Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/0TPdeJtWcNCHY3ZbiP-N_MQW3qs.roa
File: 0TPdeJtWcNCHY3ZbiP-N_MQW3qs.roa (raw, json)
Hash identifier: zQEsGa0KMSmkZxQzHD1KYXURmR55P/kU9NuFBZ2KctI=
Subject key identifier: D1:33:DD:78:9B:56:70:D0:87:63:76:5B:88:FF:8D:FC:C4:16:DE:AB
Certificate issuer: /CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Certificate serial: 018571D7AEE199164AB327E5E7CF47F219DC
Authority key identifier: FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/0TPdeJtWcNCHY3ZbiP-N_MQW3qs.roa
Signing time: Mon 02 Jan 2023 09:37:18 +0000
ROA not before: Mon 02 Jan 2023 09:37:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3301
IP address blocks: 171.25.128.0/21 maxlen: 21
193.221.28.0/24 maxlen: 24
193.221.36.0/24 maxlen: 24
193.221.38.0/24 maxlen: 24
193.221.37.0/24 maxlen: 24
193.221.32.0/22 maxlen: 22
193.221.47.0/24 maxlen: 24
193.221.53.0/24 maxlen: 24
193.221.52.0/24 maxlen: 24
193.221.59.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:d7:ae:e1:99:16:4a:b3:27:e5:e7:cf:47:f2:19:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fe54ab2d481cf1622a2c52183ab4f5a930a4ae41
Validity
Not Before: Jan 2 09:37:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d133dd789b5670d08763765b88ff8dfcc416deab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:75:8d:5a:5a:10:ff:53:68:d3:a2:af:60:aa:
f4:f3:c7:ec:fe:60:37:fc:af:77:53:71:7b:bb:c0:
eb:72:fe:1d:53:88:44:6a:7c:02:a3:10:4f:59:f7:
5e:7f:54:a0:37:d4:cb:f2:d8:47:91:39:8b:0e:4a:
1f:dd:60:9f:90:44:bb:e6:93:f1:89:c2:c5:1e:5d:
59:01:ed:77:bf:af:51:89:7c:05:16:15:ff:36:ff:
03:b4:9d:13:90:64:bf:3f:2e:d2:bd:ca:07:17:72:
3a:c6:42:ce:07:e7:67:55:e1:f7:8b:d6:24:51:e6:
e7:88:f3:64:b1:d9:64:f2:e9:0c:bc:72:74:77:b7:
14:1e:0f:17:b0:af:1c:15:c7:26:e6:99:d9:a6:75:
24:4c:a5:ae:20:c0:04:26:52:0c:9e:29:55:1d:4d:
7c:31:74:01:e0:cc:b1:36:20:f1:67:ce:46:76:25:
e4:73:80:65:b2:c9:b0:d0:41:85:9b:52:3e:a3:84:
d3:cc:be:ce:8b:e2:a7:1e:8e:db:44:41:ce:a5:fe:
db:a4:7c:d4:03:3e:7b:f5:a7:fe:f8:41:45:61:9e:
bc:99:13:1b:27:f9:28:cf:42:4c:ec:ff:eb:2d:29:
70:22:1c:e7:b5:83:4a:0a:48:e0:ae:2b:19:14:a6:
4d:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:33:DD:78:9B:56:70:D0:87:63:76:5B:88:FF:8D:FC:C4:16:DE:AB
X509v3 Authority Key Identifier:
keyid:FE:54:AB:2D:48:1C:F1:62:2A:2C:52:18:3A:B4:F5:A9:30:A4:AE:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_lSrLUgc8WIqLFIYOrT1qTCkrkE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/0TPdeJtWcNCHY3ZbiP-N_MQW3qs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/58/4d5e4a-8a16-4537-be1f-1b1362b9b6a2/1/_lSrLUgc8WIqLFIYOrT1qTCkrkE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.25.128.0/21
193.221.28.0/24
193.221.32.0-193.221.38.255
193.221.47.0/24
193.221.52.0/23
193.221.59.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:cd:f3:a8:55:15:3e:5d:64:c0:6d:c8:fb:7a:a2:ca:30:48:
3f:4d:9b:44:f5:26:cc:09:9c:56:3e:a5:93:22:d2:3e:65:8e:
48:63:5e:ef:a0:62:8f:9e:2f:63:ba:61:b5:01:4c:fb:1d:0b:
d5:ab:d3:e7:90:18:42:88:37:99:4d:b5:f9:69:49:29:7a:b4:
34:e5:04:8c:11:78:a1:39:81:7d:31:51:8f:59:c1:54:db:0b:
30:74:ce:8a:f8:8d:5d:a3:39:47:65:b2:d7:bb:47:f6:d8:4e:
a2:41:83:7b:62:d1:68:1a:8c:c8:09:ca:c3:81:87:46:5b:b8:
fd:7a:9c:a1:be:19:c8:e9:3a:2a:bc:05:ac:e8:6f:8c:7a:99:
d7:88:c7:9b:f7:f4:fd:4b:f6:8c:7d:05:be:b9:e0:ef:04:30:
d9:fc:75:bd:c4:a8:f4:68:4c:8f:d1:91:75:4c:0c:0e:e9:b3:
93:35:f4:46:e0:d0:66:7b:32:b3:89:bb:f8:fc:fa:07:f7:11:
14:3b:55:3f:24:6b:e5:65:06:c6:d3:23:b4:bf:7f:dc:f8:e1:
8b:05:02:f7:7c:b3:0c:29:ba:c7:bd:eb:f3:9f:de:d7:02:55:
99:c8:da:fc:8a:76:32:df:01:73:69:d5:58:6d:52:02:e6:50:
b7:f0:fd:19
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVx167hmRZKsyfl589H8hncMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTRhYjJkNDgxY2YxNjIyYTJjNTIxODNhYjRmNWE5MzBh
NGFlNDEwHhcNMjMwMTAyMDkzNzE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTMzZGQ3ODliNTY3MGQwODc2Mzc2NWI4OGZmOGRmY2M0MTZkZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXWNWloQ/1No06KvYKr088fs/mA3
/K93U3F7u8Drcv4dU4hEanwCoxBPWfdef1SgN9TL8thHkTmLDkof3WCfkES75pPx
icLFHl1ZAe13v69RiXwFFhX/Nv8DtJ0TkGS/Py7SvcoHF3I6xkLOB+dnVeH3i9Yk
UebniPNksdlk8ukMvHJ0d7cUHg8XsK8cFccm5pnZpnUkTKWuIMAEJlIMnilVHU18
MXQB4MyxNiDxZ85GdiXkc4Blssmw0EGFm1I+o4TTzL7Oi+KnHo7bREHOpf7bpHzU
Az579af++EFFYZ68mRMbJ/koz0JM7P/rLSlwIhzntYNKCkjgrisZFKZNvwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFNEz3XibVnDQh2N2W4j/jfzEFt6rMB8GA1UdIwQY
MBaAFP5Uqy1IHPFiKixSGDq09akwpK5BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYt
MWIxMzYyYjliNmEyLzEvMFRQZGVKdFdjTkNIWTNaYmlQLU5fTVFXM3FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC80ZDVlNGEtOGExNi00NTM3LWJlMWYtMWIxMzYyYjliNmEy
LzEvX2xTckxVZ2M4V0lxTEZJWU9yVDFxVENrcmtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQDqxmAAwQA
wd0cMAwDBAXB3SADBADB3SYDBADB3S8DBAHB3TQDBADB3TswDQYJKoZIhvcNAQEL
BQADggEBAGvN86hVFT5dZMBtyPt6osowSD9Nm0T1JswJnFY+pZMi0j5ljkhjXu+g
Yo+eL2O6YbUBTPsdC9Wr0+eQGEKIN5lNtflpSSl6tDTlBIwReKE5gX0xUY9ZwVTb
CzB0zor4jV2jOUdlste7R/bYTqJBg3ti0WgajMgJysOBh0ZbuP16nKG+GcjpOiq8
Bazob4x6mdeIx5v39P1L9ox9Bb654O8EMNn8db3EqPRoTI/RkXVMDA7ps5M19Ebg
0GZ7MrOJu/j8+gf3ERQ7VT8ka+VlBsbTI7S/f9z44YsFAvd8swwpuse96/Of3tcC
VZnI2vyKdjLfAXNp1VhtUgLmULfw/Rk=
-----END CERTIFICATE-----
Generated at Tue Jan 2 14:36:36 2024 by rpki-client on console-fra.rpki-client.org