Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/fAsq9g2JYnP-fwqgMXEM_Ai_uLo.roa
File: fAsq9g2JYnP-fwqgMXEM_Ai_uLo.roa (raw, json)
Hash identifier: 2EwZodQz0kG9axXBA7sVoHd1Izoot75yQSOrUQ+Y8rM=
Subject key identifier: 7C:0B:2A:F6:0D:89:62:73:FE:7F:0A:A0:31:71:0C:FC:08:BF:B8:BA
Certificate issuer: /CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Certificate serial: 01856EA6AB85A9428EF8B77B6BCA747D24CB
Authority key identifier: A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/fAsq9g2JYnP-fwqgMXEM_Ai_uLo.roa
Signing time: Sun 01 Jan 2023 18:44:54 +0000
ROA not before: Sun 01 Jan 2023 18:44:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51191
IP address blocks: 185.24.68.0/22 maxlen: 22
195.138.240.0/21 maxlen: 21
195.138.241.0/24 maxlen: 24
195.138.244.0/24 maxlen: 24
130.185.104.0/21 maxlen: 21
2a01:4a0:2002::/48 maxlen: 48
2a01:4a0:2000::/48 maxlen: 48
2a01:4a0:2001::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 01 Jan 2024 14:30:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:a6:ab:85:a9:42:8e:f8:b7:7b:6b:ca:74:7d:24:cb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9b75b64d5da17d70bbabd811a39a602ddaf963a
Validity
Not Before: Jan 1 18:44:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7c0b2af60d896273fe7f0aa031710cfc08bfb8ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:17:59:e8:c4:43:3f:01:fd:3b:bb:a4:5b:32:
d2:87:12:a8:29:5d:3d:bf:c7:14:ea:04:0d:53:69:
e2:1f:73:16:c4:e0:aa:71:7d:2f:3b:87:68:20:7b:
4c:6b:8b:6e:2a:43:15:04:3b:33:96:48:f4:b2:bc:
78:c0:55:97:56:16:c2:9e:c3:c8:1d:b1:c9:19:61:
4f:c4:dd:15:df:5a:f1:83:85:9c:57:57:2a:66:55:
63:91:b6:e9:0e:35:79:b1:5c:35:93:6c:38:ad:3c:
8d:f5:0a:92:6c:a4:19:7a:2b:27:8b:27:38:15:46:
36:d1:15:1d:cc:42:cf:80:68:e4:50:bf:f7:09:2b:
64:e5:30:ed:10:2a:f7:65:d5:2a:ee:bd:d9:11:ba:
3f:ed:95:c4:87:39:d2:82:74:a9:ca:2f:03:55:07:
f7:14:60:0d:40:48:52:4c:1f:29:5f:c1:e2:87:2e:
c7:58:3d:1b:19:d2:d0:57:54:b6:a0:2a:9b:8e:26:
b5:10:51:0a:b4:ea:43:e9:54:77:5e:c3:fa:15:cb:
5d:2b:dc:98:53:7a:4c:8e:ac:51:10:9e:44:00:64:
1e:0c:ca:71:c4:b6:02:d9:da:54:78:eb:61:ed:25:
58:67:bd:99:a5:56:49:55:38:48:d9:a1:66:1a:c0:
0f:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7C:0B:2A:F6:0D:89:62:73:FE:7F:0A:A0:31:71:0C:FC:08:BF:B8:BA
X509v3 Authority Key Identifier:
keyid:A9:B7:5B:64:D5:DA:17:D7:0B:BA:BD:81:1A:39:A6:02:DD:AF:96:3A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qbdbZNXaF9cLur2BGjmmAt2vljo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/fAsq9g2JYnP-fwqgMXEM_Ai_uLo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/25/da85e7-a452-4b1d-b5ae-9b11804ecd39/1/qbdbZNXaF9cLur2BGjmmAt2vljo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.185.104.0/21
185.24.68.0/22
195.138.240.0/21
IPv6:
2a01:4a0:2000::-2a01:4a0:2002:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
8e:1f:03:8f:54:f9:04:7f:c8:3a:c3:24:91:1e:2d:a2:fe:a3:
c5:9e:c9:0a:a5:e0:eb:14:6e:ab:d1:c2:c3:39:f3:4b:ff:60:
1d:c1:e0:ce:1b:ad:12:0d:4f:d5:ec:71:ae:93:1a:b4:9e:86:
b3:1a:30:55:c7:bf:3a:93:8b:85:d5:dd:8b:ed:ee:21:53:d3:
75:72:a2:e6:67:70:fd:dd:63:25:ab:be:31:3a:4a:08:96:6b:
58:c0:8c:d8:36:b6:01:09:b1:a6:09:02:27:7e:d4:2b:eb:6e:
3f:d5:f8:e9:df:b1:9d:88:86:62:5a:32:9e:32:ed:f4:a4:99:
ee:fb:eb:5b:f0:99:28:b8:ba:9a:95:96:5b:c0:b3:43:57:7e:
26:70:77:23:9b:3b:ad:b8:e2:3b:cf:6a:3f:fc:21:d6:2f:37:
19:89:ab:2e:70:04:69:e9:07:54:4d:40:bf:16:e7:84:df:30:
ec:d8:cf:34:4c:bf:18:28:00:5c:39:7c:19:8d:fa:b8:69:2b:
a4:6f:22:cd:6d:ca:6c:68:e6:c4:d6:21:67:15:f5:f7:e7:c7:
c1:db:46:f0:e5:5e:c9:77:98:f9:fe:54:d1:1b:3b:86:8c:40:
57:1b:de:c8:c8:f4:06:fd:2a:79:92:47:51:f8:d9:db:02:5b:
a9:53:d5:8e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVupquFqUKO+Ld7a8p0fSTLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5Yjc1YjY0ZDVkYTE3ZDcwYmJhYmQ4MTFhMzlhNjAyZGRh
Zjk2M2EwHhcNMjMwMTAxMTg0NDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzBiMmFmNjBkODk2MjczZmU3ZjBhYTAzMTcxMGNmYzA4YmZiOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiBdZ6MRDPwH9O7ukWzLShxKoKV09
v8cU6gQNU2niH3MWxOCqcX0vO4doIHtMa4tuKkMVBDszlkj0srx4wFWXVhbCnsPI
HbHJGWFPxN0V31rxg4WcV1cqZlVjkbbpDjV5sVw1k2w4rTyN9QqSbKQZeisniyc4
FUY20RUdzELPgGjkUL/3CStk5TDtECr3ZdUq7r3ZEbo/7ZXEhznSgnSpyi8DVQf3
FGANQEhSTB8pX8Hihy7HWD0bGdLQV1S2oCqbjia1EFEKtOpD6VR3XsP6FctdK9yY
U3pMjqxREJ5EAGQeDMpxxLYC2dpUeOth7SVYZ72ZpVZJVThI2aFmGsAPdwIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFHwLKvYNiWJz/n8KoDFxDPwIv7i6MB8GA1UdIwQY
MBaAFKm3W2TV2hfXC7q9gRo5pgLdr5Y6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUt
OWIxMTgwNGVjZDM5LzEvZkFzcTlnMkpZblAtZndxZ01YRU1fQWlfdUxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9kYTg1ZTctYTQ1Mi00YjFkLWI1YWUtOWIxMTgwNGVjZDM5
LzEvcWJkYlpOWGFGOWNMdXIyQkdqbW1BdDJ2bGpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAYBAIAATASAwQDgrloAwQC
uRhEAwQDw4rwMBkEAgACMBMwEQMGBSoBBKAgAwcAKgEEoCACMA0GCSqGSIb3DQEB
CwUAA4IBAQCOHwOPVPkEf8g6wySRHi2i/qPFnskKpeDrFG6r0cLDOfNL/2AdweDO
G60SDU/V7HGukxq0noazGjBVx786k4uF1d2L7e4hU9N1cqLmZ3D93WMlq74xOkoI
lmtYwIzYNrYBCbGmCQInftQr624/1fjp37GdiIZiWjKeMu30pJnu++tb8JkouLqa
lZZbwLNDV34mcHcjmzutuOI7z2o//CHWLzcZiasucARp6QdUTUC/FueE3zDs2M80
TL8YKABcOXwZjfq4aSukbyLNbcpsaObE1iFnFfX358fB20bw5V7Jd5j5/lTRGzuG
jEBXG97IyPQG/Sp5kkdR+NnbAlupU9WO
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:22:44 2024 by rpki-client on console-fra.rpki-client.org