Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/qpZJRJTB-aagnkGJMsnidZYD6g0.roa
File: qpZJRJTB-aagnkGJMsnidZYD6g0.roa (raw, json)
Hash identifier: lUXFg2gMKgbhDGpDgd6wC/gx0vzLL3m4Z9YJpbSFAZ8=
Subject key identifier: AA:96:49:44:94:C1:F9:A6:A0:9E:41:89:32:C9:E2:75:96:03:EA:0D
Certificate issuer: /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial: 018CC8D171758C32F446F7146F24A940D9DA
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/qpZJRJTB-aagnkGJMsnidZYD6g0.roa
Signing time: Tue 02 Jan 2024 06:16:58 +0000
ROA not before: Tue 02 Jan 2024 06:16:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 91.200.221.0/24 maxlen: 24
109.122.46.0/24 maxlen: 24
89.251.16.0/24 maxlen: 24
89.251.19.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 03 Jan 2024 06:15:58 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:d1:71:75:8c:32:f4:46:f7:14:6f:24:a9:40:d9:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Validity
Not Before: Jan 2 06:16:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aa96494494c1f9a6a09e418932c9e2759603ea0d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:3c:28:3e:cf:76:68:97:7a:70:7e:95:3a:d1:
a0:a3:35:99:f5:52:97:c7:d8:c5:41:92:cd:da:26:
f5:02:e9:d3:44:ef:f0:84:2f:b5:1f:36:8e:b0:bc:
47:00:ad:98:64:27:8d:b1:ec:9b:4e:a1:9b:70:d8:
77:24:e9:2f:b8:80:80:46:be:f6:f5:d6:1e:8f:83:
4b:dc:ff:de:88:51:c9:8d:81:58:e1:5a:86:43:55:
ee:0a:06:a0:bb:14:e4:22:f9:88:c3:29:93:f6:a1:
27:31:97:67:b2:52:18:cf:5c:52:84:d9:b6:6e:6c:
f4:cf:82:bf:36:ec:ff:a7:83:ca:94:8f:e5:1a:66:
d3:47:86:c0:3f:19:94:35:05:bb:97:1a:31:9f:da:
73:ca:50:2a:80:c1:cf:15:18:21:1e:57:2d:c4:18:
3d:75:b6:1e:5e:ed:e3:f1:d1:76:c8:50:1b:22:2c:
1b:04:e0:46:ac:c8:4f:35:d5:4f:55:6c:bd:07:82:
29:b1:05:8c:dd:6e:0e:6e:e0:a2:06:bf:e7:59:2c:
66:49:8f:3b:6f:00:e7:25:43:1d:6d:e1:17:be:76:
b8:25:82:70:69:44:25:5a:59:fb:37:48:e6:f0:21:
86:66:d2:f6:e3:d1:f6:50:36:59:b4:eb:5e:b6:b6:
14:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:96:49:44:94:C1:F9:A6:A0:9E:41:89:32:C9:E2:75:96:03:EA:0D
X509v3 Authority Key Identifier:
keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/qpZJRJTB-aagnkGJMsnidZYD6g0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.251.16.0/24
89.251.19.0/24
91.200.221.0/24
109.122.46.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:4a:1b:1f:a1:69:3c:ad:3d:9e:1a:53:a6:27:1b:72:51:59:
5c:26:73:1c:60:c4:48:68:cf:6b:40:61:d6:f1:0e:17:0c:12:
ed:68:c0:db:e3:94:4d:62:f7:6e:99:fa:2f:7b:ba:2c:ae:da:
e9:c5:12:66:64:46:97:68:4c:9c:e3:a6:5a:e6:80:57:97:9d:
56:b0:9f:f2:1e:f7:55:15:d5:a1:7d:27:8d:61:7a:4b:63:9a:
f5:ff:c3:02:4c:84:21:f9:bf:5e:f8:b4:8c:67:40:0a:f0:c5:
47:ce:83:06:00:b1:a8:1e:4d:78:22:c1:7e:1d:a1:24:cc:0b:
23:ea:7d:f9:be:b2:b7:75:b0:b1:c2:08:8a:6d:a4:dc:f5:80:
84:61:7e:ff:d6:f8:74:64:b9:1c:c2:a1:68:c3:f4:41:9c:b5:
6a:b8:eb:10:ed:cf:5f:74:38:77:3e:dc:91:d1:c7:a2:fb:00:
5e:2e:9d:c6:96:9c:d3:bc:47:cd:2c:86:8a:ed:28:d6:0f:d8:
51:65:8c:69:78:b0:21:ff:97:85:a2:41:ba:77:dc:55:3a:bd:
c5:0c:bd:71:5f:d3:37:12:bb:57:25:12:99:30:ef:18:62:e0:
02:78:b2:0a:92:f3:45:26:c1:16:6a:11:42:d6:6b:af:71:27:
7c:46:ad:3d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzI0XF1jDL0RvcUbySpQNnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjQwMTAyMDYxNjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTk2NDk0NDk0YzFmOWE2YTA5ZTQxODkzMmM5ZTI3NTk2MDNlYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDwoPs92aJd6cH6VOtGgozWZ9VKX
x9jFQZLN2ib1AunTRO/whC+1HzaOsLxHAK2YZCeNseybTqGbcNh3JOkvuICARr72
9dYej4NL3P/eiFHJjYFY4VqGQ1XuCgaguxTkIvmIwymT9qEnMZdnslIYz1xShNm2
bmz0z4K/Nuz/p4PKlI/lGmbTR4bAPxmUNQW7lxoxn9pzylAqgMHPFRghHlctxBg9
dbYeXu3j8dF2yFAbIiwbBOBGrMhPNdVPVWy9B4IpsQWM3W4ObuCiBr/nWSxmSY87
bwDnJUMdbeEXvna4JYJwaUQlWln7N0jm8CGGZtL249H2UDZZtOtetrYUNwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKqWSUSUwfmmoJ5BiTLJ4nWWA+oNMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvcXBaSlJKVEItYWFnbmtHSk1zbmlkWllENmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAWfsQAwQA
WfsTAwQAW8jdAwQAbXouMA0GCSqGSIb3DQEBCwUAA4IBAQBKShsfoWk8rT2eGlOm
JxtyUVlcJnMcYMRIaM9rQGHW8Q4XDBLtaMDb45RNYvdumfove7osrtrpxRJmZEaX
aEyc46Za5oBXl51WsJ/yHvdVFdWhfSeNYXpLY5r1/8MCTIQh+b9e+LSMZ0AK8MVH
zoMGALGoHk14IsF+HaEkzAsj6n35vrK3dbCxwgiKbaTc9YCEYX7/1vh0ZLkcwqFo
w/RBnLVquOsQ7c9fdDh3PtyR0cei+wBeLp3GlpzTvEfNLIaK7SjWD9hRZYxpeLAh
/5eFokG6d9xVOr3FDL1xX9M3ErtXJRKZMO8YYuACeLIKkvNFJsEWahFC1muvcSd8
Rq09
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:37 2024 by rpki-client on console-fra.rpki-client.org