Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/AxCcC3k6tJZrX5uIle-lvHaTigw.roa
File: AxCcC3k6tJZrX5uIle-lvHaTigw.roa (raw, json)
Hash identifier: wFIZiRC07EzJhLiMkVtIC8Wl9bRWb2yBNYtkqFAuNY4=
Subject key identifier: 03:10:9C:0B:79:3A:B4:96:6B:5F:9B:88:95:EF:A5:BC:76:93:8A:0C
Certificate issuer: /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial: 01856EA6BFD8327F4A2E9633C43FF6D5D746
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/AxCcC3k6tJZrX5uIle-lvHaTigw.roa
Signing time: Sun 01 Jan 2023 18:44:59 +0000
ROA not before: Sun 01 Jan 2023 18:44:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57136
IP address blocks: 89.33.23.0/24 maxlen: 24
89.33.22.0/24 maxlen: 24
89.33.21.0/24 maxlen: 24
89.33.20.0/24 maxlen: 24
89.33.125.0/24 maxlen: 24
89.33.124.0/24 maxlen: 24
89.33.123.0/24 maxlen: 24
89.33.122.0/24 maxlen: 24
89.33.121.0/24 maxlen: 24
89.33.120.0/24 maxlen: 24
89.33.127.0/24 maxlen: 24
89.33.126.0/24 maxlen: 24
2a05:b680:9::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 02 Jan 2024 08:32:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:a6:bf:d8:32:7f:4a:2e:96:33:c4:3f:f6:d5:d7:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Validity
Not Before: Jan 1 18:44:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=03109c0b793ab4966b5f9b8895efa5bc76938a0c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:06:14:45:63:6c:68:9e:c0:50:5e:ff:ba:d0:
95:6a:ed:58:f5:ef:b1:58:d1:23:6e:7f:b2:5d:de:
c5:6b:b5:b6:6b:c0:93:df:0b:eb:d2:9e:9b:7b:c5:
36:2f:7a:ca:67:e1:de:25:99:f5:44:d4:49:84:90:
ff:b3:6d:72:26:9a:af:ac:12:82:45:97:ea:48:83:
84:13:03:3f:c5:dc:19:22:6d:16:be:3e:59:b8:c3:
84:72:07:5c:d7:a3:46:84:b5:ba:f9:56:50:56:b1:
21:43:56:de:d7:5b:86:07:a2:44:fc:91:4a:22:32:
b4:1b:80:d5:b8:e2:5a:7b:ff:5c:de:72:db:be:b6:
19:7e:02:fa:85:41:29:b5:92:ad:af:d9:db:c7:c3:
bb:72:bb:95:a3:05:69:ee:48:1b:45:b0:13:68:6e:
61:50:2f:94:49:9e:6b:8c:11:48:aa:36:80:72:39:
60:43:3d:e0:3f:b0:aa:da:b5:4d:56:ab:d1:f4:75:
37:56:ba:8c:2a:1d:b9:2a:d3:db:d6:58:03:01:e2:
35:1a:9a:cb:8b:3c:4c:f7:cb:c6:12:3e:0e:a0:0d:
84:8a:21:42:0d:18:00:f4:45:53:60:24:e3:8d:30:
84:e0:e8:28:47:92:b8:d9:ff:de:2c:6f:49:16:99:
69:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:10:9C:0B:79:3A:B4:96:6B:5F:9B:88:95:EF:A5:BC:76:93:8A:0C
X509v3 Authority Key Identifier:
keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/AxCcC3k6tJZrX5uIle-lvHaTigw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.33.20.0/22
89.33.120.0/21
IPv6:
2a05:b680:9::/48
Signature Algorithm: sha256WithRSAEncryption
49:b7:c5:db:55:3a:1c:fa:db:b7:c4:22:2c:8a:59:de:41:85:
2d:bc:98:b4:82:f1:e8:f5:82:a1:c4:22:54:3c:5a:78:22:39:
7b:de:d4:2e:fe:dc:a2:00:a6:8c:b9:10:1b:9d:c7:ae:7f:9c:
1d:8d:4f:73:f3:ac:38:e7:6d:a2:15:0a:cc:82:9c:15:48:e3:
0d:5b:53:79:a0:28:d1:82:cb:34:b0:9f:79:4b:4d:28:f1:5d:
78:47:eb:f5:e5:c2:bf:fa:63:4b:3d:1a:4b:f3:83:21:50:d1:
9e:05:94:f0:be:4a:72:f3:c2:fe:64:77:3c:4f:15:41:c5:ff:
e9:86:93:0a:98:d9:c4:29:b7:c9:98:15:67:b6:08:f0:86:ec:
c8:1e:62:ed:91:e0:b2:b7:fd:96:33:19:78:b4:98:d9:ca:df:
b2:b2:71:44:ce:e1:fc:8c:a9:7f:e8:e5:bc:41:b0:4a:3b:5c:
d7:4b:f1:90:ac:78:6c:99:b0:06:81:17:a3:8f:96:00:0f:0f:
12:f6:d8:c7:b3:cc:f6:d1:89:49:01:c1:5b:44:f4:bb:2c:5b:
8c:56:28:81:37:35:48:9b:6e:8a:1b:3e:25:c0:86:f6:7f:aa:
8a:6a:7b:69:93:7c:db:4a:8a:d1:0d:fa:1a:e2:70:2a:7a:9f:
32:e2:f3:32
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVupr/YMn9KLpYzxD/21ddGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjMwMTAxMTg0NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzEwOWMwYjc5M2FiNDk2NmI1ZjliODg5NWVmYTViYzc2OTM4YTBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAYURWNsaJ7AUF7/utCVau1Y9e+x
WNEjbn+yXd7Fa7W2a8CT3wvr0p6be8U2L3rKZ+HeJZn1RNRJhJD/s21yJpqvrBKC
RZfqSIOEEwM/xdwZIm0Wvj5ZuMOEcgdc16NGhLW6+VZQVrEhQ1be11uGB6JE/JFK
IjK0G4DVuOJae/9c3nLbvrYZfgL6hUEptZKtr9nbx8O7cruVowVp7kgbRbATaG5h
UC+USZ5rjBFIqjaAcjlgQz3gP7Cq2rVNVqvR9HU3VrqMKh25KtPb1lgDAeI1GprL
izxM98vGEj4OoA2EiiFCDRgA9EVTYCTjjTCE4OgoR5K42f/eLG9JFplpKwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAMQnAt5OrSWa1+biJXvpbx2k4oMMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvQXhDY0MzazZ0SlpyWDV1SWxlLWx2SGFUaWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCWSEUAwQD
WSF4MA8EAgACMAkDBwAqBbaAAAkwDQYJKoZIhvcNAQELBQADggEBAEm3xdtVOhz6
27fEIiyKWd5BhS28mLSC8ej1gqHEIlQ8WngiOXve1C7+3KIApoy5EBudx65/nB2N
T3PzrDjnbaIVCsyCnBVI4w1bU3mgKNGCyzSwn3lLTSjxXXhH6/Xlwr/6Y0s9Gkvz
gyFQ0Z4FlPC+SnLzwv5kdzxPFUHF/+mGkwqY2cQpt8mYFWe2CPCG7MgeYu2R4LK3
/ZYzGXi0mNnK37KycUTO4fyMqX/o5bxBsEo7XNdL8ZCseGyZsAaBF6OPlgAPDxL2
2MezzPbRiUkBwVtE9LssW4xWKIE3NUibboobPiXAhvZ/qopqe2mTfNtKitEN+hri
cCp6nzLi8zI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:29 2024 by rpki-client on console-fra.rpki-client.org