:9b:75:4e:d9:72:81:67:e9:
dc:31:c9:15:8c:2d:8f:2c:3e:41:c6:7e:3f:0b:23:
8c:6a:77:ea:69:09:57:81:2f:39:73:5c:fe:52:8f:
22:80:73:97:eb:e1:02:37:34:68:a1:7f:17:70:a8:
a9:54:47:89:51:77:a0:dc:32:48:3b:aa:b4:b7:79:
4b:07:91:94:5f:a4:2a:53:51:d6:c7:5d:cd:c5:68:
f7:50:34:f8:22:8b:08:9f:46:66:0f:ff:31:41:dd:
69:f6:25:71:1b:a4:68:52:45:4d:9a:0d:a2:0b:98:
f8:cb:9b:81:f4:12:c6:fa:b4:dc:88:35:55:bc:d5:
d5:fa:9f:8c:13:61:ca:b7:69:bd:19:56:69:2b:a6:
08:cf:ee:c6:db:ac:5a:6d:5b:14:13:e1:2e:0e:a2:
a4:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:C2:37:51:26:6F:D2:C3:62:A5:C1:87:7B:25:F1:77:80:98:9B:5B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/BcI3USZv0sNipcGHeyXxd4CYm1s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.76.233.0/24
194.87.31.0/24
194.87.45.0/24
194.87.71.0/24
194.87.216.0/24
194.87.218.0/24
195.133.88.0/24
212.192.14.0/24
Signature Algorithm: sha256WithRSAEncryption
57:27:31:64:f4:0e:9d:8f:fa:7e:6a:c6:36:4d:49:95:1a:42:
43:55:d0:cf:3d:9e:6e:60:57:f7:48:97:ce:d4:53:db:f7:07:
f8:86:3e:55:84:64:8f:66:84:42:eb:39:9d:14:87:b5:ef:b3:
40:4c:3e:3d:ed:3b:66:a8:be:dd:29:8d:c7:54:08:08:ec:37:
29:59:79:4e:10:eb:b8:89:1b:12:96:22:1b:73:c1:d3:56:22:
02:e9:d7:68:33:e1:14:69:c1:16:72:21:cd:33:00:4a:0d:70:
a5:2f:ef:07:d3:29:cc:51:7e:7d:39:d6:b3:28:3b:16:2b:20:
25:ad:fc:2c:4d:bd:73:60:a4:fb:9a:28:8b:73:0e:ec:36:1f:
43:97:1e:ea:4b:e2:6f:ce:c9:61:68:b3:8d:c7:ce:d5:59:54:
1b:31:85:f8:11:5c:1e:87:5c:96:38:5e:8a:c4:5e:0b:0c:37:
ac:32:92:e1:0b:4a:0c:ba:b5:fd:5f:29:8a:d4:63:90:3b:89:
a3:52:15:e1:bb:7e:99:d7:f9:28:08:54:2f:c7:19:31:87:78:
74:53:6a:36:86:fa:40:9c:ad:3a:14:be:16:08:ff:08:6a:2e:
78:f1:6c:04:bd:ff:1a:37:63:13:9f:9f:93:ab:8e:d0:a1:04:
43:49:6d:24
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVvZwu3ZhailWPWNGQKv1DxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMTAxMjIxNTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWMyMzc1MTI2NmZkMmMzNjJhNWMxODc3YjI1ZjE3NzgwOTg5YjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjuBDKSNF8gJCUQyjpSvYevDrq3w
/2sZ8Q5HVErnmeYRNvaKrjrfjFoZNOrLHgoXLyFFXjvA/MlbKouzl0/g0uDmavEM
ME49i+moYEw8i9tVK4gonF1aohRdyUFU/dhEm3VO2XKBZ+ncMckVjC2PLD5Bxn4/
CyOManfqaQlXgS85c1z+Uo8igHOX6+ECNzRooX8XcKipVEeJUXeg3DJIO6q0t3lL
B5GUX6QqU1HWx13NxWj3UDT4IosIn0ZmD/8xQd1p9iVxG6RoUkVNmg2iC5j4y5uB
9BLG+rTciDVVvNXV+p+ME2HKt2m9GVZpK6YIz+7G26xabVsUE+EuDqKkQQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAXCN1Emb9LDYqXBh3sl8XeAmJtbMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvQmNJM1VTWnYwc05pcGNHSGV5WHhkNENZbTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAPkzpAwQA
wlcfAwQAwlctAwQAwldHAwQAwlfYAwQAwlfaAwQAw4VYAwQA1MAOMA0GCSqGSIb3
DQEBCwUAA4IBAQBXJzFk9A6dj/p+asY2TUmVGkJDVdDPPZ5uYFf3SJfO1FPb9wf4
hj5VhGSPZoRC6zmdFIe177NATD497TtmqL7dKY3HVAgI7DcpWXlOEOu4iRsSliIb
c8HTViIC6ddoM+EUacEWciHNMwBKDXClL+8H0ynMUX59OdazKDsWKyAlrfwsTb1z
YKT7miiLcw7sNh9Dlx7qS+JvzslhaLONx87VWVQbMYX4EVweh1yWOF6KxF4LDDes
MpLhC0oMurX9XymK1GOQO4mjUhXhu36Z1/koCFQvxxkxh3h0U2o2hvpAnK06FL4W
CP8Iai548WwEvf8aN2MTn5+Tq47QoQRDSW0k
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:08 2024 by rpki-client on console-fra.rpki-client.org