Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/K4cgsZgFoM2W5RDKgej1AyW-KTo.roa
File: K4cgsZgFoM2W5RDKgej1AyW-KTo.roa (raw, json)
Hash identifier: 8iQ1gsJq0CS4NyJ1CW58CpkGcp5clJWcE12pH0shsqY=
Subject key identifier: 2B:87:20:B1:98:05:A0:CD:96:E5:10:CA:81:E8:F5:03:25:BE:29:3A
Certificate issuer: /CN=7d02fa2c5ba2892045e7cd50a5adfd54d6dbb8c2
Certificate serial: 01857094F3C28264E43B5A802F2A0ACC6F9E
Authority key identifier: 7D:02:FA:2C:5B:A2:89:20:45:E7:CD:50:A5:AD:FD:54:D6:DB:B8:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fQL6LFuiiSBF581Qpa39VNbbuMI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/K4cgsZgFoM2W5RDKgej1AyW-KTo.roa
Signing time: Mon 02 Jan 2023 03:44:47 +0000
ROA not before: Mon 02 Jan 2023 03:44:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201205
IP address blocks: 176.62.136.0/21 maxlen: 21
78.24.168.0/21 maxlen: 21
193.53.101.0/24 maxlen: 24
193.53.102.0/24 maxlen: 24
185.29.4.0/22 maxlen: 22
147.12.64.0/19 maxlen: 19
37.230.120.0/21 maxlen: 21
2a01:5c00::/32 maxlen: 32
Validation: Failed, certificate revoked on Tue 02 Jan 2024 04:29:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:94:f3:c2:82:64:e4:3b:5a:80:2f:2a:0a:cc:6f:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d02fa2c5ba2892045e7cd50a5adfd54d6dbb8c2
Validity
Not Before: Jan 2 03:44:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2b8720b19805a0cd96e510ca81e8f50325be293a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:4a:e7:6d:f9:5a:5d:61:aa:c7:b8:7c:39:64:
c1:d0:b1:8e:fe:af:4f:88:88:84:d6:e6:7b:fb:a0:
18:d5:64:5d:b4:ab:fb:97:35:79:ce:0d:1e:34:73:
5f:7b:57:97:38:e5:27:7e:99:92:07:f9:5f:50:c7:
d1:c1:af:df:c8:d2:87:85:45:e0:6b:02:9d:11:f6:
33:d8:18:28:d8:da:60:c8:55:81:1b:d7:af:35:e6:
5d:ac:1e:7f:40:11:33:15:d3:b6:0d:44:a5:92:9a:
1c:9d:80:2e:b0:68:7d:4e:85:d5:b3:9b:1e:f3:35:
70:36:0e:6b:e6:83:a5:5c:37:c0:8d:bc:19:04:3e:
67:18:12:a4:2c:84:1b:10:da:d9:cb:1b:d9:95:21:
9f:ff:0f:52:08:a3:a4:84:6e:72:6a:fe:e6:fc:fb:
e2:df:94:7e:4a:91:92:1e:79:1f:45:a4:16:ae:11:
b3:e2:a9:ac:dc:7d:a3:b5:dc:e6:b2:be:59:96:90:
4e:38:27:e5:e7:96:e0:2d:e0:cf:f9:12:4e:a4:73:
c2:26:e2:49:9c:a9:f5:94:1f:7e:00:b0:d6:22:85:
28:5b:c8:bd:77:7b:8f:a6:30:bb:36:4d:e2:bf:94:
fc:4d:e7:7e:11:32:18:a8:8b:dd:a8:8e:2a:2c:07:
5f:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:87:20:B1:98:05:A0:CD:96:E5:10:CA:81:E8:F5:03:25:BE:29:3A
X509v3 Authority Key Identifier:
keyid:7D:02:FA:2C:5B:A2:89:20:45:E7:CD:50:A5:AD:FD:54:D6:DB:B8:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQL6LFuiiSBF581Qpa39VNbbuMI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/K4cgsZgFoM2W5RDKgej1AyW-KTo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/fQL6LFuiiSBF581Qpa39VNbbuMI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.230.120.0/21
78.24.168.0/21
147.12.64.0/19
176.62.136.0/21
185.29.4.0/22
193.53.101.0-193.53.102.255
IPv6:
2a01:5c00::/32
Signature Algorithm: sha256WithRSAEncryption
01:6c:06:a0:0a:d0:7a:b8:4f:0f:d1:81:a9:64:63:b6:ed:e9:
02:98:c0:bb:df:8b:56:f4:16:24:64:ba:76:6c:9e:15:10:27:
f8:c8:25:d3:65:3a:3b:95:1b:11:f6:27:90:50:21:31:53:cf:
94:1b:70:47:66:67:14:57:6d:6b:08:e6:9c:fb:2f:fc:7f:c7:
89:f9:7b:15:c9:6e:95:8a:3d:4d:d7:6e:f4:f3:16:cc:f8:04:
ed:24:8d:6e:5b:7e:3b:a0:de:55:76:87:23:b6:60:ff:b2:e4:
c3:7f:da:86:b2:28:43:64:f2:79:37:71:44:97:02:ae:74:b8:
d0:58:99:8e:64:a3:d8:32:e5:e3:9e:8c:f1:53:d7:9b:cc:e1:
d1:5e:c1:a1:62:6c:6b:39:c2:53:3a:89:c8:9f:c8:50:65:6a:
8e:07:43:b8:d6:04:8d:cc:2f:6f:e4:72:81:7c:2b:f2:1d:22:
20:87:38:45:10:c7:df:cc:b3:51:ba:24:91:93:3d:64:35:cd:
93:3d:52:ca:11:7c:ad:17:34:56:4d:0e:33:fa:8d:3b:a9:bc:
73:9d:5c:20:be:64:42:54:1b:3c:f4:b2:11:43:fa:18:c0:84:
9f:17:bf:d7:1e:58:bd:fd:bd:be:de:40:b9:84:2d:41:54:b1:
d0:70:46:04
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYVwlPPCgmTkO1qALyoKzG+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDJmYTJjNWJhMjg5MjA0NWU3Y2Q1MGE1YWRmZDU0ZDZk
YmI4YzIwHhcNMjMwMTAyMDM0NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjg3MjBiMTk4MDVhMGNkOTZlNTEwY2E4MWU4ZjUwMzI1YmUyOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkrnbflaXWGqx7h8OWTB0LGO/q9P
iIiE1uZ7+6AY1WRdtKv7lzV5zg0eNHNfe1eXOOUnfpmSB/lfUMfRwa/fyNKHhUXg
awKdEfYz2Bgo2NpgyFWBG9evNeZdrB5/QBEzFdO2DUSlkpocnYAusGh9ToXVs5se
8zVwNg5r5oOlXDfAjbwZBD5nGBKkLIQbENrZyxvZlSGf/w9SCKOkhG5yav7m/Pvi
35R+SpGSHnkfRaQWrhGz4qms3H2jtdzmsr5ZlpBOOCfl55bgLeDP+RJOpHPCJuJJ
nKn1lB9+ALDWIoUoW8i9d3uPpjC7Nk3iv5T8Ted+ETIYqIvdqI4qLAdfywIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFCuHILGYBaDNluUQyoHo9QMlvik6MB8GA1UdIwQY
MBaAFH0C+ixbookgRefNUKWt/VTW27jCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFMNkxGdWlpU0JGNTgxUXBhMzlWTmJidU1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jY2UyMGItNGQ1YS00OGY4LWI4OGUt
ODEwMzlmM2NmM2ZkLzEvSzRjZ3NaZ0ZvTTJXNVJES2dlajFBeVctS1RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jY2UyMGItNGQ1YS00OGY4LWI4OGUtODEwMzlmM2NmM2Zk
LzEvZlFMNkxGdWlpU0JGNTgxUXBhMzlWTmJidU1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQDJeZ4AwQD
ThioAwQFkwxAAwQDsD6IAwQCuR0EMAwDBADBNWUDBADBNWYwDQQCAAIwBwMFACoB
XAAwDQYJKoZIhvcNAQELBQADggEBAAFsBqAK0Hq4Tw/RgalkY7bt6QKYwLvfi1b0
FiRkunZsnhUQJ/jIJdNlOjuVGxH2J5BQITFTz5QbcEdmZxRXbWsI5pz7L/x/x4n5
exXJbpWKPU3XbvTzFsz4BO0kjW5bfjug3lV2hyO2YP+y5MN/2oayKENk8nk3cUSX
Aq50uNBYmY5ko9gy5eOejPFT15vM4dFewaFibGs5wlM6icifyFBlao4HQ7jWBI3M
L2/kcoF8K/IdIiCHOEUQx9/Ms1G6JJGTPWQ1zZM9UsoRfK0XNFZNDjP6jTupvHOd
XCC+ZEJUGzz0shFD+hjAhJ8Xv9ceWL39vb7eQLmELUFUsdBwRgQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:06 2024 by rpki-client on console-ams.rpki-client.org