Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/kOwDNX9WcVefFNu5g7XojbquebI.roa
File: kOwDNX9WcVefFNu5g7XojbquebI.roa (raw, json)
Hash identifier: ULrNz1Z9dKb1LWOLv0lUdc/RdCfLaGw+hOUTntya5+g=
Subject key identifier: 90:EC:03:35:7F:56:71:57:9F:14:DB:B9:83:B5:E8:8D:BA:AE:79:B2
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 018CBF92CDD67F93ACEA2F27F3687A4AC6DC
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/kOwDNX9WcVefFNu5g7XojbquebI.roa
Signing time: Sun 31 Dec 2023 11:11:58 +0000
ROA not before: Sun 31 Dec 2023 11:11:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 193.30.241.0/24 maxlen: 24
85.209.120.0/23 maxlen: 24
193.57.41.0/24 maxlen: 24
45.94.170.0/24 maxlen: 24
45.94.171.0/24 maxlen: 24
195.177.95.0/24 maxlen: 24
45.88.139.0/24 maxlen: 24
146.19.125.0/24 maxlen: 24
45.81.115.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 02 Jan 2024 04:29:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:bf:92:cd:d6:7f:93:ac:ea:2f:27:f3:68:7a:4a:c6:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Dec 31 11:11:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=90ec03357f5671579f14dbb983b5e88dbaae79b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:28:0c:62:1e:03:75:6b:0a:32:31:88:0d:4f:
aa:35:d9:ba:78:a4:48:e7:5e:14:34:ad:48:f7:b6:
da:ba:26:14:70:35:34:3f:a5:9b:09:5e:95:8f:c3:
8d:60:74:4a:1c:35:ef:76:e3:40:6b:73:24:79:e6:
c2:6f:08:dc:86:d8:65:78:ae:2e:d9:1b:28:82:67:
72:a7:37:27:48:40:39:b8:4c:14:1a:73:ae:98:0f:
b5:63:ce:d7:15:f2:d5:9b:cb:5b:59:d7:91:98:7d:
81:18:60:e5:86:e2:f1:a2:52:e0:ed:b8:d0:b9:f2:
a0:08:ce:6f:2b:de:9b:50:f2:b3:7c:89:df:f3:a1:
e6:37:92:e7:d1:da:4c:d6:49:d4:c4:65:8e:9b:2e:
b6:71:a6:b0:8f:7d:b9:1d:a8:5c:df:a9:7a:04:be:
8a:4a:8d:f6:c3:51:75:a6:e3:8c:a0:13:95:11:14:
da:19:02:31:dd:20:9b:81:f3:03:6e:fb:82:43:0f:
c0:b5:04:f3:fe:3d:09:ca:92:ad:e2:68:73:bd:8e:
f4:28:90:99:5e:8e:87:38:b9:a3:28:bb:9a:39:f0:
1b:6d:87:e0:d1:c5:4c:fe:14:57:61:54:fb:90:35:
e4:be:82:57:04:b7:3e:00:0c:a6:9a:15:ec:f1:97:
4c:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:EC:03:35:7F:56:71:57:9F:14:DB:B9:83:B5:E8:8D:BA:AE:79:B2
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/kOwDNX9WcVefFNu5g7XojbquebI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.81.115.0/24
45.88.139.0/24
45.94.170.0/23
85.209.120.0/23
146.19.125.0/24
193.30.241.0/24
193.57.41.0/24
195.177.95.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:2a:cd:fd:9e:af:e9:fe:6e:dc:49:68:55:20:1d:84:2c:04:
5e:b0:f8:52:3a:e0:fe:41:1f:a6:72:47:b1:c3:73:43:31:53:
53:e3:65:cc:58:55:ca:f3:a1:30:d0:1e:c8:9b:32:54:5a:46:
7f:f2:6e:25:9e:f9:36:4c:83:32:eb:83:96:ad:ce:87:1e:3c:
83:2a:16:e5:78:a6:8a:6f:32:a8:f5:9f:10:e6:73:62:33:e4:
6d:eb:e6:82:4e:53:ee:9e:28:26:a0:36:51:f8:2e:b9:84:82:
84:26:77:b9:72:85:ca:7b:82:56:ae:7a:ec:b9:62:5c:be:c6:
15:d0:32:d3:e7:f0:6d:fc:7b:b8:3b:83:b2:7a:e7:7b:3d:f5:
b2:1e:6b:47:6a:de:3c:c6:08:bf:d4:09:9c:61:59:ca:98:a3:
64:00:b7:62:f8:3b:8f:c3:1c:0d:18:9b:dd:9e:4c:a9:1d:eb:
44:ee:35:b3:ec:fa:2a:08:c8:30:f7:32:0f:89:ec:55:43:24:
7c:9a:59:2b:86:6b:ce:1f:d2:c6:a9:52:b5:c9:00:aa:eb:52:
0a:d6:a5:fc:2b:ae:1c:8e:38:a0:34:48:3c:6b:b1:db:82:77:
ff:8b:2a:a4:0f:1b:b2:23:62:4d:5f:01:d6:cd:72:f2:0d:1b:
e5:b8:67:dc
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYy/ks3Wf5Os6i8n82h6SsbcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMxMjMxMTExMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGVjMDMzNTdmNTY3MTU3OWYxNGRiYjk4M2I1ZTg4ZGJhYWU3OWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiigMYh4DdWsKMjGIDU+qNdm6eKRI
514UNK1I97bauiYUcDU0P6WbCV6Vj8ONYHRKHDXvduNAa3MkeebCbwjchthleK4u
2RsogmdypzcnSEA5uEwUGnOumA+1Y87XFfLVm8tbWdeRmH2BGGDlhuLxolLg7bjQ
ufKgCM5vK96bUPKzfInf86HmN5Ln0dpM1knUxGWOmy62caawj325Hahc36l6BL6K
So32w1F1puOMoBOVERTaGQIx3SCbgfMDbvuCQw/AtQTz/j0JypKt4mhzvY70KJCZ
Xo6HOLmjKLuaOfAbbYfg0cVM/hRXYVT7kDXkvoJXBLc+AAymmhXs8ZdMiQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFJDsAzV/VnFXnxTbuYO16I26rnmyMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEva093RE5YOVdjVmVmRk51NWc3WG9qYnF1ZWJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVFzAwQA
LViLAwQBLV6qAwQBVdF4AwQAkhN9AwQAwR7xAwQAwTkpAwQAw7FfMA0GCSqGSIb3
DQEBCwUAA4IBAQAPKs39nq/p/m7cSWhVIB2ELAResPhSOuD+QR+mckexw3NDMVNT
42XMWFXK86Ew0B7ImzJUWkZ/8m4lnvk2TIMy64OWrc6HHjyDKhbleKaKbzKo9Z8Q
5nNiM+Rt6+aCTlPunigmoDZR+C65hIKEJne5coXKe4JWrnrsuWJcvsYV0DLT5/Bt
/Hu4O4Oyeud7PfWyHmtHat48xgi/1AmcYVnKmKNkALdi+DuPwxwNGJvdnkypHetE
7jWz7PoqCMgw9zIPiexVQyR8mlkrhmvOH9LGqVK1yQCq61IK1qX8K64cjjigNEg8
a7Hbgnf/iyqkDxuyI2JNXwHWzXLyDRvluGfc
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:55:19 2024 by rpki-client on console-ams.rpki-client.org