Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lXzLgsScknGLO7Ps7QrJf9XUoKI.roa
File: lXzLgsScknGLO7Ps7QrJf9XUoKI.roa (raw, json)
Hash identifier: uhYynpaLyGnRu6ZG9treGWDi036zZv18d7VNcK9Ue3g=
Subject key identifier: 95:7C:CB:82:C4:9C:92:71:8B:3B:B3:EC:ED:0A:C9:7F:D5:D4:A0:A2
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018CB68945476E1D016D26C580FA08F5AF8E
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lXzLgsScknGLO7Ps7QrJf9XUoKI.roa
Signing time: Fri 29 Dec 2023 17:04:58 +0000
ROA not before: Fri 29 Dec 2023 17:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 147186
IP address blocks: 194.87.224.0/24 maxlen: 24
194.87.229.0/24 maxlen: 24
194.87.141.0/24 maxlen: 24
212.192.208.0/24 maxlen: 24
212.192.1.0/24 maxlen: 24
194.87.168.0/24 maxlen: 24
194.87.170.0/24 maxlen: 24
195.58.54.0/24 maxlen: 24
195.58.63.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b6:89:45:47:6e:1d:01:6d:26:c5:80:fa:08:f5:af:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Dec 29 17:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=957ccb82c49c92718b3bb3eced0ac97fd5d4a0a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:14:ba:91:ff:fc:65:5f:bf:3e:f5:d3:14:25:
40:59:bb:c4:5b:03:ab:b5:be:36:b2:84:2b:ed:7b:
43:d9:66:4a:be:2c:fc:8d:3d:b6:9a:d1:fa:60:b4:
f4:e9:dc:9e:d2:31:3e:9a:94:95:2e:14:c4:6a:c2:
80:da:ad:2c:31:9d:58:2c:fe:da:7f:4a:d6:60:5b:
ef:8e:b4:e0:6c:e9:9c:3c:2e:b4:ef:e7:10:b1:8d:
27:f3:d7:62:4c:87:e4:5d:5b:f6:6a:0e:83:5e:0d:
6d:90:81:0d:73:f3:c1:0f:83:e6:6a:bd:af:ac:e3:
9e:1b:72:dc:40:b2:cd:d7:81:f4:0c:c4:8e:68:ea:
70:87:b5:6d:17:6c:82:11:52:94:9c:e2:b6:80:85:
91:de:07:e2:9f:7c:6a:f4:9a:db:79:23:47:b3:21:
48:12:36:18:23:94:8a:8b:7d:95:54:2a:1b:4f:f1:
65:72:d8:86:03:d8:26:8c:78:13:e7:d0:aa:79:99:
4d:a6:d0:6e:ba:4e:3b:50:8e:dc:b9:3a:05:b1:e8:
f0:dc:cd:e9:1d:eb:16:12:e1:0b:9d:27:cd:bc:96:
0f:6f:9f:34:72:b7:46:23:1b:ae:0e:62:18:a9:20:
12:df:c6:05:1d:01:8e:05:bf:bf:00:96:e3:67:89:
c3:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:7C:CB:82:C4:9C:92:71:8B:3B:B3:EC:ED:0A:C9:7F:D5:D4:A0:A2
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/lXzLgsScknGLO7Ps7QrJf9XUoKI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.141.0/24
194.87.168.0/24
194.87.170.0/24
194.87.224.0/24
194.87.229.0/24
195.58.54.0/24
195.58.63.0/24
212.192.1.0/24
212.192.208.0/24
Signature Algorithm: sha256WithRSAEncryption
73:83:f5:e4:95:ce:5d:7e:ec:53:cc:be:f4:eb:8d:d2:36:ea:
4a:34:db:b3:3a:1b:b4:6c:0d:ba:50:d5:06:ca:31:2f:95:90:
0d:05:21:8c:1b:d1:7b:04:a4:d4:d0:e4:5a:ba:ec:74:7d:61:
d8:40:e4:77:db:1b:36:c4:4c:52:2b:a7:5a:e5:fc:ee:09:c7:
35:9c:ef:0a:b4:de:25:24:ec:d6:47:36:c0:4c:f5:a2:9b:0e:
98:7b:8d:e0:c4:ed:6c:51:8c:6b:39:02:58:4c:61:d9:63:11:
c5:ad:0f:09:6d:50:66:02:48:c1:22:64:e9:0d:fc:d1:f3:07:
34:ed:5f:78:3f:de:46:ef:83:83:e7:f5:c3:7c:02:c5:ce:ad:
95:56:f3:52:8e:4c:fd:31:55:90:12:65:6c:2e:30:67:9a:7c:
3a:15:5e:d7:80:3e:bc:33:9a:96:33:16:b3:8d:88:db:10:3c:
68:77:21:ac:84:4e:c7:32:fd:69:70:12:a9:3b:fd:3f:12:1e:
3f:b1:9e:c9:ef:ac:49:f2:40:7e:46:86:ad:60:34:44:72:c2:
c8:30:c8:a2:5a:f3:fd:b0:bd:86:26:a8:a1:1d:aa:32:72:ef:
63:94:61:0e:db:4b:67:90:cc:c9:1d:87:88:75:5b:4c:88:65:
e6:b0:c2:83
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYy2iUVHbh0BbSbFgPoI9a+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMjI5MTcwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTdjY2I4MmM0OWM5MjcxOGIzYmIzZWNlZDBhYzk3ZmQ1ZDRhMGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxS6kf/8ZV+/PvXTFCVAWbvEWwOr
tb42soQr7XtD2WZKviz8jT22mtH6YLT06dye0jE+mpSVLhTEasKA2q0sMZ1YLP7a
f0rWYFvvjrTgbOmcPC607+cQsY0n89diTIfkXVv2ag6DXg1tkIENc/PBD4Pmar2v
rOOeG3LcQLLN14H0DMSOaOpwh7VtF2yCEVKUnOK2gIWR3gfin3xq9JrbeSNHsyFI
EjYYI5SKi32VVCobT/FlctiGA9gmjHgT59CqeZlNptBuuk47UI7cuToFsejw3M3p
HesWEuELnSfNvJYPb580crdGIxuuDmIYqSAS38YFHQGOBb+/AJbjZ4nDuwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFJV8y4LEnJJxizuz7O0KyX/V1KCiMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvbFh6TGdzU2NrbkdMTzdQczdRckpmOVhVb0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwleNAwQA
wleoAwQAwleqAwQAwlfgAwQAwlflAwQAwzo2AwQAwzo/AwQA1MABAwQA1MDQMA0G
CSqGSIb3DQEBCwUAA4IBAQBzg/Xklc5dfuxTzL70643SNupKNNuzOhu0bA26UNUG
yjEvlZANBSGMG9F7BKTU0ORauux0fWHYQOR32xs2xExSK6da5fzuCcc1nO8KtN4l
JOzWRzbATPWimw6Ye43gxO1sUYxrOQJYTGHZYxHFrQ8JbVBmAkjBImTpDfzR8wc0
7V94P95G74OD5/XDfALFzq2VVvNSjkz9MVWQEmVsLjBnmnw6FV7XgD68M5qWMxaz
jYjbEDxodyGshE7HMv1pcBKpO/0/Eh4/sZ7J76xJ8kB+RoatYDREcsLIMMiiWvP9
sL2GJqihHaoycu9jlGEO20tnkMzJHYeIdVtMiGXmsMKD
-----END CERTIFICATE-----
Generated at Mon Jan 1 09:48:53 2024 by rpki-client on console-fra.rpki-client.org