Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/Zh9F3dTHMGQ0mKPYfvJYznqZaFQ.roa
File: Zh9F3dTHMGQ0mKPYfvJYznqZaFQ.roa (raw, json)
Hash identifier: L5qg72nUdsG4YeNf2T38ROU6KGYN83Ls+5NUi5RMP34=
Subject key identifier: 66:1F:45:DD:D4:C7:30:64:34:98:A3:D8:7E:F2:58:CE:7A:99:68:54
Certificate issuer: /CN=76a75826e991225a429ff8a1e7ffdc80466420df
Certificate serial: 01856F54AB989435924DD0296EE466BBFB66
Authority key identifier: 76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/Zh9F3dTHMGQ0mKPYfvJYznqZaFQ.roa
Signing time: Sun 01 Jan 2023 21:54:58 +0000
ROA not before: Sun 01 Jan 2023 21:54:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47610
IP address blocks: 192.44.11.0/24 maxlen: 24
192.102.148.0/24 maxlen: 24
153.96.180.0/24 maxlen: 24
153.96.208.0/23 maxlen: 23
129.233.212.0/24 maxlen: 24
129.233.213.0/24 maxlen: 24
2a03:db80:2c10::/48 maxlen: 48
2a03:db80:2c14::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 02 Jan 2024 02:29:30 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:54:ab:98:94:35:92:4d:d0:29:6e:e4:66:bb:fb:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=76a75826e991225a429ff8a1e7ffdc80466420df
Validity
Not Before: Jan 1 21:54:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=661f45ddd4c730643498a3d87ef258ce7a996854
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:75:58:37:35:63:72:a7:09:88:bf:0a:b1:15:
8d:93:b7:ef:3d:b7:b0:d7:2a:b0:03:55:bf:85:2b:
0a:9b:8d:f6:38:a9:57:dc:b9:e2:cb:d5:5b:01:a2:
9e:0f:2f:d8:9b:00:00:76:33:bf:d4:cf:93:e2:26:
aa:85:e1:b4:62:a1:24:72:94:df:3c:7c:fe:0e:4e:
31:9d:81:ee:d9:c5:02:2a:70:ae:1d:dd:37:d3:a9:
c1:aa:c0:e0:82:5a:ee:04:32:48:64:95:a5:66:1b:
cf:ab:aa:01:09:35:8d:04:80:4a:59:14:25:41:de:
f1:78:1a:38:cb:0c:43:6f:ef:87:fe:6e:40:35:18:
b5:82:80:b1:84:24:89:5b:31:94:21:aa:08:a4:55:
10:84:61:16:51:c2:10:83:d8:2d:d1:90:0d:4d:17:
b8:25:7c:d4:dd:4a:d7:94:44:05:24:5f:10:9f:b2:
47:c1:96:75:0f:d2:39:d0:0f:3a:5e:b3:8a:6c:b2:
6f:89:90:f9:dc:83:85:62:1f:d8:1d:a7:e9:eb:95:
68:70:db:db:9e:2c:d1:25:61:7b:26:f3:12:ec:a5:
76:8b:ef:c7:f9:3a:7f:78:ca:61:6e:a6:56:20:d5:
3d:9f:c5:c5:71:49:9a:36:d2:f2:b4:05:df:1a:b1:
ae:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:1F:45:DD:D4:C7:30:64:34:98:A3:D8:7E:F2:58:CE:7A:99:68:54
X509v3 Authority Key Identifier:
keyid:76:A7:58:26:E9:91:22:5A:42:9F:F8:A1:E7:FF:DC:80:46:64:20:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqdYJumRIlpCn_ih5__cgEZkIN8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/Zh9F3dTHMGQ0mKPYfvJYznqZaFQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/1d33ca-8d1c-49c0-be97-ad8fbeaa8dd9/1/dqdYJumRIlpCn_ih5__cgEZkIN8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
129.233.212.0/23
153.96.180.0/24
153.96.208.0/23
192.44.11.0/24
192.102.148.0/24
IPv6:
2a03:db80:2c10::/48
2a03:db80:2c14::/48
Signature Algorithm: sha256WithRSAEncryption
5d:30:9a:a9:10:21:ff:bd:da:0c:cc:bc:57:d5:98:86:ca:f8:
3c:6b:57:0a:0b:da:5e:a4:1e:91:e1:31:7c:b6:9d:39:5a:c7:
9f:ae:53:8f:a2:3c:8a:ba:07:38:5c:9e:e9:d6:42:67:bf:b4:
aa:11:73:43:4e:62:8b:17:c8:d2:b3:f6:df:b5:96:64:c4:e1:
cb:ea:c2:a8:06:c0:5c:29:68:9e:cb:1f:66:04:59:67:81:82:
19:0d:d5:10:f5:63:6a:cc:d5:9d:08:c3:01:b9:25:12:7f:4b:
ec:80:53:c1:1f:ff:56:b3:7c:bb:89:09:60:88:67:43:70:60:
f6:1a:40:c5:d2:88:3e:9e:95:df:06:94:ce:0b:49:92:c3:8e:
7c:77:38:0e:c6:d0:84:c3:87:6d:03:99:2a:f3:cd:f6:a5:da:
39:b8:d1:04:53:ef:bb:c2:5a:28:50:3e:9f:39:73:0b:12:c9:
8c:7e:d7:0d:98:28:2f:6e:06:71:66:91:80:42:a1:3b:95:d0:
ab:72:fd:f2:f4:5d:32:28:32:7d:9f:3e:34:b7:e4:d7:cd:87:
96:87:91:9f:94:64:98:18:74:08:5d:72:0b:4f:d3:64:9d:e3:
9e:32:72:f9:98:e7:1c:3a:1e:50:b0:7f:de:3a:47:ae:89:ba:
52:0b:0a:21
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYVvVKuYlDWSTdApbuRmu/tmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YTc1ODI2ZTk5MTIyNWE0MjlmZjhhMWU3ZmZkYzgwNDY2
NDIwZGYwHhcNMjMwMTAxMjE1NDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjFmNDVkZGQ0YzczMDY0MzQ5OGEzZDg3ZWYyNThjZTdhOTk2ODU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinVYNzVjcqcJiL8KsRWNk7fvPbew
1yqwA1W/hSsKm432OKlX3Lniy9VbAaKeDy/YmwAAdjO/1M+T4iaqheG0YqEkcpTf
PHz+Dk4xnYHu2cUCKnCuHd0306nBqsDgglruBDJIZJWlZhvPq6oBCTWNBIBKWRQl
Qd7xeBo4ywxDb++H/m5ANRi1goCxhCSJWzGUIaoIpFUQhGEWUcIQg9gt0ZANTRe4
JXzU3UrXlEQFJF8Qn7JHwZZ1D9I50A86XrOKbLJviZD53IOFYh/YHafp65VocNvb
nizRJWF7JvMS7KV2i+/H+Tp/eMphbqZWINU9n8XFcUmaNtLytAXfGrGumwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGYfRd3UxzBkNJij2H7yWM56mWhUMB8GA1UdIwQY
MBaAFHanWCbpkSJaQp/4oef/3IBGZCDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTct
YWQ4ZmJlYWE4ZGQ5LzEvWmg5RjNkVEhNR1EwbUtQWWZ2Sll6bnFaYUZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xZDMzY2EtOGQxYy00OWMwLWJlOTctYWQ4ZmJlYWE4ZGQ5
LzEvZHFkWUp1bVJJbHBDbl9paDVfX2NnRVprSU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAkBAIAATAeAwQBgenUAwQA
mWC0AwQBmWDQAwQAwCwLAwQAwGaUMBgEAgACMBIDBwAqA9uALBADBwAqA9uALBQw
DQYJKoZIhvcNAQELBQADggEBAF0wmqkQIf+92gzMvFfVmIbK+DxrVwoL2l6kHpHh
MXy2nTlax5+uU4+iPIq6BzhcnunWQme/tKoRc0NOYosXyNKz9t+1lmTE4cvqwqgG
wFwpaJ7LH2YEWWeBghkN1RD1Y2rM1Z0IwwG5JRJ/S+yAU8Ef/1azfLuJCWCIZ0Nw
YPYaQMXSiD6eld8GlM4LSZLDjnx3OA7G0ITDh20DmSrzzfal2jm40QRT77vCWihQ
Pp85cwsSyYx+1w2YKC9uBnFmkYBCoTuV0Kty/fL0XTIoMn2fPjS35NfNh5aHkZ+U
ZJgYdAhdcgtP02Sd454ycvmY5xw6HlCwf946R66JulILCiE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:27:59 2024 by rpki-client on console-fra.rpki-client.org