Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/Ds111waHoFKFXuaYyyribzkO_S0.roa
File: Ds111waHoFKFXuaYyyribzkO_S0.roa (raw, json)
Hash identifier: XmUqIWchcOvQ01IQu4pOcxd2PMCwy2g5oHVbv2UATuo=
Subject key identifier: 0E:CD:75:D7:06:87:A0:52:85:5E:E6:98:CB:2A:E2:6F:39:0E:FD:2D
Certificate issuer: /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial: 0190A3B656E168F34D65A8AB30D490F5F230
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/Ds111waHoFKFXuaYyyribzkO_S0.roa
Signing time: Thu 11 Jul 2024 21:32:34 +0000
ROA not before: Thu 11 Jul 2024 21:32:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43139
IP address blocks: 91.196.148.0/22 maxlen: 22
94.158.80.0/20 maxlen: 20
109.207.192.0/20 maxlen: 20
178.158.192.0/18 maxlen: 24
185.199.96.0/22 maxlen: 22
195.128.24.0/23 maxlen: 23
195.128.26.0/23 maxlen: 23
2001:67c:738::/48 maxlen: 48
2a0a:9b40::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 17 Sep 2024 15:02:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:a3:b6:56:e1:68:f3:4d:65:a8:ab:30:d4:90:f5:f2:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Validity
Not Before: Jul 11 21:32:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0ecd75d70687a052855ee698cb2ae26f390efd2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:a9:1b:6c:dd:91:eb:be:53:b8:a8:17:2e:dd:
6f:de:e7:97:41:9d:8f:ec:68:f9:90:09:03:7c:66:
21:16:9f:cb:03:75:85:30:06:78:86:5b:03:02:00:
6c:12:91:7b:f0:76:93:fa:be:1f:1a:4c:00:9e:d0:
19:ee:d7:44:ed:c9:6f:64:25:42:fe:75:4b:55:83:
6a:5f:ff:b2:54:7a:1d:99:e7:45:3b:9e:22:bb:f5:
c8:41:42:4d:04:f5:9d:4e:aa:af:8d:2f:82:7b:71:
ef:10:e8:db:1f:53:cd:c6:64:5c:2f:51:ef:a9:8f:
c6:55:7b:4b:66:57:cb:c6:76:4c:7c:34:ce:18:eb:
dd:8f:1f:8a:45:95:90:06:b9:54:f9:08:0b:1c:c6:
e6:77:d3:6e:cf:19:96:c6:e3:ed:d1:f1:05:2e:e9:
59:ae:3b:bc:de:22:e1:12:4c:e6:9f:fd:7d:70:3a:
bd:52:c0:a9:7a:c3:dc:80:c3:4f:b8:a8:70:0f:ed:
4a:9b:0c:b0:03:f4:4f:d7:fb:8b:c8:f5:eb:13:49:
f4:60:d1:30:58:57:6a:3a:81:73:88:87:f6:b9:cd:
87:3e:99:fa:88:ba:52:38:3b:62:30:e8:04:f8:23:
ff:ce:34:76:92:ff:84:c8:3d:f6:1b:c7:57:1d:11:
f8:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:CD:75:D7:06:87:A0:52:85:5E:E6:98:CB:2A:E2:6F:39:0E:FD:2D
X509v3 Authority Key Identifier:
keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/Ds111waHoFKFXuaYyyribzkO_S0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.196.148.0/22
94.158.80.0/20
109.207.192.0/20
178.158.192.0/18
185.199.96.0/22
195.128.24.0/22
IPv6:
2001:67c:738::/48
2a0a:9b40::/29
Signature Algorithm: sha256WithRSAEncryption
49:c2:4a:f0:93:db:fd:f4:32:db:53:15:7e:90:af:d4:42:ab:
b8:5e:e9:81:ed:07:91:12:5e:c1:29:b7:28:cd:67:89:06:3f:
c6:60:cb:2c:97:9d:0e:49:34:b6:45:1c:90:5d:9f:49:84:69:
f5:fb:40:c3:e0:b9:09:38:6a:b1:99:e9:ef:17:0f:69:1c:68:
ed:35:62:a2:48:27:b6:30:0f:02:f2:9f:cb:60:b1:30:31:b0:
ff:79:60:42:98:86:10:4d:5f:c0:ab:cc:d3:0c:24:9d:6f:fb:
6b:7a:11:71:fc:f0:5e:7a:0c:ff:10:d8:73:73:f9:1d:34:1e:
2d:6e:d1:59:5c:59:6e:db:e1:a1:51:42:17:f8:58:a2:aa:80:
36:8c:cd:4b:63:e4:ed:ce:b7:6b:83:bc:9a:f0:a9:97:14:e3:
61:9b:c5:85:85:c6:3d:81:a5:8e:95:c9:bd:29:7f:e2:22:1a:
06:6a:47:86:48:bc:77:76:73:1f:c1:9d:de:09:63:bf:a7:f4:
50:67:0d:2d:5c:f4:5b:ac:70:5f:1e:75:f4:22:c9:14:16:4c:
1b:8f:f4:ef:47:35:64:cb:42:fc:d8:1d:d2:e1:b2:c8:31:14:
a2:a1:a4:04:1b:f7:ed:8f:2d:54:83:c1:f6:48:3b:4f:58:48:
28:51:f7:f3
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZCjtlbhaPNNZairMNSQ9fIwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjQwNzExMjEzMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWNkNzVkNzA2ODdhMDUyODU1ZWU2OThjYjJhZTI2ZjM5MGVmZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6kbbN2R675TuKgXLt1v3ueXQZ2P
7Gj5kAkDfGYhFp/LA3WFMAZ4hlsDAgBsEpF78HaT+r4fGkwAntAZ7tdE7clvZCVC
/nVLVYNqX/+yVHodmedFO54iu/XIQUJNBPWdTqqvjS+Ce3HvEOjbH1PNxmRcL1Hv
qY/GVXtLZlfLxnZMfDTOGOvdjx+KRZWQBrlU+QgLHMbmd9NuzxmWxuPt0fEFLulZ
rju83iLhEkzmn/19cDq9UsCpesPcgMNPuKhwD+1KmwywA/RP1/uLyPXrE0n0YNEw
WFdqOoFziIf2uc2HPpn6iLpSODtiMOgE+CP/zjR2kv+EyD32G8dXHRH4fwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFA7NddcGh6BShV7mmMsq4m85Dv0tMB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvRHMxMTF3YUhvRktGWHVhWXl5cmliemtPX1MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAqBAIAATAkAwQCW8SUAwQE
Xp5QAwQEbc/AAwQGsp7AAwQCucdgAwQCw4AYMBYEAgACMBADBwAgAQZ8BzgDBQMq
CptAMA0GCSqGSIb3DQEBCwUAA4IBAQBJwkrwk9v99DLbUxV+kK/UQqu4XumB7QeR
El7BKbcozWeJBj/GYMssl50OSTS2RRyQXZ9JhGn1+0DD4LkJOGqxmenvFw9pHGjt
NWKiSCe2MA8C8p/LYLEwMbD/eWBCmIYQTV/Aq8zTDCSdb/trehFx/PBeegz/ENhz
c/kdNB4tbtFZXFlu2+GhUUIX+FiiqoA2jM1LY+Ttzrdrg7ya8KmXFONhm8WFhcY9
gaWOlcm9KX/iIhoGakeGSLx3dnMfwZ3eCWO/p/RQZw0tXPRbrHBfHnX0IskUFkwb
j/TvRzVky0L82B3S4bLIMRSioaQEG/ftjy1Ug8H2SDtPWEgoUffz
-----END CERTIFICATE-----
Generated at Tue Sep 17 19:07:43 2024 by rpki-client on console-fra.rpki-client.org