Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4gxSJnJSy3DAcDjoINzrRPmo0YA.roa
File: 4gxSJnJSy3DAcDjoINzrRPmo0YA.roa (raw, json)
Hash identifier: AIRrkcfxgn1NO/RM4x1zd7CFKdzd0vl+opU+AfVDXVA=
Subject key identifier: E2:0C:52:26:72:52:CB:70:C0:70:38:E8:20:DC:EB:44:F9:A8:D1:80
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018DCD5D1F33E28A5EAF2A5A44D6303C5CFB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4gxSJnJSy3DAcDjoINzrRPmo0YA.roa
Signing time: Wed 21 Feb 2024 20:30:48 +0000
ROA not before: Wed 21 Feb 2024 20:30:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197450
IP address blocks: 45.128.233.0/24 maxlen: 24
45.144.152.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.44.0/24 maxlen: 24
94.156.79.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
185.221.64.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 05 Mar 2024 13:35:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:cd:5d:1f:33:e2:8a:5e:af:2a:5a:44:d6:30:3c:5c:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 21 20:30:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e20c52267252cb70c07038e820dceb44f9a8d180
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:1e:71:fe:fa:2c:62:e8:3b:57:72:d9:7a:78:
1c:9e:22:a5:56:29:7b:33:fb:3d:24:7f:77:ab:7c:
f1:bb:ac:76:cd:e8:d7:8e:e5:92:f6:69:6c:1e:91:
8e:32:a6:85:fe:8f:6d:dd:91:7c:0f:04:44:dc:88:
14:4c:ab:24:ff:50:1b:2e:a4:54:77:c2:5e:77:fb:
e4:63:45:78:21:52:db:4e:4d:ae:9b:81:cc:96:72:
77:2f:e1:ff:4a:f3:a1:79:11:d1:9b:ee:95:39:e8:
4f:2f:fa:30:b1:ec:48:4a:7b:f6:b3:9a:e8:93:cc:
bb:ae:81:8f:73:e7:f5:1a:1d:aa:01:55:f4:7d:d7:
04:7b:04:15:c9:58:d5:3b:d7:1e:81:74:61:df:fb:
fc:9e:f0:f9:3a:7c:cd:dc:a1:c3:11:0b:a9:80:d8:
77:33:dd:59:8a:95:f0:db:18:1d:55:ff:f1:95:12:
dc:98:a5:cc:9b:20:ed:b5:df:55:c4:5f:52:4c:d2:
b2:5d:7c:e1:f3:c1:e9:fc:35:c8:9a:42:9c:e2:f4:
f5:25:49:5e:86:df:84:70:22:6a:04:aa:ff:83:53:
b6:50:96:14:41:bb:50:e4:9d:b3:08:bd:68:99:7c:
67:ef:87:61:fc:12:3c:4f:46:1b:47:23:f3:10:26:
73:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:0C:52:26:72:52:CB:70:C0:70:38:E8:20:DC:EB:44:F9:A8:D1:80
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4gxSJnJSy3DAcDjoINzrRPmo0YA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.233.0/24
45.144.152.0/24
85.31.47.0/24
87.120.166.0/24
87.121.44.0/24
94.156.79.0/24
178.215.239.0/24
185.221.64.0/24
Signature Algorithm: sha256WithRSAEncryption
b4:7b:14:6f:f7:80:41:14:da:ce:db:56:e2:b6:b3:82:54:d2:
3f:87:19:14:77:89:ab:15:94:c8:08:11:f2:23:a6:00:cc:f0:
4a:08:3c:c5:02:0e:1f:d0:42:61:aa:d1:0c:53:d5:8e:fc:c4:
4b:bd:79:38:cf:7a:b3:2e:d8:7c:cf:cf:1d:f0:87:f4:0d:36:
91:32:b1:48:49:8f:9d:77:57:17:e6:88:f6:a0:20:99:69:24:
eb:85:1d:1a:3e:9d:1c:47:a7:2f:07:51:e1:df:d9:0d:75:be:
26:3f:05:15:e0:3a:41:ed:cd:37:c8:a4:20:2c:af:3e:4e:96:
0f:70:be:44:e4:a2:15:f4:61:5b:be:50:ae:9f:77:49:b6:c6:
42:f3:fa:e5:96:fc:98:1f:36:47:6c:32:5b:d1:b2:71:6f:44:
a1:b7:56:4b:1b:16:62:0c:a1:9e:57:3d:6d:0c:f5:f6:e4:9a:
1f:a4:2c:9c:cb:9d:b1:2a:b1:c1:ad:b1:9b:ab:41:0c:75:b0:
ba:c7:73:1d:bd:e0:02:3d:7a:b1:fa:5f:94:7d:66:c8:a9:fc:
e1:ee:81:d0:62:79:f8:57:f8:44:90:d1:ae:1c:d1:6f:97:16:
ee:ac:a1:07:25:a0:a3:3b:0b:52:e5:07:88:f1:05:ca:53:9c:
a7:7d:8e:51
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY3NXR8z4operypaRNYwPFz7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjIxMjAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjBjNTIyNjcyNTJjYjcwYzA3MDM4ZTgyMGRjZWI0NGY5YThkMTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArx5x/vosYug7V3LZengcniKlVil7
M/s9JH93q3zxu6x2zejXjuWS9mlsHpGOMqaF/o9t3ZF8DwRE3IgUTKsk/1AbLqRU
d8Jed/vkY0V4IVLbTk2um4HMlnJ3L+H/SvOheRHRm+6VOehPL/owsexISnv2s5ro
k8y7roGPc+f1Gh2qAVX0fdcEewQVyVjVO9cegXRh3/v8nvD5OnzN3KHDEQupgNh3
M91ZipXw2xgdVf/xlRLcmKXMmyDttd9VxF9STNKyXXzh88Hp/DXImkKc4vT1JUle
ht+EcCJqBKr/g1O2UJYUQbtQ5J2zCL1omXxn74dh/BI8T0YbRyPzECZzrwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOIMUiZyUstwwHA46CDc60T5qNGAMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNGd4U0puSlN5M0RBY0Rqb0lOenJSUG1vMFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALYDpAwQA
LZCYAwQAVR8vAwQAV3imAwQAV3ksAwQAXpxPAwQAstfvAwQAud1AMA0GCSqGSIb3
DQEBCwUAA4IBAQC0exRv94BBFNrO21bitrOCVNI/hxkUd4mrFZTICBHyI6YAzPBK
CDzFAg4f0EJhqtEMU9WO/MRLvXk4z3qzLth8z88d8If0DTaRMrFISY+dd1cX5oj2
oCCZaSTrhR0aPp0cR6cvB1Hh39kNdb4mPwUV4DpB7c03yKQgLK8+TpYPcL5E5KIV
9GFbvlCun3dJtsZC8/rllvyYHzZHbDJb0bJxb0Sht1ZLGxZiDKGeVz1tDPX25Jof
pCycy52xKrHBrbGbq0EMdbC6x3MdveACPXqx+l+UfWbIqfzh7oHQYnn4V/hEkNGu
HNFvlxburKEHJaCjOwtS5QeI8QXKU5ynfY5R
-----END CERTIFICATE-----
Generated at Tue Mar 5 17:53:05 2024 by rpki-client on console-ams.rpki-client.org