Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/4404f5-e10c-4190-9270-ac0a84a27d53/1/S3abcuq2ECldsemefu8Ke29aBC0.roa
File: S3abcuq2ECldsemefu8Ke29aBC0.roa (raw, json)
Hash identifier: kEyAg1qEm1EmB82ct/grKx0vM7Ek+lVvxFNu7BlYxx8=
Subject key identifier: 4B:76:9B:72:EA:B6:10:29:5D:B1:E9:9E:7E:EF:0A:7B:6F:5A:04:2D
Certificate issuer: /CN=f806ec9cf1deabf9d6cd5f8891bb82d56f91d678
Certificate serial: 018C3BB1C3E7993ECA820E92897F7059CF9D
Authority key identifier: F8:06:EC:9C:F1:DE:AB:F9:D6:CD:5F:88:91:BB:82:D5:6F:91:D6:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-AbsnPHeq_nWzV-IkbuC1W-R1ng.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/4404f5-e10c-4190-9270-ac0a84a27d53/1/S3abcuq2ECldsemefu8Ke29aBC0.roa
Signing time: Tue 05 Dec 2023 20:35:54 +0000
ROA not before: Tue 05 Dec 2023 20:35:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21032
IP address blocks: 185.159.208.0/22 maxlen: 22
195.85.202.0/24 maxlen: 24
80.78.160.0/20 maxlen: 20
80.78.176.0/20 maxlen: 20
193.109.138.0/23 maxlen: 23
89.145.0.0/18 maxlen: 18
2a02:5d5::/32 maxlen: 32
2a02:5d7::/32 maxlen: 32
2a02:5d0::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 06 Dec 2023 12:32:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:3b:b1:c3:e7:99:3e:ca:82:0e:92:89:7f:70:59:cf:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f806ec9cf1deabf9d6cd5f8891bb82d56f91d678
Validity
Not Before: Dec 5 20:35:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4b769b72eab610295db1e99e7eef0a7b6f5a042d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:4b:ab:07:11:be:12:e6:39:ac:7f:f1:f8:8e:
58:9e:8e:0a:4c:e8:71:aa:fd:7c:96:c6:33:f0:06:
cf:2b:08:c3:1d:87:92:49:47:fc:5d:04:85:ee:cb:
ed:a7:c7:96:af:21:11:65:ee:83:e4:21:93:c8:b1:
bd:c3:64:37:55:25:2c:62:fc:20:ab:78:92:1d:be:
6c:9c:cf:61:56:88:ae:20:67:69:45:76:4b:af:f6:
ee:30:c2:42:ad:bd:20:39:0b:94:b2:53:5b:a1:92:
4a:90:f0:40:06:0d:92:27:f7:81:53:17:2c:49:05:
fe:00:cc:89:bd:43:10:3f:ec:9d:00:80:2e:88:4c:
89:da:d7:06:6e:96:b1:e9:e6:2f:df:b3:25:7e:4d:
cb:01:d0:a2:09:66:29:15:2b:04:a0:42:d0:cd:d6:
47:f8:a8:72:1b:f7:0f:8c:84:23:94:8d:fc:41:64:
25:66:35:cf:ea:8d:fc:b2:15:5a:3f:a9:fd:b2:a9:
6a:6c:fe:dd:66:32:8f:20:80:0e:00:c5:24:67:9f:
41:95:ba:dd:89:42:e4:84:df:0d:43:a7:2f:d7:c3:
d3:ed:09:42:f5:e8:8f:59:b3:72:ae:cb:7b:bf:5d:
31:ab:08:e7:6c:37:2c:8c:38:ea:db:a3:70:da:64:
7f:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:76:9B:72:EA:B6:10:29:5D:B1:E9:9E:7E:EF:0A:7B:6F:5A:04:2D
X509v3 Authority Key Identifier:
keyid:F8:06:EC:9C:F1:DE:AB:F9:D6:CD:5F:88:91:BB:82:D5:6F:91:D6:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-AbsnPHeq_nWzV-IkbuC1W-R1ng.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/4404f5-e10c-4190-9270-ac0a84a27d53/1/S3abcuq2ECldsemefu8Ke29aBC0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/4404f5-e10c-4190-9270-ac0a84a27d53/1/1-AbsnPHeq_nWzV-IkbuC1W-R1ng.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.78.160.0/19
89.145.0.0/18
185.159.208.0/22
193.109.138.0/23
195.85.202.0/24
IPv6:
2a02:5d0::/29
Signature Algorithm: sha256WithRSAEncryption
d0:ae:92:ce:ec:35:da:31:b3:29:bf:2f:3b:d3:3e:4b:9a:37:
95:5e:45:ab:20:57:88:dc:28:cd:54:9a:fd:5e:81:6a:c2:18:
4a:fc:02:a4:b8:05:30:26:eb:8a:2d:7e:49:dc:01:4e:7f:dc:
14:33:fe:1a:e5:dd:41:9d:83:10:f8:f8:d5:a7:3b:3d:37:47:
99:4d:9f:ad:d9:94:6b:fe:9c:f2:eb:b2:92:bd:e2:96:7e:0a:
c0:ed:9d:f0:a7:a7:bd:1a:e6:98:72:41:e2:da:6b:db:34:ba:
67:d0:45:c4:d8:4f:f8:42:78:19:ea:95:a7:71:ed:ba:d6:c6:
e0:af:69:b4:dd:ce:18:ea:5b:47:b0:d6:6c:f5:5a:25:af:6e:
d5:43:70:f7:1d:b4:a0:c0:16:c3:a5:7f:dd:c6:76:96:1b:21:
3a:2e:0e:89:12:15:b1:c3:83:76:b6:13:89:97:92:b1:71:92:
c0:b7:ad:33:38:3b:5b:68:19:97:3a:0e:24:4b:fd:61:08:c7:
d5:d8:ef:cb:41:fb:85:6d:55:d5:89:8e:05:c9:56:38:ad:eb:
a6:44:f2:d8:a8:23:c3:ce:53:ff:4f:6a:c9:81:aa:5d:5f:37:
c0:58:98:99:5d:67:f2:d2:b4:f1:94:5f:3f:b6:8d:5f:b3:e0:
32:88:3c:4e
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYw7scPnmT7Kgg6SiX9wWc+dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4MDZlYzljZjFkZWFiZjlkNmNkNWY4ODkxYmI4MmQ1NmY5
MWQ2NzgwHhcNMjMxMjA1MjAzNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjc2OWI3MmVhYjYxMDI5NWRiMWU5OWU3ZWVmMGE3YjZmNWEwNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkurBxG+EuY5rH/x+I5Yno4KTOhx
qv18lsYz8AbPKwjDHYeSSUf8XQSF7svtp8eWryERZe6D5CGTyLG9w2Q3VSUsYvwg
q3iSHb5snM9hVoiuIGdpRXZLr/buMMJCrb0gOQuUslNboZJKkPBABg2SJ/eBUxcs
SQX+AMyJvUMQP+ydAIAuiEyJ2tcGbpax6eYv37Mlfk3LAdCiCWYpFSsEoELQzdZH
+KhyG/cPjIQjlI38QWQlZjXP6o38shVaP6n9sqlqbP7dZjKPIIAOAMUkZ59Blbrd
iULkhN8NQ6cv18PT7QlC9eiPWbNyrst7v10xqwjnbDcsjDjq26Nw2mR/+wIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFEt2m3LqthApXbHpnn7vCntvWgQtMB8GA1UdIwQY
MBaAFPgG7Jzx3qv51s1fiJG7gtVvkdZ4MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1BYnNuUEhlcV9uV3pWLUlrYnVDMVctUjFuZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGEvNDQwNGY1LWUxMGMtNDE5MC05Mjcw
LWFjMGE4NGEyN2Q1My8xL1MzYWJjdXEyRUNsZHNlbWVmdThLZTI5YUJDMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGEvNDQwNGY1LWUxMGMtNDE5MC05MjcwLWFjMGE4NGEyN2Q1
My8xLzEtQWJzblBIZXFfbld6Vi1Ja2J1QzFXLVIxbmcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwRgYIKwYBBQUHAQcBAf8ENzA1MCQEAgABMB4DBAVQTqAD
BAZZkQADBAK5n9ADBAHBbYoDBADDVcowDQQCAAIwBwMFAyoCBdAwDQYJKoZIhvcN
AQELBQADggEBANCuks7sNdoxsym/LzvTPkuaN5VeRasgV4jcKM1Umv1egWrCGEr8
AqS4BTAm64otfkncAU5/3BQz/hrl3UGdgxD4+NWnOz03R5lNn63ZlGv+nPLrspK9
4pZ+CsDtnfCnp70a5phyQeLaa9s0umfQRcTYT/hCeBnqladx7brWxuCvabTdzhjq
W0ew1mz1WiWvbtVDcPcdtKDAFsOlf93GdpYbITouDokSFbHDg3a2E4mXkrFxksC3
rTM4O1toGZc6DiRL/WEIx9XY78tB+4VtVdWJjgXJVjit66ZE8tioI8POU/9PasmB
ql1fN8BYmJldZ/LStPGUXz+2jV+z4DKIPE4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:20 2024 by rpki-client on console-fra.rpki-client.org