Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/V2o1IFawPfjqo11gk4B9SSNJHp0.roa
File: V2o1IFawPfjqo11gk4B9SSNJHp0.roa (raw, json)
Hash identifier: Cp7AxP5y9HzeQ4Fqm1qZgSjQIzuSZ0isyTofbzEVBxU=
Subject key identifier: 57:6A:35:20:56:B0:3D:F8:EA:A3:5D:60:93:80:7D:49:23:49:1E:9D
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018CD92CE97275203EB0418314D2E82EDEB7
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/V2o1IFawPfjqo11gk4B9SSNJHp0.roa
Signing time: Fri 05 Jan 2024 10:30:48 +0000
ROA not before: Fri 05 Jan 2024 10:30:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208287
IP address blocks: 193.124.7.0/24 maxlen: 24
194.87.215.0/24 maxlen: 24
195.133.85.0/24 maxlen: 24
195.133.6.0/24 maxlen: 24
195.58.34.0/24 maxlen: 24
194.58.154.0/24 maxlen: 24
193.124.90.0/24 maxlen: 24
194.87.190.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 09 Jan 2024 12:44:40 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:d9:2c:e9:72:75:20:3e:b0:41:83:14:d2:e8:2e:de:b7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Jan 5 10:30:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=576a352056b03df8eaa35d6093807d4923491e9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:65:4a:b6:84:74:28:e0:86:9b:28:f8:b8:17:
22:6a:dd:78:91:68:35:0d:6e:a6:13:23:2c:1f:dd:
c5:75:8a:6d:d0:54:b1:0b:a4:51:87:e8:98:49:29:
36:c5:97:8d:c0:0a:f2:5a:3d:e5:2d:ec:97:51:b1:
fe:f9:bd:e8:7e:d2:41:09:4f:0e:aa:0b:45:fe:27:
c7:6c:f2:db:04:dd:dc:3c:9c:96:36:8a:3e:1b:d8:
28:53:c0:0f:f2:43:7d:2b:f7:50:83:9e:a9:02:69:
88:6e:1e:82:bc:23:7c:81:bc:94:08:e8:53:16:d5:
0b:b4:50:04:c1:a9:15:69:0b:c2:30:a7:96:5c:1d:
42:66:28:9b:ae:ac:d1:e3:68:27:dd:7e:b3:05:b6:
1c:63:54:1e:ae:91:41:29:19:28:12:3c:f8:b7:27:
6d:17:65:6c:d0:93:80:f8:3e:e6:37:79:69:ea:9a:
c8:41:80:39:f9:35:e9:2e:22:a8:c4:7f:a7:68:6d:
31:86:a8:d4:c4:eb:37:4a:2b:ab:09:34:0b:f1:78:
35:c9:0d:cd:a9:95:b2:63:5c:c7:86:ed:6f:05:5c:
18:a0:ea:1d:88:75:41:bb:0d:48:6e:92:17:0f:30:
7b:d7:21:54:63:c2:71:6f:16:27:2b:f6:ab:78:27:
e7:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:6A:35:20:56:B0:3D:F8:EA:A3:5D:60:93:80:7D:49:23:49:1E:9D
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/V2o1IFawPfjqo11gk4B9SSNJHp0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.7.0/24
193.124.90.0/24
194.58.154.0/24
194.87.190.0/24
194.87.215.0/24
195.58.34.0/24
195.133.6.0/24
195.133.85.0/24
Signature Algorithm: sha256WithRSAEncryption
23:02:4d:bb:c3:38:10:76:ae:7d:5d:a0:c3:f0:e1:91:d8:8b:
fe:86:a6:43:38:bb:9f:a3:0c:d8:75:f6:80:eb:b4:c3:d1:f9:
fa:a4:d0:a4:6a:f0:da:64:2f:ad:4f:2a:7e:b0:73:05:29:64:
59:5a:07:cf:09:74:83:7b:dd:27:d8:15:01:b5:0f:83:53:62:
bb:3e:2a:f6:97:2b:c5:7e:1c:04:b2:f4:87:8b:63:d4:38:3e:
62:50:a5:20:4a:91:c7:49:d6:42:43:cb:f3:4f:3b:28:96:fe:
f9:91:10:42:cb:43:9d:e7:fb:10:65:4e:12:97:d6:69:ec:23:
68:45:33:4a:ec:fa:e3:44:39:20:35:40:74:8c:ae:c6:9d:b9:
f8:02:d0:ea:5a:f6:b6:9f:3e:fd:f8:6a:7e:62:57:63:88:48:
8d:a5:82:7c:c1:46:74:fe:e6:76:51:15:15:e0:f8:0e:33:7b:
d0:d9:d6:b8:fe:6d:65:0d:a2:ea:34:8e:d9:94:42:d0:9f:a7:
f4:7a:34:28:d0:39:50:25:fd:d2:96:e9:44:04:aa:e9:10:54:
7b:96:59:bf:e4:2c:35:30:02:01:ac:d1:5f:6e:23:8d:d9:a6:
a6:ce:eb:61:1a:fb:da:d7:fd:0b:ce:c7:d3:f4:90:2b:1e:6c:
2d:51:ce:8f
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzZLOlydSA+sEGDFNLoLt63MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjQwMTA1MTAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzZhMzUyMDU2YjAzZGY4ZWFhMzVkNjA5MzgwN2Q0OTIzNDkxZTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymVKtoR0KOCGmyj4uBciat14kWg1
DW6mEyMsH93FdYpt0FSxC6RRh+iYSSk2xZeNwAryWj3lLeyXUbH++b3oftJBCU8O
qgtF/ifHbPLbBN3cPJyWNoo+G9goU8AP8kN9K/dQg56pAmmIbh6CvCN8gbyUCOhT
FtULtFAEwakVaQvCMKeWXB1CZiibrqzR42gn3X6zBbYcY1QerpFBKRkoEjz4tydt
F2Vs0JOA+D7mN3lp6prIQYA5+TXpLiKoxH+naG0xhqjUxOs3SiurCTQL8Xg1yQ3N
qZWyY1zHhu1vBVwYoOodiHVBuw1IbpIXDzB71yFUY8JxbxYnK/areCfn4wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFdqNSBWsD346qNdYJOAfUkjSR6dMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvVjJvMUlGYXdQZmpxbzExZ2s0QjlTU05KSHAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAwXwHAwQA
wXxaAwQAwjqaAwQAwle+AwQAwlfXAwQAwzoiAwQAw4UGAwQAw4VVMA0GCSqGSIb3
DQEBCwUAA4IBAQAjAk27wzgQdq59XaDD8OGR2Iv+hqZDOLufowzYdfaA67TD0fn6
pNCkavDaZC+tTyp+sHMFKWRZWgfPCXSDe90n2BUBtQ+DU2K7Pir2lyvFfhwEsvSH
i2PUOD5iUKUgSpHHSdZCQ8vzTzsolv75kRBCy0Od5/sQZU4Sl9Zp7CNoRTNK7Prj
RDkgNUB0jK7Gnbn4AtDqWva2nz79+Gp+YldjiEiNpYJ8wUZ0/uZ2URUV4PgOM3vQ
2da4/m1lDaLqNI7ZlELQn6f0ejQo0DlQJf3SlulEBKrpEFR7llm/5Cw1MAIBrNFf
biON2aamzuthGvva1/0LzsfT9JArHmwtUc6P
-----END CERTIFICATE-----
Generated at Tue Jan 9 15:36:41 2024 by rpki-client on console-fra.rpki-client.org