Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/op9gIbBd9E5lTpJno2zziMtxmo8.roa
File: op9gIbBd9E5lTpJno2zziMtxmo8.roa (raw, json)
Hash identifier: dMVHl5rnbPYc8L+xtzWpFo8yNeRS5FFOeU9kBxVq0J0=
Subject key identifier: A2:9F:60:21:B0:5D:F4:4E:65:4E:92:67:A3:6C:F3:88:CB:71:9A:8F
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0186724C24C95BC14FCDC191BD9685BAF251
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/op9gIbBd9E5lTpJno2zziMtxmo8.roa
Signing time: Tue 21 Feb 2023 04:47:17 +0000
ROA not before: Tue 21 Feb 2023 04:47:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 399471
IP address blocks: 212.193.29.0/24 maxlen: 24
194.87.221.0/24 maxlen: 24
194.87.227.0/24 maxlen: 24
212.192.216.0/22 maxlen: 24
194.85.250.0/24 maxlen: 24
194.85.248.0/24 maxlen: 24
194.87.67.0/24 maxlen: 24
195.133.39.0/24 maxlen: 24
212.192.244.0/22 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:72:4c:24:c9:5b:c1:4f:cd:c1:91:bd:96:85:ba:f2:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Feb 21 04:47:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a29f6021b05df44e654e9267a36cf388cb719a8f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:1e:8b:66:c1:4f:aa:57:14:34:21:c7:aa:a4:
e7:81:65:9d:20:37:e2:21:b9:26:d8:21:eb:f5:04:
1e:21:0f:fa:af:18:02:4c:3c:81:e1:c1:30:4d:6e:
09:06:af:69:0c:33:1c:c8:81:bc:2a:42:4d:f0:a7:
9d:dc:34:e8:ce:60:1c:e2:48:f2:87:46:6e:b7:50:
be:ab:29:93:72:d2:6b:84:89:45:25:fc:7b:e8:6c:
7c:d5:a2:be:73:30:e2:e1:10:c3:43:76:d8:38:ba:
c4:2a:16:c6:b9:08:88:76:11:15:34:27:ce:64:de:
15:78:52:ad:1f:8b:d6:2d:5c:26:a3:0d:93:74:cc:
a1:3e:ea:77:e8:0b:05:cd:b0:13:59:1e:08:22:09:
8d:11:c2:71:c0:ba:25:6d:3c:b9:cb:dc:3c:5e:0a:
0d:f1:81:21:1f:af:98:d0:97:3c:90:f2:8c:d4:97:
d7:96:75:0e:5d:55:63:4e:cf:1d:87:0a:02:94:8e:
a2:6c:91:7d:59:4a:e3:a5:4e:e9:e4:cb:ea:6d:15:
b4:33:ce:93:fb:64:77:2c:47:32:b1:00:14:f8:b3:
f6:a0:ce:57:22:e8:8c:61:e2:0a:15:c4:ef:ed:a7:
32:34:d5:e9:4a:46:d6:5d:8f:0e:81:01:c5:10:57:
18:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:9F:60:21:B0:5D:F4:4E:65:4E:92:67:A3:6C:F3:88:CB:71:9A:8F
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/op9gIbBd9E5lTpJno2zziMtxmo8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.85.248.0/24
194.85.250.0/24
194.87.67.0/24
194.87.221.0/24
194.87.227.0/24
195.133.39.0/24
212.192.216.0/22
212.192.244.0/22
212.193.29.0/24
Signature Algorithm: sha256WithRSAEncryption
18:7e:a5:76:aa:68:db:ec:b3:2d:f2:f2:b5:3b:d9:2f:b1:c8:
86:1a:18:92:c8:36:ad:7b:56:dc:84:3a:8a:ca:1d:0b:b6:21:
8b:1b:15:0c:f9:ef:cf:3f:b0:bf:07:c9:3d:61:2c:d5:bc:9a:
77:5e:f1:ed:69:ab:77:45:99:eb:0c:2f:b2:95:05:f1:88:0b:
f6:3e:8d:cc:96:f6:4d:56:74:7c:db:66:ed:de:28:65:48:6b:
56:db:ea:e9:b2:58:8e:e8:eb:fb:cb:f7:6f:1e:42:0c:c6:68:
62:8f:3b:a3:5c:c4:a9:67:55:7d:b0:df:c5:51:56:b7:63:5f:
0f:e4:c4:31:a9:43:f9:e0:84:27:91:3e:77:04:9d:50:15:c5:
e3:e9:40:fe:5c:03:4d:21:32:44:b3:da:be:f7:00:2e:1f:97:
c4:79:94:f2:7c:de:de:8b:f9:f4:07:88:31:a1:b0:9d:10:25:
1f:55:2d:67:f6:d9:2c:1a:25:f8:e2:52:8e:4a:3b:1c:20:b7:
9e:42:41:1c:ff:e6:1d:e3:1d:f6:64:52:9a:64:32:b6:2d:63:
04:e2:16:96:2a:f9:0f:38:04:88:87:39:b1:ca:53:1c:bc:2e:
96:b2:7c:4c:a3:1f:9d:9c:f7:a1:ee:02:f1:f8:84:02:f5:c2:
8f:e3:a4:84
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYZyTCTJW8FPzcGRvZaFuvJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMjIxMDQ0NzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjlmNjAyMWIwNWRmNDRlNjU0ZTkyNjdhMzZjZjM4OGNiNzE5YThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgR6LZsFPqlcUNCHHqqTngWWdIDfi
Ibkm2CHr9QQeIQ/6rxgCTDyB4cEwTW4JBq9pDDMcyIG8KkJN8Ked3DTozmAc4kjy
h0Zut1C+qymTctJrhIlFJfx76Gx81aK+czDi4RDDQ3bYOLrEKhbGuQiIdhEVNCfO
ZN4VeFKtH4vWLVwmow2TdMyhPup36AsFzbATWR4IIgmNEcJxwLolbTy5y9w8XgoN
8YEhH6+Y0Jc8kPKM1JfXlnUOXVVjTs8dhwoClI6ibJF9WUrjpU7p5MvqbRW0M86T
+2R3LEcysQAU+LP2oM5XIuiMYeIKFcTv7acyNNXpSkbWXY8OgQHFEFcYjQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFKKfYCGwXfROZU6SZ6Ns84jLcZqPMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvb3A5Z0liQmQ5RTVsVHBKbm8yenppTXR4bW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAwlX4AwQA
wlX6AwQAwldDAwQAwlfdAwQAwlfjAwQAw4UnAwQC1MDYAwQC1MD0AwQA1MEdMA0G
CSqGSIb3DQEBCwUAA4IBAQAYfqV2qmjb7LMt8vK1O9kvsciGGhiSyDate1bchDqK
yh0LtiGLGxUM+e/PP7C/B8k9YSzVvJp3XvHtaat3RZnrDC+ylQXxiAv2Po3MlvZN
VnR822bt3ihlSGtW2+rpsliO6Ov7y/dvHkIMxmhijzujXMSpZ1V9sN/FUVa3Y18P
5MQxqUP54IQnkT53BJ1QFcXj6UD+XANNITJEs9q+9wAuH5fEeZTyfN7ei/n0B4gx
obCdECUfVS1n9tksGiX44lKOSjscILeeQkEc/+Yd4x32ZFKaZDK2LWME4haWKvkP
OASIhzmxylMcvC6WsnxMox+dnPeh7gLx+IQC9cKP46SE
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:42:11 2023 by rpki-client on console-fra.rpki-client.org