Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Q8BMDeihXJXiDC_B_aD8FprCWRg.roa
File: Q8BMDeihXJXiDC_B_aD8FprCWRg.roa (raw, json)
Hash identifier: mP6nFk+vMTuSoB8fGQkzX0DDlb6bv0t52WRkDCiX+nM=
Subject key identifier: 43:C0:4C:0D:E8:A1:5C:95:E2:0C:2F:C1:FD:A0:FC:16:9A:C2:59:18
Certificate issuer: /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial: 018A8DA2F1FFD2B882EA3BE336D045397B5E
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Q8BMDeihXJXiDC_B_aD8FprCWRg.roa
Signing time: Wed 13 Sep 2023 08:23:00 +0000
ROA not before: Wed 13 Sep 2023 08:23:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2895
IP address blocks: 185.103.100.0/22 maxlen: 22
193.233.156.0/24 maxlen: 24
193.233.155.0/24 maxlen: 24
147.45.0.0/16 maxlen: 16
193.233.4.0/24 maxlen: 24
193.233.0.0/22 maxlen: 22
193.233.10.0/23 maxlen: 23
193.233.8.0/24 maxlen: 24
2001:640::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:8d:a2:f1:ff:d2:b8:82:ea:3b:e3:36:d0:45:39:7b:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
Validity
Not Before: Sep 13 08:23:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=43c04c0de8a15c95e20c2fc1fda0fc169ac25918
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:41:b0:d5:78:2b:32:d8:f0:38:4b:f2:c9:dc:
4a:37:be:51:00:d6:45:d9:8c:4b:95:3c:41:de:bb:
b2:7d:f9:0d:f4:f2:43:9e:da:24:72:b0:ae:18:c4:
fe:46:e2:29:b0:19:78:57:3c:1e:3b:30:0a:fd:e2:
09:bd:0a:41:90:ab:91:e8:b8:b1:21:f7:23:00:6d:
d4:fa:13:1d:4c:f8:8a:77:c6:f2:c0:7f:38:c9:25:
e8:f9:54:ad:f1:9d:81:71:a0:ac:05:fe:4b:8f:f7:
da:6a:8e:0c:7f:cf:52:e0:8c:58:6d:10:65:6e:b9:
b3:e5:d2:ad:2c:9f:40:03:1e:01:bb:bb:c8:43:fe:
4a:1d:ac:27:fb:39:22:b9:b6:55:68:83:50:19:ba:
db:9b:5a:d0:f0:99:97:1e:bd:d8:2b:be:e6:e5:95:
ec:f2:5d:22:fa:df:53:84:72:ff:60:2d:42:53:24:
e3:b1:de:d4:61:23:19:6c:68:ca:54:0e:31:41:af:
10:55:46:81:94:d6:de:66:49:01:10:83:19:90:1f:
2d:94:b9:d2:0c:57:dc:d3:f8:bf:46:ab:dd:e9:70:
8f:b3:21:09:fb:56:0f:21:f5:2a:f3:9f:df:72:45:
4d:de:68:8a:24:7b:aa:af:19:e2:c0:b6:7c:45:e6:
6d:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:C0:4C:0D:E8:A1:5C:95:E2:0C:2F:C1:FD:A0:FC:16:9A:C2:59:18
X509v3 Authority Key Identifier:
keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/Q8BMDeihXJXiDC_B_aD8FprCWRg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.45.0.0/16
185.103.100.0/22
193.233.0.0-193.233.4.255
193.233.8.0/24
193.233.10.0/23
193.233.155.0-193.233.156.255
IPv6:
2001:640::/32
Signature Algorithm: sha256WithRSAEncryption
41:57:c1:eb:52:b0:63:c7:05:20:48:5d:9f:dd:e9:4f:08:b6:
69:6a:25:1b:97:dd:42:53:7d:b2:2c:97:f4:cb:cd:0d:72:55:
54:1d:73:d3:3d:4a:f0:6e:87:47:8c:c5:e3:46:e2:f6:6c:44:
2d:49:e3:5b:b4:cc:c0:d2:f1:1d:78:8f:d7:b9:cd:ac:70:63:
bb:09:8c:15:28:f8:b1:09:fe:15:7a:07:cd:57:17:32:4d:14:
4b:4e:d5:1b:40:67:ae:81:7c:bd:5a:d7:ed:c1:9b:34:ab:af:
0f:76:f0:2f:9b:ae:89:ba:a5:ad:e3:af:e2:b7:88:40:a8:ca:
51:30:29:26:a6:a6:f5:0f:cc:56:00:21:9c:62:e4:1b:dd:b8:
f8:05:f3:06:bc:e2:19:98:d3:b9:e1:33:d0:13:74:38:06:a5:
48:2a:75:73:2e:86:05:c3:a2:ee:e0:76:2f:13:6e:de:30:c7:
96:47:b7:56:8a:05:f7:e2:ea:a3:4f:b8:37:19:54:ca:1a:99:
45:c6:9b:f8:85:fa:f2:d6:0f:c3:60:db:87:b6:e3:57:a6:4e:
4f:83:d7:a5:77:e6:ff:7a:94:e9:f6:15:c9:97:24:c2:3f:f8:
3a:5d:b5:32:1a:7a:2c:da:8e:e4:4c:d3:c6:ba:6f:9e:76:20:
22:f2:08:00
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYqNovH/0riC6jvjNtBFOXteMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjMwOTEzMDgyMzAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2MwNGMwZGU4YTE1Yzk1ZTIwYzJmYzFmZGEwZmMxNjlhYzI1OTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnEGw1XgrMtjwOEvyydxKN75RANZF
2YxLlTxB3ruyffkN9PJDntokcrCuGMT+RuIpsBl4VzweOzAK/eIJvQpBkKuR6Lix
IfcjAG3U+hMdTPiKd8bywH84ySXo+VSt8Z2BcaCsBf5Lj/faao4Mf89S4IxYbRBl
brmz5dKtLJ9AAx4Bu7vIQ/5KHawn+zkiubZVaINQGbrbm1rQ8JmXHr3YK77m5ZXs
8l0i+t9ThHL/YC1CUyTjsd7UYSMZbGjKVA4xQa8QVUaBlNbeZkkBEIMZkB8tlLnS
DFfc0/i/Rqvd6XCPsyEJ+1YPIfUq85/fckVN3miKJHuqrxniwLZ8ReZtwQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFEPATA3ooVyV4gwvwf2g/BaawlkYMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUThCTURlaWhYSlhpRENfQl9hRDhGcHJDV1JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwMAky0DBAK5
Z2QwCwMDAMHpAwQAwekEAwQAwekIAwQBwekKMAwDBADB6ZsDBADB6ZwwDQQCAAIw
BwMFACABBkAwDQYJKoZIhvcNAQELBQADggEBAEFXwetSsGPHBSBIXZ/d6U8Itmlq
JRuX3UJTfbIsl/TLzQ1yVVQdc9M9SvBuh0eMxeNG4vZsRC1J41u0zMDS8R14j9e5
zaxwY7sJjBUo+LEJ/hV6B81XFzJNFEtO1RtAZ66BfL1a1+3BmzSrrw928C+brom6
pa3jr+K3iECoylEwKSampvUPzFYAIZxi5BvduPgF8wa84hmY07nhM9ATdDgGpUgq
dXMuhgXDou7gdi8Tbt4wx5ZHt1aKBffi6qNPuDcZVMoamUXGm/iF+vLWD8Ng24e2
41emTk+D16V35v96lOn2FcmXJMI/+DpdtTIaeizajuRM08a6b552ICLyCAA=
-----END CERTIFICATE-----
Generated at Wed Sep 13 09:30:19 2023 by rpki-client on console-ams.rpki-client.org