Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/DIZ2bLkN_HuZq28fovcabMjR78I.roa
File: DIZ2bLkN_HuZq28fovcabMjR78I.roa (raw, json)
Hash identifier: i3zZTOCI/AhLafQ4ip3ThbGhxKD9D4gDrbMQha+TF4M=
Subject key identifier: 0C:86:76:6C:B9:0D:FC:7B:99:AB:6F:1F:A2:F7:1A:6C:C8:D1:EF:C2
Certificate issuer: /CN=1d0672c99f87f05cd83f0b627d31871fe80be01f
Certificate serial: 0185708CDBC96BDE28933F549DAF3AC42BE3
Authority key identifier: 1D:06:72:C9:9F:87:F0:5C:D8:3F:0B:62:7D:31:87:1F:E8:0B:E0:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/DIZ2bLkN_HuZq28fovcabMjR78I.roa
Signing time: Mon 02 Jan 2023 03:35:57 +0000
ROA not before: Mon 02 Jan 2023 03:35:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 28919
IP address blocks: 94.24.56.0/21 maxlen: 24
185.164.112.0/22 maxlen: 24
89.41.128.0/21 maxlen: 24
185.66.48.0/22 maxlen: 24
80.93.32.0/20 maxlen: 24
213.182.224.0/19 maxlen: 24
185.163.144.0/22 maxlen: 24
2a03:c680::/29 maxlen: 48
Validation: Failed, certificate revoked on Wed 22 Feb 2023 16:24:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:8c:db:c9:6b:de:28:93:3f:54:9d:af:3a:c4:2b:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d0672c99f87f05cd83f0b627d31871fe80be01f
Validity
Not Before: Jan 2 03:35:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0c86766cb90dfc7b99ab6f1fa2f71a6cc8d1efc2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:b7:61:aa:ea:c9:34:89:19:2c:73:00:8d:13:
87:5a:9f:e0:01:50:83:75:bb:73:21:9a:a7:21:3f:
e4:6d:04:60:d8:f0:77:12:1f:ee:5b:48:12:75:b2:
dc:0b:f9:34:47:46:3b:11:2c:8d:60:77:44:c3:30:
bd:e4:fb:7b:a2:22:02:3a:49:52:0a:55:72:ce:9d:
aa:cb:d0:43:da:3b:1f:e0:b5:8e:c0:bf:67:5d:8c:
65:74:ee:61:a4:61:97:87:6d:1f:82:a2:99:36:03:
63:28:b4:b0:46:94:2b:b3:be:bf:37:1b:6b:7e:58:
3e:f8:a7:cf:9e:eb:71:8e:83:05:c3:9f:de:66:41:
a1:e0:8c:a5:2e:a1:ba:bc:cd:dc:90:f3:a6:a6:5a:
57:ee:26:5a:1f:00:0e:d7:3f:7c:e9:b4:78:f4:ef:
38:9b:5d:a3:37:97:b2:a9:42:18:93:93:0d:fd:4b:
d8:2f:20:82:1f:28:5b:0d:79:3d:96:0e:0b:9f:f4:
a1:ad:cc:18:90:30:42:84:b7:a5:61:10:38:50:41:
8f:ab:97:ad:52:6d:94:98:38:e3:ff:89:83:0a:05:
b8:f0:3b:9f:e7:d4:17:5a:c3:7d:09:0e:1d:69:5a:
95:6c:28:c6:b0:08:2a:83:ae:06:c8:56:50:26:17:
02:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:86:76:6C:B9:0D:FC:7B:99:AB:6F:1F:A2:F7:1A:6C:C8:D1:EF:C2
X509v3 Authority Key Identifier:
keyid:1D:06:72:C9:9F:87:F0:5C:D8:3F:0B:62:7D:31:87:1F:E8:0B:E0:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQZyyZ-H8FzYPwtifTGHH-gL4B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/DIZ2bLkN_HuZq28fovcabMjR78I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/7e4f08-6730-4051-9792-494f4c4da426/1/HQZyyZ-H8FzYPwtifTGHH-gL4B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.93.32.0/20
89.41.128.0/21
94.24.56.0/21
185.66.48.0/22
185.163.144.0/22
185.164.112.0/22
213.182.224.0/19
IPv6:
2a03:c680::/29
Signature Algorithm: sha256WithRSAEncryption
79:ca:8b:dc:ac:96:c7:aa:bf:cb:bc:1d:76:cd:61:2b:ee:ac:
6c:32:19:2e:6b:a2:eb:79:58:db:03:ee:7c:9d:f4:42:90:8f:
7b:3a:56:9a:28:9a:e6:bb:16:a0:09:95:d5:7c:ad:5f:0e:41:
9b:e9:35:88:c8:50:4e:7c:44:ee:14:0f:ee:9f:ec:a2:5e:7e:
b9:73:4b:50:12:74:84:6f:5e:77:73:e5:44:06:89:ee:6a:2a:
b8:7c:e1:43:85:84:2c:dc:66:09:03:ee:81:41:3b:14:df:44:
fe:48:32:2f:93:5a:71:34:a4:47:24:9f:d7:8f:7b:71:c3:b6:
a5:18:f4:04:cb:f1:9b:fd:6e:27:74:fc:ca:55:4d:96:43:24:
af:0c:41:2d:d5:08:3e:19:ff:5b:b3:e3:1a:a9:22:3b:24:e2:
6c:70:cd:45:27:22:67:b4:bf:68:8f:77:d5:b3:44:a5:95:98:
5a:19:87:3c:5d:2a:b0:de:45:36:c4:b6:81:88:ae:3a:39:40:
e8:be:e6:23:89:24:e7:22:d3:cd:76:78:a9:9d:6f:15:02:9c:
b3:51:eb:68:3c:a7:53:9c:60:b9:3f:43:36:71:56:cc:e4:4f:
59:72:99:e1:99:4c:9f:f1:65:f7:1d:2a:0c:16:08:84:2b:f8:
ce:cb:03:57
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVwjNvJa94okz9Una86xCvjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDY3MmM5OWY4N2YwNWNkODNmMGI2MjdkMzE4NzFmZTgw
YmUwMWYwHhcNMjMwMTAyMDMzNTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzg2NzY2Y2I5MGRmYzdiOTlhYjZmMWZhMmY3MWE2Y2M4ZDFlZmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLdhqurJNIkZLHMAjROHWp/gAVCD
dbtzIZqnIT/kbQRg2PB3Eh/uW0gSdbLcC/k0R0Y7ESyNYHdEwzC95Pt7oiICOklS
ClVyzp2qy9BD2jsf4LWOwL9nXYxldO5hpGGXh20fgqKZNgNjKLSwRpQrs76/Nxtr
flg++KfPnutxjoMFw5/eZkGh4IylLqG6vM3ckPOmplpX7iZaHwAO1z986bR49O84
m12jN5eyqUIYk5MN/UvYLyCCHyhbDXk9lg4Ln/ShrcwYkDBChLelYRA4UEGPq5et
Um2UmDjj/4mDCgW48Duf59QXWsN9CQ4daVqVbCjGsAgqg64GyFZQJhcCcwIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFAyGdmy5Dfx7matvH6L3GmzI0e/CMB8GA1UdIwQY
MBaAFB0Gcsmfh/Bc2D8LYn0xhx/oC+AfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFaeXlaLUg4RnpZUHd0aWZUR0hILWdMNEI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi83ZTRmMDgtNjczMC00MDUxLTk3OTIt
NDk0ZjRjNGRhNDI2LzEvRElaMmJMa05fSHVacTI4Zm92Y2FiTWpSNzhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi83ZTRmMDgtNjczMC00MDUxLTk3OTItNDk0ZjRjNGRhNDI2
LzEvSFFaeXlaLUg4RnpZUHd0aWZUR0hILWdMNEI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQEUF0gAwQD
WSmAAwQDXhg4AwQCuUIwAwQCuaOQAwQCuaRwAwQF1bbgMA0EAgACMAcDBQMqA8aA
MA0GCSqGSIb3DQEBCwUAA4IBAQB5yovcrJbHqr/LvB12zWEr7qxsMhkua6LreVjb
A+58nfRCkI97OlaaKJrmuxagCZXVfK1fDkGb6TWIyFBOfETuFA/un+yiXn65c0tQ
EnSEb153c+VEBonuaiq4fOFDhYQs3GYJA+6BQTsU30T+SDIvk1pxNKRHJJ/Xj3tx
w7alGPQEy/Gb/W4ndPzKVU2WQySvDEEt1Qg+Gf9bs+MaqSI7JOJscM1FJyJntL9o
j3fVs0SllZhaGYc8XSqw3kU2xLaBiK46OUDovuYjiSTnItPNdnipnW8VApyzUeto
PKdTnGC5P0M2cVbM5E9ZcpnhmUyf8WX3HSoMFgiEK/jOywNX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:20:33 2024 by rpki-client on console-fra.rpki-client.org