Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LZT4BZnsa1johHChegjbrgI0qgs.roa
File: LZT4BZnsa1johHChegjbrgI0qgs.roa (raw, json)
Hash identifier: sgX9wmJTCK0/3p9PM+iomHuE5p1UOulno/6vsPgod7g=
Subject key identifier: 2D:94:F8:05:99:EC:6B:58:E8:84:70:A1:7A:08:DB:AE:02:34:AA:0B
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018D2541485EE64AC8AA28B0FEA2D6C92696
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LZT4BZnsa1johHChegjbrgI0qgs.roa
Signing time: Sat 20 Jan 2024 05:04:11 +0000
ROA not before: Sat 20 Jan 2024 05:04:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200482
IP address blocks: 194.87.40.0/24 maxlen: 24
194.87.88.0/24 maxlen: 24
194.87.136.0/24 maxlen: 24
194.87.169.0/24 maxlen: 24
195.133.15.0/24 maxlen: 24
195.133.28.0/24 maxlen: 24
195.133.81.0/24 maxlen: 24
212.193.12.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 25 Jan 2024 04:24:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:25:41:48:5e:e6:4a:c8:aa:28:b0:fe:a2:d6:c9:26:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 20 05:04:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2d94f80599ec6b58e88470a17a08dbae0234aa0b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:c2:6f:60:8d:08:c5:af:d8:14:0d:3e:08:52:
00:d2:f0:c3:15:0f:fb:80:ac:ae:1f:14:f3:21:4d:
80:b2:bd:5c:5e:41:4d:15:7b:51:7f:fb:7c:02:f5:
ab:65:e0:f7:3f:b2:91:9e:f6:c4:7c:4e:d9:8f:e8:
6e:69:ed:5d:1a:db:66:da:b6:47:7f:9a:73:5c:19:
0d:06:ec:dd:f3:31:51:fa:dc:07:6d:99:11:a8:02:
8e:3c:47:00:9a:8a:b9:ec:a9:d2:c5:58:97:67:3e:
b1:54:14:eb:5b:ff:0c:dc:8e:e7:4a:b3:09:43:33:
62:87:b0:02:2d:36:66:a7:ff:c7:49:d7:ae:e8:09:
bf:10:57:76:f5:92:fe:bf:66:d0:66:0e:b4:17:8b:
b2:1c:00:53:d9:98:21:be:c4:04:02:45:3c:4a:5b:
80:42:01:9b:ce:e2:3a:8e:2c:98:ae:67:56:d0:89:
68:67:37:2d:59:be:53:02:8b:c6:77:a6:e7:a7:00:
9f:ab:f5:d7:bd:cf:c1:27:69:97:30:58:80:7e:e4:
46:21:ec:4b:78:1b:ba:fd:ea:c2:0e:20:1d:17:05:
f5:9b:22:2e:db:d2:8a:b3:d4:94:92:d5:f2:aa:25:
fb:e2:04:36:ea:05:87:02:8d:c1:24:01:29:b2:72:
d5:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:94:F8:05:99:EC:6B:58:E8:84:70:A1:7A:08:DB:AE:02:34:AA:0B
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/LZT4BZnsa1johHChegjbrgI0qgs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.40.0/24
194.87.88.0/24
194.87.136.0/24
194.87.169.0/24
195.133.15.0/24
195.133.28.0/24
195.133.81.0/24
212.193.12.0/24
Signature Algorithm: sha256WithRSAEncryption
07:ef:e4:c2:b0:81:08:99:81:26:6e:a3:51:20:5a:c9:2d:d8:
63:86:ab:92:c6:8d:9f:f6:3f:72:22:dc:4b:ea:6d:35:81:2f:
b4:e7:0e:9b:95:cd:1e:cb:61:1b:bd:bc:ef:32:78:d1:a1:1c:
d5:c4:df:5a:53:e1:78:29:1d:17:f6:9a:5b:53:a9:9a:4d:53:
be:2f:fd:21:5a:2b:fa:8a:06:29:03:db:72:aa:fd:68:f0:15:
a8:6c:e5:a8:a2:72:aa:e9:90:ee:6c:93:37:f1:bf:3d:8a:72:
33:18:7e:c5:4e:9a:70:fd:be:be:6d:1c:c9:b5:82:01:2d:50:
50:92:45:4d:f0:55:c5:55:4f:2e:06:0f:d5:d4:a7:15:f4:c1:
ca:a1:3d:59:88:00:87:04:03:04:65:82:27:81:23:df:a1:44:
fa:22:9a:47:5c:e7:09:dd:87:75:03:a2:a5:99:76:d2:3b:21:
7e:d1:46:5d:ff:1a:c4:aa:4f:e6:99:31:2f:aa:66:18:7b:bc:
5f:6f:91:00:84:fa:9e:8c:ef:0e:58:f8:3a:6e:fd:b3:7a:e7:
5a:b0:ad:94:17:59:9d:ac:eb:69:64:e6:18:82:b3:d7:e7:aa:
be:6f:a9:a2:6a:61:ec:ec:9e:f1:f9:4e:70:9d:81:d1:5c:84:
6f:74:44:d7
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY0lQUhe5krIqiiw/qLWySaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTIwMDUwNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDk0ZjgwNTk5ZWM2YjU4ZTg4NDcwYTE3YTA4ZGJhZTAyMzRhYTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhMJvYI0Ixa/YFA0+CFIA0vDDFQ/7
gKyuHxTzIU2Asr1cXkFNFXtRf/t8AvWrZeD3P7KRnvbEfE7Zj+huae1dGttm2rZH
f5pzXBkNBuzd8zFR+twHbZkRqAKOPEcAmoq57KnSxViXZz6xVBTrW/8M3I7nSrMJ
QzNih7ACLTZmp//HSdeu6Am/EFd29ZL+v2bQZg60F4uyHABT2ZghvsQEAkU8SluA
QgGbzuI6jiyYrmdW0IloZzctWb5TAovGd6bnpwCfq/XXvc/BJ2mXMFiAfuRGIexL
eBu6/erCDiAdFwX1myIu29KKs9SUktXyqiX74gQ26gWHAo3BJAEpsnLV2wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFC2U+AWZ7GtY6IRwoXoI264CNKoLMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvTFpUNEJabnNhMWpvaEhDaGVnamJyZ0kwcWdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAwlcoAwQA
wldYAwQAwleIAwQAwlepAwQAw4UPAwQAw4UcAwQAw4VRAwQA1MEMMA0GCSqGSIb3
DQEBCwUAA4IBAQAH7+TCsIEImYEmbqNRIFrJLdhjhquSxo2f9j9yItxL6m01gS+0
5w6blc0ey2EbvbzvMnjRoRzVxN9aU+F4KR0X9ppbU6maTVO+L/0hWiv6igYpA9ty
qv1o8BWobOWoonKq6ZDubJM38b89inIzGH7FTppw/b6+bRzJtYIBLVBQkkVN8FXF
VU8uBg/V1KcV9MHKoT1ZiACHBAMEZYIngSPfoUT6IppHXOcJ3Yd1A6KlmXbSOyF+
0UZd/xrEqk/mmTEvqmYYe7xfb5EAhPqejO8OWPg6bv2zeudasK2UF1mdrOtpZOYY
grPX56q+b6miamHs7J7x+U5wnYHRXIRvdETX
-----END CERTIFICATE-----
Generated at Thu Jan 25 05:10:53 2024 by rpki-client on console-ams.rpki-client.org