Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tz1qIK5-2-kKAQQQF9ZgslwLank.roa
File: tz1qIK5-2-kKAQQQF9ZgslwLank.roa (raw, json)
Hash identifier: Xpr6Guz9Jafgj9Ar+S+VmaDDRw4ivbS+uH1GjZtJ/q8=
Subject key identifier: B7:3D:6A:20:AE:7E:DB:E9:0A:01:04:10:17:D6:60:B2:5C:0B:6A:79
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018BCD977766F0F1481FA5490D460BA506F2
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tz1qIK5-2-kKAQQQF9ZgslwLank.roa
Signing time: Tue 14 Nov 2023 11:28:57 +0000
ROA not before: Tue 14 Nov 2023 11:28:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 147186
IP address blocks: 194.87.141.0/24 maxlen: 24
194.87.33.0/24 maxlen: 24
212.192.1.0/24 maxlen: 24
194.87.170.0/24 maxlen: 24
194.87.178.0/24 maxlen: 24
195.58.63.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:cd:97:77:66:f0:f1:48:1f:a5:49:0d:46:0b:a5:06:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Nov 14 11:28:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b73d6a20ae7edbe90a01041017d660b25c0b6a79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:25:65:a2:50:0e:09:b1:28:20:f0:c6:56:82:
2c:e3:d5:ec:97:de:f2:38:f7:8d:f3:88:c6:21:b6:
ef:88:0f:da:f9:8a:ea:9c:29:a9:30:3a:b7:41:e7:
20:e6:53:50:92:40:b2:e2:74:f5:ff:19:ab:f8:ba:
99:48:2d:5c:a6:29:c3:1c:4d:2c:b2:71:66:9a:90:
99:59:1a:d7:2c:69:11:16:35:4e:16:ca:a2:d6:1d:
dd:0f:4c:77:4b:fc:bf:7c:ab:db:6e:e6:bc:ba:fc:
a0:4e:c8:51:c4:23:5a:78:67:3f:85:da:f7:a5:14:
c5:3f:f1:9a:64:1a:11:b4:62:a0:dc:b6:cf:35:8d:
c3:a1:b4:fe:c8:48:c9:8f:6f:1d:cd:c8:4f:37:8f:
c2:e1:28:1f:39:2b:04:35:b1:0e:18:74:8e:89:ca:
00:47:7b:d3:a6:86:4f:d6:1a:06:dd:88:64:00:24:
6a:e7:a8:13:f5:10:4e:77:77:38:22:d8:95:b5:11:
7e:07:c1:97:75:a3:7e:4d:e3:4b:1e:16:bc:65:d1:
7d:ae:97:69:b7:ac:27:b7:77:32:98:32:7e:b3:89:
ba:79:4e:fb:2d:9f:28:3c:da:58:c1:ea:90:94:88:
68:59:8b:e8:42:00:df:e4:93:ad:3b:8c:8e:16:ee:
ab:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:3D:6A:20:AE:7E:DB:E9:0A:01:04:10:17:D6:60:B2:5C:0B:6A:79
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/tz1qIK5-2-kKAQQQF9ZgslwLank.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.87.33.0/24
194.87.141.0/24
194.87.170.0/24
194.87.178.0/24
195.58.63.0/24
212.192.1.0/24
Signature Algorithm: sha256WithRSAEncryption
00:ac:b0:d4:e9:5a:a2:14:ef:b9:69:a0:5b:47:b9:5c:dd:d8:
3a:8a:bc:9b:22:09:85:cf:86:86:de:69:66:ec:05:b9:e0:75:
ac:9c:22:f9:69:31:dd:ac:bd:0d:13:6d:2c:4e:cc:b7:76:1c:
cc:52:06:56:ac:9c:e6:ad:05:88:fd:10:ec:bf:19:c9:c4:02:
87:89:0b:36:bc:56:37:2f:fe:ce:16:e6:d6:f4:c6:29:5e:1e:
bd:ad:38:26:39:51:04:6a:0f:8e:44:20:e5:a0:53:a3:89:28:
28:b9:08:6f:3b:5d:c7:50:8d:f6:d2:f4:6b:7e:80:aa:a3:9e:
be:8d:eb:40:37:70:6e:af:9d:97:6c:da:12:e3:32:60:e0:31:
61:4a:ec:79:f9:90:02:b4:02:40:8d:87:d0:18:53:4b:7d:3c:
89:c7:4b:2a:62:a4:36:41:18:8e:c6:d3:0e:0d:62:11:8f:2d:
53:23:eb:0b:9a:10:21:fa:9f:48:e6:e2:81:cc:16:55:e3:da:
f1:27:fb:1d:41:fb:5a:ac:86:38:6d:e8:3e:1b:47:01:35:1c:
8f:ac:0d:6b:8d:67:60:74:13:c8:99:a2:fa:63:de:5e:d5:82:
a7:6d:8f:b2:0e:fe:d8:8d:b1:c8:03:0c:47:4f:db:07:38:11:
14:2e:ac:3b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYvNl3dm8PFIH6VJDUYLpQbyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMxMTE0MTEyODU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzNkNmEyMGFlN2VkYmU5MGEwMTA0MTAxN2Q2NjBiMjVjMGI2YTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiVlolAOCbEoIPDGVoIs49Xsl97y
OPeN84jGIbbviA/a+YrqnCmpMDq3Qecg5lNQkkCy4nT1/xmr+LqZSC1cpinDHE0s
snFmmpCZWRrXLGkRFjVOFsqi1h3dD0x3S/y/fKvbbua8uvygTshRxCNaeGc/hdr3
pRTFP/GaZBoRtGKg3LbPNY3DobT+yEjJj28dzchPN4/C4SgfOSsENbEOGHSOicoA
R3vTpoZP1hoG3YhkACRq56gT9RBOd3c4ItiVtRF+B8GXdaN+TeNLHha8ZdF9rpdp
t6wnt3cymDJ+s4m6eU77LZ8oPNpYweqQlIhoWYvoQgDf5JOtO4yOFu6rwQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFLc9aiCuftvpCgEEEBfWYLJcC2p5MB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvdHoxcUlLNS0yLWtLQVFRUUY5WmdzbHdMYW5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAwlchAwQA
wleNAwQAwleqAwQAwleyAwQAwzo/AwQA1MABMA0GCSqGSIb3DQEBCwUAA4IBAQAA
rLDU6VqiFO+5aaBbR7lc3dg6irybIgmFz4aG3mlm7AW54HWsnCL5aTHdrL0NE20s
Tsy3dhzMUgZWrJzmrQWI/RDsvxnJxAKHiQs2vFY3L/7OFubW9MYpXh69rTgmOVEE
ag+ORCDloFOjiSgouQhvO13HUI320vRrfoCqo56+jetAN3Bur52XbNoS4zJg4DFh
Sux5+ZACtAJAjYfQGFNLfTyJx0sqYqQ2QRiOxtMODWIRjy1TI+sLmhAh+p9I5uKB
zBZV49rxJ/sdQftarIY4beg+G0cBNRyPrA1rjWdgdBPImaL6Y95e1YKnbY+yDv7Y
jbHIAwxHT9sHOBEULqw7
-----END CERTIFICATE-----
Generated at Wed Nov 15 13:43:43 2023 by rpki-client on console-ams.rpki-client.org