Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/dOwcB-MrcryKZAdIYhfJU1RQBfI.roa
File: dOwcB-MrcryKZAdIYhfJU1RQBfI.roa (raw, json)
Hash identifier: h24Z3fGLQAMZ5+0q3MIZSj4ALsJw08NCjRk3bbYHik0=
Subject key identifier: 74:EC:1C:07:E3:2B:72:BC:8A:64:07:48:62:17:C9:53:54:50:05:F2
Certificate issuer: /CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Certificate serial: 0189207EAB09A13F15AB857AAC0A5610346D
Authority key identifier: 40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/dOwcB-MrcryKZAdIYhfJU1RQBfI.roa
Signing time: Tue 04 Jul 2023 10:41:59 +0000
ROA not before: Tue 04 Jul 2023 10:41:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5606
IP address blocks: 195.246.242.0/23 maxlen: 23
89.33.236.0/23 maxlen: 23
185.171.186.0/24 maxlen: 24
93.119.152.0/24 maxlen: 24
93.119.153.0/24 maxlen: 24
89.40.16.0/24 maxlen: 24
89.40.17.0/24 maxlen: 24
188.214.105.0/24 maxlen: 24
89.40.19.0/24 maxlen: 24
89.40.18.0/24 maxlen: 24
89.46.6.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:20:7e:ab:09:a1:3f:15:ab:85:7a:ac:0a:56:10:34:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=408af485b4fd0f03717cd4a709ef11c61d3ef46e
Validity
Not Before: Jul 4 10:41:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=74ec1c07e32b72bc8a6407486217c953545005f2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:da:a7:19:8f:6c:9e:ab:0b:b3:94:a7:66:ba:
65:23:1a:64:f0:6b:c8:34:81:31:9f:44:80:95:32:
2d:ab:d4:85:f6:14:2a:6b:a7:32:07:26:09:15:47:
13:07:36:fb:d2:f8:3d:9d:eb:1c:1c:13:9d:c6:6b:
b5:53:50:28:b8:84:0e:18:ba:2a:11:e1:33:70:bd:
6c:aa:ad:18:60:12:8b:dc:be:d4:eb:a2:07:9e:ee:
1c:6e:fa:2f:c2:9f:d1:6e:8a:00:82:0e:8a:e5:bd:
bb:3d:a4:b0:1b:3f:63:1e:ad:45:b1:ef:f2:dd:6d:
84:03:3f:63:eb:f0:68:7d:f0:77:d4:37:91:d6:92:
ae:e0:21:93:25:86:f3:f5:de:4b:40:e7:f7:4c:a5:
bf:9b:f9:09:58:98:f8:bc:b0:ef:07:66:85:a1:c8:
c0:bb:f5:42:15:ef:58:e5:c5:01:ac:f9:92:76:6a:
1e:3c:38:35:f1:1e:14:11:b8:12:42:e2:89:f9:45:
54:f7:89:f6:b3:9f:1c:63:56:21:79:0b:08:28:77:
55:fa:2e:2d:26:18:ef:2c:61:ec:b4:5e:f0:7c:44:
3c:c2:0a:73:dd:cf:89:ad:20:57:92:69:b2:1e:9d:
f4:f9:9a:c8:3a:0c:3e:25:91:27:5f:b5:08:36:b8:
12:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:EC:1C:07:E3:2B:72:BC:8A:64:07:48:62:17:C9:53:54:50:05:F2
X509v3 Authority Key Identifier:
keyid:40:8A:F4:85:B4:FD:0F:03:71:7C:D4:A7:09:EF:11:C6:1D:3E:F4:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/dOwcB-MrcryKZAdIYhfJU1RQBfI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/e1171c-5270-49cd-9379-b95b08a23ae1/1/QIr0hbT9DwNxfNSnCe8Rxh0-9G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.33.236.0/23
89.40.16.0/22
89.46.6.0/24
93.119.152.0/23
185.171.186.0/24
188.214.105.0/24
195.246.242.0/23
Signature Algorithm: sha256WithRSAEncryption
00:5a:22:81:d8:db:c5:eb:4d:40:c5:27:65:9e:fd:43:cb:b0:
87:3c:a7:b7:e1:0c:49:71:59:a7:dc:43:35:c3:7a:63:66:69:
42:f5:6f:a2:dd:ee:12:f4:e0:60:a5:81:0e:57:aa:b3:4a:b7:
2c:0a:97:9c:c0:27:7b:7e:54:9a:b2:d5:39:e0:24:60:35:ba:
0d:9e:21:8f:3c:23:9e:70:73:49:d1:02:2c:d7:b2:2b:86:9c:
69:46:1b:a6:95:69:6a:c3:b5:73:3e:e4:27:4f:39:ec:c1:01:
bc:27:85:b4:e0:ba:0e:aa:5e:e6:07:d5:ee:ae:fc:f8:24:e1:
7b:5a:8f:4f:44:36:bd:3a:83:d1:7d:4d:8f:11:65:04:9b:57:
9c:ee:3a:88:07:78:8c:3e:df:cd:38:f3:94:b3:5d:55:7c:b2:
5b:59:2d:10:c2:cc:7c:50:da:0f:35:51:a5:55:ca:63:93:64:
ca:8d:f6:65:7f:d1:ea:76:51:d4:66:46:e9:3d:23:dd:2f:e2:
fc:bd:1a:e8:6f:69:ce:02:6f:ac:b1:6e:e5:81:69:1b:9f:ba:
50:c3:6c:03:ad:15:4d:b0:c4:9a:9e:a7:fe:02:37:a7:69:08:
61:aa:65:ba:e6:46:d4:31:c9:ef:bc:89:91:3f:81:93:fb:40:
ac:e7:37:21
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYkgfqsJoT8Vq4V6rApWEDRtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwOGFmNDg1YjRmZDBmMDM3MTdjZDRhNzA5ZWYxMWM2MWQz
ZWY0NmUwHhcNMjMwNzA0MTA0MTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVjMWMwN2UzMmI3MmJjOGE2NDA3NDg2MjE3Yzk1MzU0NTAwNWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NqnGY9snqsLs5SnZrplIxpk8GvI
NIExn0SAlTItq9SF9hQqa6cyByYJFUcTBzb70vg9nescHBOdxmu1U1AouIQOGLoq
EeEzcL1sqq0YYBKL3L7U66IHnu4cbvovwp/RbooAgg6K5b27PaSwGz9jHq1Fse/y
3W2EAz9j6/BoffB31DeR1pKu4CGTJYbz9d5LQOf3TKW/m/kJWJj4vLDvB2aFocjA
u/VCFe9Y5cUBrPmSdmoePDg18R4UEbgSQuKJ+UVU94n2s58cY1YheQsIKHdV+i4t
JhjvLGHstF7wfEQ8wgpz3c+JrSBXkmmyHp30+ZrIOgw+JZEnX7UINrgSBwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFHTsHAfjK3K8imQHSGIXyVNUUAXyMB8GA1UdIwQY
MBaAFECK9IW0/Q8DcXzUpwnvEcYdPvRuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzkt
Yjk1YjA4YTIzYWUxLzEvZE93Y0ItTXJjcnlLWkFkSVloZkpVMVJRQmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lMTE3MWMtNTI3MC00OWNkLTkzNzktYjk1YjA4YTIzYWUx
LzEvUUlyMGhiVDlEd054Zk5TbkNlOFJ4aDAtOUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBWSHsAwQC
WSgQAwQAWS4GAwQBXXeYAwQAuau6AwQAvNZpAwQBw/byMA0GCSqGSIb3DQEBCwUA
A4IBAQAAWiKB2NvF601AxSdlnv1Dy7CHPKe34QxJcVmn3EM1w3pjZmlC9W+i3e4S
9OBgpYEOV6qzSrcsCpecwCd7flSastU54CRgNboNniGPPCOecHNJ0QIs17Irhpxp
RhumlWlqw7VzPuQnTznswQG8J4W04LoOql7mB9Xurvz4JOF7Wo9PRDa9OoPRfU2P
EWUEm1ec7jqIB3iMPt/NOPOUs11VfLJbWS0Qwsx8UNoPNVGlVcpjk2TKjfZlf9Hq
dlHUZkbpPSPdL+L8vRrob2nOAm+ssW7lgWkbn7pQw2wDrRVNsMSanqf+AjenaQhh
qmW65kbUMcnvvImRP4GT+0Cs5zch
-----END CERTIFICATE-----
Generated at Mon Jan 1 04:40:09 2024 by rpki-client on console-ams.rpki-client.org