Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Z8dazfsYSR7REEZNL6n4qCiP3GU.roa
File: Z8dazfsYSR7REEZNL6n4qCiP3GU.roa (raw, json)
Hash identifier: cXuGNReVNg0rddxqITsGAu+3g2SoDkzq6mH2buIdxnE=
Subject key identifier: 67:C7:5A:CD:FB:18:49:1E:D1:10:46:4D:2F:A9:F8:A8:28:8F:DC:65
Certificate issuer: /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial: 0189CC54D487C583A0F09E81F8764D20CCED
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Z8dazfsYSR7REEZNL6n4qCiP3GU.roa
Signing time: Sun 06 Aug 2023 19:30:58 +0000
ROA not before: Sun 06 Aug 2023 19:30:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62041
IP address blocks: 91.108.4.0/22 maxlen: 22
91.108.8.0/22 maxlen: 22
95.161.64.0/20 maxlen: 20
91.108.56.0/22 maxlen: 22
149.154.162.0/23 maxlen: 23
149.154.164.0/22 maxlen: 22
149.154.164.0/23 maxlen: 23
149.154.160.0/24 maxlen: 24
149.154.160.0/23 maxlen: 23
149.154.160.0/22 maxlen: 22
149.154.166.0/23 maxlen: 23
Validation: Failed, certificate revoked on Mon 01 Jan 2024 08:29:23 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:cc:54:d4:87:c5:83:a0:f0:9e:81:f8:76:4d:20:cc:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Validity
Not Before: Aug 6 19:30:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=67c75acdfb18491ed110464d2fa9f8a8288fdc65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:b1:f4:43:bd:f2:4a:88:8d:3d:6b:7e:d1:6e:
8c:5b:a1:9e:d8:91:2b:4d:15:11:f9:e2:68:db:12:
25:48:4d:d8:91:e2:58:6b:27:c0:52:a1:d6:97:5b:
8f:46:dc:af:7d:2b:b8:c4:f0:ab:70:dd:ca:e0:49:
d1:76:c5:34:85:39:2f:02:62:13:a3:45:4e:a8:5e:
84:cc:14:98:fe:fb:92:87:31:bf:05:d0:9d:d4:1c:
f7:59:d7:66:a7:51:68:54:7f:12:f9:18:36:8d:e7:
c8:7c:c9:2a:7d:ce:a4:74:46:ea:b5:92:07:ef:d0:
e3:e8:a8:17:cf:70:12:7b:55:a0:9a:12:c3:3f:62:
9d:fe:c7:52:f9:e2:9d:2e:27:f1:34:79:de:9e:88:
c1:c7:6c:61:75:4d:16:f5:24:e6:47:d4:e7:d5:6d:
c3:2b:ce:cd:b9:18:5e:b4:6a:ea:71:0e:7c:5e:93:
dd:52:a8:03:6c:58:1d:66:68:6e:1d:3c:73:33:b5:
d1:f0:91:58:81:ee:97:34:16:66:09:80:d9:ac:e6:
1c:b8:57:b3:5e:87:ee:67:38:aa:3f:72:0f:67:9f:
f9:cd:b0:08:76:b6:6b:bc:ca:80:83:06:83:b1:de:
1f:c3:6f:bc:8e:38:4b:0f:ce:ff:a0:44:95:49:ef:
0a:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:C7:5A:CD:FB:18:49:1E:D1:10:46:4D:2F:A9:F8:A8:28:8F:DC:65
X509v3 Authority Key Identifier:
keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Z8dazfsYSR7REEZNL6n4qCiP3GU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.4.0-91.108.11.255
91.108.56.0/22
95.161.64.0/20
149.154.160.0/21
Signature Algorithm: sha256WithRSAEncryption
78:28:d8:e9:b1:7a:83:49:97:19:16:f5:6f:9a:e2:eb:9f:6e:
1f:1c:cc:0d:37:8d:2f:5b:6a:73:fc:e9:8a:eb:5d:cc:6a:d5:
c9:e3:c0:e7:28:67:89:dd:f8:fa:c3:e6:6b:b8:70:64:01:45:
60:38:c1:02:1a:54:84:4d:59:fa:cf:53:56:50:8f:dd:03:03:
a2:31:5f:09:d5:74:d1:30:0e:be:19:0d:bc:75:5a:43:bc:b1:
98:c0:b5:f5:5e:27:60:07:8d:4f:62:a6:23:0d:a7:fd:f9:b5:
37:87:b9:a2:e1:db:39:a9:e2:e0:4a:4e:7b:79:39:fe:28:bf:
3a:33:df:82:b7:a2:5b:b9:63:a7:89:b7:1f:fb:69:76:ce:ea:
9a:84:49:60:b2:46:1d:87:e9:ac:76:60:74:cf:40:ed:9b:6f:
40:e0:25:2d:41:69:70:b1:2d:65:b6:b9:6c:bf:30:60:37:1a:
7d:1c:fb:77:cf:77:ac:e7:5c:cd:8d:29:20:36:ef:a8:b5:3a:
4a:84:88:b3:1e:15:11:6b:9c:67:d4:90:b5:cb:cd:a8:57:30:
1a:6c:ec:db:18:95:8c:60:f9:6a:97:bf:8a:ac:72:0e:a5:3b:
47:fb:b1:03:c2:ed:b6:5e:f9:d8:cc:da:dd:f8:45:aa:ed:3f:
4f:77:7c:dd
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYnMVNSHxYOg8J6B+HZNIMztMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjMwODA2MTkzMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2M3NWFjZGZiMTg0OTFlZDExMDQ2NGQyZmE5ZjhhODI4OGZkYzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbH0Q73ySoiNPWt+0W6MW6Ge2JEr
TRUR+eJo2xIlSE3YkeJYayfAUqHWl1uPRtyvfSu4xPCrcN3K4EnRdsU0hTkvAmIT
o0VOqF6EzBSY/vuShzG/BdCd1Bz3Wddmp1FoVH8S+Rg2jefIfMkqfc6kdEbqtZIH
79Dj6KgXz3ASe1WgmhLDP2Kd/sdS+eKdLifxNHnenojBx2xhdU0W9STmR9Tn1W3D
K87NuRhetGrqcQ58XpPdUqgDbFgdZmhuHTxzM7XR8JFYge6XNBZmCYDZrOYcuFez
XofuZziqP3IPZ5/5zbAIdrZrvMqAgwaDsd4fw2+8jjhLD87/oESVSe8KyQIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFGfHWs37GEke0RBGTS+p+Kgoj9xlMB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvWjhkYXpmc1lTUjdSRUVaTkw2bjRxQ2lQM0dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgMAwDBAJbbAQD
BAJbbAgDBAJbbDgDBARfoUADBAOVmqAwDQYJKoZIhvcNAQELBQADggEBAHgo2Omx
eoNJlxkW9W+a4uufbh8czA03jS9banP86YrrXcxq1cnjwOcoZ4nd+PrD5mu4cGQB
RWA4wQIaVIRNWfrPU1ZQj90DA6IxXwnVdNEwDr4ZDbx1WkO8sZjAtfVeJ2AHjU9i
piMNp/35tTeHuaLh2zmp4uBKTnt5Of4ovzoz34K3olu5Y6eJtx/7aXbO6pqESWCy
Rh2H6ax2YHTPQO2bb0DgJS1BaXCxLWW2uWy/MGA3Gn0c+3fPd6znXM2NKSA276i1
OkqEiLMeFRFrnGfUkLXLzahXMBps7NsYlYxg+WqXv4qscg6lO0f7sQPC7bZe+djM
2t34RartP093fN0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:53:08 2024 by rpki-client on console-ams.rpki-client.org