Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/CLO43GP7ePuOPZbq48sZQAlO4Iw.roa
File: CLO43GP7ePuOPZbq48sZQAlO4Iw.roa (raw, json)
Hash identifier: kZJpCME+Rw0wccO1rVaKR0/t+apT+vM1MX3AL8mJCag=
Subject key identifier: 08:B3:B8:DC:63:FB:78:FB:8E:3D:96:EA:E3:CB:19:40:09:4E:E0:8C
Certificate issuer: /CN=d038c338b128f83adec2f69d93c32c5353ca0398
Certificate serial: 0189786EFD1A463EF6D4994757D074A63791
Authority key identifier: D0:38:C3:38:B1:28:F8:3A:DE:C2:F6:9D:93:C3:2C:53:53:CA:03:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/CLO43GP7ePuOPZbq48sZQAlO4Iw.roa
Signing time: Fri 21 Jul 2023 12:31:26 +0000
ROA not before: Fri 21 Jul 2023 12:31:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 559
IP address blocks: 192.41.132.0/22 maxlen: 22
130.60.0.0/16 maxlen: 16
192.41.136.0/24 maxlen: 24
185.207.116.0/22 maxlen: 24
192.12.247.0/24 maxlen: 24
89.206.64.0/18 maxlen: 18
2001:67c:16dc::/48 maxlen: 48
2a0b:2040::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 09 Aug 2023 05:53:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:78:6e:fd:1a:46:3e:f6:d4:99:47:57:d0:74:a6:37:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d038c338b128f83adec2f69d93c32c5353ca0398
Validity
Not Before: Jul 21 12:31:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=08b3b8dc63fb78fb8e3d96eae3cb1940094ee08c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:43:d1:0d:1b:67:2a:52:04:27:1b:ec:59:35:
ff:dd:47:1d:5c:b2:50:ab:b1:2b:2c:f4:e6:1c:46:
e9:d6:2b:86:5d:74:46:65:e9:fa:f2:b7:00:ab:8a:
b5:c0:3a:3e:d1:fe:06:a8:f0:67:72:2f:b6:da:ea:
1b:3e:6e:d1:8b:21:ea:92:da:28:33:84:7c:3d:66:
a3:d8:7b:eb:31:1b:b4:22:12:46:29:e5:d3:40:a7:
1c:27:0f:30:b2:df:35:3a:84:fe:87:95:dc:ea:ac:
d9:a8:3c:c7:41:fa:10:ca:67:3f:8c:42:89:6e:0d:
02:bc:87:57:51:dd:5b:5f:e1:2d:47:c9:16:dc:77:
a1:77:b6:eb:53:2d:32:08:bf:29:76:d6:0e:0b:7b:
58:b0:80:f6:d5:83:2c:bd:37:3e:39:4d:48:29:e7:
96:56:53:8f:b5:c6:cd:c0:9a:69:4d:83:97:6d:cd:
c2:69:8d:f2:6e:ba:cb:1b:20:70:f0:b6:a0:f2:34:
3d:cc:29:79:4a:f4:94:12:08:cf:5e:c8:b9:65:87:
92:df:1e:c7:c4:3f:21:45:dd:4d:67:2b:e6:22:6a:
da:47:10:18:d0:06:b4:9c:40:d2:6e:06:7b:e0:26:
09:7b:7d:b2:74:0d:8d:2c:49:41:eb:ea:4a:f6:0e:
c0:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:B3:B8:DC:63:FB:78:FB:8E:3D:96:EA:E3:CB:19:40:09:4E:E0:8C
X509v3 Authority Key Identifier:
keyid:D0:38:C3:38:B1:28:F8:3A:DE:C2:F6:9D:93:C3:2C:53:53:CA:03:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/CLO43GP7ePuOPZbq48sZQAlO4Iw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/0DjDOLEo-Drewvadk8MsU1PKA5g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.206.64.0/18
130.60.0.0/16
185.207.116.0/22
192.12.247.0/24
192.41.132.0-192.41.136.255
IPv6:
2001:67c:16dc::/48
2a0b:2040::/29
Signature Algorithm: sha256WithRSAEncryption
7d:2e:67:ef:b7:e5:dc:c2:d0:d3:f5:da:f2:d3:98:53:70:96:
8d:3b:36:f7:af:10:97:79:9f:57:b8:a4:cf:ca:b2:45:91:fa:
2e:28:14:29:29:e8:60:b3:50:aa:8c:f9:f0:10:7d:6b:fa:e3:
9e:f8:b6:4a:ec:33:e0:4f:32:83:8e:cc:39:1c:9e:25:b0:56:
fb:d2:ad:9b:b1:37:ae:93:6a:e2:5c:9c:f7:6e:88:ae:eb:74:
6d:5b:72:66:a9:35:c5:c3:e8:09:7a:f7:7d:84:65:f3:ad:d3:
18:8e:cc:49:ad:b0:00:be:21:26:53:2f:67:df:f0:18:c6:7a:
2e:f6:74:a3:50:29:ef:01:47:51:f5:c6:2c:a7:bb:52:ab:9c:
bb:10:92:e2:78:26:34:6f:68:ad:d6:ed:a7:91:47:69:96:0b:
44:e6:ee:13:84:96:c0:5b:40:3f:c4:f7:e3:17:b9:df:97:c2:
21:b2:49:ab:db:0f:64:7f:03:44:db:ca:91:71:27:cf:3a:76:
95:8e:28:2e:60:66:5f:ef:a6:63:ac:65:a3:29:85:be:75:32:
c9:8f:02:36:92:e2:7e:a3:9c:3d:93:7e:5d:10:4d:d9:8a:98:
a6:df:d1:a1:bc:4d:62:83:2f:c3:99:17:00:5b:90:ce:e3:33:
60:0a:7c:6c
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYl4bv0aRj721JlHV9B0pjeRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMzhjMzM4YjEyOGY4M2FkZWMyZjY5ZDkzYzMyYzUzNTNj
YTAzOTgwHhcNMjMwNzIxMTIzMTI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGIzYjhkYzYzZmI3OGZiOGUzZDk2ZWFlM2NiMTk0MDA5NGVlMDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgUPRDRtnKlIEJxvsWTX/3UcdXLJQ
q7ErLPTmHEbp1iuGXXRGZen68rcAq4q1wDo+0f4GqPBnci+22uobPm7RiyHqktoo
M4R8PWaj2HvrMRu0IhJGKeXTQKccJw8wst81OoT+h5Xc6qzZqDzHQfoQymc/jEKJ
bg0CvIdXUd1bX+EtR8kW3Hehd7brUy0yCL8pdtYOC3tYsID21YMsvTc+OU1IKeeW
VlOPtcbNwJppTYOXbc3CaY3ybrrLGyBw8Lag8jQ9zCl5SvSUEgjPXsi5ZYeS3x7H
xD8hRd1NZyvmImraRxAY0Aa0nEDSbgZ74CYJe32ydA2NLElB6+pK9g7A/QIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFAizuNxj+3j7jj2W6uPLGUAJTuCMMB8GA1UdIwQY
MBaAFNA4wzixKPg63sL2nZPDLFNTygOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERqRE9MRW8tRHJld3ZhZGs4TXNVMVBLQTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85MjVmOTEtMzBjNS00YTZiLWExNDkt
OWJmOGIxZWYyZTk2LzEvQ0xPNDNHUDdlUHVPUFpicTQ4c1pRQWxPNEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85MjVmOTEtMzBjNS00YTZiLWExNDktOWJmOGIxZWYyZTk2
LzEvMERqRE9MRW8tRHJld3ZhZGs4TXNVMVBLQTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTArBAIAATAlAwQGWc5AAwMA
gjwDBAK5z3QDBADADPcwDAMEAsAphAMEAMApiDAWBAIAAjAQAwcAIAEGfBbcAwUD
KgsgQDANBgkqhkiG9w0BAQsFAAOCAQEAfS5n77fl3MLQ0/Xa8tOYU3CWjTs2968Q
l3mfV7ikz8qyRZH6LigUKSnoYLNQqoz58BB9a/rjnvi2Suwz4E8yg47MORyeJbBW
+9Ktm7E3rpNq4lyc926Irut0bVtyZqk1xcPoCXr3fYRl863TGI7MSa2wAL4hJlMv
Z9/wGMZ6LvZ0o1Ap7wFHUfXGLKe7UqucuxCS4ngmNG9ordbtp5FHaZYLRObuE4SW
wFtAP8T34xe535fCIbJJq9sPZH8DRNvKkXEnzzp2lY4oLmBmX++mY6xloymFvnUy
yY8CNpLifqOcPZN+XRBN2YqYpt/RobxNYoMvw5kXAFuQzuMzYAp8bA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:11 2024 by rpki-client on console-ams.rpki-client.org