Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/rJTgtmZ_rVyRXGvYzM0uOrSxc7c.roa
File: rJTgtmZ_rVyRXGvYzM0uOrSxc7c.roa (raw, json)
Hash identifier: pXdVlUZiP9JpWd+JboyxCzn7mFtCHouq8tj8gZQwoZg=
Subject key identifier: AC:94:E0:B6:66:7F:AD:5C:91:5C:6B:D8:CC:CD:2E:3A:B4:B1:73:B7
Certificate issuer: /CN=68ddbef7f1cdd8ad127160f20ea0a3f6b73fa4a2
Certificate serial: 0188B968A7F7AD35BBCC69D2E2BC17F36847
Authority key identifier: 68:DD:BE:F7:F1:CD:D8:AD:12:71:60:F2:0E:A0:A3:F6:B7:3F:A4:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aN2-9_HN2K0ScWDyDqCj9rc_pKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/rJTgtmZ_rVyRXGvYzM0uOrSxc7c.roa
Signing time: Wed 14 Jun 2023 10:17:03 +0000
ROA not before: Wed 14 Jun 2023 10:17:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200555
IP address blocks: 2.58.188.0/22 maxlen: 24
89.39.216.0/21 maxlen: 24
185.58.208.0/22 maxlen: 24
194.146.99.0/24 maxlen: 24
31.14.60.0/22 maxlen: 24
194.146.55.0/24 maxlen: 24
194.146.63.0/24 maxlen: 24
194.146.70.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 02 Jan 2024 06:31:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b9:68:a7:f7:ad:35:bb:cc:69:d2:e2:bc:17:f3:68:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=68ddbef7f1cdd8ad127160f20ea0a3f6b73fa4a2
Validity
Not Before: Jun 14 10:17:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ac94e0b6667fad5c915c6bd8cccd2e3ab4b173b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:21:f2:82:c1:b4:1b:04:11:75:fa:b8:f9:a7:
40:6c:4e:7b:8b:0f:7d:36:c1:45:8d:09:b8:ec:97:
b2:50:93:c4:77:35:a6:f3:d7:5c:62:20:12:b0:c7:
d2:23:38:92:35:ca:63:45:0e:ab:92:69:fc:a1:4d:
2c:e8:ad:dd:cd:e9:6a:70:f1:62:ed:35:64:3f:01:
cb:a0:fd:1a:78:ad:34:fd:e7:2d:4b:f5:fa:06:d4:
87:32:49:f4:34:ef:47:20:a6:ed:b6:d1:db:52:ec:
71:fc:9a:7b:79:ea:54:eb:a5:18:0e:9c:d1:cd:8f:
17:aa:ba:2d:a1:3b:05:eb:cc:22:63:c3:c2:ed:ae:
e6:e8:e1:b4:12:3a:52:90:4d:04:87:f1:7a:ba:41:
20:fe:27:01:39:fd:f4:05:c4:e8:79:9b:8f:b2:d5:
76:60:56:24:1c:25:06:a7:aa:5a:0d:5d:d3:fa:67:
e0:54:3c:ea:e2:cc:ab:ef:73:e9:69:c3:d2:0a:e7:
ed:40:0c:ef:4c:ea:de:c0:41:f8:5d:ec:46:bd:b5:
ec:56:ba:53:ac:a2:49:54:6d:52:89:f5:93:3c:d3:
37:dc:ca:08:b5:0b:57:8a:cb:56:0d:f0:9c:16:14:
39:f0:c2:6e:3e:2e:00:cd:42:b4:c2:4b:79:c0:9d:
1f:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:94:E0:B6:66:7F:AD:5C:91:5C:6B:D8:CC:CD:2E:3A:B4:B1:73:B7
X509v3 Authority Key Identifier:
keyid:68:DD:BE:F7:F1:CD:D8:AD:12:71:60:F2:0E:A0:A3:F6:B7:3F:A4:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aN2-9_HN2K0ScWDyDqCj9rc_pKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/rJTgtmZ_rVyRXGvYzM0uOrSxc7c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/f033f1-2f5d-46d1-9194-63f301889486/1/aN2-9_HN2K0ScWDyDqCj9rc_pKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.188.0/22
31.14.60.0/22
89.39.216.0/21
185.58.208.0/22
194.146.55.0/24
194.146.63.0/24
194.146.70.0/24
194.146.99.0/24
Signature Algorithm: sha256WithRSAEncryption
50:d0:ba:30:5e:28:dc:14:08:dd:41:55:e8:66:6e:9c:f8:b6:
b6:63:c7:6f:ca:54:3b:f3:e6:00:db:a9:7e:1a:d0:8f:b6:2b:
ff:2b:eb:53:eb:ea:b6:eb:69:3f:ec:2f:f5:89:16:b2:5b:f5:
cf:3d:da:f5:2b:9e:61:5f:ba:b2:c8:26:83:44:0a:97:67:84:
bb:ce:7a:87:9d:41:e9:2d:0c:47:e0:6f:10:e2:29:2c:f6:0f:
10:e6:6d:74:f6:58:06:f4:ba:06:2b:e2:70:96:05:6f:20:b2:
09:db:cf:34:b7:4a:93:a0:11:59:cf:e0:6e:d4:69:e6:f3:cd:
a7:b1:90:0f:d5:f4:fa:4e:6a:85:29:30:8d:cb:85:10:e7:d6:
67:2b:5b:de:9c:26:df:0f:02:63:67:0e:2a:7f:0b:85:f8:7b:
1a:67:45:e5:3f:f7:08:0d:39:52:4f:0c:95:07:31:18:9c:1e:
7f:e3:e5:22:66:ad:e2:f2:81:25:03:10:b3:3c:83:ef:a1:7b:
64:91:b5:ae:f1:40:2b:51:15:4b:84:91:e0:53:fc:a5:0b:2b:
50:ea:c6:31:1e:9c:4f:f5:35:38:e5:ff:90:dc:4a:05:92:9c:
60:fb:26:72:f4:0d:75:de:bb:61:42:29:e5:a6:46:ce:24:10:
c1:6a:c7:ea
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYi5aKf3rTW7zGnS4rwX82hHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4ZGRiZWY3ZjFjZGQ4YWQxMjcxNjBmMjBlYTBhM2Y2Yjcz
ZmE0YTIwHhcNMjMwNjE0MTAxNzAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzk0ZTBiNjY2N2ZhZDVjOTE1YzZiZDhjY2NkMmUzYWI0YjE3M2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiHygsG0GwQRdfq4+adAbE57iw99
NsFFjQm47JeyUJPEdzWm89dcYiASsMfSIziSNcpjRQ6rkmn8oU0s6K3dzelqcPFi
7TVkPwHLoP0aeK00/ectS/X6BtSHMkn0NO9HIKbtttHbUuxx/Jp7eepU66UYDpzR
zY8XqrotoTsF68wiY8PC7a7m6OG0EjpSkE0Eh/F6ukEg/icBOf30BcToeZuPstV2
YFYkHCUGp6paDV3T+mfgVDzq4syr73PpacPSCuftQAzvTOrewEH4XexGvbXsVrpT
rKJJVG1SifWTPNM33MoItQtXistWDfCcFhQ58MJuPi4AzUK0wkt5wJ0flwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKyU4LZmf61ckVxr2MzNLjq0sXO3MB8GA1UdIwQY
MBaAFGjdvvfxzditEnFg8g6go/a3P6SiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU4yLTlfSE4ySzBTY1dEeURxQ2o5cmNfcEtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS9mMDMzZjEtMmY1ZC00NmQxLTkxOTQt
NjNmMzAxODg5NDg2LzEvckpUZ3RtWl9yVnlSWEd2WXpNMHVPclN4YzdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS9mMDMzZjEtMmY1ZC00NmQxLTkxOTQtNjNmMzAxODg5NDg2
LzEvYU4yLTlfSE4ySzBTY1dEeURxQ2o5cmNfcEtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCAjq8AwQC
Hw48AwQDWSfYAwQCuTrQAwQAwpI3AwQAwpI/AwQAwpJGAwQAwpJjMA0GCSqGSIb3
DQEBCwUAA4IBAQBQ0LowXijcFAjdQVXoZm6c+La2Y8dvylQ78+YA26l+GtCPtiv/
K+tT6+q262k/7C/1iRayW/XPPdr1K55hX7qyyCaDRAqXZ4S7znqHnUHpLQxH4G8Q
4iks9g8Q5m109lgG9LoGK+JwlgVvILIJ2880t0qToBFZz+Bu1Gnm882nsZAP1fT6
TmqFKTCNy4UQ59ZnK1venCbfDwJjZw4qfwuF+HsaZ0XlP/cIDTlSTwyVBzEYnB5/
4+UiZq3i8oElAxCzPIPvoXtkkbWu8UArURVLhJHgU/ylCytQ6sYxHpxP9TU45f+Q
3EoFkpxg+yZy9A113rthQinlpkbOJBDBasfq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:18:24 2024 by rpki-client on console-fra.rpki-client.org