Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/DEiQS3hjwskrzbAdCjmovSvn52I.roa
File: DEiQS3hjwskrzbAdCjmovSvn52I.roa (raw, json)
Hash identifier: lL9NAzie8mGoRtaaIsPsHMR1XjvM4SDN6KnqUVQ3GN0=
Subject key identifier: 0C:48:90:4B:78:63:C2:C9:2B:CD:B0:1D:0A:39:A8:BD:2B:E7:E7:62
Certificate issuer: /CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Certificate serial: 01856F5DCD4718F74517331B2D14D91E342B
Authority key identifier: DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/DEiQS3hjwskrzbAdCjmovSvn52I.roa
Signing time: Sun 01 Jan 2023 22:04:55 +0000
ROA not before: Sun 01 Jan 2023 22:04:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39855
IP address blocks: 212.124.68.0/22 maxlen: 24
212.124.72.0/22 maxlen: 24
212.124.76.0/22 maxlen: 24
212.124.86.0/24 maxlen: 24
212.124.92.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 12 Jan 2023 11:54:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:5d:cd:47:18:f7:45:17:33:1b:2d:14:d9:1e:34:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dfee2bf43f21a81c492c6e6a9fc6f074d2f0a217
Validity
Not Before: Jan 1 22:04:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0c48904b7863c2c92bcdb01d0a39a8bd2be7e762
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d8:0b:47:c9:28:51:75:c5:23:3d:fa:b6:c5:
e6:d3:a2:9f:ef:02:99:37:b0:c9:d4:bd:d9:52:de:
dc:30:58:e4:cb:ab:c5:8c:1d:e4:1b:e6:e9:b0:00:
a3:e7:46:f9:88:df:ef:0c:52:88:a2:6a:79:48:ae:
49:39:96:68:6e:80:52:c3:52:56:fd:9b:dd:87:75:
49:51:8b:ff:4d:b8:63:1d:f7:c3:b9:f4:d1:75:71:
b7:d3:23:a7:92:d8:2a:81:3a:8a:aa:c5:a5:9a:66:
2d:1f:4a:7d:90:2d:88:a0:e4:87:31:37:5b:4a:34:
89:3d:56:d2:61:bc:8e:12:54:1c:3c:29:ac:e2:22:
1e:4e:d8:1e:72:0c:a3:bb:c4:8b:04:e0:8b:02:eb:
c2:e0:89:46:bb:cd:56:48:86:dd:8a:3d:b0:27:6d:
00:9b:37:a6:62:93:1a:8c:d9:13:de:79:23:73:4a:
0e:fc:d3:31:1e:95:a4:9b:e9:60:91:6e:6f:84:7c:
e4:99:69:1d:10:bd:19:a3:2f:4d:dc:db:51:3b:79:
8b:b7:46:18:7a:68:cc:6f:2d:e5:2c:d4:a0:f0:58:
aa:2a:b0:94:a1:98:a3:0b:f1:29:a0:53:4b:37:8c:
90:e5:9b:2d:5c:6e:d7:54:d5:aa:dd:99:ef:28:07:
5c:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:48:90:4B:78:63:C2:C9:2B:CD:B0:1D:0A:39:A8:BD:2B:E7:E7:62
X509v3 Authority Key Identifier:
keyid:DF:EE:2B:F4:3F:21:A8:1C:49:2C:6E:6A:9F:C6:F0:74:D2:F0:A2:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3-4r9D8hqBxJLG5qn8bwdNLwohc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/DEiQS3hjwskrzbAdCjmovSvn52I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/40/3b3be0-54a7-410f-9d12-28d78eb9f2dc/1/3-4r9D8hqBxJLG5qn8bwdNLwohc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.124.68.0-212.124.79.255
212.124.86.0/24
212.124.92.0/24
Signature Algorithm: sha256WithRSAEncryption
51:ed:24:99:4e:0e:67:07:02:18:76:f7:d6:65:0f:b4:f9:47:
a8:f8:3d:e7:c4:aa:b3:75:3b:0a:2b:5e:7c:be:31:9e:ec:61:
c0:eb:9f:44:31:68:47:62:32:fc:ab:1e:42:b1:84:3b:c3:a1:
84:0f:9e:da:66:92:39:70:a4:ed:d8:90:26:f0:2a:e8:74:e3:
f2:81:c6:9e:f3:35:c6:7d:08:41:e5:6d:74:39:32:05:96:21:
99:8f:bf:b1:e9:d1:7e:7b:7c:34:3e:ee:0d:46:78:0f:24:b9:
8c:99:e1:b1:a0:14:c8:57:97:aa:23:38:05:7b:c5:2f:cf:e8:
bd:b0:d0:1e:32:c5:a3:f1:1f:f9:54:39:e0:26:82:68:90:ec:
5c:46:bc:5c:31:c3:d1:22:3c:eb:b2:80:93:a4:78:98:f4:bb:
5a:94:a4:31:74:ed:e7:1f:15:47:f0:90:b1:5c:71:20:37:bb:
44:81:d4:ae:8d:15:73:01:2e:50:f2:2d:02:52:0a:ef:c2:68:
14:22:bc:b0:1a:e5:61:0a:7a:d2:0b:50:7f:42:49:e9:1c:6f:
1d:88:7d:9d:e2:14:72:e5:68:3f:cb:a1:37:87:dd:55:61:2b:
fc:0b:e4:8a:90:24:50:64:ef:e6:bd:de:e0:b9:a0:1d:6e:61:
ce:bb:52:eb
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVvXc1HGPdFFzMbLRTZHjQrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmZWUyYmY0M2YyMWE4MWM0OTJjNmU2YTlmYzZmMDc0ZDJm
MGEyMTcwHhcNMjMwMTAxMjIwNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzQ4OTA0Yjc4NjNjMmM5MmJjZGIwMWQwYTM5YThiZDJiZTdlNzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9gLR8koUXXFIz36tsXm06Kf7wKZ
N7DJ1L3ZUt7cMFjky6vFjB3kG+bpsACj50b5iN/vDFKIomp5SK5JOZZoboBSw1JW
/Zvdh3VJUYv/TbhjHffDufTRdXG30yOnktgqgTqKqsWlmmYtH0p9kC2IoOSHMTdb
SjSJPVbSYbyOElQcPCms4iIeTtgecgyju8SLBOCLAuvC4IlGu81WSIbdij2wJ20A
mzemYpMajNkT3nkjc0oO/NMxHpWkm+lgkW5vhHzkmWkdEL0Zoy9N3NtRO3mLt0YY
emjMby3lLNSg8FiqKrCUoZijC/EpoFNLN4yQ5ZstXG7XVNWq3ZnvKAdcJwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFAxIkEt4Y8LJK82wHQo5qL0r5+diMB8GA1UdIwQY
MBaAFN/uK/Q/IagcSSxuap/G8HTS8KIXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTIt
MjhkNzhlYjlmMmRjLzEvREVpUVMzaGp3c2tyemJBZENqbW92U3ZuNTJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zYjNiZTAtNTRhNy00MTBmLTlkMTItMjhkNzhlYjlmMmRj
LzEvMy00cjlEOGhxQnhKTEc1cW44YndkTkx3b2hjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBALUfEQD
BATUfEADBADUfFYDBADUfFwwDQYJKoZIhvcNAQELBQADggEBAFHtJJlODmcHAhh2
99ZlD7T5R6j4PefEqrN1OworXny+MZ7sYcDrn0QxaEdiMvyrHkKxhDvDoYQPntpm
kjlwpO3YkCbwKuh04/KBxp7zNcZ9CEHlbXQ5MgWWIZmPv7Hp0X57fDQ+7g1GeA8k
uYyZ4bGgFMhXl6ojOAV7xS/P6L2w0B4yxaPxH/lUOeAmgmiQ7FxGvFwxw9EiPOuy
gJOkeJj0u1qUpDF07ecfFUfwkLFccSA3u0SB1K6NFXMBLlDyLQJSCu/CaBQivLAa
5WEKetILUH9CSekcbx2IfZ3iFHLlaD/LoTeH3VVhK/wL5IqQJFBk7+a93uC5oB1u
Yc67Uus=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:48 2024 by rpki-client on console-fra.rpki-client.org