Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oNKXjFb-Gy928-NkZD5tM9rw_fo.roa
File: oNKXjFb-Gy928-NkZD5tM9rw_fo.roa (raw, json)
Hash identifier: 3Tqg1SRVJzXXHeX2hogq7BWq1YHknDkLfBhU4yw++aM=
Subject key identifier: A0:D2:97:8C:56:FE:1B:2F:76:F3:E3:64:64:3E:6D:33:DA:F0:FD:FA
Certificate issuer: /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial: 018CC348AB29D4738E0D7AEB1CEBEEA7B80B
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oNKXjFb-Gy928-NkZD5tM9rw_fo.roa
Signing time: Mon 01 Jan 2024 04:29:28 +0000
ROA not before: Mon 01 Jan 2024 04:29:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 39855
IP address blocks: 193.110.161.0/24 maxlen: 24
194.55.128.0/24 maxlen: 24
91.229.5.0/24 maxlen: 24
195.60.170.0/24 maxlen: 24
217.8.116.0/24 maxlen: 24
45.85.247.0/24 maxlen: 24
193.201.202.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 11 Mar 2024 08:05:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:48:ab:29:d4:73:8e:0d:7a:eb:1c:eb:ee:a7:b8:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Validity
Not Before: Jan 1 04:29:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a0d2978c56fe1b2f76f3e364643e6d33daf0fdfa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:f6:23:be:88:e6:1e:db:91:3b:d5:eb:1f:c3:
e1:b1:d7:7c:18:ff:f8:77:db:36:12:ca:e4:b3:a2:
61:43:c9:44:86:ab:26:07:bc:9d:17:ee:88:55:86:
68:ca:48:3f:32:4b:a2:71:f3:fa:b5:86:c7:47:1d:
bb:97:50:52:58:28:6f:43:5f:3f:4e:84:8b:d6:c6:
d0:bb:89:d8:65:b4:f4:ab:35:bd:0f:c0:c8:13:f2:
48:69:a9:70:15:c2:c6:4a:fd:e2:aa:85:1b:28:a2:
09:4c:eb:10:43:93:be:00:d9:66:55:2c:41:35:54:
21:16:a3:55:5b:60:0a:7e:66:88:20:e1:7a:ad:3e:
b8:2a:fe:bc:e9:70:49:c7:f9:44:d5:2e:64:d0:5f:
0c:9b:3b:40:85:e2:a4:9c:46:68:94:13:05:c1:87:
8a:4d:c8:ff:ff:9a:98:ad:1c:7b:cc:e5:3b:11:c5:
54:c8:cb:0c:1f:67:38:fd:ea:9c:f1:1e:f6:d0:67:
b9:69:c2:84:59:31:23:18:6c:bc:b5:f8:58:10:69:
0c:a4:6c:fe:e0:97:60:d9:30:5d:86:5d:37:12:a4:
1d:65:15:f4:8c:1f:33:64:1d:ec:3a:14:9d:7a:e0:
dc:10:43:a1:5e:fd:ef:10:5a:36:f3:8c:ba:71:e1:
9e:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:D2:97:8C:56:FE:1B:2F:76:F3:E3:64:64:3E:6D:33:DA:F0:FD:FA
X509v3 Authority Key Identifier:
keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/oNKXjFb-Gy928-NkZD5tM9rw_fo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.85.247.0/24
91.229.5.0/24
193.110.161.0/24
193.201.202.0/24
194.55.128.0/24
195.60.170.0/24
217.8.116.0/24
Signature Algorithm: sha256WithRSAEncryption
75:6d:f9:a6:6d:4f:32:41:a4:db:e1:ff:b2:aa:ce:e0:69:83:
ef:1d:8e:93:9d:a6:eb:c1:d3:7a:3d:02:f3:d5:c0:34:fd:1b:
61:00:e1:44:b6:25:e3:c0:68:32:d3:71:40:76:4f:73:85:91:
a2:8e:4b:84:b5:4e:fa:a2:93:7b:4f:99:4a:29:55:77:03:0d:
e4:31:c2:02:5e:91:9c:87:7c:38:18:48:ed:0e:e5:4e:0b:aa:
48:e5:54:45:cb:3b:de:85:49:9b:11:db:41:5a:ee:a3:8d:bb:
16:ae:0b:1a:28:6e:d1:30:93:47:b4:f2:53:71:b0:f5:b5:43:
66:9c:ba:54:95:d5:11:d0:46:1a:4e:bf:6d:8f:a5:11:26:69:
07:b2:cd:fb:15:52:e4:1c:a2:24:e1:82:85:b7:d5:85:03:c0:
13:28:9c:44:35:5d:a2:b6:e8:7d:d7:00:61:92:11:91:79:0e:
0b:a5:00:c9:9c:01:aa:75:ca:06:3e:af:82:0b:21:d3:38:f0:
c4:b9:4f:0c:c6:cb:f4:20:69:d1:6c:a9:5a:15:a6:d1:42:1d:
c1:04:ce:c0:b1:66:92:91:8f:dc:46:bb:ad:c4:bb:d8:de:0f:
d8:21:05:33:62:5b:5d:de:b9:0d:88:84:94:4e:df:e3:ea:8d:
1f:ff:76:ce
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzDSKsp1HOODXrrHOvup7gLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGQyOTc4YzU2ZmUxYjJmNzZmM2UzNjQ2NDNlNmQzM2RhZjBmZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg/YjvojmHtuRO9XrH8Phsdd8GP/4
d9s2Esrks6JhQ8lEhqsmB7ydF+6IVYZoykg/MkuicfP6tYbHRx27l1BSWChvQ18/
ToSL1sbQu4nYZbT0qzW9D8DIE/JIaalwFcLGSv3iqoUbKKIJTOsQQ5O+ANlmVSxB
NVQhFqNVW2AKfmaIIOF6rT64Kv686XBJx/lE1S5k0F8MmztAheKknEZolBMFwYeK
Tcj//5qYrRx7zOU7EcVUyMsMH2c4/eqc8R720Ge5acKEWTEjGGy8tfhYEGkMpGz+
4Jdg2TBdhl03EqQdZRX0jB8zZB3sOhSdeuDcEEOhXv3vEFo284y6ceGeKQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKDSl4xW/hsvdvPjZGQ+bTPa8P36MB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvb05LWGpGYi1HeTkyOC1Oa1pENXRNOXJ3X2ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALVX3AwQA
W+UFAwQAwW6hAwQAwcnKAwQAwjeAAwQAwzyqAwQA2Qh0MA0GCSqGSIb3DQEBCwUA
A4IBAQB1bfmmbU8yQaTb4f+yqs7gaYPvHY6TnabrwdN6PQLz1cA0/RthAOFEtiXj
wGgy03FAdk9zhZGijkuEtU76opN7T5lKKVV3Aw3kMcICXpGch3w4GEjtDuVOC6pI
5VRFyzvehUmbEdtBWu6jjbsWrgsaKG7RMJNHtPJTcbD1tUNmnLpUldUR0EYaTr9t
j6URJmkHss37FVLkHKIk4YKFt9WFA8ATKJxENV2ituh91wBhkhGReQ4LpQDJnAGq
dcoGPq+CCyHTOPDEuU8Mxsv0IGnRbKlaFabRQh3BBM7AsWaSkY/cRrutxLvY3g/Y
IQUzYltd3rkNiISUTt/j6o0f/3bO
-----END CERTIFICATE-----
Generated at Mon Mar 11 11:55:57 2024 by rpki-client on console-fra.rpki-client.org