Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/lg7QKAqlGD2FNd-i2T6KsMxbIRM.roa
File: lg7QKAqlGD2FNd-i2T6KsMxbIRM.roa (raw, json)
Hash identifier: kRS3JEsKZQWVxmGLKpq6HsYLXm6+xNPVXmFeZsgKLVM=
Subject key identifier: 96:0E:D0:28:0A:A5:18:3D:85:35:DF:A2:D9:3E:8A:B0:CC:5B:21:13
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 0187C39A4B8DD688E886DE0408E18F2A8B4B
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/lg7QKAqlGD2FNd-i2T6KsMxbIRM.roa
Signing time: Thu 27 Apr 2023 16:44:41 +0000
ROA not before: Thu 27 Apr 2023 16:44:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 399130
IP address blocks: 195.138.109.0/24 maxlen: 24
195.138.110.0/24 maxlen: 24
195.138.116.0/24 maxlen: 24
195.138.117.0/24 maxlen: 24
195.138.115.0/24 maxlen: 24
195.138.113.0/24 maxlen: 24
195.138.119.0/24 maxlen: 24
195.138.121.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 11 May 2023 13:51:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:c3:9a:4b:8d:d6:88:e8:86:de:04:08:e1:8f:2a:8b:4b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Apr 27 16:44:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=960ed0280aa5183d8535dfa2d93e8ab0cc5b2113
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:f6:4e:56:6d:13:35:76:fa:ec:6c:06:a5:0e:
73:5e:c7:2c:88:c7:29:32:ae:e0:3a:95:e3:f3:ab:
e7:0b:28:55:4b:63:d8:b0:f5:37:a8:2e:ad:8c:8e:
0e:eb:2b:16:05:be:87:17:90:f1:96:0d:f7:0b:b5:
9f:04:65:7c:f6:ff:f2:96:2c:fd:35:b0:93:93:33:
66:df:e7:cd:cd:c1:f7:c4:e5:14:e7:b5:29:45:7a:
8b:96:80:32:be:ad:e0:0b:b3:8d:41:bb:99:4a:bd:
ea:ef:f1:27:3f:fd:f6:e1:d4:37:70:57:69:8b:80:
b4:17:d1:31:7c:d7:9c:86:97:2b:e2:9e:04:de:21:
f6:3a:4f:4c:5a:8f:a4:39:52:83:88:4b:df:56:b8:
1d:74:ca:7a:80:28:ae:58:50:b6:13:85:f0:44:92:
0e:93:87:75:71:bd:fd:28:e3:95:32:40:fc:1b:6a:
6c:95:34:4a:19:d2:46:a3:8e:20:f5:28:d4:86:4b:
16:95:41:16:bb:14:5b:ce:1e:e0:62:54:39:12:b7:
fe:e0:e4:9b:18:cd:7f:78:96:09:b9:f4:89:c5:6f:
f0:8a:b1:d0:41:93:45:ab:4b:f3:07:57:3b:d4:97:
ed:b8:c7:10:74:d1:be:22:86:66:c3:21:10:f5:dd:
48:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:0E:D0:28:0A:A5:18:3D:85:35:DF:A2:D9:3E:8A:B0:CC:5B:21:13
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/lg7QKAqlGD2FNd-i2T6KsMxbIRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.138.109.0-195.138.110.255
195.138.113.0/24
195.138.115.0-195.138.117.255
195.138.119.0/24
195.138.121.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:36:98:7c:ac:01:40:18:68:06:5c:63:91:94:da:6d:27:0e:
9a:4b:1d:97:25:93:9d:66:dc:d1:8e:dd:4d:38:c4:37:92:63:
a8:b8:30:bb:8c:c3:08:47:f7:ba:dc:00:b7:d3:58:14:b4:b9:
68:79:5e:23:1b:f4:83:5e:62:69:be:48:61:1e:27:7a:60:f7:
89:73:32:02:cf:83:a6:43:94:9e:59:82:cc:26:5d:91:a6:8b:
86:a2:3d:27:01:47:cb:36:aa:f8:6a:d3:33:fd:54:72:b5:50:
d5:29:fb:2d:3d:bc:00:ba:01:d7:7d:68:1d:4b:eb:b7:de:59:
7d:23:2a:ef:11:e8:14:8e:13:8d:99:7e:6d:b9:f1:5d:6d:e9:
7e:d4:94:16:0b:e2:8a:1a:52:51:00:c6:70:47:ff:86:e1:19:
0c:61:6e:8b:fe:c0:24:aa:89:39:e6:fa:25:33:10:81:d3:c3:
73:a0:b1:29:ba:86:a7:6e:98:0d:65:bd:c6:51:3f:63:07:80:
a9:59:d7:27:00:b4:ad:21:ad:de:18:a6:3d:1e:1a:10:0c:c9:
5f:6a:12:09:1d:9a:18:e4:32:f1:18:5f:18:22:59:44:2d:fb:
78:63:9e:96:dd:6c:22:05:02:41:2c:98:5a:ac:2b:2b:f5:b8:
3b:f3:4b:d8
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYfDmkuN1ojoht4ECOGPKotLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwNDI3MTY0NDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjBlZDAyODBhYTUxODNkODUzNWRmYTJkOTNlOGFiMGNjNWIyMTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvZOVm0TNXb67GwGpQ5zXscsiMcp
Mq7gOpXj86vnCyhVS2PYsPU3qC6tjI4O6ysWBb6HF5Dxlg33C7WfBGV89v/yliz9
NbCTkzNm3+fNzcH3xOUU57UpRXqLloAyvq3gC7ONQbuZSr3q7/EnP/324dQ3cFdp
i4C0F9ExfNechpcr4p4E3iH2Ok9MWo+kOVKDiEvfVrgddMp6gCiuWFC2E4XwRJIO
k4d1cb39KOOVMkD8G2pslTRKGdJGo44g9SjUhksWlUEWuxRbzh7gYlQ5Erf+4OSb
GM1/eJYJufSJxW/wirHQQZNFq0vzB1c71JftuMcQdNG+IoZmwyEQ9d1ImwIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFJYO0CgKpRg9hTXfotk+irDMWyETMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvbGc3UUtBcWxHRDJGTmQtaTJUNktzTXhiSVJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBADDim0D
BADDim4DBADDinEwDAMEAMOKcwMEAcOKdAMEAMOKdwMEAMOKeTANBgkqhkiG9w0B
AQsFAAOCAQEAfTaYfKwBQBhoBlxjkZTabScOmksdlyWTnWbc0Y7dTTjEN5JjqLgw
u4zDCEf3utwAt9NYFLS5aHleIxv0g15iab5IYR4nemD3iXMyAs+DpkOUnlmCzCZd
kaaLhqI9JwFHyzaq+GrTM/1UcrVQ1Sn7LT28ALoB131oHUvrt95ZfSMq7xHoFI4T
jZl+bbnxXW3pftSUFgviihpSUQDGcEf/huEZDGFui/7AJKqJOeb6JTMQgdPDc6Cx
KbqGp26YDWW9xlE/YweAqVnXJwC0rSGt3himPR4aEAzJX2oSCR2aGOQy8RhfGCJZ
RC37eGOelt1sIgUCQSyYWqwrK/W4O/NL2A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:27 2024 by rpki-client on console-ams.rpki-client.org