Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/nZaNaivrllJzbSLAsf_dwTVd7uk.roa
File: nZaNaivrllJzbSLAsf_dwTVd7uk.roa (raw, json)
Hash identifier: pgluXwrrE2PjAunDY3+C4wnUGKlA1dOVqwsPcYkDXKo=
Subject key identifier: 9D:96:8D:6A:2B:EB:96:52:73:6D:22:C0:B1:FF:DD:C1:35:5D:EE:E9
Certificate issuer: /CN=d038c338b128f83adec2f69d93c32c5353ca0398
Certificate serial: 0185724C848A1C27B0EDD4A5F0A486B2006E
Authority key identifier: D0:38:C3:38:B1:28:F8:3A:DE:C2:F6:9D:93:C3:2C:53:53:CA:03:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/nZaNaivrllJzbSLAsf_dwTVd7uk.roa
Signing time: Mon 02 Jan 2023 11:44:55 +0000
ROA not before: Mon 02 Jan 2023 11:44:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 559
IP address blocks: 192.41.132.0/22 maxlen: 22
130.60.0.0/16 maxlen: 16
192.41.136.0/24 maxlen: 24
185.207.116.0/22 maxlen: 22
192.12.247.0/24 maxlen: 24
89.206.64.0/18 maxlen: 18
2001:67c:16dc::/48 maxlen: 48
2a0b:2040::/29 maxlen: 29
Validation: Failed, certificate revoked on Fri 21 Jul 2023 12:31:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:4c:84:8a:1c:27:b0:ed:d4:a5:f0:a4:86:b2:00:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d038c338b128f83adec2f69d93c32c5353ca0398
Validity
Not Before: Jan 2 11:44:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9d968d6a2beb9652736d22c0b1ffddc1355deee9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:16:98:39:ae:b0:7d:c4:72:fc:4a:69:25:37:
c6:50:67:6d:fa:fe:c0:69:27:e1:c5:06:32:df:2d:
f4:1b:d5:67:c8:10:7a:c9:43:99:b8:dd:f4:20:95:
2b:86:4a:30:50:8a:70:d3:5d:24:91:81:26:f6:d8:
dd:4d:8a:8a:77:34:0f:eb:bf:0a:5b:8d:49:5d:f4:
35:12:4a:4a:f4:6c:fd:0a:92:54:5c:8c:87:ac:4a:
8f:3b:25:0d:3e:4c:be:16:4d:f6:4c:64:f5:6b:8b:
c7:b8:0b:98:d9:25:3c:32:21:47:0e:06:73:8d:e0:
19:d8:ea:d9:ff:50:bf:8c:63:20:0b:31:9a:91:38:
0c:16:13:fb:24:ad:ad:1d:79:91:97:d6:f4:d8:27:
c0:a2:ca:38:05:cb:10:80:73:ab:b9:55:b8:26:76:
29:81:60:d6:31:90:c1:f1:a9:fb:c0:c9:5b:b1:1d:
fc:8d:a0:d4:dc:7a:50:b1:5e:e2:43:bd:36:7b:0d:
0f:81:aa:7a:41:cb:24:77:4a:e3:1d:30:27:f4:1a:
b3:c5:68:78:61:1a:d3:51:a3:0b:e3:3b:f0:2a:75:
a1:d3:1a:bf:95:64:41:2c:44:24:b9:ab:a3:b3:5c:
5a:09:0d:9a:4d:c8:a6:cd:dc:52:30:0e:82:80:5d:
51:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:96:8D:6A:2B:EB:96:52:73:6D:22:C0:B1:FF:DD:C1:35:5D:EE:E9
X509v3 Authority Key Identifier:
keyid:D0:38:C3:38:B1:28:F8:3A:DE:C2:F6:9D:93:C3:2C:53:53:CA:03:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0DjDOLEo-Drewvadk8MsU1PKA5g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/nZaNaivrllJzbSLAsf_dwTVd7uk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/05/925f91-30c5-4a6b-a149-9bf8b1ef2e96/1/0DjDOLEo-Drewvadk8MsU1PKA5g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.206.64.0/18
130.60.0.0/16
185.207.116.0/22
192.12.247.0/24
192.41.132.0-192.41.136.255
IPv6:
2001:67c:16dc::/48
2a0b:2040::/29
Signature Algorithm: sha256WithRSAEncryption
3c:d3:54:56:8d:46:8f:a1:b1:f4:ef:b8:2a:81:60:ac:b9:cf:
8e:3a:e6:eb:d3:d7:3a:39:79:31:a6:d1:22:b5:3e:d0:e6:77:
ce:ba:ca:9e:88:20:7d:c3:57:ec:6c:13:8f:d3:2e:85:01:ce:
ee:f9:dc:77:a1:16:de:54:58:db:1b:57:c4:6d:0a:5c:10:32:
29:81:ec:68:80:30:26:00:f7:15:62:a9:cb:2b:22:d7:8e:58:
af:ac:e6:d3:72:11:56:ae:a9:7c:78:ea:fa:a2:81:e9:67:c7:
91:4e:13:1d:6e:39:f9:ef:e5:1c:bd:5e:9c:57:2f:03:48:88:
90:48:78:97:61:2f:97:01:d4:a5:cc:fb:b0:97:15:27:aa:b8:
09:38:b8:82:a9:c2:e9:f3:c4:85:4b:14:0f:65:a4:a1:1b:95:
c6:75:77:96:52:36:12:ae:35:30:46:df:3d:b9:44:d8:ea:f9:
16:b2:97:32:7f:de:30:9a:f9:c0:5e:89:90:6f:af:43:ec:00:
0b:49:32:fe:90:e8:89:82:66:a5:83:e4:dd:b3:06:17:d3:74:
83:45:8b:99:7b:88:65:83:b7:90:09:75:4a:bf:25:2b:3e:3f:
38:f5:16:cd:a6:e3:68:44:c9:33:fb:dc:0f:13:1a:d0:ac:00:
d7:c4:29:24
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYVyTISKHCew7dSl8KSGsgBuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMzhjMzM4YjEyOGY4M2FkZWMyZjY5ZDkzYzMyYzUzNTNj
YTAzOTgwHhcNMjMwMTAyMTE0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDk2OGQ2YTJiZWI5NjUyNzM2ZDIyYzBiMWZmZGRjMTM1NWRlZWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthaYOa6wfcRy/EppJTfGUGdt+v7A
aSfhxQYy3y30G9VnyBB6yUOZuN30IJUrhkowUIpw010kkYEm9tjdTYqKdzQP678K
W41JXfQ1EkpK9Gz9CpJUXIyHrEqPOyUNPky+Fk32TGT1a4vHuAuY2SU8MiFHDgZz
jeAZ2OrZ/1C/jGMgCzGakTgMFhP7JK2tHXmRl9b02CfAoso4BcsQgHOruVW4JnYp
gWDWMZDB8an7wMlbsR38jaDU3HpQsV7iQ702ew0Pgap6Qcskd0rjHTAn9BqzxWh4
YRrTUaML4zvwKnWh0xq/lWRBLEQkuaujs1xaCQ2aTcimzdxSMA6CgF1RRQIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFJ2WjWor65ZSc20iwLH/3cE1Xe7pMB8GA1UdIwQY
MBaAFNA4wzixKPg63sL2nZPDLFNTygOYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERqRE9MRW8tRHJld3ZhZGs4TXNVMVBLQTVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS85MjVmOTEtMzBjNS00YTZiLWExNDkt
OWJmOGIxZWYyZTk2LzEvblphTmFpdnJsbEp6YlNMQXNmX2R3VFZkN3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS85MjVmOTEtMzBjNS00YTZiLWExNDktOWJmOGIxZWYyZTk2
LzEvMERqRE9MRW8tRHJld3ZhZGs4TXNVMVBLQTVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTArBAIAATAlAwQGWc5AAwMA
gjwDBAK5z3QDBADADPcwDAMEAsAphAMEAMApiDAWBAIAAjAQAwcAIAEGfBbcAwUD
KgsgQDANBgkqhkiG9w0BAQsFAAOCAQEAPNNUVo1Gj6Gx9O+4KoFgrLnPjjrm69PX
Ojl5MabRIrU+0OZ3zrrKnoggfcNX7GwTj9MuhQHO7vncd6EW3lRY2xtXxG0KXBAy
KYHsaIAwJgD3FWKpyysi145Yr6zm03IRVq6pfHjq+qKB6WfHkU4THW45+e/lHL1e
nFcvA0iIkEh4l2EvlwHUpcz7sJcVJ6q4CTi4gqnC6fPEhUsUD2WkoRuVxnV3llI2
Eq41MEbfPblE2Or5FrKXMn/eMJr5wF6JkG+vQ+wAC0ky/pDoiYJmpYPk3bMGF9N0
g0WLmXuIZYO3kAl1Sr8lKz4/OPUWzabjaETJM/vcDxMa0KwA18QpJA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:11 2024 by rpki-client on console-ams.rpki-client.org