Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/mxZNah0gp3_iCJVscIO7OKaOZsU.roa
File: mxZNah0gp3_iCJVscIO7OKaOZsU.roa (raw, json)
Hash identifier: tVx1R15/jZY9SfnA6An8vLwdhgwDbikJzwqR+aHxRkI=
Subject key identifier: 9B:16:4D:6A:1D:20:A7:7F:E2:08:95:6C:70:83:BB:38:A6:8E:66:C5
Certificate issuer: /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial: 0186E28DC712E7F6204EB0199451B41D5DE9
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/mxZNah0gp3_iCJVscIO7OKaOZsU.roa
Signing time: Tue 14 Mar 2023 23:56:27 +0000
ROA not before: Tue 14 Mar 2023 23:56:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58329
IP address blocks: 185.158.249.0/24 maxlen: 24
194.76.225.0/24 maxlen: 24
79.132.132.0/24 maxlen: 24
31.214.157.0/24 maxlen: 24
193.242.210.0/23 maxlen: 23
79.132.129.0/24 maxlen: 24
79.132.128.0/24 maxlen: 24
79.132.133.0/24 maxlen: 24
2001:67c:2ae8::/48 maxlen: 48
2a0b:7140:6::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 02 Jan 2024 06:32:24 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e2:8d:c7:12:e7:f6:20:4e:b0:19:94:51:b4:1d:5d:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
Validity
Not Before: Mar 14 23:56:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9b164d6a1d20a77fe208956c7083bb38a68e66c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:74:38:e1:e2:28:e6:c3:52:32:70:1b:47:29:
4d:78:7c:bb:8d:59:a4:30:3a:b7:f5:75:cd:87:51:
92:4c:df:aa:41:2f:41:e1:0b:be:2a:ee:85:f1:5d:
f9:6b:b9:50:75:87:31:ed:8a:aa:4a:e8:15:c2:b9:
07:8c:d4:1f:f1:0e:10:b7:77:d7:e5:60:84:5a:e4:
9a:c8:f0:e5:f3:86:8b:1d:e5:34:02:8d:cd:5c:23:
56:1e:e5:ee:8a:ed:83:de:41:1f:e5:d0:91:b3:70:
80:68:94:8d:40:50:a4:64:a0:bc:d9:92:31:c7:b8:
22:da:4f:96:9a:ef:23:dc:2a:b7:6b:20:c4:17:d4:
d8:76:d7:13:70:d5:98:de:12:8d:e3:61:b0:91:7b:
95:49:3c:96:a8:0d:53:03:5c:cc:f7:55:2f:8c:c8:
38:6d:a2:6c:0f:f0:45:45:ac:5b:97:bf:7b:55:4a:
b8:aa:32:cc:fd:c1:2d:bb:9d:69:cd:b2:35:63:c8:
33:fd:c2:d7:04:1a:18:d8:2c:49:74:5a:7c:e0:42:
1c:c6:39:99:04:0b:ed:dd:66:a4:0c:3a:ff:c3:fe:
44:eb:d5:4c:60:34:e0:59:95:10:fc:77:4a:cc:7d:
9c:38:bf:f1:ef:38:3a:a1:35:67:79:a0:71:9d:4f:
b6:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:16:4D:6A:1D:20:A7:7F:E2:08:95:6C:70:83:BB:38:A6:8E:66:C5
X509v3 Authority Key Identifier:
keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/mxZNah0gp3_iCJVscIO7OKaOZsU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.157.0/24
79.132.128.0/23
79.132.132.0/23
185.158.249.0/24
193.242.210.0/23
194.76.225.0/24
IPv6:
2001:67c:2ae8::/48
2a0b:7140:6::/48
Signature Algorithm: sha256WithRSAEncryption
66:e5:1d:f6:ff:df:bf:86:0e:dc:e8:a8:ea:16:ed:04:6e:76:
e2:82:46:2f:78:b5:a1:56:5e:82:a3:55:0f:a6:97:1f:19:02:
75:df:5f:97:ed:46:8d:3a:0e:4e:64:d0:07:07:e9:49:e3:7b:
fb:96:58:7b:7e:2d:06:30:53:da:cd:1f:9f:d8:02:c2:6c:d6:
2d:31:50:83:b8:fa:53:4c:45:28:1a:9f:a2:28:75:c7:c1:ae:
9a:61:8b:e9:7f:6d:45:1e:eb:01:54:7d:cc:19:bc:06:dd:96:
b8:b4:e7:e1:5e:b5:0a:25:72:30:02:13:83:05:4a:ef:ff:7b:
c6:af:ef:5e:38:24:be:88:76:9e:5e:66:1c:a2:fe:73:5c:b6:
2e:df:5a:2d:b5:35:83:97:8f:db:6f:6d:7f:3c:d3:54:7c:f2:
51:30:1c:0d:57:7d:90:39:50:6a:05:b8:2e:e2:59:94:56:6a:
74:4d:16:48:79:55:8b:1b:cd:e3:0c:27:20:59:2b:c9:45:6d:
c5:ad:03:f1:da:af:85:d8:da:21:91:f8:ef:37:a0:69:d7:72:
f0:1a:81:c4:7a:ae:52:46:b0:a9:ae:1e:f4:5d:e0:6f:cd:07:
9d:b2:f7:89:2e:96:bc:25:4b:c4:80:61:20:b4:3d:72:b3:cd:
1e:9e:5e:38
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAYbijccS5/YgTrAZlFG0HV3pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjMwMzE0MjM1NjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjE2NGQ2YTFkMjBhNzdmZTIwODk1NmM3MDgzYmIzOGE2OGU2NmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnQ44eIo5sNSMnAbRylNeHy7jVmk
MDq39XXNh1GSTN+qQS9B4Qu+Ku6F8V35a7lQdYcx7YqqSugVwrkHjNQf8Q4Qt3fX
5WCEWuSayPDl84aLHeU0Ao3NXCNWHuXuiu2D3kEf5dCRs3CAaJSNQFCkZKC82ZIx
x7gi2k+Wmu8j3Cq3ayDEF9TYdtcTcNWY3hKN42GwkXuVSTyWqA1TA1zM91UvjMg4
baJsD/BFRaxbl797VUq4qjLM/cEtu51pzbI1Y8gz/cLXBBoY2CxJdFp84EIcxjmZ
BAvt3WakDDr/w/5E69VMYDTgWZUQ/HdKzH2cOL/x7zg6oTVneaBxnU+26wIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFJsWTWodIKd/4giVbHCDuzimjmbFMB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvbXhaTmFoMGdwM19pQ0pWc2NJTzdPS2FPWnNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjAqBAIAATAkAwQAH9adAwQB
T4SAAwQBT4SEAwQAuZ75AwQBwfLSAwQAwkzhMBgEAgACMBIDBwAgAQZ8KugDBwAq
C3FAAAYwDQYJKoZIhvcNAQELBQADggEBAGblHfb/37+GDtzoqOoW7QRuduKCRi94
taFWXoKjVQ+mlx8ZAnXfX5ftRo06Dk5k0AcH6Unje/uWWHt+LQYwU9rNH5/YAsJs
1i0xUIO4+lNMRSgan6IodcfBrpphi+l/bUUe6wFUfcwZvAbdlri05+FetQolcjAC
E4MFSu//e8av7144JL6Idp5eZhyi/nNcti7fWi21NYOXj9tvbX8801R88lEwHA1X
fZA5UGoFuC7iWZRWanRNFkh5VYsbzeMMJyBZK8lFbcWtA/Har4XY2iGR+O83oGnX
cvAagcR6rlJGsKmuHvRd4G/NB52y94kulrwlS8SAYSC0PXKzzR6eXjg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org