Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/faTUf6yLbt2-xaCEs8jFE_hwZKQ.roa
File: faTUf6yLbt2-xaCEs8jFE_hwZKQ.roa (raw, json)
Hash identifier: QKw4R/5S9JAKI4RkaL7Q58rmyfCNlXLUzjpIWxVC144=
Subject key identifier: 7D:A4:D4:7F:AC:8B:6E:DD:BE:C5:A0:84:B3:C8:C5:13:F8:70:64:A4
Certificate issuer: /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial: 018D84C45AAFAE7CEB84D0B1D240BF10A4CD
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/faTUf6yLbt2-xaCEs8jFE_hwZKQ.roa
Signing time: Wed 07 Feb 2024 18:11:17 +0000
ROA not before: Wed 07 Feb 2024 18:11:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 2.56.112.0/24 maxlen: 24
2.56.113.0/24 maxlen: 24
5.183.128.0/24 maxlen: 24
94.158.191.0/24 maxlen: 24
130.255.169.0/24 maxlen: 24
146.19.137.0/24 maxlen: 24
185.218.1.0/24 maxlen: 24
193.3.22.0/24 maxlen: 24
194.32.243.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 19 Feb 2024 17:53:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:84:c4:5a:af:ae:7c:eb:84:d0:b1:d2:40:bf:10:a4:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Validity
Not Before: Feb 7 18:11:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7da4d47fac8b6eddbec5a084b3c8c513f87064a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:95:a7:4b:bb:8b:16:a8:d3:2a:10:7d:46:c1:
1e:c2:97:1f:99:fb:10:25:40:88:2f:9e:57:90:14:
cf:73:e1:05:d1:51:9b:c7:a6:6c:41:a0:9d:86:94:
4b:9e:34:3a:e1:db:41:96:a4:f8:e8:fd:77:e6:91:
8b:e3:42:97:22:12:56:9a:ee:72:74:81:c9:2f:af:
b3:0f:e3:50:54:55:51:fc:5e:d2:97:f8:f2:52:7f:
65:09:4c:28:68:d1:8f:16:2d:c0:7c:b5:40:fc:a8:
d7:7b:18:1e:48:74:94:6d:14:35:4f:aa:78:6e:4b:
22:26:ac:57:ec:b8:09:1f:f7:14:20:73:87:ad:d6:
75:39:26:39:5e:6c:1b:d8:af:a2:4f:d7:4d:af:41:
5c:d6:c3:e2:8b:8c:4c:9f:62:5e:e9:f2:5c:be:19:
9c:f9:f8:e3:95:2a:5d:b7:01:db:e2:70:10:55:89:
dc:ac:d5:78:28:69:43:46:9f:2a:e1:a9:bd:74:33:
78:c2:06:aa:c5:0f:ee:83:98:67:85:9f:e8:7d:c8:
48:77:47:ed:ca:d2:89:ab:e4:ef:e6:34:2b:5e:22:
bb:80:f7:a3:86:ca:d0:c8:1e:6c:db:12:dc:78:a0:
95:4d:95:46:96:8a:dd:a8:f5:e3:7a:7d:7b:71:91:
d5:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:A4:D4:7F:AC:8B:6E:DD:BE:C5:A0:84:B3:C8:C5:13:F8:70:64:A4
X509v3 Authority Key Identifier:
keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/faTUf6yLbt2-xaCEs8jFE_hwZKQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.112.0/23
5.183.128.0/24
94.158.191.0/24
130.255.169.0/24
146.19.137.0/24
185.218.1.0/24
193.3.22.0/24
194.32.243.0/24
Signature Algorithm: sha256WithRSAEncryption
7b:ea:87:1f:cf:e7:1c:b9:9c:a7:8f:de:ad:26:24:e8:f5:d5:
51:0e:bf:22:fc:73:32:2a:39:08:1d:ad:29:9a:7c:64:2b:83:
13:03:9f:df:11:3a:2e:7a:64:b6:d4:a1:57:ad:d5:54:4d:56:
47:69:3b:b5:54:68:bf:87:90:ca:3f:cd:54:8c:55:9c:67:a2:
f7:89:b5:1f:7f:64:fe:07:a3:0a:e4:31:26:2a:5a:6f:dd:6e:
b4:02:36:64:02:58:3c:b0:67:1f:8f:81:d8:d3:8b:a1:04:5b:
5f:ab:91:14:2c:a6:64:09:54:f1:b8:ff:46:46:73:c3:8a:ad:
c0:d3:f4:c7:93:1e:09:ac:f8:b1:2d:f0:e9:d5:5a:fe:2b:4f:
c1:04:15:c3:45:71:4a:35:5c:0a:6d:4a:75:e0:86:08:52:3d:
b3:0f:66:68:9d:f0:79:f8:fe:7a:3c:4f:9f:5f:10:4e:11:d8:
77:4e:c5:36:3d:4a:6c:b5:82:13:f9:68:cd:06:4f:34:25:5b:
d7:25:5b:bb:19:5f:da:27:09:3a:6b:7d:ab:65:ed:10:74:d0:
0a:92:ba:5e:8d:90:db:f9:43:c9:f7:37:60:57:9b:b8:61:6b:
e6:39:74:d3:a8:18:4d:a7:59:6e:18:e5:8a:78:c8:7a:30:2c:
64:0a:b4:44
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY2ExFqvrnzrhNCx0kC/EKTNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjA3MTgxMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGE0ZDQ3ZmFjOGI2ZWRkYmVjNWEwODRiM2M4YzUxM2Y4NzA2NGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZWnS7uLFqjTKhB9RsEewpcfmfsQ
JUCIL55XkBTPc+EF0VGbx6ZsQaCdhpRLnjQ64dtBlqT46P135pGL40KXIhJWmu5y
dIHJL6+zD+NQVFVR/F7Sl/jyUn9lCUwoaNGPFi3AfLVA/KjXexgeSHSUbRQ1T6p4
bksiJqxX7LgJH/cUIHOHrdZ1OSY5Xmwb2K+iT9dNr0Fc1sPii4xMn2Je6fJcvhmc
+fjjlSpdtwHb4nAQVYncrNV4KGlDRp8q4am9dDN4wgaqxQ/ug5hnhZ/ofchId0ft
ytKJq+Tv5jQrXiK7gPejhsrQyB5s2xLceKCVTZVGlordqPXjen17cZHVSQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFH2k1H+si27dvsWghLPIxRP4cGSkMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZmFUVWY2eUxidDIteGFDRXM4akZFX2h3WktRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBAjhwAwQA
BbeAAwQAXp6/AwQAgv+pAwQAkhOJAwQAudoBAwQAwQMWAwQAwiDzMA0GCSqGSIb3
DQEBCwUAA4IBAQB76ocfz+ccuZynj96tJiTo9dVRDr8i/HMyKjkIHa0pmnxkK4MT
A5/fETouemS21KFXrdVUTVZHaTu1VGi/h5DKP81UjFWcZ6L3ibUff2T+B6MK5DEm
Klpv3W60AjZkAlg8sGcfj4HY04uhBFtfq5EULKZkCVTxuP9GRnPDiq3A0/THkx4J
rPixLfDp1Vr+K0/BBBXDRXFKNVwKbUp14IYIUj2zD2ZonfB5+P56PE+fXxBOEdh3
TsU2PUpstYIT+WjNBk80JVvXJVu7GV/aJwk6a32rZe0QdNAKkrpejZDb+UPJ9zdg
V5u4YWvmOXTTqBhNp1luGOWKeMh6MCxkCrRE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:49 2024 by rpki-client on console-ams.rpki-client.org