Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xHsdBLDyMla557qQPEnaQKlXDsM.roa
File: xHsdBLDyMla557qQPEnaQKlXDsM.roa (raw, json)
Hash identifier: +iibgQ7UjkR5DnFcpQIVgxUCL8tJ0PTMBg/tfj80YQs=
Subject key identifier: C4:7B:1D:04:B0:F2:32:56:B9:E7:BA:90:3C:49:DA:40:A9:57:0E:C3
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018723387B60D57B9BBE302082E21398F916
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xHsdBLDyMla557qQPEnaQKlXDsM.roa
Signing time: Mon 27 Mar 2023 13:18:36 +0000
ROA not before: Mon 27 Mar 2023 13:18:36 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203639
IP address blocks: 194.87.204.0/24 maxlen: 24
212.193.14.0/24 maxlen: 24
194.87.208.0/24 maxlen: 24
194.87.221.0/24 maxlen: 24
194.87.226.0/24 maxlen: 24
194.87.231.0/24 maxlen: 24
195.133.15.0/24 maxlen: 24
195.58.38.0/24 maxlen: 24
192.124.190.0/24 maxlen: 24
193.124.202.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 29 Mar 2023 08:04:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:23:38:7b:60:d5:7b:9b:be:30:20:82:e2:13:98:f9:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Mar 27 13:18:36 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c47b1d04b0f23256b9e7ba903c49da40a9570ec3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:ca:e8:14:d9:c6:83:72:0a:c6:b9:90:39:d2:
77:06:13:05:aa:fb:ec:0f:c1:bc:bb:df:55:4b:eb:
ff:a5:24:b9:ea:de:13:cb:e3:c8:65:58:49:3a:32:
a8:7d:d4:0c:d1:05:9c:24:5d:2b:dd:86:88:26:25:
13:dc:b1:52:92:2e:bd:a9:4f:d4:cd:83:89:75:99:
37:00:a5:bf:64:8e:fa:8d:37:67:ba:d4:89:f9:7c:
aa:bc:c3:c2:9e:e8:65:08:13:f5:66:38:df:ae:61:
91:8b:79:51:96:7f:d5:55:b4:d6:7f:61:69:c2:07:
fe:f0:17:ab:cf:19:41:05:04:63:26:65:5c:70:20:
43:38:36:0f:9e:c8:ab:5b:dc:db:11:ba:ba:81:62:
d6:77:f9:0d:3c:4a:81:df:bb:26:b7:2a:3f:98:e1:
c5:9a:10:0b:da:28:98:32:d2:ae:08:a6:36:d7:b7:
9b:43:b3:b2:4e:f0:d1:14:25:7e:a0:07:da:af:fa:
6c:f2:5f:70:3b:f7:ca:32:a2:cc:fa:69:14:5c:dc:
01:ec:72:40:a9:f6:89:6e:04:ae:db:d5:01:74:1a:
3d:b7:51:2e:d2:d9:38:6a:67:2d:2b:c2:4d:63:6c:
c2:5f:eb:fb:a1:bf:70:11:50:fc:b7:17:cc:3c:b8:
ea:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:7B:1D:04:B0:F2:32:56:B9:E7:BA:90:3C:49:DA:40:A9:57:0E:C3
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/xHsdBLDyMla557qQPEnaQKlXDsM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.124.190.0/24
193.124.202.0/24
194.87.204.0/24
194.87.208.0/24
194.87.221.0/24
194.87.226.0/24
194.87.231.0/24
195.58.38.0/24
195.133.15.0/24
212.193.14.0/24
Signature Algorithm: sha256WithRSAEncryption
39:1b:8f:9a:68:3c:3e:ad:88:e7:57:3d:01:b8:a0:bc:c9:33:
80:19:33:08:98:ce:a0:94:64:36:ae:1c:ae:82:1c:98:2a:17:
bb:84:b5:b2:42:1e:d1:54:3f:8a:32:63:d0:ec:c5:9f:b5:81:
cd:7f:bd:73:99:df:e1:f5:3e:fa:dd:d6:d2:fd:33:3c:c1:b6:
3e:9f:4a:97:36:0a:98:e1:5a:b2:5e:4d:98:b9:97:50:11:eb:
56:5e:e0:33:89:f7:b0:9e:d7:54:d2:97:1f:4b:4c:95:28:d3:
d1:ea:75:69:67:23:72:2e:21:f6:96:f4:bc:2e:40:2c:14:7f:
39:53:48:03:82:6e:59:6b:de:fa:a9:9f:dc:d1:55:26:c7:a1:
62:07:1f:02:a4:00:93:cc:20:a4:66:cb:71:18:d4:17:8d:e2:
ee:f8:5e:e4:b8:ff:d3:16:14:db:5e:40:a2:40:37:01:98:e2:
7d:2d:6c:89:29:38:db:ff:9d:4c:78:1e:bd:44:1f:98:56:28:
8a:79:7d:87:56:fa:c1:51:09:d0:da:51:ae:a0:a3:9b:3d:79:
4e:b6:88:3f:cc:ac:28:92:09:48:07:03:d6:cf:75:ba:69:14:
97:d7:b9:b7:c0:99:fa:85:e7:a6:44:85:da:e7:5a:44:b3:ee:
bf:ad:7f:f3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYcjOHtg1XubvjAgguITmPkWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwMzI3MTMxODM2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDdiMWQwNGIwZjIzMjU2YjllN2JhOTAzYzQ5ZGE0MGE5NTcwZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8roFNnGg3IKxrmQOdJ3BhMFqvvs
D8G8u99VS+v/pSS56t4Ty+PIZVhJOjKofdQM0QWcJF0r3YaIJiUT3LFSki69qU/U
zYOJdZk3AKW/ZI76jTdnutSJ+XyqvMPCnuhlCBP1ZjjfrmGRi3lRln/VVbTWf2Fp
wgf+8BerzxlBBQRjJmVccCBDODYPnsirW9zbEbq6gWLWd/kNPEqB37smtyo/mOHF
mhAL2iiYMtKuCKY217ebQ7OyTvDRFCV+oAfar/ps8l9wO/fKMqLM+mkUXNwB7HJA
qfaJbgSu29UBdBo9t1Eu0tk4amctK8JNY2zCX+v7ob9wEVD8txfMPLjqAQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMR7HQSw8jJWuee6kDxJ2kCpVw7DMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEveEhzZEJMRHlNbGE1NTdxUVBFbmFRS2xYRHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQAwHy+AwQA
wXzKAwQAwlfMAwQAwlfQAwQAwlfdAwQAwlfiAwQAwlfnAwQAwzomAwQAw4UPAwQA
1MEOMA0GCSqGSIb3DQEBCwUAA4IBAQA5G4+aaDw+rYjnVz0BuKC8yTOAGTMImM6g
lGQ2rhyughyYKhe7hLWyQh7RVD+KMmPQ7MWftYHNf71zmd/h9T763dbS/TM8wbY+
n0qXNgqY4VqyXk2YuZdQEetWXuAzifewntdU0pcfS0yVKNPR6nVpZyNyLiH2lvS8
LkAsFH85U0gDgm5Za976qZ/c0VUmx6FiBx8CpACTzCCkZstxGNQXjeLu+F7kuP/T
FhTbXkCiQDcBmOJ9LWyJKTjb/51MeB69RB+YViiKeX2HVvrBUQnQ2lGuoKObPXlO
tog/zKwokglIBwPWz3W6aRSX17m3wJn6heemRIXa51pEs+6/rX/z
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:30 2024 by rpki-client on console-fra.rpki-client.org