Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/46efb5-c9e7-4f08-bc6a-bb3e819f3ddc/1/5zjgGlutEFyAAlgRMxyq2Bi723Q.roa
File: 5zjgGlutEFyAAlgRMxyq2Bi723Q.roa (raw, json)
Hash identifier: ATbQXYTbsAcZq1WQa0fRWp39LtLjY/oJsdjWEAqTB+4=
Subject key identifier: E7:38:E0:1A:5B:AD:10:5C:80:02:58:11:33:1C:AA:D8:18:BB:DB:74
Certificate issuer: /CN=d58cc8506fedbb5061de9925b07d649918a19926
Certificate serial: 01856FD4F3858BFB7E29EE38FB80A6866C07
Authority key identifier: D5:8C:C8:50:6F:ED:BB:50:61:DE:99:25:B0:7D:64:99:18:A1:99:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1YzIUG_tu1Bh3pklsH1kmRihmSY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/33/46efb5-c9e7-4f08-bc6a-bb3e819f3ddc/1/5zjgGlutEFyAAlgRMxyq2Bi723Q.roa
Signing time: Mon 02 Jan 2023 00:15:05 +0000
ROA not before: Mon 02 Jan 2023 00:15:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44416
IP address blocks: 193.228.2.0/24 maxlen: 24
188.239.200.0/21 maxlen: 21
188.239.208.0/21 maxlen: 21
188.239.216.0/21 maxlen: 21
188.239.224.0/21 maxlen: 21
188.239.232.0/21 maxlen: 21
188.239.240.0/21 maxlen: 21
188.239.240.0/20 maxlen: 21
188.239.192.0/21 maxlen: 21
188.239.192.0/18 maxlen: 18
2001:678:c7c::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 01 Jan 2024 20:29:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:d4:f3:85:8b:fb:7e:29:ee:38:fb:80:a6:86:6c:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d58cc8506fedbb5061de9925b07d649918a19926
Validity
Not Before: Jan 2 00:15:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e738e01a5bad105c80025811331caad818bbdb74
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:7f:69:88:9c:30:84:44:6a:5c:e8:33:3d:95:
9b:fa:15:dc:4d:16:6b:65:e3:b3:45:4d:15:32:67:
85:54:99:ba:b8:ad:ea:ba:ad:4d:e9:d4:69:89:51:
bb:d6:79:72:59:08:72:ff:f0:c5:8b:41:84:ef:21:
6e:62:a4:5d:ef:c7:a1:4a:72:67:84:67:b1:fb:f4:
d8:99:a4:5c:8d:6b:8e:00:72:e5:a8:4f:93:0e:24:
91:53:e6:61:42:d0:58:82:31:4c:2b:dc:67:fc:f2:
17:f8:1f:fe:bd:0e:56:8e:05:72:0b:6d:82:4e:24:
1e:1e:19:d9:8e:96:fd:84:7c:c4:19:bd:aa:0f:1b:
1a:11:98:22:c5:8a:17:c6:5a:aa:19:3b:ed:17:3b:
92:a3:ca:e8:2e:23:77:5a:5d:8f:7e:c9:a7:45:12:
ff:de:4c:dd:4f:b6:bf:45:8d:39:9f:e3:a1:ee:e2:
b1:6f:79:38:63:0b:be:59:fd:3f:b0:59:8b:4f:d8:
11:10:8c:f4:87:b3:82:6a:c8:af:81:e8:34:f0:a4:
03:89:70:a6:4a:9e:ef:5c:db:3c:62:e1:35:cc:2b:
ee:3a:3c:74:12:76:9b:0f:0d:05:82:c6:ad:11:6a:
e7:87:b4:62:a2:75:84:e7:c1:10:26:ce:d3:49:45:
46:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:38:E0:1A:5B:AD:10:5C:80:02:58:11:33:1C:AA:D8:18:BB:DB:74
X509v3 Authority Key Identifier:
keyid:D5:8C:C8:50:6F:ED:BB:50:61:DE:99:25:B0:7D:64:99:18:A1:99:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YzIUG_tu1Bh3pklsH1kmRihmSY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/46efb5-c9e7-4f08-bc6a-bb3e819f3ddc/1/5zjgGlutEFyAAlgRMxyq2Bi723Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/33/46efb5-c9e7-4f08-bc6a-bb3e819f3ddc/1/1YzIUG_tu1Bh3pklsH1kmRihmSY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.239.192.0/18
193.228.2.0/24
IPv6:
2001:678:c7c::/48
Signature Algorithm: sha256WithRSAEncryption
56:87:3f:9d:e6:0b:d4:68:12:b2:1d:13:d0:8f:f4:5e:e7:16:
6b:f6:e7:69:d7:f2:d4:4a:5e:1b:49:b2:31:b3:8b:34:68:44:
f8:af:ab:cf:e7:e1:2d:bd:d2:7a:c5:75:95:18:20:f7:de:49:
50:f0:73:4b:d2:ca:16:0f:45:6f:9e:12:a6:fe:ff:52:34:91:
a4:e4:17:ec:46:09:46:ba:26:1a:2a:fc:b1:bd:b8:42:a5:13:
e2:67:f5:59:26:75:a9:9e:90:de:22:b3:29:76:0d:f6:01:34:
26:da:22:87:56:f0:d7:64:0b:44:82:1e:88:ab:35:ef:d5:0a:
06:fa:2a:1e:a4:b1:56:fb:93:54:b9:bd:bc:9b:fd:66:c0:e8:
3b:7f:20:6a:0a:00:8a:df:9f:f9:8e:35:57:89:48:53:8b:25:
21:f6:c4:26:76:fa:d7:05:e4:f3:12:8c:de:2e:f9:70:ab:d6:
9b:92:df:b0:9f:9d:f0:af:66:1d:11:01:a3:c0:f7:1d:eb:36:
88:5a:cd:a0:65:84:b1:d5:d4:9e:b9:2e:c4:73:18:ba:44:00:
fb:fc:20:0e:3b:d3:7a:ad:fe:fa:de:07:6b:9b:15:4c:81:9b:
91:d4:51:f8:6d:1f:3f:54:8b:dc:00:ac:bf:84:63:fb:e9:67:
ed:c7:11:78
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVv1POFi/t+Ke44+4CmhmwHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1OGNjODUwNmZlZGJiNTA2MWRlOTkyNWIwN2Q2NDk5MThh
MTk5MjYwHhcNMjMwMTAyMDAxNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzM4ZTAxYTViYWQxMDVjODAwMjU4MTEzMzFjYWFkODE4YmJkYjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAon9piJwwhERqXOgzPZWb+hXcTRZr
ZeOzRU0VMmeFVJm6uK3quq1N6dRpiVG71nlyWQhy//DFi0GE7yFuYqRd78ehSnJn
hGex+/TYmaRcjWuOAHLlqE+TDiSRU+ZhQtBYgjFMK9xn/PIX+B/+vQ5WjgVyC22C
TiQeHhnZjpb9hHzEGb2qDxsaEZgixYoXxlqqGTvtFzuSo8roLiN3Wl2PfsmnRRL/
3kzdT7a/RY05n+Oh7uKxb3k4Ywu+Wf0/sFmLT9gREIz0h7OCasivgeg08KQDiXCm
Sp7vXNs8YuE1zCvuOjx0EnabDw0FgsatEWrnh7RionWE58EQJs7TSUVGVQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFOc44BpbrRBcgAJYETMcqtgYu9t0MB8GA1UdIwQY
MBaAFNWMyFBv7btQYd6ZJbB9ZJkYoZkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVl6SVVHX3R1MUJoM3BrbHNIMWttUmlobVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy80NmVmYjUtYzllNy00ZjA4LWJjNmEt
YmIzZTgxOWYzZGRjLzEvNXpqZ0dsdXRFRnlBQWxnUk14eXEyQmk3MjNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy80NmVmYjUtYzllNy00ZjA4LWJjNmEtYmIzZTgxOWYzZGRj
LzEvMVl6SVVHX3R1MUJoM3BrbHNIMWttUmlobVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQGvO/AAwQA
weQCMA8EAgACMAkDBwAgAQZ4DHwwDQYJKoZIhvcNAQELBQADggEBAFaHP53mC9Ro
ErIdE9CP9F7nFmv252nX8tRKXhtJsjGzizRoRPivq8/n4S290nrFdZUYIPfeSVDw
c0vSyhYPRW+eEqb+/1I0kaTkF+xGCUa6Jhoq/LG9uEKlE+Jn9VkmdamekN4isyl2
DfYBNCbaIodW8NdkC0SCHoirNe/VCgb6Kh6ksVb7k1S5vbyb/WbA6Dt/IGoKAIrf
n/mONVeJSFOLJSH2xCZ2+tcF5PMSjN4u+XCr1puS37CfnfCvZh0RAaPA9x3rNoha
zaBlhLHV1J65LsRzGLpEAPv8IA4703qt/vreB2ubFUyBm5HUUfhtHz9Ui9wArL+E
Y/vpZ+3HEXg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:06 2024 by rpki-client on console-ams.rpki-client.org