Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Bn4omCGDPxQZ5vPaTApgTy1uSwo.roa
File: Bn4omCGDPxQZ5vPaTApgTy1uSwo.roa (raw, json)
Hash identifier: kYtwdK0fAOkGjDk7gdAheydS0R9nsBEuShijaPwL8sQ=
Subject key identifier: 06:7E:28:98:21:83:3F:14:19:E6:F3:DA:4C:0A:60:4F:2D:6E:4B:0A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018ADF8A59275232BC401F20FBD8845FB850
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Bn4omCGDPxQZ5vPaTApgTy1uSwo.roa
Signing time: Fri 29 Sep 2023 06:05:00 +0000
ROA not before: Fri 29 Sep 2023 06:05:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 87.120.87.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
194.49.86.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
176.125.255.0/24 maxlen: 24
185.226.175.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:df:8a:59:27:52:32:bc:40:1f:20:fb:d8:84:5f:b8:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 29 06:05:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=067e289821833f1419e6f3da4c0a604f2d6e4b0a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:1a:d1:9a:6c:55:b5:ef:52:93:68:bd:ce:f3:
6f:ea:36:a0:c1:0b:0f:fa:5b:14:99:9b:9b:a1:39:
e1:f1:d4:6c:5c:4c:78:01:b7:05:ab:00:9c:cd:b6:
61:92:0a:f9:8e:4d:24:0a:12:52:f4:7e:2b:38:7b:
55:c9:dc:62:35:af:49:41:6d:43:09:a4:cf:03:5e:
0f:69:42:2b:a1:20:47:74:73:ee:b5:b4:c3:56:db:
aa:de:ee:40:69:4d:c4:fb:13:2b:13:bb:7d:8f:58:
ed:f9:62:fd:60:0e:1b:ee:d3:70:a0:64:49:63:97:
3f:ae:f9:82:41:b5:d6:76:76:b8:d1:6c:93:69:98:
db:93:1a:d7:7a:d2:87:87:be:ca:c2:c3:9c:d9:f4:
99:01:0c:3f:39:b9:1f:b1:41:43:25:5f:9e:d0:d1:
06:3b:90:6d:6e:16:1d:8c:35:bf:32:5b:63:ca:43:
11:21:7d:3a:03:6d:4f:68:f9:00:61:8f:bd:59:bb:
f8:45:7b:48:97:33:4a:06:1f:7f:8f:9d:3a:bb:a5:
1b:e4:92:52:f8:e6:89:4a:ca:d4:0b:1b:01:c7:c1:
b3:37:1f:3d:38:8a:a5:19:80:84:8d:12:45:db:3a:
4e:7c:96:80:31:59:ac:5e:a1:ab:fd:26:27:a0:56:
c0:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
06:7E:28:98:21:83:3F:14:19:E6:F3:DA:4C:0A:60:4F:2D:6E:4B:0A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Bn4omCGDPxQZ5vPaTApgTy1uSwo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.90.0/24
87.120.87.0/24
94.154.163.0/24
176.125.255.0/24
185.226.175.0/24
193.149.28.0/22
194.49.86.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:87:9f:61:51:ad:b6:8c:17:27:22:e3:fb:5b:ba:ae:8b:c0:
62:84:ee:51:77:ec:6c:a7:f7:58:9a:cf:72:af:72:0b:b9:f3:
72:24:ac:dd:12:5a:53:e9:1a:6a:54:0a:09:ea:3a:04:14:38:
70:1f:8e:c0:9d:28:d5:ae:14:1f:ef:62:e0:4d:d0:37:ab:eb:
71:47:eb:29:af:5a:fd:d9:ff:55:af:6d:d9:70:18:a1:45:04:
1f:b0:0a:d9:fb:42:ac:00:8d:6d:51:44:57:e9:bd:89:d5:24:
a1:a9:f5:83:47:86:84:44:09:bd:6f:d7:3d:f2:9f:d8:c1:09:
7f:d9:ee:89:89:cf:be:73:f2:24:f7:f8:20:02:b5:8b:0f:67:
29:19:0d:84:e6:fc:36:ef:a3:3e:44:32:5d:ca:a3:51:f0:14:
34:b3:b7:ae:9a:de:f6:10:37:61:df:43:23:bd:7c:5e:f1:12:
06:43:e3:8f:dc:df:8b:d9:a1:f7:e6:fd:26:fd:bc:e6:4d:a6:
5b:f8:cf:d0:ad:0d:ad:32:6d:45:0b:49:d5:4f:1f:84:5d:a8:
a8:49:b8:34:b4:f6:79:94:26:04:60:c6:58:d7:1f:8d:a6:8a:
39:d5:aa:10:04:b4:bf:12:84:e8:2f:a6:3f:c4:8d:97:dd:2f:
68:3b:f9:69
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYrfilknUjK8QB8g+9iEX7hQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTI5MDYwNTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjdlMjg5ODIxODMzZjE0MTllNmYzZGE0YzBhNjA0ZjJkNmU0YjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRrRmmxVte9Sk2i9zvNv6jagwQsP
+lsUmZuboTnh8dRsXEx4AbcFqwCczbZhkgr5jk0kChJS9H4rOHtVydxiNa9JQW1D
CaTPA14PaUIroSBHdHPutbTDVtuq3u5AaU3E+xMrE7t9j1jt+WL9YA4b7tNwoGRJ
Y5c/rvmCQbXWdna40WyTaZjbkxrXetKHh77KwsOc2fSZAQw/ObkfsUFDJV+e0NEG
O5BtbhYdjDW/MltjykMRIX06A21PaPkAYY+9Wbv4RXtIlzNKBh9/j506u6Ub5JJS
+OaJSsrUCxsBx8GzNx89OIqlGYCEjRJF2zpOfJaAMVmsXqGr/SYnoFbAlwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFAZ+KJghgz8UGebz2kwKYE8tbksKMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQm40b21DR0RQeFFaNXZQYVRBcGdUeTF1U3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALZdaAwQA
V3hXAwQAXpqjAwQAsH3/AwQAueKvAwQCwZUcAwQAwjFWMA0GCSqGSIb3DQEBCwUA
A4IBAQChh59hUa22jBcnIuP7W7qui8BihO5Rd+xsp/dYms9yr3ILufNyJKzdElpT
6RpqVAoJ6joEFDhwH47AnSjVrhQf72LgTdA3q+txR+spr1r92f9Vr23ZcBihRQQf
sArZ+0KsAI1tUURX6b2J1SShqfWDR4aERAm9b9c98p/YwQl/2e6Jic++c/Ik9/gg
ArWLD2cpGQ2E5vw276M+RDJdyqNR8BQ0s7eumt72EDdh30MjvXxe8RIGQ+OP3N+L
2aH35v0m/bzmTaZb+M/QrQ2tMm1FC0nVTx+EXaioSbg0tPZ5lCYEYMZY1x+Npoo5
1aoQBLS/EoToL6Y/xI2X3S9oO/lp
-----END CERTIFICATE-----
Generated at Mon Oct 2 10:44:53 2023 by rpki-client on console-ams.rpki-client.org