Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/hPH5cSb7TQKxXUv04aVV3Qamaak.roa
File: hPH5cSb7TQKxXUv04aVV3Qamaak.roa (raw, json)
Hash identifier: bj7QosVX6BYAJoFXiz3bUz7H4vPRgKfeTrAAaX0ftR8=
Subject key identifier: 84:F1:F9:71:26:FB:4D:02:B1:5D:4B:F4:E1:A5:55:DD:06:A6:69:A9
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 018D2E6389BFCF84F7B90F3B136DC15E2EF0
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/hPH5cSb7TQKxXUv04aVV3Qamaak.roa
Signing time: Sun 21 Jan 2024 23:38:11 +0000
ROA not before: Sun 21 Jan 2024 23:38:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 45.155.252.0/24 maxlen: 24
45.155.255.0/24 maxlen: 24
45.157.209.0/24 maxlen: 24
45.157.210.0/24 maxlen: 24
79.98.247.0/24 maxlen: 24
185.199.151.0/24 maxlen: 24
185.199.213.0/24 maxlen: 24
185.226.181.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 22 Jan 2024 15:42:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2e:63:89:bf:cf:84:f7:b9:0f:3b:13:6d:c1:5e:2e:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: Jan 21 23:38:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=84f1f97126fb4d02b15d4bf4e1a555dd06a669a9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:bf:ad:d0:8c:b2:dd:cd:1a:31:75:26:d7:18:
05:d7:09:ed:a9:42:d4:a5:ec:02:3f:5d:ea:b4:29:
50:ce:ee:55:65:cf:bf:3e:a4:78:64:ae:2b:d2:48:
2e:b8:ff:8d:d0:0c:5b:d2:93:d1:b1:f1:bd:08:69:
d9:2e:b6:7f:75:a1:88:04:72:36:63:4c:a8:08:33:
36:f3:cc:9b:f6:d1:d1:71:c6:be:cf:a7:55:ee:ed:
1e:e9:da:06:43:38:07:dd:1d:43:44:83:de:b6:c6:
c4:22:c5:67:a5:0d:1d:78:f7:4c:31:0e:8d:8c:b9:
13:11:ca:0b:74:7d:73:73:90:11:7a:e9:e0:f5:a4:
0d:aa:be:e3:88:98:f1:7f:36:a5:71:16:3b:2c:1a:
c0:44:8e:e1:a6:7f:7e:57:92:1a:7a:00:7e:8a:d6:
59:e3:d6:16:4a:52:0b:e8:58:31:f6:8e:bd:be:b0:
e9:6c:fc:de:00:5a:bd:36:12:32:13:b0:14:f4:0f:
41:a8:a1:ad:ac:bc:85:9b:d8:03:ce:7a:d7:07:82:
1f:77:ad:ac:fc:78:9c:eb:06:4a:9b:77:e9:7b:f8:
b2:88:bf:21:6b:93:2a:45:c7:45:25:fd:5e:06:9a:
22:f0:7f:44:18:c7:57:0b:bf:25:b3:a1:e6:cc:07:
46:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:F1:F9:71:26:FB:4D:02:B1:5D:4B:F4:E1:A5:55:DD:06:A6:69:A9
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/hPH5cSb7TQKxXUv04aVV3Qamaak.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.155.252.0/24
45.155.255.0/24
45.157.209.0-45.157.210.255
79.98.247.0/24
185.199.151.0/24
185.199.213.0/24
185.226.181.0/24
Signature Algorithm: sha256WithRSAEncryption
71:1c:eb:a1:36:6a:47:42:f2:2f:97:5d:80:79:e0:b1:6b:8a:
b7:bd:57:13:0d:50:28:04:73:7e:a2:98:9f:25:6a:a2:d2:c9:
6e:84:22:c3:24:cf:81:27:08:5c:a0:9b:8a:1b:7f:42:dc:13:
e2:fa:1b:11:75:07:de:d8:74:fb:ab:e8:08:f0:c1:9f:09:67:
1b:e1:a4:75:3b:71:4e:11:2a:32:e7:a6:0e:cb:73:30:7f:31:
6d:7e:39:84:dc:c7:c5:b7:bd:2a:14:60:81:c9:31:4c:77:11:
db:f5:6a:c1:b0:bb:17:a5:6e:68:dd:77:ce:b8:1c:da:3e:4b:
05:f9:d1:66:53:bb:b1:20:15:ae:01:6e:9d:9b:78:3e:7c:e5:
2e:2a:32:98:bd:50:1b:47:60:2a:50:df:84:c6:65:af:e7:6d:
40:6e:53:db:14:9c:e4:3e:a7:2b:88:86:fd:c9:10:fb:c8:b0:
f2:e4:43:51:7b:a6:f9:80:11:03:84:23:dc:79:e5:c2:e6:24:
40:1b:22:ca:73:5c:86:95:b3:2e:88:7e:63:a0:40:93:bd:3d:
b2:06:dd:89:83:4f:a6:3e:af:a7:97:c8:d9:78:fa:a2:27:2b:
a0:7e:ac:b8:39:8d:22:be:a3:58:41:fd:06:4f:ea:7e:3d:73:
e8:b3:0d:fd
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAY0uY4m/z4T3uQ87E23BXi7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMTIxMjMzODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGYxZjk3MTI2ZmI0ZDAyYjE1ZDRiZjRlMWE1NTVkZDA2YTY2OWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL+t0Iyy3c0aMXUm1xgF1wntqULU
pewCP13qtClQzu5VZc+/PqR4ZK4r0kguuP+N0Axb0pPRsfG9CGnZLrZ/daGIBHI2
Y0yoCDM288yb9tHRcca+z6dV7u0e6doGQzgH3R1DRIPetsbEIsVnpQ0dePdMMQ6N
jLkTEcoLdH1zc5AReung9aQNqr7jiJjxfzalcRY7LBrARI7hpn9+V5IaegB+itZZ
49YWSlIL6Fgx9o69vrDpbPzeAFq9NhIyE7AU9A9BqKGtrLyFm9gDznrXB4Ifd62s
/Hic6wZKm3fpe/iyiL8ha5MqRcdFJf1eBpoi8H9EGMdXC78ls6HmzAdGQwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFITx+XEm+00CsV1L9OGlVd0GpmmpMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvaFBINWNTYjdUUUt4WFV2MDRhVlYzUWFtYWFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALZv8AwQA
LZv/MAwDBAAtndEDBAAtndIDBABPYvcDBAC5x5cDBAC5x9UDBAC54rUwDQYJKoZI
hvcNAQELBQADggEBAHEc66E2akdC8i+XXYB54LFrire9VxMNUCgEc36imJ8laqLS
yW6EIsMkz4EnCFygm4obf0LcE+L6GxF1B97YdPur6AjwwZ8JZxvhpHU7cU4RKjLn
pg7LczB/MW1+OYTcx8W3vSoUYIHJMUx3Edv1asGwuxelbmjdd864HNo+SwX50WZT
u7EgFa4Bbp2beD585S4qMpi9UBtHYCpQ34TGZa/nbUBuU9sUnOQ+pyuIhv3JEPvI
sPLkQ1F7pvmAEQOEI9x55cLmJEAbIspzXIaVsy6IfmOgQJO9PbIG3YmDT6Y+r6eX
yNl4+qInK6B+rLg5jSK+o1hB/QZP6n49c+izDf0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:35 2024 by rpki-client on console-ams.rpki-client.org