Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/LCSO6PuQlSsJDDqixMOh5V06V3I.roa
File: LCSO6PuQlSsJDDqixMOh5V06V3I.roa (raw, json)
Hash identifier: F7nEUNrEDLzsfg5uffosuvO9nYcZaThnVodfbjreT6w=
Subject key identifier: 2C:24:8E:E8:FB:90:95:2B:09:0C:3A:A2:C4:C3:A1:E5:5D:3A:57:72
Certificate issuer: /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial: 0187C33DD43C9891A7AA688FDEC1BD7B1C85
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/LCSO6PuQlSsJDDqixMOh5V06V3I.roa
Signing time: Thu 27 Apr 2023 15:03:41 +0000
ROA not before: Thu 27 Apr 2023 15:03:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12541
IP address blocks: 213.9.128.0/17 maxlen: 17
213.9.142.0/23 maxlen: 23
213.9.144.0/24 maxlen: 24
213.9.162.0/23 maxlen: 23
212.49.189.0/24 maxlen: 24
212.66.161.0/24 maxlen: 24
212.66.163.0/24 maxlen: 24
212.66.164.0/22 maxlen: 22
212.66.162.0/23 maxlen: 23
212.66.168.0/21 maxlen: 21
212.66.176.0/20 maxlen: 20
213.9.240.0/23 maxlen: 23
213.9.246.0/24 maxlen: 24
213.9.245.0/24 maxlen: 24
213.9.244.0/24 maxlen: 24
213.9.247.0/24 maxlen: 24
213.9.248.0/24 maxlen: 24
213.9.182.0/24 maxlen: 24
213.9.186.0/24 maxlen: 24
213.9.185.0/24 maxlen: 24
213.9.190.0/23 maxlen: 23
213.9.217.0/24 maxlen: 24
212.163.185.0/24 maxlen: 24
212.163.193.0/24 maxlen: 24
212.163.92.0/24 maxlen: 24
212.163.94.0/24 maxlen: 24
212.163.130.0/24 maxlen: 24
212.49.128.0/18 maxlen: 18
212.49.129.0/24 maxlen: 24
212.163.216.0/22 maxlen: 22
212.163.220.0/22 maxlen: 22
212.163.225.0/24 maxlen: 24
212.163.226.0/24 maxlen: 24
212.163.227.0/24 maxlen: 24
212.163.235.0/24 maxlen: 24
185.66.60.0/24 maxlen: 24
185.66.62.0/24 maxlen: 24
185.66.61.0/24 maxlen: 24
185.66.60.0/22 maxlen: 22
212.163.240.0/20 maxlen: 20
84.18.0.0/19 maxlen: 19
213.192.216.0/21 maxlen: 21
213.192.224.0/22 maxlen: 22
213.192.228.0/23 maxlen: 23
213.192.232.0/22 maxlen: 22
213.192.235.0/24 maxlen: 24
213.192.239.0/24 maxlen: 24
213.192.238.0/24 maxlen: 24
213.192.240.0/24 maxlen: 24
213.192.242.0/23 maxlen: 23
213.192.244.0/23 maxlen: 23
213.192.241.0/24 maxlen: 24
213.192.246.0/24 maxlen: 24
213.192.252.0/23 maxlen: 23
213.192.248.0/21 maxlen: 21
213.192.253.0/24 maxlen: 24
213.192.251.0/24 maxlen: 24
213.192.249.0/24 maxlen: 24
213.192.247.0/24 maxlen: 24
213.192.255.0/24 maxlen: 24
213.192.254.0/24 maxlen: 24
212.163.48.0/24 maxlen: 24
212.163.91.0/24 maxlen: 24
212.163.1.0/24 maxlen: 24
212.163.0.0/16 maxlen: 16
212.163.5.0/24 maxlen: 24
212.163.31.0/24 maxlen: 24
92.60.160.0/20 maxlen: 20
92.60.170.0/24 maxlen: 24
92.60.174.0/24 maxlen: 24
92.60.173.0/24 maxlen: 24
213.192.193.0/24 maxlen: 24
213.192.192.0/18 maxlen: 18
213.192.203.0/24 maxlen: 24
213.192.200.0/22 maxlen: 22
213.192.206.0/23 maxlen: 23
213.192.212.0/22 maxlen: 22
213.192.213.0/24 maxlen: 24
2001:ac0:30fd::/48 maxlen: 48
2001:ac0::/32 maxlen: 32
2001:ac0:c040::/44 maxlen: 44
2001:ac0:c0c0::/44 maxlen: 44
2001:ac0:c880::/44 maxlen: 44
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:c3:3d:d4:3c:98:91:a7:aa:68:8f:de:c1:bd:7b:1c:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Validity
Not Before: Apr 27 15:03:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2c248ee8fb90952b090c3aa2c4c3a1e55d3a5772
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:f7:9a:46:15:2d:16:ac:73:81:90:f4:26:38:
fd:62:68:b9:ce:4f:64:dc:86:2d:9f:a5:cb:87:97:
8d:cc:e4:3f:53:d5:1f:21:de:50:06:57:ac:29:19:
c1:83:9f:af:1a:a2:fb:81:e1:7e:a7:71:ce:5a:4b:
08:e8:c7:03:aa:01:17:5c:e5:f1:ad:0c:8c:d8:98:
78:76:bd:0d:d1:78:ad:d2:e1:3a:4b:20:61:16:ed:
07:1b:c8:67:40:bf:16:03:cd:40:d1:82:36:13:a3:
40:ee:e6:0e:dc:eb:ad:0c:12:76:49:87:97:8e:8f:
f2:bd:fb:af:17:f7:99:ac:26:de:0f:77:63:2e:4b:
97:b0:98:28:b2:0f:c0:46:70:d8:b2:3a:b9:61:f5:
b8:13:07:f8:78:70:94:ba:1b:d3:e2:00:9e:15:ee:
03:cc:c1:49:59:2c:7e:ff:4b:6b:02:5b:51:46:55:
f0:f4:81:9b:19:5f:e2:fa:77:f8:6a:f0:f2:b3:e1:
b8:29:cd:99:67:c5:69:f8:72:53:4b:67:a6:80:a3:
d3:c0:36:df:e9:0f:71:e4:9f:c0:48:5d:7f:40:ac:
71:38:32:e9:49:46:33:df:5c:94:5c:28:83:b8:81:
64:1f:66:02:e1:d7:94:4d:ae:e4:9f:aa:cf:d6:ca:
d1:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:24:8E:E8:FB:90:95:2B:09:0C:3A:A2:C4:C3:A1:E5:5D:3A:57:72
X509v3 Authority Key Identifier:
keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/LCSO6PuQlSsJDDqixMOh5V06V3I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.18.0.0/19
92.60.160.0/20
185.66.60.0/22
212.49.128.0/18
212.66.161.0-212.66.191.255
212.163.0.0/16
213.9.128.0/17
213.192.192.0/18
IPv6:
2001:ac0::/32
Signature Algorithm: sha256WithRSAEncryption
8f:7a:47:39:d1:13:ef:02:33:58:97:85:94:60:fc:5a:26:75:
cf:1c:09:66:37:9a:e1:67:e1:1b:77:48:48:ef:b9:98:5e:2f:
86:6f:d6:a8:ae:1b:af:87:62:b5:b5:18:4a:7d:49:60:fa:38:
14:2f:c4:68:58:33:62:53:27:a4:3b:43:eb:9c:41:d2:bb:3b:
5d:e1:75:de:d5:0c:d4:f4:b0:2b:8d:06:4a:61:50:d3:de:cd:
a3:5f:42:fe:2f:ca:38:54:f8:a6:cf:d7:fb:be:cf:f2:8d:3d:
54:e0:36:f9:d4:5a:8d:8f:3d:74:f7:fb:8b:c3:c8:81:b1:e7:
ae:3d:63:ac:8f:57:b6:ee:72:6e:f8:b8:4d:c7:75:37:b5:9f:
ec:00:6f:93:fb:fb:57:97:dd:b3:d2:06:19:be:4e:66:c6:09:
7d:4e:05:8f:04:6f:0d:f4:37:49:aa:1d:d1:a8:b5:e1:92:ab:
8c:e9:dc:bc:57:76:5a:aa:ca:08:c6:72:f3:82:9f:94:1d:f1:
80:fe:c8:2f:ce:20:0b:75:05:6b:af:86:52:e3:28:8b:1a:9f:
d7:99:8e:20:97:61:00:29:9d:48:f9:26:39:e7:4a:1f:e1:e6:
b8:a8:ed:c5:a0:14:01:9c:75:58:6d:32:0f:d2:ab:4a:36:e7:
d3:ac:d5:88
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYfDPdQ8mJGnqmiP3sG9exyFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjMwNDI3MTUwMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzI0OGVlOGZiOTA5NTJiMDkwYzNhYTJjNGMzYTFlNTVkM2E1NzcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApPeaRhUtFqxzgZD0Jjj9Ymi5zk9k
3IYtn6XLh5eNzOQ/U9UfId5QBlesKRnBg5+vGqL7geF+p3HOWksI6McDqgEXXOXx
rQyM2Jh4dr0N0Xit0uE6SyBhFu0HG8hnQL8WA81A0YI2E6NA7uYO3OutDBJ2SYeX
jo/yvfuvF/eZrCbeD3djLkuXsJgosg/ARnDYsjq5YfW4Ewf4eHCUuhvT4gCeFe4D
zMFJWSx+/0trAltRRlXw9IGbGV/i+nf4avDys+G4Kc2ZZ8Vp+HJTS2emgKPTwDbf
6Q9x5J/ASF1/QKxxODLpSUYz31yUXCiDuIFkH2YC4deUTa7kn6rP1srRQwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFCwkjuj7kJUrCQw6osTDoeVdOldyMB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvTENTTzZQdVFsU3NKRERxaXhNT2g1VjA2VjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA9BAIAATA3AwQFVBIAAwQE
XDygAwQCuUI8AwQG1DGAMAwDBADUQqEDBAbUQoADAwDUowMEB9UJgAMEBtXAwDAN
BAIAAjAHAwUAIAEKwDANBgkqhkiG9w0BAQsFAAOCAQEAj3pHOdET7wIzWJeFlGD8
WiZ1zxwJZjea4WfhG3dISO+5mF4vhm/WqK4br4ditbUYSn1JYPo4FC/EaFgzYlMn
pDtD65xB0rs7XeF13tUM1PSwK40GSmFQ097No19C/i/KOFT4ps/X+77P8o09VOA2
+dRajY89dPf7i8PIgbHnrj1jrI9Xtu5ybvi4Tcd1N7Wf7ABvk/v7V5fds9IGGb5O
ZsYJfU4FjwRvDfQ3Saod0ai14ZKrjOncvFd2WqrKCMZy84KflB3xgP7IL84gC3UF
a6+GUuMoixqf15mOIJdhACmdSPkmOedKH+HmuKjtxaAUAZx1WG0yD9KrSjbn06zV
iA==
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:50:21 2024 by rpki-client on console-fra.rpki-client.org