Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/vS0S7QJlxl5i3rrcX5CCSrAeQhw.roa
File: vS0S7QJlxl5i3rrcX5CCSrAeQhw.roa (raw, json)
Hash identifier: u6Eu8D6lpCX7mIr9zNc/O9xnLdmOLOZzGQz8hMe3kIc=
Subject key identifier: BD:2D:12:ED:02:65:C6:5E:62:DE:BA:DC:5F:90:82:4A:B0:1E:42:1C
Certificate issuer: /CN=34e110b59362f673eae33b66ee7aea3c4028294e
Certificate serial: 018CC8DE9A27AAD6009F15E6C8CAC7FE40B2
Authority key identifier: 34:E1:10:B5:93:62:F6:73:EA:E3:3B:66:EE:7A:EA:3C:40:28:29:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NOEQtZNi9nPq4ztm7nrqPEAoKU4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/vS0S7QJlxl5i3rrcX5CCSrAeQhw.roa
Signing time: Tue 02 Jan 2024 06:31:20 +0000
ROA not before: Tue 02 Jan 2024 06:31:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29028
IP address blocks: 141.105.120.0/22 maxlen: 24
141.105.120.0/21 maxlen: 24
141.105.126.0/23 maxlen: 24
178.21.112.0/21 maxlen: 24
185.2.44.0/22 maxlen: 24
193.200.132.0/24 maxlen: 24
194.145.200.0/23 maxlen: 24
2a02:2308::/32 maxlen: 32
2a02:2308:30::/48 maxlen: 48
Validation: Failed, certificate revoked on Wed 06 Nov 2024 12:34:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:de:9a:27:aa:d6:00:9f:15:e6:c8:ca:c7:fe:40:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34e110b59362f673eae33b66ee7aea3c4028294e
Validity
Not Before: Jan 2 06:31:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bd2d12ed0265c65e62debadc5f90824ab01e421c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:ba:0d:61:4c:fb:2c:b9:84:56:24:c5:ee:fc:
5c:c1:84:05:ea:06:d5:81:28:ef:2f:8a:61:d0:fd:
23:af:d1:a7:9c:5d:e7:56:07:b6:4a:09:1c:61:16:
b1:9b:47:de:93:13:33:b1:af:76:85:30:1e:72:84:
27:d8:50:ee:cc:ef:4c:81:a6:36:c0:5e:9b:fb:a3:
ce:57:b8:e8:6e:ed:58:58:1d:f3:0a:ec:f3:86:c0:
59:e4:dd:4f:d7:ec:6c:72:d1:86:03:e4:7d:23:c3:
19:a3:3f:b8:69:81:71:cf:22:bc:c4:ec:8c:d1:33:
fa:b5:8d:1d:a3:28:57:85:89:03:e4:c7:e5:d6:99:
42:52:98:e2:52:25:94:35:96:e2:73:08:3f:91:88:
df:60:4c:3f:6d:fb:f8:70:3f:bc:71:8f:ed:f9:dd:
78:9a:e7:b8:ba:77:4e:6e:da:e9:d7:4e:19:a1:45:
e6:f6:80:2e:05:43:0b:51:0f:d7:29:e2:11:5c:13:
3a:6e:d6:93:69:b9:6b:b0:e0:71:71:e8:7e:f2:ae:
1b:46:46:79:bb:52:1d:bc:85:32:2a:a7:37:bd:41:
b2:82:5c:1e:4a:d8:3b:ff:02:62:0c:5d:b3:59:be:
36:d1:97:9c:fa:57:ac:cc:e1:b1:93:38:e9:a1:df:
d0:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:2D:12:ED:02:65:C6:5E:62:DE:BA:DC:5F:90:82:4A:B0:1E:42:1C
X509v3 Authority Key Identifier:
keyid:34:E1:10:B5:93:62:F6:73:EA:E3:3B:66:EE:7A:EA:3C:40:28:29:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NOEQtZNi9nPq4ztm7nrqPEAoKU4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/vS0S7QJlxl5i3rrcX5CCSrAeQhw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/0bf8fb-1604-4cd1-9da6-1bb27c5d397e/1/NOEQtZNi9nPq4ztm7nrqPEAoKU4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.105.120.0/21
178.21.112.0/21
185.2.44.0/22
193.200.132.0/24
194.145.200.0/23
IPv6:
2a02:2308::/32
Signature Algorithm: sha256WithRSAEncryption
46:91:ab:d4:7e:26:46:ff:24:b0:77:49:44:81:99:0a:a1:f6:
9a:0c:8e:cc:71:83:fe:ca:37:8a:fd:95:40:ff:7c:fa:06:b9:
b6:f9:5a:4d:77:9a:b1:99:54:39:16:61:6b:7a:10:07:72:a1:
30:0c:f2:4d:02:8e:2a:68:92:12:be:2c:53:66:24:38:59:4a:
32:a2:78:f5:0a:88:f7:c1:ea:9b:a7:36:00:39:4f:d9:1b:73:
b4:6a:0a:33:8d:7e:99:f4:0c:4c:43:1f:f1:87:ad:dd:f5:ec:
8b:55:91:f8:75:47:96:31:3c:d0:10:2c:97:c1:fe:38:78:71:
f8:15:75:ab:a9:f7:2b:76:e5:93:34:d7:91:d8:a3:c2:45:33:
6b:24:54:ac:40:e4:2a:40:3f:e6:40:ef:f7:dc:bd:9a:c4:32:
bb:30:bb:cd:25:47:8f:a0:e3:de:7c:a8:90:db:57:f9:5c:39:
a6:f7:3a:20:e7:4f:49:16:0a:6a:47:ef:e4:d8:17:11:d5:27:
e0:63:5a:38:62:c9:22:e1:92:21:97:73:b1:57:58:98:f0:a3:
ab:9d:fc:05:ac:83:18:42:21:a9:fd:fb:31:c1:dd:97:76:22:
a7:13:73:23:ef:a8:c4:80:1b:07:98:f8:21:db:af:8d:d9:5c:
35:8a:1e:ee
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYzI3ponqtYAnxXmyMrH/kCyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZTExMGI1OTM2MmY2NzNlYWUzM2I2NmVlN2FlYTNjNDAy
ODI5NGUwHhcNMjQwMTAyMDYzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDJkMTJlZDAyNjVjNjVlNjJkZWJhZGM1ZjkwODI0YWIwMWU0MjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4roNYUz7LLmEViTF7vxcwYQF6gbV
gSjvL4ph0P0jr9GnnF3nVge2SgkcYRaxm0fekxMzsa92hTAecoQn2FDuzO9MgaY2
wF6b+6POV7jobu1YWB3zCuzzhsBZ5N1P1+xsctGGA+R9I8MZoz+4aYFxzyK8xOyM
0TP6tY0doyhXhYkD5Mfl1plCUpjiUiWUNZbicwg/kYjfYEw/bfv4cD+8cY/t+d14
mue4undObtrp104ZoUXm9oAuBUMLUQ/XKeIRXBM6btaTablrsOBxceh+8q4bRkZ5
u1IdvIUyKqc3vUGyglweStg7/wJiDF2zWb420Zec+leszOGxkzjpod/Q1wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFL0tEu0CZcZeYt663F+QgkqwHkIcMB8GA1UdIwQY
MBaAFDThELWTYvZz6uM7Zu566jxAKClOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTk9FUXRaTmk5blBxNHp0bTducnFQRUFvS1U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy8wYmY4ZmItMTYwNC00Y2QxLTlkYTYt
MWJiMjdjNWQzOTdlLzEvdlMwUzdRSmx4bDVpM3JyY1g1Q0NTckFlUWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy8wYmY4ZmItMTYwNC00Y2QxLTlkYTYtMWJiMjdjNWQzOTdl
LzEvTk9FUXRaTmk5blBxNHp0bTducnFQRUFvS1U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDjWl4AwQD
shVwAwQCuQIsAwQAwciEAwQBwpHIMA0EAgACMAcDBQAqAiMIMA0GCSqGSIb3DQEB
CwUAA4IBAQBGkavUfiZG/ySwd0lEgZkKofaaDI7McYP+yjeK/ZVA/3z6Brm2+VpN
d5qxmVQ5FmFrehAHcqEwDPJNAo4qaJISvixTZiQ4WUoyonj1Coj3weqbpzYAOU/Z
G3O0agozjX6Z9AxMQx/xh63d9eyLVZH4dUeWMTzQECyXwf44eHH4FXWrqfcrduWT
NNeR2KPCRTNrJFSsQOQqQD/mQO/33L2axDK7MLvNJUePoOPefKiQ21f5XDmm9zog
509JFgpqR+/k2BcR1SfgY1o4Yski4ZIhl3OxV1iY8KOrnfwFrIMYQiGp/fsxwd2X
diKnE3Mj76jEgBsHmPgh26+N2Vw1ih7u
-----END CERTIFICATE-----
Generated at Wed Nov 6 15:16:07 2024 by rpki-client on console-fra.rpki-client.org