Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KlJw0S6DkAyACcbCVDm5Nl4H4ws.roa
File: KlJw0S6DkAyACcbCVDm5Nl4H4ws.roa (raw, json)
Hash identifier: 9sd2axRfdFLVCaDYqTeI1ZSoQH5kIQzLMR00OHwn7h0=
Subject key identifier: 2A:52:70:D1:2E:83:90:0C:80:09:C6:C2:54:39:B9:36:5E:07:E3:0B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0189DEA1954E1AA6ACB8E1F72E641509D63C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KlJw0S6DkAyACcbCVDm5Nl4H4ws.roa
Signing time: Thu 10 Aug 2023 08:47:58 +0000
ROA not before: Thu 10 Aug 2023 08:47:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51722
IP address blocks: 194.135.18.0/24 maxlen: 24
194.87.166.0/24 maxlen: 24
212.192.251.0/24 maxlen: 24
194.87.181.0/24 maxlen: 24
212.192.250.0/24 maxlen: 24
212.192.248.0/24 maxlen: 24
193.124.201.0/24 maxlen: 24
194.87.187.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:de:a1:95:4e:1a:a6:ac:b8:e1:f7:2e:64:15:09:d6:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Aug 10 08:47:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a5270d12e83900c8009c6c25439b9365e07e30b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:89:77:92:74:78:60:fd:c0:b5:06:48:20:f7:
b0:50:ae:04:c8:66:e4:b1:b1:d4:0f:e4:e6:99:ca:
6c:aa:b9:b5:9c:fa:df:26:db:01:2b:11:df:19:8a:
d3:63:99:91:c4:8a:cc:a6:74:a7:98:e3:8b:96:5b:
d7:fd:2c:9a:7a:84:50:19:bc:58:b1:af:ac:4b:8b:
85:ce:83:5b:0b:c8:cf:b7:41:eb:5c:04:7c:39:6b:
20:7c:d9:c9:f1:5d:a6:f9:62:53:c3:2a:99:2e:58:
e2:d2:da:c1:72:d9:2a:12:51:5d:e2:1c:e2:78:f5:
fc:da:39:fa:96:ec:8d:ec:61:4e:01:93:a9:eb:7a:
d5:75:1c:91:6e:1a:d3:21:54:94:2a:42:05:74:ba:
80:e4:e2:c0:c7:b6:51:e5:95:db:d6:bd:71:b5:4f:
bd:bd:0e:3c:0f:6f:ce:37:fc:b5:d9:f6:34:47:71:
09:d6:92:ba:74:d8:99:10:20:4d:62:ce:b5:eb:80:
85:2a:d3:e0:3d:c9:e7:7e:f9:c1:13:96:51:76:82:
93:48:2e:2b:69:9d:56:9d:65:25:ea:51:0d:b3:90:
bd:80:94:71:e0:24:dc:ce:68:08:06:da:9f:78:66:
94:e0:ad:f7:b8:e5:0f:5b:f1:25:40:29:e5:ea:0d:
72:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:52:70:D1:2E:83:90:0C:80:09:C6:C2:54:39:B9:36:5E:07:E3:0B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/KlJw0S6DkAyACcbCVDm5Nl4H4ws.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.201.0/24
194.87.166.0/24
194.87.181.0/24
194.87.187.0/24
194.135.18.0/24
212.192.248.0/24
212.192.250.0/23
Signature Algorithm: sha256WithRSAEncryption
0c:e8:8a:5d:e4:b7:4d:29:bf:58:a9:cb:a5:d6:09:6d:b9:08:
78:19:02:0d:70:e5:42:c5:c3:eb:35:5b:77:40:e4:79:c4:db:
3c:44:96:77:32:76:cb:5b:db:bb:2e:9d:e6:6f:f5:d7:db:e0:
1f:50:f3:2e:47:ff:a3:8e:8a:1c:eb:62:df:90:b0:94:bd:1b:
12:e9:32:cd:91:fb:54:e0:1d:a9:df:25:e3:e2:8f:36:64:07:
0b:90:bc:d3:d7:9c:61:86:6b:d5:2b:3f:f4:94:32:52:54:28:
88:d4:c4:a2:35:f5:96:0d:25:03:20:59:c1:4a:ad:97:54:66:
23:2c:a7:68:2a:84:29:13:45:d1:6c:10:83:e9:73:58:57:1c:
5a:8f:b0:cd:2b:9b:0d:9f:8b:40:9e:66:25:5c:67:67:21:5a:
e4:42:26:0d:8b:ec:25:49:90:6e:c0:fc:c1:f3:7b:09:ff:a8:
4a:7c:b5:9d:44:d2:07:95:3a:47:40:6f:ef:55:df:a0:ee:7f:
42:d7:1f:6e:df:c7:a1:83:3e:e8:e5:27:72:91:9e:be:97:b6:
1f:1d:3d:51:50:25:9c:f3:55:5a:46:79:d7:a6:f9:b2:dd:2c:
2a:6b:36:0b:8d:c3:05:8d:c4:ec:25:86:0b:a6:1b:a0:e1:b2:
f2:1f:c9:b2
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYneoZVOGqasuOH3LmQVCdY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwODEwMDg0NzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTUyNzBkMTJlODM5MDBjODAwOWM2YzI1NDM5YjkzNjVlMDdlMzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4l3knR4YP3AtQZIIPewUK4EyGbk
sbHUD+Tmmcpsqrm1nPrfJtsBKxHfGYrTY5mRxIrMpnSnmOOLllvX/SyaeoRQGbxY
sa+sS4uFzoNbC8jPt0HrXAR8OWsgfNnJ8V2m+WJTwyqZLlji0trBctkqElFd4hzi
ePX82jn6luyN7GFOAZOp63rVdRyRbhrTIVSUKkIFdLqA5OLAx7ZR5ZXb1r1xtU+9
vQ48D2/ON/y12fY0R3EJ1pK6dNiZECBNYs6164CFKtPgPcnnfvnBE5ZRdoKTSC4r
aZ1WnWUl6lENs5C9gJRx4CTczmgIBtqfeGaU4K33uOUPW/ElQCnl6g1y2wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCpScNEug5AMgAnGwlQ5uTZeB+MLMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvS2xKdzBTNkRrQXlBQ2NiQ1ZEbTVObDRINHdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAwXzJAwQA
wlemAwQAwle1AwQAwle7AwQAwocSAwQA1MD4AwQB1MD6MA0GCSqGSIb3DQEBCwUA
A4IBAQAM6Ipd5LdNKb9Yqcul1gltuQh4GQINcOVCxcPrNVt3QOR5xNs8RJZ3MnbL
W9u7Lp3mb/XX2+AfUPMuR/+jjooc62LfkLCUvRsS6TLNkftU4B2p3yXj4o82ZAcL
kLzT15xhhmvVKz/0lDJSVCiI1MSiNfWWDSUDIFnBSq2XVGYjLKdoKoQpE0XRbBCD
6XNYVxxaj7DNK5sNn4tAnmYlXGdnIVrkQiYNi+wlSZBuwPzB83sJ/6hKfLWdRNIH
lTpHQG/vVd+g7n9C1x9u38ehgz7o5SdykZ6+l7YfHT1RUCWc81VaRnnXpvmy3Swq
azYLjcMFjcTsJYYLphug4bLyH8my
Generated at Thu Aug 10 17:23:53 2023 by rpki-client on console-ams.rpki-client.org