Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/2h0ZidviaJh0w2aPJUpc2zhVDBM.roa
File: 2h0ZidviaJh0w2aPJUpc2zhVDBM.roa (raw, json)
Hash identifier: JzGSOhyCyn1Niq36ufcmUPGSsgEF/lYCWaTP4M8CAmg=
Subject key identifier: DA:1D:19:89:DB:E2:68:98:74:C3:66:8F:25:4A:5C:DB:38:55:0C:13
Certificate issuer: /CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Certificate serial: 0189FDB32BC22599530046365503B977D68E
Authority key identifier: B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/2h0ZidviaJh0w2aPJUpc2zhVDBM.roa
Signing time: Wed 16 Aug 2023 09:35:24 +0000
ROA not before: Wed 16 Aug 2023 09:35:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201508
IP address blocks: 45.94.32.0/22 maxlen: 22
194.126.152.0/22 maxlen: 22
185.4.24.0/22 maxlen: 22
185.42.0.0/22 maxlen: 22
185.182.52.0/22 maxlen: 22
185.245.212.0/22 maxlen: 22
185.65.164.0/22 maxlen: 22
46.36.192.0/21 maxlen: 21
Validation: Failed, certificate revoked on Tue 05 Sep 2023 08:24:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:fd:b3:2b:c2:25:99:53:00:46:36:55:03:b9:77:d6:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
Validity
Not Before: Aug 16 09:35:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=da1d1989dbe2689874c3668f254a5cdb38550c13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:0c:55:02:35:4d:db:f8:aa:f0:19:2d:f5:41:
3d:af:95:85:be:3b:fd:98:e8:f7:a2:2c:24:29:c0:
e1:69:6d:18:fd:4c:41:bd:12:df:ad:3f:3a:07:3f:
a3:ec:f6:ab:c3:c7:c5:2c:42:59:de:57:93:0d:22:
f1:28:f2:dd:43:19:90:28:b2:70:2f:3c:41:25:c2:
30:00:25:6a:b6:ba:2b:26:cb:5f:f1:8e:13:37:d1:
c0:7d:52:5f:2f:71:e8:5c:75:42:4e:43:46:6d:3a:
99:3f:d5:b6:8b:81:3f:57:98:e5:dd:43:13:7d:b6:
c9:1d:97:b5:d2:ff:90:c8:40:05:50:38:27:20:ea:
f0:0a:11:16:13:b3:03:56:b8:2e:aa:2e:23:ad:2c:
65:fe:53:5d:47:fd:6d:40:ba:20:7b:11:42:fd:b0:
62:1f:05:c7:ee:c8:29:9c:8f:0d:a9:48:ba:3d:8c:
5f:3b:26:97:ad:55:b3:88:3b:e3:bd:b3:77:50:a6:
da:c6:9e:e3:36:47:a6:d3:69:ac:22:68:fe:9c:c8:
e2:62:44:f4:02:e0:24:50:01:de:58:f2:8c:b4:30:
60:27:54:08:27:59:f7:c9:57:9f:76:85:d2:69:4e:
2d:8e:2f:a2:dd:47:82:ac:12:05:73:f0:80:88:0c:
90:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:1D:19:89:DB:E2:68:98:74:C3:66:8F:25:4A:5C:DB:38:55:0C:13
X509v3 Authority Key Identifier:
keyid:B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/2h0ZidviaJh0w2aPJUpc2zhVDBM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.94.32.0/22
46.36.192.0/21
185.4.24.0/22
185.42.0.0/22
185.65.164.0/22
185.182.52.0/22
185.245.212.0/22
194.126.152.0/22
Signature Algorithm: sha256WithRSAEncryption
1b:29:6c:e7:54:57:53:55:45:c5:65:06:1b:2a:2c:de:d4:00:
33:71:be:c9:30:c4:66:24:46:9e:76:86:c2:b0:ca:0e:f8:98:
14:f7:ca:fb:34:65:c4:72:d3:77:12:95:1d:ff:da:f7:04:d3:
e5:9f:35:b3:46:a0:10:45:07:82:20:f5:ef:a9:47:78:6c:70:
fc:fa:33:18:5a:bc:81:1c:ae:13:2c:6f:33:08:f1:9e:a0:48:
f3:0f:70:28:8f:aa:7f:1b:36:e7:51:77:90:24:a2:fd:39:af:
10:cf:85:9b:ae:8b:cf:30:59:b9:c5:df:87:9d:28:a8:20:86:
45:e8:b0:db:01:f0:00:a6:25:da:01:0b:51:9d:58:70:a9:39:
2a:62:6d:f5:d0:5b:17:2d:d7:08:07:cc:6a:da:9f:ed:d9:d8:
bc:ca:10:aa:9e:ca:6d:a2:53:19:cc:ec:ea:ac:45:65:65:35:
80:9e:6d:cb:cb:3d:68:e4:36:5b:f6:32:90:da:69:a5:7b:aa:
dd:42:2a:aa:36:f0:7f:3d:a4:f7:69:03:cb:cb:58:b2:7e:95:
be:1f:73:c1:3d:24:42:03:60:32:6d:28:ed:9b:9c:83:09:f5:
67:4d:76:f0:98:0d:44:2d:ce:ba:7c:c5:64:13:56:a6:48:71:
ff:1c:e8:97
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYn9syvCJZlTAEY2VQO5d9aOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NWEwNTY2ZDBiNjNhMWY4NjJkODM0NThlNGYyZWE2ZmQ4
ZjdkMjEwHhcNMjMwODE2MDkzNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTFkMTk4OWRiZTI2ODk4NzRjMzY2OGYyNTRhNWNkYjM4NTUwYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAxVAjVN2/iq8Bkt9UE9r5WFvjv9
mOj3oiwkKcDhaW0Y/UxBvRLfrT86Bz+j7Parw8fFLEJZ3leTDSLxKPLdQxmQKLJw
LzxBJcIwACVqtrorJstf8Y4TN9HAfVJfL3HoXHVCTkNGbTqZP9W2i4E/V5jl3UMT
fbbJHZe10v+QyEAFUDgnIOrwChEWE7MDVrguqi4jrSxl/lNdR/1tQLogexFC/bBi
HwXH7sgpnI8NqUi6PYxfOyaXrVWziDvjvbN3UKbaxp7jNkem02msImj+nMjiYkT0
AuAkUAHeWPKMtDBgJ1QIJ1n3yVefdoXSaU4tji+i3UeCrBIFc/CAiAyQHwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNodGYnb4miYdMNmjyVKXNs4VQwTMB8GA1UdIwQY
MBaAFLdaBWbQtjofhi2DRY5PLqb9j30hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQt
ODNmNjAxYzNmYjU5LzEvMmgwWmlkdmlhSmgwdzJhUEpVcGMyemhWREJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8xMDM1NzAtMWNmNi00MmFjLTgxZDQtODNmNjAxYzNmYjU5
LzEvdDFvRlp0QzJPaC1HTFlORmprOHVwdjJQZlNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLV4gAwQD
LiTAAwQCuQQYAwQCuSoAAwQCuUGkAwQCubY0AwQCufXUAwQCwn6YMA0GCSqGSIb3
DQEBCwUAA4IBAQAbKWznVFdTVUXFZQYbKize1AAzcb7JMMRmJEaedobCsMoO+JgU
98r7NGXEctN3EpUd/9r3BNPlnzWzRqAQRQeCIPXvqUd4bHD8+jMYWryBHK4TLG8z
CPGeoEjzD3Aoj6p/GzbnUXeQJKL9Oa8Qz4WbrovPMFm5xd+HnSioIIZF6LDbAfAA
piXaAQtRnVhwqTkqYm310FsXLdcIB8xq2p/t2di8yhCqnsptolMZzOzqrEVlZTWA
nm3Lyz1o5DZb9jKQ2mmle6rdQiqqNvB/PaT3aQPLy1iyfpW+H3PBPSRCA2AybSjt
m5yDCfVnTXbwmA1ELc66fMVkE1amSHH/HOiX
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:21 2024 by rpki-client on console-ams.rpki-client.org