Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/u7kZEmPkzeH7ogOl50Q6OMIhQSg.roa
File: u7kZEmPkzeH7ogOl50Q6OMIhQSg.roa (raw, json)
Hash identifier: HAnF37F+llBFg7vSn5VarmDOyWPkjATVz1ZhBYurftw=
Subject key identifier: BB:B9:19:12:63:E4:CD:E1:FB:A2:03:A5:E7:44:3A:38:C2:21:41:28
Certificate issuer: /CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Certificate serial: 018E0B0C541C98F11C50B0C52C2A8C4D917A
Authority key identifier: D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/u7kZEmPkzeH7ogOl50Q6OMIhQSg.roa
Signing time: Mon 04 Mar 2024 19:59:01 +0000
ROA not before: Mon 04 Mar 2024 19:59:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59745
IP address blocks: 45.151.92.0/22 maxlen: 24
45.151.94.0/24 maxlen: 24
80.66.96.0/20 maxlen: 24
80.66.109.0/24 maxlen: 24
185.198.200.0/22 maxlen: 24
195.20.20.0/22 maxlen: 24
2a02:340::/32 maxlen: 32
2a0a:8ec0::/29 maxlen: 48
2a0a:8ec0:3000::/36 maxlen: 36
Validation: Failed, certificate revoked on Thu 11 Jul 2024 10:51:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:0b:0c:54:1c:98:f1:1c:50:b0:c5:2c:2a:8c:4d:91:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Validity
Not Before: Mar 4 19:59:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bbb9191263e4cde1fba203a5e7443a38c2214128
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:1c:d5:47:50:a3:57:85:53:dd:c4:8f:8e:a9:
8d:ef:5b:ec:db:95:80:e4:7b:b9:23:83:1b:3f:ea:
13:c7:6e:4e:9a:c3:4d:94:24:9c:a9:47:51:ee:18:
61:24:49:65:f4:17:da:7a:2f:4a:1d:b3:55:c2:d0:
5f:a5:0a:c7:9b:a5:4c:59:2d:07:f6:72:d9:e6:34:
ad:10:1f:59:90:9f:5b:91:20:42:ea:e7:8a:9e:2d:
89:f6:a9:04:fe:15:0f:5e:89:78:4e:39:08:71:51:
49:0a:54:34:37:cd:46:d6:32:57:bc:e9:13:df:0f:
69:c4:e5:ac:9f:6a:47:60:1d:19:e8:6f:c1:24:bb:
05:ac:a8:f3:9c:5e:ce:f0:08:78:a9:46:64:a0:b3:
48:6e:47:8c:5a:4a:61:e2:23:48:17:5f:cc:cf:bd:
85:d5:7e:4b:84:0d:16:b2:a7:86:73:24:ab:1e:c4:
86:b4:2a:b0:df:b0:29:5b:92:d3:f7:64:2a:a0:aa:
d8:34:9e:f8:32:8a:04:d5:98:d3:62:f7:2c:90:d8:
37:df:3b:a6:26:53:52:39:39:ac:c9:1c:70:0d:66:
68:3c:f0:25:3a:59:b3:7d:e2:5e:28:bb:fd:bf:f1:
c5:aa:c4:48:39:76:26:68:f6:13:5a:3e:8f:28:be:
c0:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:B9:19:12:63:E4:CD:E1:FB:A2:03:A5:E7:44:3A:38:C2:21:41:28
X509v3 Authority Key Identifier:
keyid:D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/u7kZEmPkzeH7ogOl50Q6OMIhQSg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.92.0/22
80.66.96.0/20
185.198.200.0/22
195.20.20.0/22
IPv6:
2a02:340::/32
2a0a:8ec0::/29
Signature Algorithm: sha256WithRSAEncryption
37:c9:f0:a3:f3:39:2d:bb:5e:f8:3d:7f:54:ed:a3:65:e6:f2:
f2:4f:1a:db:ec:38:e6:72:6e:d3:9a:59:f6:7b:c4:2d:17:c2:
d8:ae:09:4f:af:a1:a6:52:e2:27:e0:50:bb:0c:65:30:7f:ca:
45:6f:f9:29:c4:11:4a:17:2f:8f:2d:8f:dc:fb:b2:90:1c:92:
05:44:74:3a:07:7f:50:c5:4c:ae:b9:20:de:a5:0c:1a:81:8b:
fa:0f:df:fa:84:46:f1:6f:6b:52:99:35:3b:cb:f0:d1:94:9b:
75:1e:fd:91:21:d3:ce:1c:35:64:e1:12:6a:c7:15:2c:b1:68:
19:c0:61:62:fd:12:eb:0e:32:03:cb:bd:60:b2:59:c8:8b:29:
fa:77:9b:9b:8c:20:62:d7:db:4b:c2:9f:d9:49:04:d0:ce:ae:
c4:5b:ea:5b:f3:59:94:2c:78:3d:9d:bf:57:be:71:3a:8b:f5:
86:2b:87:62:70:01:d5:4b:42:59:da:30:7d:25:a3:5e:6f:b6:
da:ef:57:43:2f:3b:89:35:81:13:6e:ae:ff:b5:60:d1:7f:ca:
82:89:8c:62:e0:78:1c:fb:60:36:ab:75:43:ca:d7:6e:e6:bd:
01:ed:85:91:8d:2c:f8:f9:31:5e:55:2f:fd:e1:c5:b4:2f:a9:
76:6c:76:de
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAY4LDFQcmPEcULDFLCqMTZF6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzNiMTJjOGQ2MzUxOTBlYzkyODQzN2JiZDZjYjBlOGMz
OGY5YTkwHhcNMjQwMzA0MTk1OTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmI5MTkxMjYzZTRjZGUxZmJhMjAzYTVlNzQ0M2EzOGMyMjE0MTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhzVR1CjV4VT3cSPjqmN71vs25WA
5Hu5I4MbP+oTx25OmsNNlCScqUdR7hhhJEll9Bfaei9KHbNVwtBfpQrHm6VMWS0H
9nLZ5jStEB9ZkJ9bkSBC6ueKni2J9qkE/hUPXol4TjkIcVFJClQ0N81G1jJXvOkT
3w9pxOWsn2pHYB0Z6G/BJLsFrKjznF7O8Ah4qUZkoLNIbkeMWkph4iNIF1/Mz72F
1X5LhA0WsqeGcySrHsSGtCqw37ApW5LT92QqoKrYNJ74MooE1ZjTYvcskNg33zum
JlNSOTmsyRxwDWZoPPAlOlmzfeJeKLv9v/HFqsRIOXYmaPYTWj6PKL7A9QIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFLu5GRJj5M3h+6IDpedEOjjCIUEoMB8GA1UdIwQY
MBaAFNTDsSyNY1GQ7JKEN7vWyw6MOPmpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTkt
MGY5ZDU3YTVkNGZhLzEvdTdrWkVtUGt6ZUg3b2dPbDUwUTZPTUloUVNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTktMGY5ZDU3YTVkNGZh
LzEvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCLZdcAwQE
UEJgAwQCucbIAwQCwxQUMBQEAgACMA4DBQAqAgNAAwUDKgqOwDANBgkqhkiG9w0B
AQsFAAOCAQEAN8nwo/M5Lbte+D1/VO2jZeby8k8a2+w45nJu05pZ9nvELRfC2K4J
T6+hplLiJ+BQuwxlMH/KRW/5KcQRShcvjy2P3PuykBySBUR0Ogd/UMVMrrkg3qUM
GoGL+g/f+oRG8W9rUpk1O8vw0ZSbdR79kSHTzhw1ZOESascVLLFoGcBhYv0S6w4y
A8u9YLJZyIsp+nebm4wgYtfbS8Kf2UkE0M6uxFvqW/NZlCx4PZ2/V75xOov1hiuH
YnAB1UtCWdowfSWjXm+22u9XQy87iTWBE26u/7Vg0X/KgomMYuB4HPtgNqt1Q8rX
bua9Ae2FkY0s+PkxXlUv/eHFtC+pdmx23g==
-----END CERTIFICATE-----
Generated at Thu Jul 11 13:05:51 2024 by rpki-client on console-fra.rpki-client.org