Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/U0e_HnlbahnrNc6pPLua7KtHwb8.roa
File: U0e_HnlbahnrNc6pPLua7KtHwb8.roa (raw, json)
Hash identifier: olCqlspMuKzUmPPPwkZX36Ouisq7djnRT/Ll6IykNXs=
Subject key identifier: 53:47:BF:1E:79:5B:6A:19:EB:35:CE:A9:3C:BB:9A:EC:AB:47:C1:BF
Certificate issuer: /CN=1c39d57936dd2d1521443e68dadd9d0949cde33f
Certificate serial: 018CC8707E4DA1A8ADB65C279C0FA87417BC
Authority key identifier: 1C:39:D5:79:36:DD:2D:15:21:44:3E:68:DA:DD:9D:09:49:CD:E3:3F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/U0e_HnlbahnrNc6pPLua7KtHwb8.roa
Signing time: Tue 02 Jan 2024 04:31:04 +0000
ROA not before: Tue 02 Jan 2024 04:31:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 55002
IP address blocks: 94.125.72.0/21 maxlen: 24
130.255.104.0/21 maxlen: 24
109.70.192.0/21 maxlen: 24
185.35.208.0/22 maxlen: 24
88.133.240.0/21 maxlen: 24
109.235.224.0/21 maxlen: 24
5.199.176.0/21 maxlen: 24
212.237.168.0/21 maxlen: 24
2a02:778::/32 maxlen: 48
Validation: Failed, certificate revoked on Fri 12 Jan 2024 08:36:19 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:70:7e:4d:a1:a8:ad:b6:5c:27:9c:0f:a8:74:17:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c39d57936dd2d1521443e68dadd9d0949cde33f
Validity
Not Before: Jan 2 04:31:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5347bf1e795b6a19eb35cea93cbb9aecab47c1bf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:39:e0:30:58:16:46:e1:10:c9:98:d0:d2:93:
f2:f4:04:2a:17:1d:17:9f:4e:4f:5f:79:42:60:ad:
c3:a3:07:bc:ef:c4:a3:78:2e:f5:52:ef:06:fe:ae:
24:c9:ca:91:2e:5a:d2:56:da:ab:5a:3c:18:71:c0:
55:30:29:cc:fc:f6:c2:8c:1e:ed:50:a3:e2:7c:2a:
b5:de:7c:0f:5b:77:e8:3b:e5:ea:a1:20:f4:f0:90:
7f:7c:27:64:90:ab:b1:46:26:6b:64:26:5d:32:62:
aa:ef:44:3e:1f:8b:b2:ae:ff:ec:29:c5:f0:46:2e:
6c:c0:eb:1e:6d:83:74:8d:7d:50:57:ff:39:14:5b:
06:b0:a6:28:91:fc:30:d3:ba:12:87:06:48:ec:ee:
31:bc:9a:52:64:0a:0f:93:56:4c:09:51:9c:26:0b:
e3:28:b1:79:94:e9:f7:66:d5:6b:f6:c8:c0:d4:90:
a1:95:f7:93:bb:f9:29:37:1d:41:ab:9e:b7:63:0a:
99:d3:f0:da:1d:f0:bb:6e:f5:e6:0c:8e:74:17:f6:
88:86:3e:1c:87:df:cf:d3:a3:49:1a:1d:d6:f2:be:
9a:44:54:de:d0:9b:b8:b4:77:0d:cb:2e:6b:a5:cd:
83:8b:d5:b3:0f:75:24:b9:bb:3d:fc:e6:27:af:63:
7e:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:47:BF:1E:79:5B:6A:19:EB:35:CE:A9:3C:BB:9A:EC:AB:47:C1:BF
X509v3 Authority Key Identifier:
keyid:1C:39:D5:79:36:DD:2D:15:21:44:3E:68:DA:DD:9D:09:49:CD:E3:3F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HDnVeTbdLRUhRD5o2t2dCUnN4z8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/U0e_HnlbahnrNc6pPLua7KtHwb8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/27/d3856f-029c-446a-ae7d-d7c5da7c1676/1/HDnVeTbdLRUhRD5o2t2dCUnN4z8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.199.176.0/21
88.133.240.0/21
94.125.72.0/21
109.70.192.0/21
109.235.224.0/21
130.255.104.0/21
185.35.208.0/22
212.237.168.0/21
IPv6:
2a02:778::/32
Signature Algorithm: sha256WithRSAEncryption
b9:66:23:6f:b6:3f:bd:38:32:70:e2:35:6c:61:6b:f6:cd:fc:
93:97:a3:aa:c3:bc:32:49:22:ba:69:59:ba:ab:1a:c3:db:e3:
cb:80:a6:29:58:6d:92:fb:78:9a:32:58:da:c9:e3:25:4d:3b:
50:06:ed:be:b6:8e:d0:5b:2e:ba:74:2e:e2:33:15:21:17:0b:
3b:69:b5:f5:2e:31:07:d2:43:e1:bd:d3:62:1c:de:12:27:34:
79:2e:fc:77:20:8a:40:7e:fa:51:6d:4f:c5:fb:a7:7f:a5:cf:
2a:78:52:d9:4d:30:0d:b5:ee:00:a2:44:19:2f:df:07:f5:e3:
2b:54:70:e0:e2:b2:34:a7:09:de:5b:20:07:1b:5c:31:53:35:
49:0a:32:cc:9b:d1:be:02:0a:af:42:90:81:44:82:f2:e3:c7:
3c:c2:9a:af:40:b9:aa:04:77:ab:fd:5f:52:fa:3a:fb:b5:eb:
89:10:f0:b1:9e:31:be:fc:0f:0b:83:ae:01:2a:c4:5b:86:3d:
dd:a4:73:fd:df:42:2b:23:81:fc:eb:4d:8b:a1:d4:5c:4c:dc:
cb:9b:c2:6c:e3:1c:f2:1e:c6:d8:61:40:e2:37:eb:7e:22:98:
88:6d:2d:af:97:70:06:f7:e2:59:8b:0a:6e:0f:00:f6:d0:c2:
f9:a6:60:21
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYzIcH5NoaittlwnnA+odBe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMzlkNTc5MzZkZDJkMTUyMTQ0M2U2OGRhZGQ5ZDA5NDlj
ZGUzM2YwHhcNMjQwMTAyMDQzMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ3YmYxZTc5NWI2YTE5ZWIzNWNlYTkzY2JiOWFlY2FiNDdjMWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAizngMFgWRuEQyZjQ0pPy9AQqFx0X
n05PX3lCYK3Dowe878SjeC71Uu8G/q4kycqRLlrSVtqrWjwYccBVMCnM/PbCjB7t
UKPifCq13nwPW3foO+XqoSD08JB/fCdkkKuxRiZrZCZdMmKq70Q+H4uyrv/sKcXw
Ri5swOsebYN0jX1QV/85FFsGsKYokfww07oShwZI7O4xvJpSZAoPk1ZMCVGcJgvj
KLF5lOn3ZtVr9sjA1JChlfeTu/kpNx1Bq563YwqZ0/DaHfC7bvXmDI50F/aIhj4c
h9/P06NJGh3W8r6aRFTe0Ju4tHcNyy5rpc2Di9WzD3Ukubs9/OYnr2N+mwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFFNHvx55W2oZ6zXOqTy7muyrR8G/MB8GA1UdIwQY
MBaAFBw51Xk23S0VIUQ+aNrdnQlJzeM/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSERuVmVUYmRMUlVoUkQ1bzJ0MmRDVW5ONHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9kMzg1NmYtMDI5Yy00NDZhLWFlN2Qt
ZDdjNWRhN2MxNjc2LzEvVTBlX0hubGJhaG5yTmM2cFBMdWE3S3RId2I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9kMzg1NmYtMDI5Yy00NDZhLWFlN2QtZDdjNWRhN2MxNjc2
LzEvSERuVmVUYmRMUlVoUkQ1bzJ0MmRDVW5ONHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBcewAwQD
WIXwAwQDXn1IAwQDbUbAAwQDbevgAwQDgv9oAwQCuSPQAwQD1O2oMA0EAgACMAcD
BQAqAgd4MA0GCSqGSIb3DQEBCwUAA4IBAQC5ZiNvtj+9ODJw4jVsYWv2zfyTl6Oq
w7wySSK6aVm6qxrD2+PLgKYpWG2S+3iaMljayeMlTTtQBu2+to7QWy66dC7iMxUh
Fws7abX1LjEH0kPhvdNiHN4SJzR5Lvx3IIpAfvpRbU/F+6d/pc8qeFLZTTANte4A
okQZL98H9eMrVHDg4rI0pwneWyAHG1wxUzVJCjLMm9G+AgqvQpCBRILy48c8wpqv
QLmqBHer/V9S+jr7teuJEPCxnjG+/A8Lg64BKsRbhj3dpHP930IrI4H8602LodRc
TNzLm8Js4xzyHsbYYUDiN+t+IpiIbS2vl3AG9+JZiwpuDwD20ML5pmAh
-----END CERTIFICATE-----
Generated at Fri Jan 12 13:34:42 2024 by rpki-client on console-ams.rpki-client.org