Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cTOJoqWQjbgHxSpvdHijc4xJ8zc.roa
File: cTOJoqWQjbgHxSpvdHijc4xJ8zc.roa (raw, json)
Hash identifier: 1EgrFN8dUQVFTMKsU9p6PxbkQDG13zr+W0pek+5VtsI=
Subject key identifier: 71:33:89:A2:A5:90:8D:B8:07:C5:2A:6F:74:78:A3:73:8C:49:F3:37
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 018CC794D417A27E227A147FCD37CB676AA3
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cTOJoqWQjbgHxSpvdHijc4xJ8zc.roa
Signing time: Tue 02 Jan 2024 00:31:08 +0000
ROA not before: Tue 02 Jan 2024 00:31:08 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 398465
IP address blocks: 64.137.29.0/24 maxlen: 24
64.137.39.0/24 maxlen: 24
64.137.44.0/24 maxlen: 24
64.137.45.0/24 maxlen: 24
64.137.46.0/24 maxlen: 24
64.137.72.0/24 maxlen: 24
64.137.85.0/24 maxlen: 24
64.137.114.0/24 maxlen: 24
64.137.116.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 03 Apr 2024 14:42:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:94:d4:17:a2:7e:22:7a:14:7f:cd:37:cb:67:6a:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jan 2 00:31:08 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=713389a2a5908db807c52a6f7478a3738c49f337
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:b3:2d:8d:9c:49:8a:3e:ad:27:a1:8c:34:ee:
c3:a1:e0:3e:9f:44:ce:59:84:49:4a:cf:9f:00:5d:
1e:f1:2d:92:6f:6a:41:b7:3a:64:b5:b6:af:d2:81:
dc:89:dd:31:90:07:e3:da:56:e5:e2:18:7e:9f:b8:
8d:d6:38:fb:d3:0d:72:e7:ca:fd:85:17:97:b6:4e:
62:df:19:7e:3e:73:09:27:f4:cc:61:6a:cd:2c:0b:
bf:b3:8e:11:7e:1c:a8:13:f1:61:1b:6c:17:fc:8e:
c4:34:32:d8:42:d9:23:9a:97:0a:4c:76:0b:16:0a:
25:bf:a3:40:c4:7a:74:8a:c5:14:c5:e5:d0:7b:9c:
fe:b6:b7:18:d7:f1:cc:2f:75:cb:f1:12:0e:d2:f1:
40:7b:aa:aa:0d:89:c5:52:73:34:55:09:86:b9:4d:
6c:76:ce:09:1d:b1:de:5e:41:be:39:2a:fd:07:bd:
d6:2c:40:06:81:b8:ec:1a:fd:9f:ab:05:b3:97:c6:
f1:85:60:b3:b3:73:a9:4e:9a:a8:89:fc:e4:f1:2d:
79:fc:76:13:a9:4b:2f:d5:03:8e:07:08:06:2f:48:
3d:f9:bc:d6:50:b8:98:1b:2d:e5:ea:09:ae:38:f3:
05:dd:eb:35:ac:dc:bb:2a:9a:eb:2a:96:9f:db:a6:
b3:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:33:89:A2:A5:90:8D:B8:07:C5:2A:6F:74:78:A3:73:8C:49:F3:37
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cTOJoqWQjbgHxSpvdHijc4xJ8zc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.137.29.0/24
64.137.39.0/24
64.137.44.0-64.137.46.255
64.137.72.0/24
64.137.85.0/24
64.137.114.0/24
64.137.116.0/24
Signature Algorithm: sha256WithRSAEncryption
39:29:74:33:cb:72:00:17:df:da:f0:58:bf:b3:92:50:dc:92:
6c:f7:7e:10:2b:35:c2:d4:4c:d9:7b:76:02:cf:20:44:30:cf:
31:52:ab:6c:9a:26:8f:3b:bc:31:5d:13:80:4e:2a:1f:60:31:
52:89:21:81:72:ee:72:ba:9c:85:b5:ae:f1:fa:97:6d:97:ca:
ab:dd:c0:7e:d1:a4:ce:b4:55:0b:84:f2:75:f7:41:96:a0:67:
9d:12:4f:1e:a6:43:e0:d5:80:f9:95:03:38:90:fb:e1:b6:ae:
20:71:64:62:20:31:2d:3a:0e:6f:0e:47:94:28:41:c1:c5:34:
f6:8e:1b:0a:ee:f4:cc:e6:92:d5:f9:b2:22:38:44:97:d7:6e:
5b:ae:93:20:91:b8:8d:7a:be:42:79:43:d2:0b:89:ae:fe:57:
e1:fa:39:96:a4:d6:78:0e:6b:f1:00:6b:a5:e6:43:28:85:92:
38:3a:e6:64:0d:b7:51:67:ea:bc:59:6d:17:32:b0:84:c1:11:
ec:ad:c4:18:15:4c:39:ea:97:ac:b7:ad:84:e2:00:9b:94:e4:
6a:3d:2a:22:8a:7f:ca:a8:29:55:18:59:89:b6:43:16:76:1e:
cb:4a:8c:5d:62:af:55:bc:ce:13:1b:67:0f:31:a8:bb:3b:e0:
a9:22:86:2e
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYzHlNQXon4iehR/zTfLZ2qjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwMTAyMDAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTMzODlhMmE1OTA4ZGI4MDdjNTJhNmY3NDc4YTM3MzhjNDlmMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLMtjZxJij6tJ6GMNO7DoeA+n0TO
WYRJSs+fAF0e8S2Sb2pBtzpktbav0oHcid0xkAfj2lbl4hh+n7iN1jj70w1y58r9
hReXtk5i3xl+PnMJJ/TMYWrNLAu/s44RfhyoE/FhG2wX/I7ENDLYQtkjmpcKTHYL
Fgolv6NAxHp0isUUxeXQe5z+trcY1/HML3XL8RIO0vFAe6qqDYnFUnM0VQmGuU1s
ds4JHbHeXkG+OSr9B73WLEAGgbjsGv2fqwWzl8bxhWCzs3OpTpqoifzk8S15/HYT
qUsv1QOOBwgGL0g9+bzWULiYGy3l6gmuOPMF3es1rNy7KprrKpaf26azVQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFHEziaKlkI24B8Uqb3R4o3OMSfM3MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvY1RPSm9xV1FqYmdIeFNwdmRIaWpjNHhKOHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAQIkdAwQA
QIknMAwDBAJAiSwDBABAiS4DBABAiUgDBABAiVUDBABAiXIDBABAiXQwDQYJKoZI
hvcNAQELBQADggEBADkpdDPLcgAX39rwWL+zklDckmz3fhArNcLUTNl7dgLPIEQw
zzFSq2yaJo87vDFdE4BOKh9gMVKJIYFy7nK6nIW1rvH6l22XyqvdwH7RpM60VQuE
8nX3QZagZ50STx6mQ+DVgPmVAziQ++G2riBxZGIgMS06Dm8OR5QoQcHFNPaOGwru
9MzmktX5siI4RJfXbluukyCRuI16vkJ5Q9ILia7+V+H6OZak1ngOa/EAa6XmQyiF
kjg65mQNt1Fn6rxZbRcysITBEeytxBgVTDnql6y3rYTiAJuU5Go9KiKKf8qoKVUY
WYm2QxZ2HstKjF1ir1W8zhMbZw8xqLs74Kkihi4=
-----END CERTIFICATE-----
Generated at Wed Apr 3 19:36:04 2024 by rpki-client on console-ams.rpki-client.org