Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/194c1e-9710-4d35-823b-5dd33994a241/1/WGFh-DntHCZF8ijT_Nw3CaYeI90.roa
File: WGFh-DntHCZF8ijT_Nw3CaYeI90.roa (raw, json)
Hash identifier: vI6wVpF8sYQgaZjV5aso+r7lRW+UWj1o4vqrcft3An8=
Subject key identifier: 58:61:61:F8:39:ED:1C:26:45:F2:28:D3:FC:DC:37:09:A6:1E:23:DD
Certificate issuer: /CN=d629010cdb0b312c32e07aaf9b720d73d3bcd3ab
Certificate serial: 01856C137EC9384D4E38A0E318A15CD32836
Authority key identifier: D6:29:01:0C:DB:0B:31:2C:32:E0:7A:AF:9B:72:0D:73:D3:BC:D3:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1ikBDNsLMSwy4Hqvm3INc9O806s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/194c1e-9710-4d35-823b-5dd33994a241/1/WGFh-DntHCZF8ijT_Nw3CaYeI90.roa
Signing time: Sun 01 Jan 2023 06:44:55 +0000
ROA not before: Sun 01 Jan 2023 06:44:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206757
IP address blocks: 195.10.218.0/24 maxlen: 24
203.78.160.0/24 maxlen: 24
116.204.252.0/22 maxlen: 24
185.218.236.0/22 maxlen: 24
201.148.168.0/22 maxlen: 24
45.147.16.0/22 maxlen: 24
193.16.151.0/24 maxlen: 24
193.16.156.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 01 Jan 2024 08:30:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:13:7e:c9:38:4d:4e:38:a0:e3:18:a1:5c:d3:28:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d629010cdb0b312c32e07aaf9b720d73d3bcd3ab
Validity
Not Before: Jan 1 06:44:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=586161f839ed1c2645f228d3fcdc3709a61e23dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:22:ef:78:50:05:0f:7b:6a:ce:67:88:2e:f8:
80:49:f0:23:2c:e2:a2:fe:d0:cd:e7:1e:ab:c3:ed:
58:e3:b9:2b:59:05:c6:46:0d:41:73:06:92:ac:dc:
e7:66:fc:77:35:e4:b4:a5:8d:2f:7c:9d:ae:f5:58:
2a:bf:60:fb:7c:7b:10:7e:8e:78:eb:18:c3:96:89:
37:9e:20:90:e5:db:7a:26:ab:bf:69:17:40:58:fb:
61:67:98:5d:dd:90:9f:4d:1c:2f:83:c7:6e:cd:9a:
73:be:f1:8d:cf:81:77:be:65:0c:6b:62:d8:d4:7c:
43:6f:4d:27:29:bc:75:8b:7e:8b:ba:a6:ac:2c:84:
58:9d:6d:e5:c2:0e:e9:9c:70:35:aa:20:a9:f7:bc:
92:09:29:6f:f6:dc:08:ba:43:1c:a8:5e:45:81:19:
7f:e9:c7:33:08:00:74:f9:b2:2f:ed:fe:f2:a7:dd:
ec:a2:9e:29:c1:5a:c7:ce:e5:93:e0:a2:9e:0e:3e:
ad:25:d0:eb:ed:38:d7:b7:43:79:ca:e0:34:c9:2c:
a2:54:a2:9e:ed:7e:78:ff:4a:ff:65:b4:e0:44:28:
94:ab:ed:63:3c:0c:c9:99:7f:3a:28:43:d3:3b:74:
25:44:88:bf:ae:6e:58:5f:b1:08:29:f5:9a:03:57:
97:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:61:61:F8:39:ED:1C:26:45:F2:28:D3:FC:DC:37:09:A6:1E:23:DD
X509v3 Authority Key Identifier:
keyid:D6:29:01:0C:DB:0B:31:2C:32:E0:7A:AF:9B:72:0D:73:D3:BC:D3:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1ikBDNsLMSwy4Hqvm3INc9O806s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/194c1e-9710-4d35-823b-5dd33994a241/1/WGFh-DntHCZF8ijT_Nw3CaYeI90.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/194c1e-9710-4d35-823b-5dd33994a241/1/1ikBDNsLMSwy4Hqvm3INc9O806s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.147.16.0/22
116.204.252.0/22
185.218.236.0/22
193.16.151.0/24
193.16.156.0/24
195.10.218.0/24
201.148.168.0/22
203.78.160.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:c4:aa:95:82:95:17:67:8c:4f:f5:a3:9a:7e:02:c0:41:4a:
f4:5d:de:cd:37:0d:29:f6:bc:d0:bd:3c:8f:2a:ba:ec:39:ee:
33:d4:4c:89:b3:99:7a:bd:78:4e:f9:a6:11:fa:90:5f:3f:56:
dd:53:dd:10:9c:18:5d:3f:23:ee:eb:e6:25:9f:b9:99:1f:8d:
3b:67:96:7f:f1:d3:a8:8c:e4:ca:14:5e:77:f3:8b:07:e7:09:
35:8a:00:b3:dc:10:2b:66:de:20:96:1c:75:cf:94:5d:1e:e1:
84:40:6b:f7:ed:ff:0e:de:a4:f7:b5:83:74:82:2e:dd:25:b4:
04:07:e9:6c:52:ab:ab:13:29:56:d2:1a:18:f8:0c:69:bf:c3:
9a:19:d5:37:1b:29:79:d4:9e:4a:8e:ac:e4:af:54:51:e1:12:
7b:f1:2e:1f:07:ef:2e:7e:1b:e4:76:e3:0f:92:24:e9:9e:81:
60:84:fc:1a:fb:b5:fb:09:ea:66:28:f3:a5:0b:ca:b6:79:55:
0e:d1:c9:84:c5:6d:43:b3:4f:89:08:ed:2c:46:87:b0:47:dd:
ee:dc:8a:7d:96:4a:b7:e0:4b:c6:4d:80:43:e9:7c:7d:58:7a:
64:08:ab:56:8c:ef:03:5f:3e:97:9a:73:67:32:a9:03:96:9f:
c1:ef:24:1a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVsE37JOE1OOKDjGKFc0yg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2MjkwMTBjZGIwYjMxMmMzMmUwN2FhZjliNzIwZDczZDNi
Y2QzYWIwHhcNMjMwMTAxMDY0NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODYxNjFmODM5ZWQxYzI2NDVmMjI4ZDNmY2RjMzcwOWE2MWUyM2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiLveFAFD3tqzmeILviASfAjLOKi
/tDN5x6rw+1Y47krWQXGRg1BcwaSrNznZvx3NeS0pY0vfJ2u9Vgqv2D7fHsQfo54
6xjDlok3niCQ5dt6Jqu/aRdAWPthZ5hd3ZCfTRwvg8duzZpzvvGNz4F3vmUMa2LY
1HxDb00nKbx1i36LuqasLIRYnW3lwg7pnHA1qiCp97ySCSlv9twIukMcqF5FgRl/
6cczCAB0+bIv7f7yp93sop4pwVrHzuWT4KKeDj6tJdDr7TjXt0N5yuA0ySyiVKKe
7X54/0r/ZbTgRCiUq+1jPAzJmX86KEPTO3QlRIi/rm5YX7EIKfWaA1eXVwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFhhYfg57RwmRfIo0/zcNwmmHiPdMB8GA1UdIwQY
MBaAFNYpAQzbCzEsMuB6r5tyDXPTvNOrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWlrQkROc0xNU3d5NEhxdm0zSU5jOU84MDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8xOTRjMWUtOTcxMC00ZDM1LTgyM2It
NWRkMzM5OTRhMjQxLzEvV0dGaC1EbnRIQ1pGOGlqVF9OdzNDYVllSTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8xOTRjMWUtOTcxMC00ZDM1LTgyM2ItNWRkMzM5OTRhMjQx
LzEvMWlrQkROc0xNU3d5NEhxdm0zSU5jOU84MDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCLZMQAwQC
dMz8AwQCudrsAwQAwRCXAwQAwRCcAwQAwwraAwQCyZSoAwQAy06gMA0GCSqGSIb3
DQEBCwUAA4IBAQBNxKqVgpUXZ4xP9aOafgLAQUr0Xd7NNw0p9rzQvTyPKrrsOe4z
1EyJs5l6vXhO+aYR+pBfP1bdU90QnBhdPyPu6+Yln7mZH407Z5Z/8dOojOTKFF53
84sH5wk1igCz3BArZt4glhx1z5RdHuGEQGv37f8O3qT3tYN0gi7dJbQEB+lsUqur
EylW0hoY+Axpv8OaGdU3Gyl51J5Kjqzkr1RR4RJ78S4fB+8ufhvkduMPkiTpnoFg
hPwa+7X7CepmKPOlC8q2eVUO0cmExW1Ds0+JCO0sRoewR93u3Ip9lkq34EvGTYBD
6Xx9WHpkCKtWjO8DXz6XmnNnMqkDlp/B7yQa
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:20 2024 by rpki-client on console-ams.rpki-client.org