Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/jXUFHFzD4_pZlaRu43tqfXzsjTc.roa
File: jXUFHFzD4_pZlaRu43tqfXzsjTc.roa (raw, json)
Hash identifier: sFr1ShVOh8Zo2hqqV5p8vwAXcWGZDIo+R7NnpOh6H3Y=
Subject key identifier: 8D:75:05:1C:5C:C3:E3:FA:59:95:A4:6E:E3:7B:6A:7D:7C:EC:8D:37
Certificate issuer: /CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Certificate serial: 018DB181AC16255EDFEC3183E24D0FA9568E
Authority key identifier: EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/jXUFHFzD4_pZlaRu43tqfXzsjTc.roa
Signing time: Fri 16 Feb 2024 10:41:21 +0000
ROA not before: Fri 16 Feb 2024 10:41:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8903
IP address blocks: 84.18.0.0/19 maxlen: 19
92.60.160.0/20 maxlen: 20
92.60.170.0/24 maxlen: 24
92.60.173.0/24 maxlen: 24
92.60.174.0/24 maxlen: 24
185.66.60.0/22 maxlen: 22
185.66.60.0/24 maxlen: 24
185.66.61.0/24 maxlen: 24
185.66.62.0/24 maxlen: 24
212.49.128.0/18 maxlen: 18
212.49.129.0/24 maxlen: 24
212.49.189.0/24 maxlen: 24
212.66.161.0/24 maxlen: 24
212.66.162.0/23 maxlen: 23
212.66.163.0/24 maxlen: 24
212.66.164.0/22 maxlen: 22
212.66.168.0/21 maxlen: 21
212.66.176.0/20 maxlen: 20
212.163.0.0/16 maxlen: 16
212.163.1.0/24 maxlen: 24
212.163.5.0/24 maxlen: 24
212.163.31.0/24 maxlen: 24
212.163.48.0/24 maxlen: 24
212.163.91.0/24 maxlen: 24
212.163.92.0/24 maxlen: 24
212.163.94.0/24 maxlen: 24
212.163.130.0/24 maxlen: 24
212.163.185.0/24 maxlen: 24
212.163.193.0/24 maxlen: 24
212.163.216.0/22 maxlen: 22
212.163.220.0/22 maxlen: 22
212.163.225.0/24 maxlen: 24
212.163.226.0/24 maxlen: 24
212.163.227.0/24 maxlen: 24
212.163.235.0/24 maxlen: 24
212.163.240.0/20 maxlen: 20
213.9.128.0/17 maxlen: 17
213.9.142.0/23 maxlen: 23
213.9.144.0/24 maxlen: 24
213.9.162.0/23 maxlen: 23
213.9.182.0/24 maxlen: 24
213.9.185.0/24 maxlen: 24
213.9.186.0/24 maxlen: 24
213.9.190.0/23 maxlen: 23
213.9.217.0/24 maxlen: 24
213.9.240.0/23 maxlen: 23
213.9.244.0/24 maxlen: 24
213.9.245.0/24 maxlen: 24
213.9.246.0/24 maxlen: 24
213.9.247.0/24 maxlen: 24
213.9.248.0/24 maxlen: 24
213.192.192.0/18 maxlen: 18
213.192.193.0/24 maxlen: 24
213.192.200.0/22 maxlen: 22
213.192.203.0/24 maxlen: 24
213.192.206.0/23 maxlen: 23
213.192.212.0/22 maxlen: 22
213.192.213.0/24 maxlen: 24
213.192.216.0/21 maxlen: 21
213.192.224.0/22 maxlen: 22
213.192.228.0/23 maxlen: 23
213.192.232.0/22 maxlen: 22
213.192.238.0/24 maxlen: 24
213.192.239.0/24 maxlen: 24
213.192.240.0/24 maxlen: 24
213.192.241.0/24 maxlen: 24
213.192.242.0/23 maxlen: 23
213.192.244.0/23 maxlen: 23
213.192.246.0/24 maxlen: 24
213.192.247.0/24 maxlen: 24
213.192.248.0/21 maxlen: 21
213.192.249.0/24 maxlen: 24
213.192.251.0/24 maxlen: 24
213.192.252.0/23 maxlen: 23
213.192.253.0/24 maxlen: 24
213.192.254.0/24 maxlen: 24
213.192.255.0/24 maxlen: 24
2001:ac0::/32 maxlen: 32
2001:ac0:30fd::/48 maxlen: 48
2001:ac0:c040::/44 maxlen: 44
2001:ac0:c0c0::/44 maxlen: 44
2001:ac0:c880::/44 maxlen: 44
Validation: Failed, certificate revoked on Wed 21 Feb 2024 17:28:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:b1:81:ac:16:25:5e:df:ec:31:83:e2:4d:0f:a9:56:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ef3e71b96992da3d91c88dd74ef41f9b95b9485b
Validity
Not Before: Feb 16 10:41:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8d75051c5cc3e3fa5995a46ee37b6a7d7cec8d37
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:f2:35:7b:19:9b:e1:ad:a3:f3:82:23:e8:c6:
93:04:36:b4:ed:67:e3:16:00:50:2d:37:9e:68:83:
ff:df:69:76:d9:e4:3f:4a:a7:e6:2a:a5:f2:4c:05:
16:6b:1f:8d:7b:c6:8b:b9:72:68:39:93:1e:0f:2e:
9f:1e:d4:e9:e1:ce:a3:45:e9:03:b8:ad:16:a8:bd:
5b:04:16:53:2b:1e:b4:37:04:ed:b4:fa:8b:94:45:
7e:df:65:ac:3b:b5:49:82:91:2b:47:18:d8:23:a3:
84:df:c7:bb:f7:e6:00:63:76:7e:ae:d8:01:ee:c2:
bd:d8:d4:a4:92:01:48:72:46:0c:3c:a5:c4:e3:c4:
00:c5:65:98:82:c0:58:14:a8:14:41:e9:a6:83:bc:
2e:96:0d:a4:7e:3f:12:86:38:ca:a1:08:44:c5:b0:
ea:5f:23:d3:55:83:49:a0:92:73:b8:26:a7:49:1d:
fd:b4:df:8a:71:53:b2:96:01:61:0a:bd:e9:75:46:
d4:1b:d0:fc:c3:71:15:53:2a:43:2b:26:44:44:5e:
3c:fe:3b:a7:61:8e:ff:38:78:53:ff:d4:5e:a1:8e:
dc:9f:f3:a6:b9:a9:2f:67:17:21:61:15:92:98:0a:
d9:6b:bb:d2:f9:10:f2:eb:c0:52:80:20:21:ed:74:
a8:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:75:05:1C:5C:C3:E3:FA:59:95:A4:6E:E3:7B:6A:7D:7C:EC:8D:37
X509v3 Authority Key Identifier:
keyid:EF:3E:71:B9:69:92:DA:3D:91:C8:8D:D7:4E:F4:1F:9B:95:B9:48:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7z5xuWmS2j2RyI3XTvQfm5W5SFs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/jXUFHFzD4_pZlaRu43tqfXzsjTc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/ad4e57-d901-4485-98d2-9196ce446527/1/7z5xuWmS2j2RyI3XTvQfm5W5SFs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.18.0.0/19
92.60.160.0/20
185.66.60.0/22
212.49.128.0/18
212.66.161.0-212.66.191.255
212.163.0.0/16
213.9.128.0/17
213.192.192.0/18
IPv6:
2001:ac0::/32
Signature Algorithm: sha256WithRSAEncryption
53:e6:cf:3e:89:44:fd:f9:a6:af:ae:c1:06:f4:c0:ba:33:04:
c4:e8:d0:81:d9:b9:68:c4:c9:8e:b8:a5:b0:d9:1a:0c:13:59:
d9:24:3f:40:26:ca:ee:7f:87:6b:e0:ac:fb:9d:51:d9:29:d5:
28:82:ab:ae:bd:8f:2f:0d:43:a7:1a:f0:a1:e9:be:5e:7f:df:
c1:12:dd:67:aa:46:de:56:54:5f:5a:db:ab:03:c5:04:e0:76:
33:e3:61:1a:e5:78:ae:8e:df:c4:1f:b5:ae:e0:ee:b0:4c:2d:
78:71:b4:88:82:4a:e9:1a:bd:62:a6:34:1c:1b:29:b5:d9:fa:
a8:f6:cf:13:89:17:a6:de:14:6a:e8:97:d3:d9:38:b0:4b:d3:
20:a0:1a:8d:2b:ef:a0:8a:27:35:bc:c2:f7:13:16:3c:df:1b:
a2:97:a0:3c:3f:6f:02:9d:b4:a8:2e:5d:cb:0d:a1:0e:7d:32:
d4:89:e2:28:47:74:6f:7b:cd:5b:55:8a:42:f7:12:da:ec:e3:
e1:c4:b1:b8:20:d2:c1:c6:9f:cc:07:2a:24:49:da:dd:ca:d2:
7b:53:9d:50:ed:9a:ba:1d:da:b2:10:f3:13:98:1a:13:8e:36:
5f:20:02:f4:66:71:87:5f:4c:d0:dc:0a:fd:58:1b:db:05:41:
d5:02:5b:95
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAY2xgawWJV7f7DGD4k0PqVaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmM2U3MWI5Njk5MmRhM2Q5MWM4OGRkNzRlZjQxZjliOTVi
OTQ4NWIwHhcNMjQwMjE2MTA0MTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDc1MDUxYzVjYzNlM2ZhNTk5NWE0NmVlMzdiNmE3ZDdjZWM4ZDM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/I1exmb4a2j84Ij6MaTBDa07Wfj
FgBQLTeeaIP/32l22eQ/SqfmKqXyTAUWax+Ne8aLuXJoOZMeDy6fHtTp4c6jRekD
uK0WqL1bBBZTKx60NwTttPqLlEV+32WsO7VJgpErRxjYI6OE38e79+YAY3Z+rtgB
7sK92NSkkgFIckYMPKXE48QAxWWYgsBYFKgUQemmg7wulg2kfj8ShjjKoQhExbDq
XyPTVYNJoJJzuCanSR39tN+KcVOylgFhCr3pdUbUG9D8w3EVUypDKyZERF48/jun
YY7/OHhT/9ReoY7cn/OmuakvZxchYRWSmArZa7vS+RDy68BSgCAh7XSo3QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFI11BRxcw+P6WZWkbuN7an187I03MB8GA1UdIwQY
MBaAFO8+cblpkto9kciN1070H5uVuUhbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDIt
OTE5NmNlNDQ2NTI3LzEvalhVRkhGekQ0X3BabGFSdTQzdHFmWHpzalRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9hZDRlNTctZDkwMS00NDg1LTk4ZDItOTE5NmNlNDQ2NTI3
LzEvN3o1eHVXbVMyajJSeUkzWFR2UWZtNVc1U0ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA9BAIAATA3AwQFVBIAAwQE
XDygAwQCuUI8AwQG1DGAMAwDBADUQqEDBAbUQoADAwDUowMEB9UJgAMEBtXAwDAN
BAIAAjAHAwUAIAEKwDANBgkqhkiG9w0BAQsFAAOCAQEAU+bPPolE/fmmr67BBvTA
ujMExOjQgdm5aMTJjrilsNkaDBNZ2SQ/QCbK7n+Ha+Cs+51R2SnVKIKrrr2PLw1D
pxrwoem+Xn/fwRLdZ6pG3lZUX1rbqwPFBOB2M+NhGuV4ro7fxB+1ruDusEwteHG0
iIJK6Rq9YqY0HBsptdn6qPbPE4kXpt4UauiX09k4sEvTIKAajSvvoIonNbzC9xMW
PN8bopegPD9vAp20qC5dyw2hDn0y1IniKEd0b3vNW1WKQvcS2uzj4cSxuCDSwcaf
zAcqJEna3crSe1OdUO2auh3ashDzE5gaE442XyAC9GZxh19M0NwK/Vgb2wVB1QJb
lQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:57 2024 by rpki-client on console-ams.rpki-client.org