Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/PD09oMOq8i9f25fNs1ll-Ek2TKU.roa
File: PD09oMOq8i9f25fNs1ll-Ek2TKU.roa (raw, json)
Hash identifier: aNZ31mKVTLnUiw8YmIaEzsN05qXfKh9knl9acevfnnE=
Subject key identifier: 3C:3D:3D:A0:C3:AA:F2:2F:5F:DB:97:CD:B3:59:65:F8:49:36:4C:A5
Certificate issuer: /CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Certificate serial: 018572E82B77C2CAB627C64D92409673AB8D
Authority key identifier: 5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/PD09oMOq8i9f25fNs1ll-Ek2TKU.roa
Signing time: Mon 02 Jan 2023 14:34:56 +0000
ROA not before: Mon 02 Jan 2023 14:34:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34244
IP address blocks: 94.46.136.0/22 maxlen: 22
45.152.172.0/22 maxlen: 22
178.236.65.48/29 maxlen: 29
178.255.112.0/22 maxlen: 22
178.236.73.80/29 maxlen: 29
178.236.73.112/29 maxlen: 29
178.236.73.176/29 maxlen: 29
193.221.219.0/24 maxlen: 24
141.98.236.0/22 maxlen: 22
178.236.72.28/30 maxlen: 30
193.221.120.0/24 maxlen: 24
193.221.123.0/24 maxlen: 24
185.186.32.0/22 maxlen: 22
178.236.72.48/28 maxlen: 28
185.176.28.0/22 maxlen: 22
185.216.152.0/22 maxlen: 22
5.180.0.0/22 maxlen: 22
178.236.72.88/29 maxlen: 29
178.236.74.88/29 maxlen: 29
185.121.44.0/22 maxlen: 22
185.223.236.0/22 maxlen: 22
185.240.208.0/22 maxlen: 22
45.93.232.0/22 maxlen: 22
195.210.52.0/23 maxlen: 23
128.127.184.0/21 maxlen: 21
94.46.240.0/22 maxlen: 22
81.92.220.0/22 maxlen: 22
178.236.73.128/29 maxlen: 29
178.236.73.160/29 maxlen: 29
178.236.73.224/29 maxlen: 29
185.247.236.0/22 maxlen: 22
45.131.188.0/22 maxlen: 22
92.39.32.0/20 maxlen: 20
31.170.28.0/22 maxlen: 22
31.170.26.0/23 maxlen: 23
81.92.196.0/22 maxlen: 22
45.8.152.0/22 maxlen: 22
85.30.128.0/18 maxlen: 18
155.137.24.0/21 maxlen: 21
185.4.8.0/22 maxlen: 22
178.236.73.200/29 maxlen: 29
193.221.93.0/24 maxlen: 24
37.221.104.0/22 maxlen: 22
185.197.224.0/22 maxlen: 22
188.66.48.0/22 maxlen: 22
45.14.4.0/22 maxlen: 22
2a02:80::/32 maxlen: 32
2a02:80::/29 maxlen: 29
Validation: Failed, certificate revoked on Wed 15 Mar 2023 09:21:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:e8:2b:77:c2:ca:b6:27:c6:4d:92:40:96:73:ab:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f1fa06d5dbada43de44f4e4b1dc9492bb287c9d
Validity
Not Before: Jan 2 14:34:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3c3d3da0c3aaf22f5fdb97cdb35965f849364ca5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e8:d0:f5:8e:a1:de:ad:3f:8d:72:ae:b0:fe:
e4:ec:67:27:b5:22:9c:bc:bf:44:48:e3:34:90:99:
a8:f5:35:2b:3f:63:3b:d1:ff:de:ca:42:2b:d5:8e:
52:66:fc:ed:c7:f7:14:04:63:18:f5:0d:98:84:67:
a2:87:58:0c:79:58:f9:a6:81:9c:46:7d:31:b5:8c:
ab:b3:79:ee:fc:fa:95:80:d8:8e:5a:c2:bb:67:d0:
3b:ab:36:53:7b:df:ec:ee:60:c3:19:0b:ee:6d:eb:
d1:36:c7:fe:c1:a6:f3:ce:50:e3:26:3d:03:11:66:
80:a2:6f:fc:7a:05:9e:2b:74:83:66:2c:36:da:e1:
80:0b:ec:03:92:04:1b:68:e0:4c:9e:f6:4c:93:59:
ee:bb:9e:0d:d9:91:41:50:fe:90:c1:e6:07:f8:25:
f5:c1:a9:55:31:57:39:be:18:e0:fd:a1:15:36:21:
7d:ce:46:2d:b1:fb:a8:d9:1f:dd:5f:fa:99:93:3a:
6b:25:3e:07:86:0f:9a:97:a2:1d:11:d4:cd:4d:fc:
3b:36:fd:a3:7b:ef:5f:3b:f6:be:05:7b:bd:ef:bb:
a3:dc:77:a5:10:b1:cb:0d:8d:fc:43:8d:d7:03:ad:
f5:96:2d:65:f9:23:0f:32:be:e3:db:1b:ed:9c:bf:
9b:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:3D:3D:A0:C3:AA:F2:2F:5F:DB:97:CD:B3:59:65:F8:49:36:4C:A5
X509v3 Authority Key Identifier:
keyid:5F:1F:A0:6D:5D:BA:DA:43:DE:44:F4:E4:B1:DC:94:92:BB:28:7C:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xx-gbV262kPeRPTksdyUkrsofJ0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/PD09oMOq8i9f25fNs1ll-Ek2TKU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/847d17-ba7c-4eae-9d55-25846d59fd60/1/Xx-gbV262kPeRPTksdyUkrsofJ0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.0.0/22
31.170.26.0-31.170.31.255
37.221.104.0/22
45.8.152.0/22
45.14.4.0/22
45.93.232.0/22
45.131.188.0/22
45.152.172.0/22
81.92.196.0/22
81.92.220.0/22
85.30.128.0/18
92.39.32.0/20
94.46.136.0/22
94.46.240.0/22
128.127.184.0/21
141.98.236.0/22
155.137.24.0/21
178.236.65.48/29
178.236.72.28/30
178.236.72.48/28
178.236.72.88/29
178.236.73.80/29
178.236.73.112/29
178.236.73.128/29
178.236.73.160/29
178.236.73.176/29
178.236.73.200/29
178.236.73.224/29
178.236.74.88/29
178.255.112.0/22
185.4.8.0/22
185.121.44.0/22
185.176.28.0/22
185.186.32.0/22
185.197.224.0/22
185.216.152.0/22
185.223.236.0/22
185.240.208.0/22
185.247.236.0/22
188.66.48.0/22
193.221.93.0/24
193.221.120.0/24
193.221.123.0/24
193.221.219.0/24
195.210.52.0/23
IPv6:
2a02:80::/29
Signature Algorithm: sha256WithRSAEncryption
0b:26:0b:04:b5:55:f5:4d:b0:37:ff:67:76:b8:6a:fe:c6:3d:
c6:1b:6c:4a:55:e9:cd:18:65:07:fe:e5:de:03:6f:fa:ff:0d:
02:02:6e:f5:57:4a:48:ac:3e:11:cd:ec:8f:93:2c:bf:57:ca:
1e:75:fe:c5:3c:25:d3:9b:e7:0b:75:dd:41:54:ed:d2:8b:94:
c0:e8:1a:23:b8:89:80:8c:76:d8:54:6a:57:a9:2e:18:34:61:
92:3a:bb:50:39:9b:b9:71:3c:3b:4a:4a:27:16:a0:71:0d:68:
cf:ad:5b:69:fe:80:93:f6:66:39:02:1d:7c:78:01:65:c2:de:
0c:5f:3c:65:90:c0:ea:37:55:82:18:15:24:0e:ae:de:ad:f9:
cf:d4:b1:42:1c:ad:14:7d:ae:d7:02:6e:76:69:7d:1b:d3:42:
f0:5b:39:3e:e7:05:53:cc:55:b8:cb:b5:a7:82:68:86:cb:e0:
24:1a:b7:8e:2c:81:23:2c:f3:21:2c:eb:b0:9b:e6:54:35:04:
50:d8:e6:f3:09:ce:0f:4e:87:af:50:c8:d9:ae:81:2f:60:d0:
c9:78:ad:05:2d:b4:4e:13:ae:d9:32:0c:c3:1a:11:5e:0b:a7:
4c:b8:8b:d3:c5:89:bf:13:1f:ca:2d:bd:52:f1:82:b2:4e:4c:
bf:db:a9:3d
-----BEGIN CERTIFICATE-----
MIIGMjCCBRqgAwIBAgISAYVy6Ct3wsq2J8ZNkkCWc6uNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmMWZhMDZkNWRiYWRhNDNkZTQ0ZjRlNGIxZGM5NDkyYmIy
ODdjOWQwHhcNMjMwMTAyMTQzNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzNkM2RhMGMzYWFmMjJmNWZkYjk3Y2RiMzU5NjVmODQ5MzY0Y2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvejQ9Y6h3q0/jXKusP7k7GcntSKc
vL9ESOM0kJmo9TUrP2M70f/eykIr1Y5SZvztx/cUBGMY9Q2YhGeih1gMeVj5poGc
Rn0xtYyrs3nu/PqVgNiOWsK7Z9A7qzZTe9/s7mDDGQvubevRNsf+wabzzlDjJj0D
EWaAom/8egWeK3SDZiw22uGAC+wDkgQbaOBMnvZMk1nuu54N2ZFBUP6QweYH+CX1
walVMVc5vhjg/aEVNiF9zkYtsfuo2R/dX/qZkzprJT4Hhg+al6IdEdTNTfw7Nv2j
e+9fO/a+BXu977uj3HelELHLDY38Q43XA631li1l+SMPMr7j2xvtnL+b8QIDAQAB
o4IDPjCCAzowHQYDVR0OBBYEFDw9PaDDqvIvX9uXzbNZZfhJNkylMB8GA1UdIwQY
MBaAFF8foG1dutpD3kT05LHclJK7KHydMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUt
MjU4NDZkNTlmZDYwLzEvUEQwOW9NT3E4aTlmMjVmTnMxbGwtRWsyVEtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84NDdkMTctYmE3Yy00ZWFlLTlkNTUtMjU4NDZkNTlmZDYw
LzEvWHgtZ2JWMjYya1BlUlBUa3NkeVVrcnNvZkowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBUgYIKwYBBQUHAQcBAf8EggFBMIIBPTCCASoEAgABMIIB
IgMEAgW0ADAMAwQBH6oaAwQFH6oAAwQCJd1oAwQCLQiYAwQCLQ4EAwQCLV3oAwQC
LYO8AwQCLZisAwQCUVzEAwQCUVzcAwQGVR6AAwQEXCcgAwQCXi6IAwQCXi7wAwQD
gH+4AwQCjWLsAwQDm4kYAwUDsuxBMAMFArLsSBwDBQSy7EgwAwUDsuxIWAMFA7Ls
SVADBQOy7ElwAwUDsuxJgAMFA7LsSaADBQOy7EmwAwUDsuxJyAMFA7LsSeADBQOy
7EpYAwQCsv9wAwQCuQQIAwQCuXksAwQCubAcAwQCubogAwQCucXgAwQCudiYAwQC
ud/sAwQCufDQAwQCuffsAwQCvEIwAwQAwd1dAwQAwd14AwQAwd17AwQAwd3bAwQB
w9I0MA0EAgACMAcDBQMqAgCAMA0GCSqGSIb3DQEBCwUAA4IBAQALJgsEtVX1TbA3
/2d2uGr+xj3GG2xKVenNGGUH/uXeA2/6/w0CAm71V0pIrD4RzeyPkyy/V8oedf7F
PCXTm+cLdd1BVO3Si5TA6BojuImAjHbYVGpXqS4YNGGSOrtQOZu5cTw7SkonFqBx
DWjPrVtp/oCT9mY5Ah18eAFlwt4MXzxlkMDqN1WCGBUkDq7erfnP1LFCHK0Ufa7X
Am52aX0b00LwWzk+5wVTzFW4y7WngmiGy+AkGreOLIEjLPMhLOuwm+ZUNQRQ2Obz
Cc4PToevUMjZroEvYNDJeK0FLbROE67ZMgzDGhFeC6dMuIvTxYm/Ex/KLb1S8YKy
Tky/26k9
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:05 2024 by rpki-client on console-ams.rpki-client.org