Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/JCsgZNnKmQap9A2Q1griXuz8nGA.roa
File: JCsgZNnKmQap9A2Q1griXuz8nGA.roa (raw, json)
Hash identifier: 88oMvcCQ8+U2Z2IQMny4AkAx2CwFCS48RSsy46F/9qo=
Subject key identifier: 24:2B:20:64:D9:CA:99:06:A9:F4:0D:90:D6:0A:E2:5E:EC:FC:9C:60
Certificate issuer: /CN=4b48cf146b4c73d274096d705708d24b729329f8
Certificate serial: 0185721E8A23B9B759693D5DDEFBA98C95C1
Authority key identifier: 4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/JCsgZNnKmQap9A2Q1griXuz8nGA.roa
Signing time: Mon 02 Jan 2023 10:54:42 +0000
ROA not before: Mon 02 Jan 2023 10:54:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 33438
IP address blocks: 85.12.1.0/24 maxlen: 24
195.200.85.0/24 maxlen: 24
195.200.84.0/24 maxlen: 24
193.138.220.0/24 maxlen: 24
2a01:788:aaac::/48 maxlen: 48
2a01:788:aaaa::/48 maxlen: 48
2a01:788:aaab::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 01 Jan 2024 06:30:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:1e:8a:23:b9:b7:59:69:3d:5d:de:fb:a9:8c:95:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4b48cf146b4c73d274096d705708d24b729329f8
Validity
Not Before: Jan 2 10:54:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=242b2064d9ca9906a9f40d90d60ae25eecfc9c60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:24:33:a8:c6:a2:aa:e0:c7:c8:6f:40:5a:d3:
e5:20:4f:28:96:bc:54:c3:0f:e9:1e:1e:c4:11:35:
82:38:e2:a5:c8:60:5e:7a:13:f2:09:09:df:49:c9:
40:e1:9d:de:4e:c7:0d:22:22:e9:85:15:89:fc:25:
de:5e:38:a9:95:8e:88:36:79:23:47:ba:6c:5d:ad:
c0:03:b5:c3:db:e3:ea:83:ad:94:06:62:8e:bf:46:
bd:0b:34:3d:b1:9c:f4:22:4b:01:0b:89:63:38:7a:
3a:14:bf:64:be:02:35:0f:54:60:7b:ad:d7:0f:11:
f5:24:28:8b:d1:a7:bb:a0:2b:6e:ba:fe:17:55:91:
43:2d:6f:0b:84:8d:8a:96:f2:ab:77:3f:ab:07:93:
06:17:50:d7:ef:df:49:77:c4:07:c7:a7:72:f3:1d:
24:ee:b7:6d:9b:fe:9c:2a:b8:60:9d:d4:90:02:fd:
8e:a9:db:96:4e:8b:5e:58:c3:ad:af:14:8b:e4:82:
9e:76:f2:88:a9:96:72:22:3e:5d:7b:d2:21:eb:ae:
d3:78:55:09:a7:fd:4f:8f:d6:46:0e:17:02:b2:86:
d8:fe:2c:66:40:32:83:03:77:5e:3d:43:64:e4:56:
f5:79:69:2f:e3:33:24:8b:74:83:83:70:cf:5d:a0:
4a:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:2B:20:64:D9:CA:99:06:A9:F4:0D:90:D6:0A:E2:5E:EC:FC:9C:60
X509v3 Authority Key Identifier:
keyid:4B:48:CF:14:6B:4C:73:D2:74:09:6D:70:57:08:D2:4B:72:93:29:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0jPFGtMc9J0CW1wVwjSS3KTKfg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/JCsgZNnKmQap9A2Q1griXuz8nGA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/3bbb52-393e-4762-a70c-64a6a05b9905/1/S0jPFGtMc9J0CW1wVwjSS3KTKfg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.12.1.0/24
193.138.220.0/24
195.200.84.0/23
IPv6:
2a01:788:aaaa::-2a01:788:aaac:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
53:af:cc:1a:6c:2c:17:eb:16:bc:c7:c8:6a:7b:60:2c:b3:17:
80:cc:0b:af:c8:12:24:d7:18:42:46:43:03:b8:42:56:8d:65:
6a:2d:ca:21:22:3c:6a:27:6d:cc:d1:89:14:d2:ea:3a:f1:96:
88:63:1c:7e:8f:d9:95:dd:f0:60:f9:bd:84:44:a9:1e:e6:7f:
c5:8f:73:1d:bc:63:4c:a8:3d:54:b1:ab:85:5c:b7:22:1b:b0:
5d:4b:4b:ca:0d:99:84:b9:e6:59:d4:b2:3e:9a:39:72:c9:fd:
62:f4:7d:83:36:53:50:9e:92:e2:bc:5a:e1:fc:f3:30:ee:81:
e6:e0:f6:3f:66:61:3e:30:3e:9b:a9:b9:87:af:11:b1:7f:15:
71:6f:7c:ab:56:fe:e2:c4:43:9a:20:44:08:00:f5:41:2d:55:
61:ca:fb:b4:67:5b:7f:8c:d1:e1:72:b1:c9:31:bc:14:59:31:
b4:7c:c5:f2:b1:3c:e3:64:fe:7d:68:62:7e:d9:3f:d3:2c:78:
96:1a:7e:00:f4:8a:72:05:f4:6b:70:f9:b1:f1:b4:5a:eb:9b:
85:9f:25:27:f0:05:79:c9:db:ed:cd:08:1d:47:52:e6:f6:70:
00:9a:e9:e9:d9:1f:a5:2d:87:bb:f8:bb:e5:ae:c6:cd:5d:88:
b2:73:d0:6b
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYVyHoojubdZaT1d3vupjJXBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNDhjZjE0NmI0YzczZDI3NDA5NmQ3MDU3MDhkMjRiNzI5
MzI5ZjgwHhcNMjMwMTAyMTA1NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDJiMjA2NGQ5Y2E5OTA2YTlmNDBkOTBkNjBhZTI1ZWVjZmM5YzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiQzqMaiquDHyG9AWtPlIE8olrxU
ww/pHh7EETWCOOKlyGBeehPyCQnfSclA4Z3eTscNIiLphRWJ/CXeXjiplY6INnkj
R7psXa3AA7XD2+Pqg62UBmKOv0a9CzQ9sZz0IksBC4ljOHo6FL9kvgI1D1Rge63X
DxH1JCiL0ae7oCtuuv4XVZFDLW8LhI2KlvKrdz+rB5MGF1DX799Jd8QHx6dy8x0k
7rdtm/6cKrhgndSQAv2OqduWToteWMOtrxSL5IKedvKIqZZyIj5de9Ih667TeFUJ
p/1Pj9ZGDhcCsobY/ixmQDKDA3dePUNk5Fb1eWkv4zMki3SDg3DPXaBKgwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFCQrIGTZypkGqfQNkNYK4l7s/JxgMB8GA1UdIwQY
MBaAFEtIzxRrTHPSdAltcFcI0ktykyn4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMt
NjRhNmEwNWI5OTA1LzEvSkNzZ1pObkttUWFwOUEyUTFncmlYdXo4bkdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8zYmJiNTItMzkzZS00NzYyLWE3MGMtNjRhNmEwNWI5OTA1
LzEvUzBqUEZHdE1jOUowQ1cxd1Z3alNTM0tUS2ZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAYBAIAATASAwQAVQwBAwQA
wYrcAwQBw8hUMBoEAgACMBQwEgMHASoBB4iqqgMHACoBB4iqrDANBgkqhkiG9w0B
AQsFAAOCAQEAU6/MGmwsF+sWvMfIantgLLMXgMwLr8gSJNcYQkZDA7hCVo1lai3K
ISI8aidtzNGJFNLqOvGWiGMcfo/Zld3wYPm9hESpHuZ/xY9zHbxjTKg9VLGrhVy3
IhuwXUtLyg2ZhLnmWdSyPpo5csn9YvR9gzZTUJ6S4rxa4fzzMO6B5uD2P2ZhPjA+
m6m5h68RsX8VcW98q1b+4sRDmiBECAD1QS1VYcr7tGdbf4zR4XKxyTG8FFkxtHzF
8rE842T+fWhiftk/0yx4lhp+APSKcgX0a3D5sfG0WuubhZ8lJ/AFecnb7c0IHUdS
5vZwAJrp6dkfpS2Hu/i75a7GzV2IsnPQaw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:58:47 2024 by rpki-client on console-ams.rpki-client.org