Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SsaJMB5lhY4jbMu4MQI33jDQ4qc.roa
File: SsaJMB5lhY4jbMu4MQI33jDQ4qc.roa (raw, json)
Hash identifier: J+kHylLx2RA8H6/nJxL7Vnla+mdGrcYrb/XdfTzyxWw=
Subject key identifier: 4A:C6:89:30:1E:65:85:8E:23:6C:CB:B8:31:02:37:DE:30:D0:E2:A7
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018AE1A76B3319AC473660BD7DA3BEAB7A97
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SsaJMB5lhY4jbMu4MQI33jDQ4qc.roa
Signing time: Fri 29 Sep 2023 15:56:00 +0000
ROA not before: Fri 29 Sep 2023 15:56:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49392
IP address blocks: 194.87.118.0/23 maxlen: 24
194.87.220.0/24 maxlen: 24
193.124.254.0/24 maxlen: 24
195.133.10.0/23 maxlen: 23
194.135.32.0/24 maxlen: 24
185.72.10.0/24 maxlen: 24
195.133.26.0/23 maxlen: 24
195.133.56.0/23 maxlen: 23
195.133.52.0/23 maxlen: 23
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:e1:a7:6b:33:19:ac:47:36:60:bd:7d:a3:be:ab:7a:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Sep 29 15:56:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4ac689301e65858e236ccbb8310237de30d0e2a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:51:a0:50:1a:a1:8d:df:62:f6:3a:45:de:39:
2d:89:42:72:34:24:eb:e1:2a:18:3a:8c:e9:24:d7:
7e:ac:93:96:55:ba:e2:c3:4f:80:8f:57:99:82:a5:
9b:49:01:15:be:bf:e7:00:ab:88:67:f3:a9:ff:0b:
33:85:50:4e:84:cc:87:d7:91:89:db:ea:77:04:b1:
f6:64:5e:cf:39:ad:8b:65:3b:17:57:b7:79:fa:9a:
e6:c2:06:02:00:70:bf:9c:96:e9:05:45:45:4f:e0:
3f:5a:a2:06:65:22:35:8a:d0:41:c1:93:33:44:80:
28:1a:9f:62:65:87:a9:08:ca:40:09:48:4c:fd:2b:
2a:9f:e6:57:3b:ed:a0:c1:b6:e1:b6:a9:13:f5:10:
cb:4d:22:ed:97:36:32:43:33:bf:13:54:cb:1a:e8:
a9:96:55:55:30:aa:50:78:f5:7b:e1:28:d9:49:50:
50:c0:11:f1:da:0f:46:95:77:3e:81:99:7b:ce:08:
5c:93:b1:cc:7e:c2:c0:db:b3:e4:39:b7:7c:30:bf:
10:d9:74:fe:a1:23:34:e7:ad:1e:0a:be:2e:1b:02:
63:53:45:77:6a:b9:43:e2:92:78:ec:57:4c:5d:9c:
40:64:28:77:98:63:06:f9:c7:4a:d0:b6:2d:18:56:
7f:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:C6:89:30:1E:65:85:8E:23:6C:CB:B8:31:02:37:DE:30:D0:E2:A7
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/SsaJMB5lhY4jbMu4MQI33jDQ4qc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.72.10.0/24
193.124.254.0/24
194.87.118.0/23
194.87.220.0/24
194.135.32.0/24
195.133.10.0/23
195.133.26.0/23
195.133.52.0/23
195.133.56.0/23
Signature Algorithm: sha256WithRSAEncryption
44:37:2a:79:a4:aa:d2:ba:1d:95:ea:1f:47:ac:12:06:02:0f:
60:e3:24:18:96:68:fa:fe:df:d0:04:ca:f6:66:85:1e:75:35:
c4:d6:c7:f5:59:41:3c:28:c2:60:4a:35:34:ad:65:de:06:88:
5b:a9:fb:b0:04:72:9d:bb:7e:eb:ae:08:c5:29:a5:2d:ff:e0:
66:62:fa:d3:85:d5:bc:a4:18:5d:c1:86:1f:4d:2c:ea:c9:2c:
18:9e:da:19:c1:73:82:85:a4:3f:55:83:a6:74:d1:09:6c:1b:
1a:60:8e:2d:7d:1a:f2:e5:99:77:89:7a:cb:56:68:14:c4:7e:
db:ba:9e:9a:2b:36:8b:47:f6:d6:4b:72:61:ad:27:ed:e5:91:
a5:dd:1f:d5:c3:bd:26:99:01:ee:e5:c3:74:31:dc:c9:c5:4f:
22:d7:b2:14:c9:64:de:8a:ad:fc:84:a9:ec:6c:d7:f6:4c:04:
8c:40:45:17:b2:4c:13:a4:61:0a:3d:87:ab:ac:08:34:64:03:
47:cb:21:2a:d1:17:38:56:d4:68:88:01:f9:11:13:f2:9d:f5:
06:b3:ad:8f:73:c7:2c:fe:ed:68:ad:13:83:ad:ea:38:6c:22:
a4:77:66:77:c3:6b:a0:c0:52:d2:2b:e9:4f:1c:75:03:a8:89:
cb:e4:f7:01
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYrhp2szGaxHNmC9faO+q3qXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTI5MTU1NjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWM2ODkzMDFlNjU4NThlMjM2Y2NiYjgzMTAyMzdkZTMwZDBlMmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklGgUBqhjd9i9jpF3jktiUJyNCTr
4SoYOozpJNd+rJOWVbriw0+Aj1eZgqWbSQEVvr/nAKuIZ/Op/wszhVBOhMyH15GJ
2+p3BLH2ZF7POa2LZTsXV7d5+prmwgYCAHC/nJbpBUVFT+A/WqIGZSI1itBBwZMz
RIAoGp9iZYepCMpACUhM/Ssqn+ZXO+2gwbbhtqkT9RDLTSLtlzYyQzO/E1TLGuip
llVVMKpQePV74SjZSVBQwBHx2g9GlXc+gZl7zghck7HMfsLA27PkObd8ML8Q2XT+
oSM0560eCr4uGwJjU0V3arlD4pJ47FdMXZxAZCh3mGMG+cdK0LYtGFZ/nQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFErGiTAeZYWOI2zLuDECN94w0OKnMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvU3NhSk1CNWxoWTRqYk11NE1RSTMzakRRNHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAuUgKAwQA
wXz+AwQBwld2AwQAwlfcAwQAwocgAwQBw4UKAwQBw4UaAwQBw4U0AwQBw4U4MA0G
CSqGSIb3DQEBCwUAA4IBAQBENyp5pKrSuh2V6h9HrBIGAg9g4yQYlmj6/t/QBMr2
ZoUedTXE1sf1WUE8KMJgSjU0rWXeBohbqfuwBHKdu37rrgjFKaUt/+BmYvrThdW8
pBhdwYYfTSzqySwYntoZwXOChaQ/VYOmdNEJbBsaYI4tfRry5Zl3iXrLVmgUxH7b
up6aKzaLR/bWS3JhrSft5ZGl3R/Vw70mmQHu5cN0MdzJxU8i17IUyWTeiq38hKns
bNf2TASMQEUXskwTpGEKPYerrAg0ZANHyyEq0Rc4VtRoiAH5ERPynfUGs62Pc8cs
/u1orRODreo4bCKkd2Z3w2ugwFLSK+lPHHUDqInL5PcB
-----END CERTIFICATE-----
Generated at Fri Oct 6 15:37:38 2023 by rpki-client on console-ams.rpki-client.org