Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/328fab-4ebc-4e1f-840e-bc424349a16e/1/Xws_IZnBsHXTOvBSvDNASIW727U.roa
File: Xws_IZnBsHXTOvBSvDNASIW727U.roa (raw, json)
Hash identifier: XCpE5Q6VFIzXVIpqBtfV3GLKsuFiMDtTzFI2goXpZFY=
Subject key identifier: 5F:0B:3F:21:99:C1:B0:75:D3:3A:F0:52:BC:33:40:48:85:BB:DB:B5
Certificate issuer: /CN=945efd6c477806bd6b45267558d6828feec61ea6
Certificate serial: 01856DC198698BE38F0FECE92C704A212F8E
Authority key identifier: 94:5E:FD:6C:47:78:06:BD:6B:45:26:75:58:D6:82:8F:EE:C6:1E:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lF79bEd4Br1rRSZ1WNaCj-7GHqY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/328fab-4ebc-4e1f-840e-bc424349a16e/1/Xws_IZnBsHXTOvBSvDNASIW727U.roa
Signing time: Sun 01 Jan 2023 14:34:42 +0000
ROA not before: Sun 01 Jan 2023 14:34:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197113
IP address blocks: 185.242.152.0/23 maxlen: 24
185.242.154.0/23 maxlen: 24
46.174.224.0/21 maxlen: 21
2a0c:ce80::/44 maxlen: 64
2a0c:ce80:10::/44 maxlen: 44
2a0c:ce80:20::/44 maxlen: 44
2a0c:ce80:30::/44 maxlen: 44
2a0c:ce80:40::/44 maxlen: 44
2a0c:ce80:50::/44 maxlen: 44
2a0c:ce80:60::/44 maxlen: 44
Validation: Failed, certificate revoked on Mon 01 Jan 2024 22:31:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:98:69:8b:e3:8f:0f:ec:e9:2c:70:4a:21:2f:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=945efd6c477806bd6b45267558d6828feec61ea6
Validity
Not Before: Jan 1 14:34:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5f0b3f2199c1b075d33af052bc33404885bbdbb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:c2:7d:40:9f:5e:8e:2d:11:60:be:62:54:f2:
43:c7:b6:ed:cc:f7:09:b9:2a:fd:26:e1:2a:a1:e3:
ee:0f:08:aa:fb:4c:94:a7:cb:70:25:9f:65:31:ed:
dc:5d:56:74:ae:17:9a:ab:fe:65:42:34:c0:8a:09:
c6:4d:a4:76:ca:51:bc:4c:66:f9:cd:3d:28:93:5e:
bf:e0:7f:38:2f:df:30:67:8a:53:f7:8f:4a:dd:26:
c5:66:77:1c:98:1e:aa:78:61:c9:30:fd:b1:ea:6a:
4f:42:ce:14:da:6d:0f:95:d8:de:ec:d8:81:16:fd:
ce:75:e2:00:01:50:06:91:45:db:76:3f:af:2c:cd:
8a:af:d2:d3:61:d2:9f:eb:c9:34:2c:4c:b5:00:b0:
cc:ab:e0:98:ee:1c:30:10:e6:e0:0a:30:31:34:f7:
eb:76:0e:ac:a9:44:8c:cb:52:61:84:d6:d4:85:91:
ff:91:f1:ac:f0:6f:fe:94:48:52:1e:73:e4:4b:55:
74:46:98:12:44:31:31:fa:e0:7a:d9:7c:cc:fe:27:
23:b0:31:ae:e8:02:c0:48:1d:d7:50:db:52:f5:c7:
91:e9:12:0f:04:71:11:31:de:88:ae:91:8c:8b:18:
57:cc:03:3d:03:a9:ad:82:99:a3:f1:38:74:97:d2:
52:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:0B:3F:21:99:C1:B0:75:D3:3A:F0:52:BC:33:40:48:85:BB:DB:B5
X509v3 Authority Key Identifier:
keyid:94:5E:FD:6C:47:78:06:BD:6B:45:26:75:58:D6:82:8F:EE:C6:1E:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lF79bEd4Br1rRSZ1WNaCj-7GHqY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/328fab-4ebc-4e1f-840e-bc424349a16e/1/Xws_IZnBsHXTOvBSvDNASIW727U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/328fab-4ebc-4e1f-840e-bc424349a16e/1/lF79bEd4Br1rRSZ1WNaCj-7GHqY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.174.224.0/21
185.242.152.0/22
IPv6:
2a0c:ce80::-2a0c:ce80:6f:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
89:a2:f6:f4:92:2c:36:78:c8:e4:6a:cc:1d:81:88:e4:fe:05:
a6:bf:6f:70:8e:cd:02:bb:b2:f6:68:ed:94:58:3e:fc:57:e1:
63:b8:f5:8a:f7:29:d2:88:38:fb:1a:4f:25:e6:2c:0c:77:9d:
e3:fd:f9:ad:89:eb:4f:d2:77:c8:ea:f5:ef:40:74:ce:6a:e8:
be:a2:99:f9:ca:1f:26:21:80:56:db:7e:40:20:16:11:de:c0:
e3:0d:68:3d:58:5b:4e:84:dd:98:c7:7c:6d:f0:9d:c6:de:24:
34:a8:e1:de:0a:2a:f9:ba:05:39:45:78:1e:4e:60:45:f9:a0:
f6:f0:e2:c3:bd:f5:10:4b:16:9a:91:2b:49:ca:e9:aa:1a:dd:
d1:c5:50:d7:bf:a3:ae:2d:21:68:31:6c:af:ea:04:37:05:1f:
76:77:06:4e:ad:5d:b1:31:dc:db:f9:79:8b:3b:43:8d:15:d4:
be:51:c3:be:91:95:f3:2d:59:19:9f:d6:1d:08:54:c2:07:0d:
06:02:39:0f:e4:d1:4e:96:cd:5a:0a:51:44:b9:bc:20:5f:68:
b7:b1:9a:9a:e6:9e:9f:b9:f6:d9:b7:1b:c5:29:b7:e0:49:aa:
40:ce:8c:3d:e4:98:54:37:c0:30:7b:5b:14:12:a5:7a:8d:cf:
76:b6:08:14
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYVtwZhpi+OPD+zpLHBKIS+OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0NWVmZDZjNDc3ODA2YmQ2YjQ1MjY3NTU4ZDY4MjhmZWVj
NjFlYTYwHhcNMjMwMTAxMTQzNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBiM2YyMTk5YzFiMDc1ZDMzYWYwNTJiYzMzNDA0ODg1YmJkYmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscJ9QJ9eji0RYL5iVPJDx7btzPcJ
uSr9JuEqoePuDwiq+0yUp8twJZ9lMe3cXVZ0rheaq/5lQjTAignGTaR2ylG8TGb5
zT0ok16/4H84L98wZ4pT949K3SbFZnccmB6qeGHJMP2x6mpPQs4U2m0Pldje7NiB
Fv3OdeIAAVAGkUXbdj+vLM2Kr9LTYdKf68k0LEy1ALDMq+CY7hwwEObgCjAxNPfr
dg6sqUSMy1JhhNbUhZH/kfGs8G/+lEhSHnPkS1V0RpgSRDEx+uB62XzM/icjsDGu
6ALASB3XUNtS9ceR6RIPBHERMd6IrpGMixhXzAM9A6mtgpmj8Th0l9JSNQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFF8LPyGZwbB10zrwUrwzQEiFu9u1MB8GA1UdIwQY
MBaAFJRe/WxHeAa9a0UmdVjWgo/uxh6mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEY3OWJFZDRCcjFyUlNaMVdOYUNqLTdHSHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8zMjhmYWItNGViYy00ZTFmLTg0MGUt
YmM0MjQzNDlhMTZlLzEvWHdzX0labkJzSFhUT3ZCU3ZETkFTSVc3MjdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8zMjhmYWItNGViYy00ZTFmLTg0MGUtYmM0MjQzNDlhMTZl
LzEvbEY3OWJFZDRCcjFyUlNaMVdOYUNqLTdHSHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjASBAIAATAMAwQDLq7gAwQC
ufKYMBgEAgACMBIwEAMFByoMzoADBwQqDM6AAGAwDQYJKoZIhvcNAQELBQADggEB
AImi9vSSLDZ4yORqzB2BiOT+Baa/b3COzQK7svZo7ZRYPvxX4WO49Yr3KdKIOPsa
TyXmLAx3neP9+a2J60/Sd8jq9e9AdM5q6L6imfnKHyYhgFbbfkAgFhHewOMNaD1Y
W06E3ZjHfG3wncbeJDSo4d4KKvm6BTlFeB5OYEX5oPbw4sO99RBLFpqRK0nK6aoa
3dHFUNe/o64tIWgxbK/qBDcFH3Z3Bk6tXbEx3Nv5eYs7Q40V1L5Rw76RlfMtWRmf
1h0IVMIHDQYCOQ/k0U6WzVoKUUS5vCBfaLexmprmnp+59tm3G8Upt+BJqkDOjD3k
mFQ3wDB7WxQSpXqNz3a2CBQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:54:00 2024 by rpki-client on console-ams.rpki-client.org