Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/h9z6Qg8oQVTYzdBIsiYb1zHltLI.roa
File: h9z6Qg8oQVTYzdBIsiYb1zHltLI.roa (raw, json)
Hash identifier: LOX9K8HznuwHTelccVdzu0ApdLc+Nlarf7KZed/brMY=
Subject key identifier: 87:DC:FA:42:0F:28:41:54:D8:CD:D0:48:B2:26:1B:D7:31:E5:B4:B2
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 01877F12F602A10D83C365F0AC79D0CE3DF2
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/h9z6Qg8oQVTYzdBIsiYb1zHltLI.roa
Signing time: Fri 14 Apr 2023 09:22:41 +0000
ROA not before: Fri 14 Apr 2023 09:22:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203639
IP address blocks: 212.193.14.0/24 maxlen: 24
194.87.208.0/24 maxlen: 24
194.87.221.0/24 maxlen: 24
194.87.226.0/24 maxlen: 24
194.87.231.0/24 maxlen: 24
195.133.15.0/24 maxlen: 24
192.124.190.0/24 maxlen: 24
194.87.76.0/24 maxlen: 24
193.124.202.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7f:12:f6:02:a1:0d:83:c3:65:f0:ac:79:d0:ce:3d:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Apr 14 09:22:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=87dcfa420f284154d8cdd048b2261bd731e5b4b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:9f:ed:44:4b:36:82:33:4b:a8:dd:72:f8:cf:
53:b5:19:4a:fa:93:7f:5b:26:4d:20:08:4e:0f:25:
e7:5d:3e:da:05:04:64:d0:3f:b9:ec:6c:6c:51:39:
e4:a0:85:98:ca:dc:be:bc:0c:76:bc:01:35:f7:f3:
90:ef:6d:8e:d3:76:5a:4a:9b:d2:f5:56:e3:6f:77:
22:ad:39:2a:89:04:86:f0:27:14:ed:4b:98:8b:e8:
cc:f8:13:03:fd:ad:ef:6c:1f:7c:92:4d:e0:8f:73:
9a:ec:f8:65:45:fb:28:b4:55:9a:f3:20:ee:f6:ae:
d3:e1:56:77:13:53:30:e8:d8:0b:ba:6a:b1:7c:94:
b0:94:d0:6f:02:60:d2:f2:d6:b8:ec:aa:42:e7:bb:
ca:32:f3:f1:39:14:16:24:33:a2:cc:4d:dd:95:1f:
66:51:bc:f5:e0:cd:1a:d9:8d:5b:cd:27:44:2c:ff:
95:a6:45:6a:73:5d:19:77:27:53:9c:cc:6f:a5:2a:
03:0d:ff:f9:0d:f0:bf:75:8c:1d:ee:58:ae:ab:66:
fa:e5:29:ad:d2:fd:70:39:ed:fb:be:51:a0:88:e5:
64:c6:77:3b:f0:13:49:b0:b9:15:33:2a:c0:71:64:
8a:cb:cc:4b:c2:2a:f2:02:23:a1:59:58:34:6c:1c:
1b:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:DC:FA:42:0F:28:41:54:D8:CD:D0:48:B2:26:1B:D7:31:E5:B4:B2
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/h9z6Qg8oQVTYzdBIsiYb1zHltLI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.190.0/24
193.124.202.0/24
194.87.76.0/24
194.87.208.0/24
194.87.221.0/24
194.87.226.0/24
194.87.231.0/24
195.133.15.0/24
212.193.14.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:76:f0:46:d4:ac:e7:3b:c2:e4:31:dc:1a:28:5e:a2:12:fd:
77:6c:30:99:cd:1f:97:af:a6:2a:d9:74:ad:aa:5b:b6:ee:18:
69:c4:ea:b1:7f:bc:79:02:c5:a3:7b:95:08:1e:b4:d8:30:98:
c8:46:82:d7:e6:28:39:64:11:32:12:ca:e5:ca:46:05:dc:7b:
cf:93:32:04:58:55:17:4e:0b:88:b9:e3:fd:2f:da:53:91:d1:
09:b6:d7:cf:98:5d:02:88:cd:13:3b:0d:2d:0b:43:d4:0c:6a:
0f:48:60:66:f6:80:a4:ea:ea:46:8e:3d:0b:fb:7e:2a:50:da:
9b:3c:f6:56:f5:79:41:a4:a6:eb:d0:c3:2c:dc:e1:54:87:44:
ca:cc:ce:94:6f:8c:3d:9c:85:0b:5e:85:cb:fc:9d:c9:00:e2:
19:94:a2:b1:f9:3b:a2:19:15:15:75:b4:b5:80:f4:20:ba:6f:
96:c2:29:11:86:a4:4c:f5:f2:5a:38:77:02:b6:32:07:38:d9:
eb:b6:23:c7:6d:b8:dc:9a:c0:21:5b:b2:72:19:db:0f:0d:9c:
57:5b:36:bb:d5:ee:00:fe:5b:69:31:c2:9b:72:59:0d:fc:49:
83:09:f9:81:bc:b1:5b:e0:9f:87:e1:55:96:61:71:3e:84:83:
3e:49:f4:c1
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYd/EvYCoQ2Dw2XwrHnQzj3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDE0MDkyMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2RjZmE0MjBmMjg0MTU0ZDhjZGQwNDhiMjI2MWJkNzMxZTViNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ/tREs2gjNLqN1y+M9TtRlK+pN/
WyZNIAhODyXnXT7aBQRk0D+57GxsUTnkoIWYyty+vAx2vAE19/OQ722O03ZaSpvS
9Vbjb3cirTkqiQSG8CcU7UuYi+jM+BMD/a3vbB98kk3gj3Oa7PhlRfsotFWa8yDu
9q7T4VZ3E1Mw6NgLumqxfJSwlNBvAmDS8ta47KpC57vKMvPxORQWJDOizE3dlR9m
Ubz14M0a2Y1bzSdELP+VpkVqc10ZdydTnMxvpSoDDf/5DfC/dYwd7liuq2b65Smt
0v1wOe37vlGgiOVkxnc78BNJsLkVMyrAcWSKy8xLwiryAiOhWVg0bBwbDQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFIfc+kIPKEFU2M3QSLImG9cx5bSyMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvaDl6NlFnOG9RVlRZemRCSXNpWWIxekhsdExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwHy+AwQA
wXzKAwQAwldMAwQAwlfQAwQAwlfdAwQAwlfiAwQAwlfnAwQAw4UPAwQA1MEOMA0G
CSqGSIb3DQEBCwUAA4IBAQBOdvBG1KznO8LkMdwaKF6iEv13bDCZzR+Xr6Yq2XSt
qlu27hhpxOqxf7x5AsWje5UIHrTYMJjIRoLX5ig5ZBEyEsrlykYF3HvPkzIEWFUX
TguIueP9L9pTkdEJttfPmF0CiM0TOw0tC0PUDGoPSGBm9oCk6upGjj0L+34qUNqb
PPZW9XlBpKbr0MMs3OFUh0TKzM6Ub4w9nIULXoXL/J3JAOIZlKKx+TuiGRUVdbS1
gPQgum+WwikRhqRM9fJaOHcCtjIHONnrtiPHbbjcmsAhW7JyGdsPDZxXWza71e4A
/ltpMcKbclkN/EmDCfmBvLFb4J+H4VWWYXE+hIM+SfTB
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:03 2023 by rpki-client on console-ams.rpki-client.org