Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/CLEMhA99orl7yz_hYuRi4BnssMQ.roa
File: CLEMhA99orl7yz_hYuRi4BnssMQ.roa (raw, json)
Hash identifier: 4sB55K3u6bsteVGh4QEwc3FoXoHfQDQabP8mol43lBg=
Subject key identifier: 08:B1:0C:84:0F:7D:A2:B9:7B:CB:3F:E1:62:E4:62:E0:19:EC:B0:C4
Certificate issuer: /CN=d26a4409ea91f506d633871c6c35540d460337d1
Certificate serial: 01856F824A3CE0B3EF71C7410A79227FFC62
Authority key identifier: D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/CLEMhA99orl7yz_hYuRi4BnssMQ.roa
Signing time: Sun 01 Jan 2023 22:44:47 +0000
ROA not before: Sun 01 Jan 2023 22:44:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60203
IP address blocks: 185.43.72.0/24 maxlen: 24
171.22.10.0/24 maxlen: 24
171.22.8.0/24 maxlen: 24
171.22.11.0/24 maxlen: 24
171.22.9.0/24 maxlen: 24
185.62.21.0/24 maxlen: 24
185.62.20.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:82:4a:3c:e0:b3:ef:71:c7:41:0a:79:22:7f:fc:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d26a4409ea91f506d633871c6c35540d460337d1
Validity
Not Before: Jan 1 22:44:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=08b10c840f7da2b97bcb3fe162e462e019ecb0c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:18:81:e4:a0:47:f1:4b:c6:e4:03:66:44:62:
9b:95:d8:4e:c3:41:73:72:87:ee:99:0b:a8:21:07:
f3:7a:79:06:f3:a9:dd:d4:5f:73:97:5d:54:ad:d9:
4a:87:2c:73:db:88:67:1b:6f:6e:f8:40:98:01:77:
29:99:ff:e6:8c:3c:22:9d:57:72:39:3a:97:06:46:
47:7b:26:b6:e4:82:8a:6f:0e:cb:9e:c2:17:b9:64:
71:1c:f1:b2:7e:2f:ce:a4:a1:1b:2c:18:4d:a9:7e:
34:9d:de:3d:e4:ca:4a:f1:0d:c3:cd:0f:94:ab:be:
bf:54:f7:63:95:7a:a8:9c:c8:25:f9:60:9e:e8:9b:
ab:26:d6:e5:fb:44:33:58:40:dd:f1:89:22:2c:de:
0d:4f:b9:8a:c1:fa:d9:29:52:6a:ee:62:af:f3:a9:
45:ef:97:a9:87:e5:5d:1f:06:9f:34:be:12:9a:f9:
a9:8f:f9:20:90:11:0a:65:f3:9c:f5:e0:1f:52:0e:
9b:55:aa:09:6a:ac:11:10:4b:f0:99:a0:68:d9:4c:
99:c4:0b:b1:73:03:05:72:ee:cb:28:dd:87:cd:4f:
13:b8:7d:aa:4e:50:6b:fb:65:84:68:75:eb:78:dd:
51:fa:65:06:28:70:21:68:a0:4d:19:4e:bd:cd:fd:
94:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:B1:0C:84:0F:7D:A2:B9:7B:CB:3F:E1:62:E4:62:E0:19:EC:B0:C4
X509v3 Authority Key Identifier:
keyid:D2:6A:44:09:EA:91:F5:06:D6:33:87:1C:6C:35:54:0D:46:03:37:D1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0mpECeqR9QbWM4ccbDVUDUYDN9E.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/CLEMhA99orl7yz_hYuRi4BnssMQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/36/f41051-0810-43ff-b196-cfefdfdfbe6b/1/0mpECeqR9QbWM4ccbDVUDUYDN9E.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.22.8.0/22
185.43.72.0/24
185.62.20.0/23
Signature Algorithm: sha256WithRSAEncryption
80:39:94:20:59:a0:94:8d:7c:f1:6e:74:fe:87:a3:6b:c0:9d:
bd:9c:fe:d3:7e:98:48:ce:a8:45:54:3a:5c:89:f8:70:6d:e5:
9e:c3:5d:f1:a0:76:f9:0d:75:16:89:b7:4a:33:0a:79:11:9c:
60:60:06:3c:b8:1c:15:fd:2b:35:61:74:ff:73:65:69:c3:fc:
42:05:f6:9a:23:d2:94:06:84:8e:72:00:d3:de:9c:dd:6d:bc:
3e:dd:56:c1:06:a7:4d:76:c3:19:b9:14:4c:65:e8:20:c9:ec:
e4:9e:29:46:33:07:07:12:c0:db:55:a9:d8:6f:81:31:81:36:
af:05:6c:47:7b:58:27:e9:55:7c:77:36:53:ac:d5:f2:60:0c:
2f:1f:21:c6:f4:56:f9:45:07:04:6e:02:b9:12:6f:b0:36:67:
c4:52:63:c7:9a:a1:e4:41:1b:0c:6a:5d:d3:a5:6a:50:16:dd:
5d:c5:97:ee:89:7d:08:31:d3:2f:3a:f6:e5:31:a4:78:1e:79:
5b:0d:1b:94:3e:46:35:48:0f:4d:f3:50:fa:8a:9b:bd:44:77:
d3:07:19:ff:44:a1:59:a3:3e:64:2b:5c:68:f9:ec:d9:f3:cb:
37:10:c5:67:90:8d:f1:00:af:d3:5a:29:b2:c0:3a:68:08:d8:
25:8e:9a:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVvgko84LPvccdBCnkif/xiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNmE0NDA5ZWE5MWY1MDZkNjMzODcxYzZjMzU1NDBkNDYw
MzM3ZDEwHhcNMjMwMTAxMjI0NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGIxMGM4NDBmN2RhMmI5N2JjYjNmZTE2MmU0NjJlMDE5ZWNiMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhiB5KBH8UvG5ANmRGKbldhOw0Fz
cofumQuoIQfzenkG86nd1F9zl11UrdlKhyxz24hnG29u+ECYAXcpmf/mjDwinVdy
OTqXBkZHeya25IKKbw7LnsIXuWRxHPGyfi/OpKEbLBhNqX40nd495MpK8Q3DzQ+U
q76/VPdjlXqonMgl+WCe6JurJtbl+0QzWEDd8YkiLN4NT7mKwfrZKVJq7mKv86lF
75eph+VdHwafNL4Smvmpj/kgkBEKZfOc9eAfUg6bVaoJaqwREEvwmaBo2UyZxAux
cwMFcu7LKN2HzU8TuH2qTlBr+2WEaHXreN1R+mUGKHAhaKBNGU69zf2UqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAixDIQPfaK5e8s/4WLkYuAZ7LDEMB8GA1UdIwQY
MBaAFNJqRAnqkfUG1jOHHGw1VA1GAzfRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYt
Y2ZlZmRmZGZiZTZiLzEvQ0xFTWhBOTlvcmw3eXpfaFl1Umk0Qm5zc01RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9mNDEwNTEtMDgxMC00M2ZmLWIxOTYtY2ZlZmRmZGZiZTZi
LzEvMG1wRUNlcVI5UWJXTTRjY2JEVlVEVVlETjlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCqxYIAwQA
uStIAwQBuT4UMA0GCSqGSIb3DQEBCwUAA4IBAQCAOZQgWaCUjXzxbnT+h6NrwJ29
nP7TfphIzqhFVDpcifhwbeWew13xoHb5DXUWibdKMwp5EZxgYAY8uBwV/Ss1YXT/
c2Vpw/xCBfaaI9KUBoSOcgDT3pzdbbw+3VbBBqdNdsMZuRRMZeggyezknilGMwcH
EsDbVanYb4ExgTavBWxHe1gn6VV8dzZTrNXyYAwvHyHG9Fb5RQcEbgK5Em+wNmfE
UmPHmqHkQRsMal3TpWpQFt1dxZfuiX0IMdMvOvblMaR4HnlbDRuUPkY1SA9N81D6
ipu9RHfTBxn/RKFZoz5kK1xo+ezZ88s3EMVnkI3xAK/TWimywDpoCNgljpoj
-----END CERTIFICATE-----
Generated at Mon Jan 1 21:27:18 2024 by rpki-client on console-fra.rpki-client.org