Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/cz6zmITQvAbZpcWpXEMArgpd6OQ.roa
File: cz6zmITQvAbZpcWpXEMArgpd6OQ.roa (raw, json)
Hash identifier: M22+yscouV/FnTsUt9CfrndZEZHyp15oTiXhzrHnx74=
Subject key identifier: 73:3E:B3:98:84:D0:BC:06:D9:A5:C5:A9:5C:43:00:AE:0A:5D:E8:E4
Certificate issuer: /CN=7d02fa2c5ba2892045e7cd50a5adfd54d6dbb8c2
Certificate serial: 018CC86F81217CBB9255E6B0062093B4E31E
Authority key identifier: 7D:02:FA:2C:5B:A2:89:20:45:E7:CD:50:A5:AD:FD:54:D6:DB:B8:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fQL6LFuiiSBF581Qpa39VNbbuMI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/cz6zmITQvAbZpcWpXEMArgpd6OQ.roa
Signing time: Tue 02 Jan 2024 04:29:59 +0000
ROA not before: Tue 02 Jan 2024 04:29:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201205
IP address blocks: 176.62.136.0/21 maxlen: 21
78.24.168.0/21 maxlen: 21
193.53.101.0/24 maxlen: 24
193.53.102.0/24 maxlen: 24
185.29.4.0/22 maxlen: 22
147.12.64.0/19 maxlen: 19
37.230.120.0/21 maxlen: 21
2a01:5c00::/32 maxlen: 32
Validation: Failed, certificate revoked on Fri 19 Jan 2024 11:55:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:81:21:7c:bb:92:55:e6:b0:06:20:93:b4:e3:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d02fa2c5ba2892045e7cd50a5adfd54d6dbb8c2
Validity
Not Before: Jan 2 04:29:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=733eb39884d0bc06d9a5c5a95c4300ae0a5de8e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:20:73:26:a9:4a:67:eb:5f:08:92:78:dc:11:
73:68:16:9c:af:2d:1e:d3:d3:05:cb:d9:1e:a7:ff:
80:fa:9e:7c:15:59:e9:b0:ec:d9:24:ff:05:e9:ce:
c6:c8:f2:8e:ba:6a:ba:82:2e:db:98:29:bc:65:32:
1a:20:34:7e:78:f2:d3:00:ee:56:db:81:80:5b:b0:
71:a3:4f:f9:26:68:50:b7:62:a1:a5:a0:27:48:c5:
a6:fe:be:bc:40:f8:54:62:6b:13:71:61:88:d9:aa:
71:8a:8d:12:8f:13:19:19:00:49:64:62:f1:fc:95:
56:bf:8c:80:f4:cc:72:85:49:55:93:a1:03:e7:08:
2e:ea:c4:da:36:5c:54:e0:0d:e4:e1:a9:5c:de:90:
d1:95:1e:77:b8:d7:0c:aa:fe:f7:0e:25:83:7a:8a:
91:a0:ea:72:04:e0:18:ea:67:39:43:f5:51:15:eb:
d7:24:10:ec:72:a6:a5:9c:4c:97:b5:fb:b7:96:41:
97:6e:6e:0b:71:b7:92:d0:dc:bb:3b:68:56:57:66:
08:0f:d8:96:3e:88:1e:9c:ce:7f:22:aa:32:90:f9:
31:23:ea:51:7f:33:d7:02:f9:c3:31:d8:08:12:16:
7b:4c:04:77:55:50:5e:1a:d5:6c:b9:d7:09:5d:e6:
3b:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
73:3E:B3:98:84:D0:BC:06:D9:A5:C5:A9:5C:43:00:AE:0A:5D:E8:E4
X509v3 Authority Key Identifier:
keyid:7D:02:FA:2C:5B:A2:89:20:45:E7:CD:50:A5:AD:FD:54:D6:DB:B8:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQL6LFuiiSBF581Qpa39VNbbuMI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/cz6zmITQvAbZpcWpXEMArgpd6OQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/cce20b-4d5a-48f8-b88e-81039f3cf3fd/1/fQL6LFuiiSBF581Qpa39VNbbuMI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.230.120.0/21
78.24.168.0/21
147.12.64.0/19
176.62.136.0/21
185.29.4.0/22
193.53.101.0-193.53.102.255
IPv6:
2a01:5c00::/32
Signature Algorithm: sha256WithRSAEncryption
a2:dc:7d:1b:b4:23:b3:8f:74:cf:d8:43:9e:89:49:97:98:96:
f2:6a:e7:46:0d:85:3b:31:6d:8b:36:d4:de:13:c8:d6:c6:41:
f0:9c:3e:f4:c3:3e:53:fe:67:a5:0f:8f:1b:cb:45:a3:c3:6c:
d1:69:83:17:fe:a7:ab:c0:99:9c:2d:b7:0e:49:5e:88:6a:d6:
5f:58:3d:1a:b6:44:fc:93:47:a4:b6:46:6c:86:c9:d2:35:6e:
80:0d:9c:99:50:f1:05:ea:a0:5d:ef:c9:14:b8:5b:47:7a:01:
a4:ea:a7:c5:40:1a:0a:3f:b0:cb:70:03:01:51:9b:89:9f:e4:
f4:92:df:2a:56:31:54:c8:7f:cb:a8:09:1f:4e:9f:a2:ae:15:
93:c1:a8:41:f4:06:da:bf:d2:28:6d:53:e7:41:d6:cf:cb:11:
17:20:9b:e7:52:c4:a3:46:96:a4:5f:0d:fb:5b:68:da:0e:79:
35:97:f2:e1:51:85:0d:c8:cc:ff:73:bf:f0:57:15:b4:9c:1b:
93:52:03:b6:82:0e:71:6d:0a:0c:e3:bc:9d:88:7f:8f:4d:c3:
83:3d:55:9b:7d:df:b2:67:e0:bc:b1:8a:66:b4:47:9a:d9:f3:
54:0d:88:7c:23:d5:eb:08:6b:a3:37:4c:d7:a7:13:04:d2:61:
70:c0:71:d1
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYzIb4EhfLuSVeawBiCTtOMeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDJmYTJjNWJhMjg5MjA0NWU3Y2Q1MGE1YWRmZDU0ZDZk
YmI4YzIwHhcNMjQwMTAyMDQyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzNlYjM5ODg0ZDBiYzA2ZDlhNWM1YTk1YzQzMDBhZTBhNWRlOGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSBzJqlKZ+tfCJJ43BFzaBacry0e
09MFy9kep/+A+p58FVnpsOzZJP8F6c7GyPKOumq6gi7bmCm8ZTIaIDR+ePLTAO5W
24GAW7Bxo0/5JmhQt2KhpaAnSMWm/r68QPhUYmsTcWGI2apxio0SjxMZGQBJZGLx
/JVWv4yA9MxyhUlVk6ED5wgu6sTaNlxU4A3k4alc3pDRlR53uNcMqv73DiWDeoqR
oOpyBOAY6mc5Q/VRFevXJBDscqalnEyXtfu3lkGXbm4LcbeS0Ny7O2hWV2YID9iW
PogenM5/IqoykPkxI+pRfzPXAvnDMdgIEhZ7TAR3VVBeGtVsudcJXeY75QIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFHM+s5iE0LwG2aXFqVxDAK4KXejkMB8GA1UdIwQY
MBaAFH0C+ixbookgRefNUKWt/VTW27jCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFMNkxGdWlpU0JGNTgxUXBhMzlWTmJidU1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC9jY2UyMGItNGQ1YS00OGY4LWI4OGUt
ODEwMzlmM2NmM2ZkLzEvY3o2em1JVFF2QWJacGNXcFhFTUFyZ3BkNk9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC9jY2UyMGItNGQ1YS00OGY4LWI4OGUtODEwMzlmM2NmM2Zk
LzEvZlFMNkxGdWlpU0JGNTgxUXBhMzlWTmJidU1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAyBAIAATAsAwQDJeZ4AwQD
ThioAwQFkwxAAwQDsD6IAwQCuR0EMAwDBADBNWUDBADBNWYwDQQCAAIwBwMFACoB
XAAwDQYJKoZIhvcNAQELBQADggEBAKLcfRu0I7OPdM/YQ56JSZeYlvJq50YNhTsx
bYs21N4TyNbGQfCcPvTDPlP+Z6UPjxvLRaPDbNFpgxf+p6vAmZwttw5JXohq1l9Y
PRq2RPyTR6S2RmyGydI1boANnJlQ8QXqoF3vyRS4W0d6AaTqp8VAGgo/sMtwAwFR
m4mf5PSS3ypWMVTIf8uoCR9On6KuFZPBqEH0Btq/0ihtU+dB1s/LERcgm+dSxKNG
lqRfDftbaNoOeTWX8uFRhQ3IzP9zv/BXFbScG5NSA7aCDnFtCgzjvJ2If49Nw4M9
VZt937Jn4Lyxima0R5rZ81QNiHwj1esIa6M3TNenEwTSYXDAcdE=
-----END CERTIFICATE-----
Generated at Fri Jan 19 15:23:00 2024 by rpki-client on console-fra.rpki-client.org