Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/hTv1EHRjuLU0TwCSvZs04S7X5s0.roa
File: hTv1EHRjuLU0TwCSvZs04S7X5s0.roa (raw, json)
Hash identifier: /8nAdf0GWcb2457wH/fNXHEv63b1GV3+W9nBWjgx+mI=
Subject key identifier: 85:3B:F5:10:74:63:B8:B5:34:4F:00:92:BD:9B:34:E1:2E:D7:E6:CD
Certificate issuer: /CN=3b3daef89306a75f0b88191440742a720afb3f20
Certificate serial: 018617207929295EF08FFAD47E97AD2B0AEC
Authority key identifier: 3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/hTv1EHRjuLU0TwCSvZs04S7X5s0.roa
Signing time: Fri 03 Feb 2023 11:54:09 +0000
ROA not before: Fri 03 Feb 2023 11:54:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 24796
IP address blocks: 193.201.40.0/24 maxlen: 24
193.24.29.0/24 maxlen: 24
185.33.110.0/24 maxlen: 24
185.33.110.0/23 maxlen: 23
185.33.108.0/23 maxlen: 23
185.33.108.0/24 maxlen: 24
185.33.108.0/22 maxlen: 22
185.33.109.0/24 maxlen: 24
2a0f:80::/32 maxlen: 32
2001:7f8:10::/48 maxlen: 48
Validation: Failed, certificate revoked on Wed 08 Feb 2023 09:45:42 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:17:20:79:29:29:5e:f0:8f:fa:d4:7e:97:ad:2b:0a:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3b3daef89306a75f0b88191440742a720afb3f20
Validity
Not Before: Feb 3 11:54:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=853bf5107463b8b5344f0092bd9b34e12ed7e6cd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:04:76:94:d1:28:31:ce:bd:f5:c4:e7:1f:59:
50:18:5f:0f:6a:03:43:2e:e7:bb:8e:cf:38:e1:c6:
b3:d9:de:b1:43:11:e7:a7:09:31:b2:73:d7:6e:a0:
fa:ee:c0:64:dd:a8:8b:e6:3f:59:a0:6d:99:2d:1a:
c5:b4:b9:1e:6e:a6:84:f9:89:29:cc:38:3c:1f:fc:
9f:a8:c8:f3:b9:f9:f4:b2:5f:30:c9:c9:09:d6:86:
f2:32:b6:b9:65:06:ae:ae:9d:b3:c9:06:cf:7d:4f:
a1:1e:b0:64:92:cf:ea:30:52:53:82:0e:f2:3d:4c:
0c:5f:18:f2:cc:6d:96:26:9c:25:51:d0:91:a6:30:
85:8d:51:5a:ba:c6:fa:36:b9:ac:c1:9c:6d:07:4d:
48:d6:aa:66:7e:be:7a:21:64:a1:db:8c:2b:cf:02:
7e:47:14:f7:56:e1:b4:95:36:1e:8e:aa:33:0d:8d:
67:42:25:d0:d7:ce:89:8d:0d:d5:8e:a1:f9:8c:e0:
20:7a:65:ae:a4:81:ab:95:d1:39:78:13:61:3b:c3:
f5:af:b8:e0:1c:1b:b8:a5:bd:3b:da:ad:24:29:d8:
a8:15:49:53:1a:5b:2a:be:c1:b1:f2:b4:e1:26:51:
2b:8a:f9:cb:4d:07:20:05:d8:b3:cd:09:92:57:94:
56:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:3B:F5:10:74:63:B8:B5:34:4F:00:92:BD:9B:34:E1:2E:D7:E6:CD
X509v3 Authority Key Identifier:
keyid:3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/hTv1EHRjuLU0TwCSvZs04S7X5s0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/Oz2u-JMGp18LiBkUQHQqcgr7PyA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.33.108.0/22
193.24.29.0/24
193.201.40.0/24
IPv6:
2001:7f8:10::/48
2a0f:80::/32
Signature Algorithm: sha256WithRSAEncryption
0a:9c:b3:67:14:02:27:99:1b:fc:d7:52:ac:e3:c6:6b:02:f1:
0b:df:97:fe:f7:94:f6:e7:e1:47:ac:e1:1d:34:fa:d9:36:82:
2c:6d:26:7d:d4:09:84:48:e6:82:3c:6a:89:eb:99:3a:3c:6c:
ef:d6:bc:84:14:9a:1e:c7:b8:aa:25:9e:1f:6a:60:fa:7a:0b:
95:79:1f:85:8d:e2:db:9b:b5:8b:83:ae:1d:9a:63:c4:19:3f:
1a:36:92:30:64:85:9d:14:42:3f:09:92:bf:f8:12:5d:24:59:
af:e3:f7:98:3b:27:b4:80:13:91:10:e0:1e:2f:f1:aa:04:cc:
1e:d7:d0:b0:b9:10:5d:be:ed:7e:b8:a4:72:9c:8a:06:6f:5e:
9a:d2:8a:2f:59:20:11:b0:f6:0b:2a:d2:20:b8:ed:b2:e4:e3:
90:7d:e5:2f:95:2b:83:cb:78:17:bf:17:ce:44:9e:31:6a:4f:
44:a8:3e:fc:ff:66:3e:db:5b:9c:e3:94:b7:a1:94:aa:30:28:
1b:e5:02:15:ea:3d:4d:8a:88:13:3f:5e:a3:28:36:ca:c2:ad:
51:3d:86:78:19:0e:30:db:4f:91:a2:f2:9c:cd:b7:b6:cb:65:
dc:bc:95:f7:0f:ec:a5:bd:ba:f1:75:6d:d4:54:45:0c:2a:ea:
7a:31:16:97
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYYXIHkpKV7wj/rUfpetKwrsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiM2RhZWY4OTMwNmE3NWYwYjg4MTkxNDQwNzQyYTcyMGFm
YjNmMjAwHhcNMjMwMjAzMTE1NDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNiZjUxMDc0NjNiOGI1MzQ0ZjAwOTJiZDliMzRlMTJlZDdlNmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgR2lNEoMc699cTnH1lQGF8PagND
Lue7js844caz2d6xQxHnpwkxsnPXbqD67sBk3aiL5j9ZoG2ZLRrFtLkebqaE+Ykp
zDg8H/yfqMjzufn0sl8wyckJ1obyMra5ZQaurp2zyQbPfU+hHrBkks/qMFJTgg7y
PUwMXxjyzG2WJpwlUdCRpjCFjVFausb6NrmswZxtB01I1qpmfr56IWSh24wrzwJ+
RxT3VuG0lTYejqozDY1nQiXQ186JjQ3VjqH5jOAgemWupIGrldE5eBNhO8P1r7jg
HBu4pb072q0kKdioFUlTGlsqvsGx8rThJlErivnLTQcgBdizzQmSV5RW7wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIU79RB0Y7i1NE8Akr2bNOEu1+bNMB8GA1UdIwQY
MBaAFDs9rviTBqdfC4gZFEB0KnIK+z8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3oydS1KTUdwMThMaUJrVVFIUXFjZ3I3UHlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9mMTUwYjEtNDNiOS00OTExLWEwMDUt
YWFjYWQ4NmM2MTdkLzEvaFR2MUVIUmp1TFUwVHdDU3ZaczA0UzdYNXMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9mMTUwYjEtNDNiOS00OTExLWEwMDUtYWFjYWQ4NmM2MTdk
LzEvT3oydS1KTUdwMThMaUJrVVFIUXFjZ3I3UHlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAYBAIAATASAwQCuSFsAwQA
wRgdAwQAwckoMBYEAgACMBADBwAgAQf4ABADBQAqDwCAMA0GCSqGSIb3DQEBCwUA
A4IBAQAKnLNnFAInmRv811Ks48ZrAvEL35f+95T25+FHrOEdNPrZNoIsbSZ91AmE
SOaCPGqJ65k6PGzv1ryEFJoex7iqJZ4famD6eguVeR+FjeLbm7WLg64dmmPEGT8a
NpIwZIWdFEI/CZK/+BJdJFmv4/eYOye0gBOREOAeL/GqBMwe19CwuRBdvu1+uKRy
nIoGb16a0oovWSARsPYLKtIguO2y5OOQfeUvlSuDy3gXvxfORJ4xak9EqD78/2Y+
21uc45S3oZSqMCgb5QIV6j1NiogTP16jKDbKwq1RPYZ4GQ4w20+RovKczbe2y2Xc
vJX3D+ylvbrxdW3UVEUMKup6MRaX
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:58 2024 by rpki-client on console-fra.rpki-client.org