Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/HXZP3qPSsFu8g8XmkYP7j2AfeaE.roa
File: HXZP3qPSsFu8g8XmkYP7j2AfeaE.roa (raw, json)
Hash identifier: Jcgabaup1OmW7J8LegJfeQrDB3DAu5kYxjx4TI8TosA=
Subject key identifier: 1D:76:4F:DE:A3:D2:B0:5B:BC:83:C5:E6:91:83:FB:8F:60:1F:79:A1
Certificate issuer: /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial: 0185BA1254D819CA74B03A20467B8D78BFC2
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/HXZP3qPSsFu8g8XmkYP7j2AfeaE.roa
Signing time: Mon 16 Jan 2023 10:14:01 +0000
ROA not before: Mon 16 Jan 2023 10:14:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 109.122.40.0/24 maxlen: 24
109.122.41.0/24 maxlen: 24
109.122.47.0/24 maxlen: 24
109.122.45.0/24 maxlen: 24
109.122.46.0/24 maxlen: 24
91.226.57.0/24 maxlen: 24
193.93.54.0/23 maxlen: 24
193.93.52.0/24 maxlen: 24
193.93.53.0/24 maxlen: 24
87.237.167.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 17 Jan 2023 06:31:02 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:ba:12:54:d8:19:ca:74:b0:3a:20:46:7b:8d:78:bf:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Validity
Not Before: Jan 16 10:14:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1d764fdea3d2b05bbc83c5e69183fb8f601f79a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:d1:88:fd:76:a5:48:f1:75:ec:23:24:fc:18:
f3:5b:57:8b:db:f5:86:12:c1:b7:51:6d:6d:58:94:
14:88:0f:59:1e:8c:6c:07:2e:2e:86:b0:b0:ee:73:
e6:df:eb:40:a4:2e:72:c9:e5:ea:ca:f9:eb:bb:a6:
13:3b:97:1e:e5:69:02:82:83:71:6b:4d:2f:1a:a7:
3f:17:fc:03:3d:2a:fc:5f:cd:48:0a:e3:b6:ba:60:
11:89:04:ed:b3:8c:57:c0:6c:8b:19:f0:08:e5:e1:
3e:fa:f3:3f:67:9c:2e:72:12:b9:28:e2:3a:57:f6:
64:c8:45:62:96:9b:14:7b:1b:59:9f:b1:11:37:75:
65:11:6e:1b:0e:15:b8:5d:30:78:2d:e7:f5:20:0c:
2a:9f:f1:58:17:b6:84:25:9e:20:9f:7c:20:27:f5:
02:d3:4c:1c:38:37:69:7f:62:80:1d:22:84:41:71:
82:f0:38:69:98:2b:d4:92:e8:c8:93:3d:b8:39:a3:
c8:36:02:af:c2:ce:be:1d:f0:e8:2e:12:cd:fa:dd:
53:00:9f:92:66:cc:44:33:29:a5:9b:22:fd:c0:79:
52:bb:82:2c:74:b7:1e:0a:27:59:e2:2c:2b:49:2b:
b1:e5:3e:e1:30:7c:aa:27:1b:33:04:c8:1e:88:03:
6e:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:76:4F:DE:A3:D2:B0:5B:BC:83:C5:E6:91:83:FB:8F:60:1F:79:A1
X509v3 Authority Key Identifier:
keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/HXZP3qPSsFu8g8XmkYP7j2AfeaE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.237.167.0/24
91.226.57.0/24
109.122.40.0/23
109.122.45.0-109.122.47.255
193.93.52.0/22
Signature Algorithm: sha256WithRSAEncryption
54:2f:24:6a:95:cc:59:87:d6:a4:6b:c5:61:88:b0:ce:66:1a:
8b:c0:f0:c4:5a:a1:c3:4b:96:4c:c5:17:a2:eb:75:b8:8b:56:
8c:5e:24:39:57:f4:ed:1c:50:37:d9:12:60:fb:be:88:2c:ec:
89:94:2e:2e:01:3f:a1:73:e9:64:e9:0f:6e:af:fc:50:b3:a3:
d1:a9:f4:45:f3:c4:ff:90:3a:3b:38:54:a3:dc:93:88:e9:d5:
c4:05:45:ef:61:40:fd:dd:9b:57:ee:d9:d3:89:5a:44:13:34:
2a:a0:da:68:26:b6:1f:ce:7a:13:4b:0a:90:3f:c7:3d:1a:09:
5c:78:ca:10:e2:ae:ab:01:19:fb:d4:94:e2:33:24:ee:2d:6c:
b2:ad:3f:f1:e3:14:dc:70:f2:de:9c:59:61:7b:cf:f4:24:a3:
c9:07:c3:80:08:6e:84:7d:d9:6b:b0:e5:c2:49:7c:4d:39:45:
a5:f2:bc:a1:27:44:8b:00:ca:97:85:25:a0:22:be:31:93:17:
07:04:69:21:e0:2b:8b:0f:d2:f6:4d:b6:be:28:69:6b:8f:d4:
20:76:de:b9:36:e7:c0:2b:de:00:37:a6:43:10:22:fa:03:a6:
76:0f:eb:c6:76:f7:92:05:7a:7d:3e:c0:6b:ff:4b:8e:ea:48:
92:4a:8b:9a
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYW6ElTYGcp0sDogRnuNeL/CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjMwMTE2MTAxNDAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDc2NGZkZWEzZDJiMDViYmM4M2M1ZTY5MTgzZmI4ZjYwMWY3OWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndGI/XalSPF17CMk/BjzW1eL2/WG
EsG3UW1tWJQUiA9ZHoxsBy4uhrCw7nPm3+tApC5yyeXqyvnru6YTO5ce5WkCgoNx
a00vGqc/F/wDPSr8X81ICuO2umARiQTts4xXwGyLGfAI5eE++vM/Z5wuchK5KOI6
V/ZkyEVilpsUextZn7ERN3VlEW4bDhW4XTB4Lef1IAwqn/FYF7aEJZ4gn3wgJ/UC
00wcODdpf2KAHSKEQXGC8DhpmCvUkujIkz24OaPINgKvws6+HfDoLhLN+t1TAJ+S
ZsxEMymlmyL9wHlSu4IsdLceCidZ4iwrSSux5T7hMHyqJxszBMgeiANu0QIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFB12T96j0rBbvIPF5pGD+49gH3mhMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvSFhaUDNxUFNzRnU4ZzhYbWtZUDdqMkFmZWFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAV+2nAwQA
W+I5AwQBbXooMAwDBABtei0DBARteiADBALBXTQwDQYJKoZIhvcNAQELBQADggEB
AFQvJGqVzFmH1qRrxWGIsM5mGovA8MRaocNLlkzFF6LrdbiLVoxeJDlX9O0cUDfZ
EmD7vogs7ImULi4BP6Fz6WTpD26v/FCzo9Gp9EXzxP+QOjs4VKPck4jp1cQFRe9h
QP3dm1fu2dOJWkQTNCqg2mgmth/OehNLCpA/xz0aCVx4yhDirqsBGfvUlOIzJO4t
bLKtP/HjFNxw8t6cWWF7z/Qko8kHw4AIboR92Wuw5cJJfE05RaXyvKEnRIsAypeF
JaAivjGTFwcEaSHgK4sP0vZNtr4oaWuP1CB23rk258Ar3gA3pkMQIvoDpnYP68Z2
95IFen0+wGv/S47qSJJKi5o=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:06 2024 by rpki-client on console-ams.rpki-client.org