Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zSZIZJwp6gke9j2LC6PKAer3_6Y.roa
File: zSZIZJwp6gke9j2LC6PKAer3_6Y.roa (raw, json)
Hash identifier: kLQGkeKRTlZ4+wbe2wNHPTsbugmVVifrt1U+pWvkcug=
Subject key identifier: CD:26:48:64:9C:29:EA:09:1E:F6:3D:8B:0B:A3:CA:01:EA:F7:FF:A6
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 0187454CCF816FE3FCF333FFC04523B5EC9C
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zSZIZJwp6gke9j2LC6PKAer3_6Y.roa
Signing time: Mon 03 Apr 2023 04:07:54 +0000
ROA not before: Mon 03 Apr 2023 04:07:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41745
IP address blocks: 195.133.75.0/24 maxlen: 24
194.87.219.0/24 maxlen: 24
193.124.33.0/24 maxlen: 24
194.87.35.0/24 maxlen: 24
194.87.252.0/24 maxlen: 24
194.87.62.0/24 maxlen: 24
194.87.191.0/24 maxlen: 24
194.87.82.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 18 Apr 2023 13:58:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:45:4c:cf:81:6f:e3:fc:f3:33:ff:c0:45:23:b5:ec:9c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Apr 3 04:07:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cd2648649c29ea091ef63d8b0ba3ca01eaf7ffa6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:c9:9d:e4:33:89:0f:6d:24:09:4d:90:d8:38:
43:5c:f5:41:be:76:55:0d:de:b9:e8:77:4b:e8:5d:
85:c5:5d:90:0e:47:84:9d:b6:ee:d2:66:4a:0e:9c:
32:f7:64:43:f3:2d:e8:a4:06:d5:64:2e:79:e3:ee:
ac:d9:32:a5:bd:00:30:0b:55:b6:82:89:94:4a:24:
8a:12:6a:14:57:d0:dc:cf:27:18:58:32:0c:79:a3:
9a:42:a2:0b:a8:55:65:a0:e5:ea:c7:1e:57:c2:80:
58:d8:82:26:f3:ff:58:e7:ae:3c:6b:01:f5:27:c9:
9a:ef:6b:f8:58:50:55:f6:e6:2f:07:e7:55:74:8b:
d2:ec:bb:1e:73:93:5f:4e:8f:96:02:2b:cd:d8:02:
47:9e:c6:0c:c7:8d:b5:b6:96:e1:02:92:13:06:36:
25:34:b2:a2:b2:7d:e8:85:3d:fb:4c:79:76:0c:ff:
28:6b:56:e5:03:a9:76:d8:ba:0d:cf:d2:8a:38:c1:
54:cc:2d:e3:95:99:2b:ae:af:aa:77:db:e1:41:78:
82:27:b3:ec:73:b1:46:a1:e3:82:ed:09:9b:d4:89:
ec:34:8e:3a:06:42:c1:80:9c:0f:cc:92:33:64:89:
be:f7:a5:04:99:28:1b:fa:cf:7f:6f:b0:52:02:f1:
d2:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:26:48:64:9C:29:EA:09:1E:F6:3D:8B:0B:A3:CA:01:EA:F7:FF:A6
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/zSZIZJwp6gke9j2LC6PKAer3_6Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.124.33.0/24
194.87.35.0/24
194.87.62.0/24
194.87.82.0/24
194.87.191.0/24
194.87.219.0/24
194.87.252.0/24
195.133.75.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:6a:93:45:01:b2:0f:5a:b6:83:9f:3b:36:00:76:5c:2f:fd:
4a:70:9c:ea:1b:a0:3a:3b:0f:d4:39:c4:e2:f6:96:b9:1d:7e:
09:75:6d:5e:7a:26:d3:bd:d4:ae:9b:95:d3:c5:78:38:3c:a6:
02:40:35:98:98:71:a8:78:76:4a:7a:a7:d0:18:35:11:3b:09:
3e:7e:0f:ef:69:ca:31:8b:7b:d3:8c:3a:db:35:2a:40:18:f8:
88:74:47:e3:dc:76:fc:46:e8:e1:2d:ba:22:d2:f4:95:d6:cd:
67:d2:c6:81:54:63:bd:d6:bd:aa:b1:01:86:41:0c:bd:ab:38:
04:47:78:57:1e:74:c6:ee:f9:74:9a:97:10:45:14:8c:3d:b6:
92:e4:f6:7b:c0:5e:c6:f4:66:0d:bf:b6:ed:d4:e4:6e:3e:81:
92:72:59:42:0b:fb:6d:55:3a:f4:1c:4e:c8:4f:2d:b1:38:ac:
08:2b:93:3b:ae:b2:27:7b:2a:fd:af:b7:61:38:22:cf:cb:a7:
27:d6:f0:4b:f9:ee:34:1f:91:d6:14:7f:3b:c2:b5:c1:67:70:
47:ae:4d:eb:b8:9a:f8:fa:aa:40:32:b3:a9:10:98:5c:41:29:
0e:f7:eb:e5:73:62:df:2e:7f:95:11:b8:61:68:ec:b6:c8:2f:
06:f7:4f:46
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYdFTM+Bb+P88zP/wEUjteycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwNDAzMDQwNzU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDI2NDg2NDljMjllYTA5MWVmNjNkOGIwYmEzY2EwMWVhZjdmZmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cmd5DOJD20kCU2Q2DhDXPVBvnZV
Dd656HdL6F2FxV2QDkeEnbbu0mZKDpwy92RD8y3opAbVZC554+6s2TKlvQAwC1W2
gomUSiSKEmoUV9DczycYWDIMeaOaQqILqFVloOXqxx5XwoBY2IIm8/9Y5648awH1
J8ma72v4WFBV9uYvB+dVdIvS7Lsec5NfTo+WAivN2AJHnsYMx421tpbhApITBjYl
NLKisn3ohT37THl2DP8oa1blA6l22LoNz9KKOMFUzC3jlZkrrq+qd9vhQXiCJ7Ps
c7FGoeOC7Qmb1InsNI46BkLBgJwPzJIzZIm+96UEmSgb+s9/b7BSAvHSWwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFM0mSGScKeoJHvY9iwujygHq9/+mMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvelNaSVpKd3A2Z2tlOWoyTEM2UEtBZXIzXzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAwXwhAwQA
wlcjAwQAwlc+AwQAwldSAwQAwle/AwQAwlfbAwQAwlf8AwQAw4VLMA0GCSqGSIb3
DQEBCwUAA4IBAQB6apNFAbIPWraDnzs2AHZcL/1KcJzqG6A6Ow/UOcTi9pa5HX4J
dW1eeibTvdSum5XTxXg4PKYCQDWYmHGoeHZKeqfQGDUROwk+fg/vacoxi3vTjDrb
NSpAGPiIdEfj3Hb8RujhLboi0vSV1s1n0saBVGO91r2qsQGGQQy9qzgER3hXHnTG
7vl0mpcQRRSMPbaS5PZ7wF7G9GYNv7bt1ORuPoGScllCC/ttVTr0HE7ITy2xOKwI
K5M7rrIneyr9r7dhOCLPy6cn1vBL+e40H5HWFH87wrXBZ3BHrk3ruJr4+qpAMrOp
EJhcQSkO9+vlc2LfLn+VEbhhaOy2yC8G909G
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:49:52 2024 by rpki-client on console-ams.rpki-client.org