Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/6de65e-04bd-4346-85b1-a5325d441702/1/kU4bdOvODILrzEongMGZ2BjYNfc.roa
File: kU4bdOvODILrzEongMGZ2BjYNfc.roa (raw, json)
Hash identifier: SWTu2g8rEojqRnUX0eb+XHxJ5QAAWd12E8LJbRL83rA=
Subject key identifier: 91:4E:1B:74:EB:CE:0C:82:EB:CC:4A:27:80:C1:99:D8:18:D8:35:F7
Certificate issuer: /CN=de51c3c5ddc4fb61381c3bea24c1ba4f74998eab
Certificate serial: 018B1989085248B69649A96CA7B8AF29BAA0
Authority key identifier: DE:51:C3:C5:DD:C4:FB:61:38:1C:3B:EA:24:C1:BA:4F:74:99:8E:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3lHDxd3E-2E4HDvqJMG6T3SZjqs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/6de65e-04bd-4346-85b1-a5325d441702/1/kU4bdOvODILrzEongMGZ2BjYNfc.roa
Signing time: Tue 10 Oct 2023 12:21:32 +0000
ROA not before: Tue 10 Oct 2023 12:21:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200773
IP address blocks: 185.71.200.0/22 maxlen: 24
194.38.44.0/22 maxlen: 24
185.242.96.0/22 maxlen: 24
188.247.136.0/21 maxlen: 24
89.38.176.0/21 maxlen: 24
188.247.144.0/20 maxlen: 24
2a03:3ba0::/32 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:19:89:08:52:48:b6:96:49:a9:6c:a7:b8:af:29:ba:a0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=de51c3c5ddc4fb61381c3bea24c1ba4f74998eab
Validity
Not Before: Oct 10 12:21:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=914e1b74ebce0c82ebcc4a2780c199d818d835f7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:bb:40:a1:e8:1d:0b:36:2b:a2:05:01:9c:a3:
22:12:3d:21:a4:ea:2a:82:a3:aa:c9:eb:e9:fa:1c:
d4:92:32:8a:e8:46:f2:1c:04:50:d0:22:85:6d:1e:
3c:f6:ca:d5:1c:df:a5:7d:a1:96:45:07:55:1b:89:
be:24:e8:fb:e8:7f:76:5d:a7:a7:ac:c5:0b:22:5e:
32:ea:fe:c0:f5:cf:20:3e:91:90:f0:f9:c7:1c:38:
c8:2e:51:07:a4:44:89:49:6f:38:5a:61:29:6d:6d:
b4:6f:84:bc:3b:01:3e:a4:6e:6a:54:81:7d:a2:3a:
9c:0a:a7:5a:58:64:db:3d:46:41:4b:83:5b:5c:29:
bb:66:89:69:ea:0f:4c:1e:19:0c:85:9c:22:54:17:
51:f0:53:d6:a5:00:95:c1:96:7b:3a:e7:70:45:f5:
dc:4b:d9:66:a2:49:9b:8d:3b:8f:53:cc:0f:d4:85:
15:72:3f:03:d3:6c:37:a3:5a:67:f9:b3:f0:37:12:
09:cd:f1:f8:a5:bb:a3:06:db:8c:5a:88:8e:32:38:
88:8b:45:07:d6:5f:e9:4a:a8:b4:31:73:2b:f8:f3:
b7:fa:a6:dc:df:91:41:db:a1:63:ed:c4:05:3a:64:
7d:e9:79:f3:83:30:ae:c5:3a:9f:3c:1b:fe:b3:65:
cd:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:4E:1B:74:EB:CE:0C:82:EB:CC:4A:27:80:C1:99:D8:18:D8:35:F7
X509v3 Authority Key Identifier:
keyid:DE:51:C3:C5:DD:C4:FB:61:38:1C:3B:EA:24:C1:BA:4F:74:99:8E:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3lHDxd3E-2E4HDvqJMG6T3SZjqs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/6de65e-04bd-4346-85b1-a5325d441702/1/kU4bdOvODILrzEongMGZ2BjYNfc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/6de65e-04bd-4346-85b1-a5325d441702/1/3lHDxd3E-2E4HDvqJMG6T3SZjqs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.38.176.0/21
185.71.200.0/22
185.242.96.0/22
188.247.136.0-188.247.159.255
194.38.44.0/22
IPv6:
2a03:3ba0::/32
Signature Algorithm: sha256WithRSAEncryption
47:88:62:f9:5a:3b:90:c6:b3:06:77:40:4e:4a:de:55:9d:ea:
ad:9d:a7:63:af:26:66:de:5a:8c:6d:cc:0f:f5:83:00:87:b8:
4e:83:76:62:ed:f7:b2:a5:5a:8a:b4:4f:f6:03:0d:30:50:cf:
d2:ad:a0:a8:2e:0c:e1:92:d7:de:42:55:44:bb:2c:61:24:50:
01:15:b5:72:1e:61:46:1f:77:ca:fb:30:50:39:11:29:86:02:
39:f7:73:b2:7c:96:5e:80:be:5d:b9:dc:88:b7:b6:6e:c8:e1:
7f:7d:28:e9:de:1d:a0:5e:02:ac:d0:18:f4:b5:63:71:ec:f8:
ff:69:76:64:5a:d1:bf:e0:46:a8:51:bf:96:9f:a6:59:e3:f9:
ad:0f:b6:71:3d:e2:db:52:89:80:bc:56:c6:f3:d7:85:6b:82:
f8:30:1d:01:66:ca:9a:7d:bd:60:3b:79:b3:c8:20:9b:7c:92:
31:17:5a:a1:eb:11:89:55:a2:1c:c5:da:26:70:c4:25:5f:90:
16:b9:65:6f:10:3c:1d:cc:57:1c:47:36:77:d2:23:7a:8d:4c:
60:98:9f:ab:8f:ef:25:9b:e0:49:c5:e0:13:23:ab:db:4d:cf:
b8:07:16:bb:38:41:60:30:a3:a2:73:d8:1b:1f:29:38:5d:c5:
a1:d3:20:5d
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYsZiQhSSLaWSalsp7ivKbqgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlNTFjM2M1ZGRjNGZiNjEzODFjM2JlYTI0YzFiYTRmNzQ5
OThlYWIwHhcNMjMxMDEwMTIyMTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTRlMWI3NGViY2UwYzgyZWJjYzRhMjc4MGMxOTlkODE4ZDgzNWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgLtAoegdCzYrogUBnKMiEj0hpOoq
gqOqyevp+hzUkjKK6EbyHARQ0CKFbR489srVHN+lfaGWRQdVG4m+JOj76H92Xaen
rMULIl4y6v7A9c8gPpGQ8PnHHDjILlEHpESJSW84WmEpbW20b4S8OwE+pG5qVIF9
ojqcCqdaWGTbPUZBS4NbXCm7Zolp6g9MHhkMhZwiVBdR8FPWpQCVwZZ7OudwRfXc
S9lmokmbjTuPU8wP1IUVcj8D02w3o1pn+bPwNxIJzfH4pbujBtuMWoiOMjiIi0UH
1l/pSqi0MXMr+PO3+qbc35FB26Fj7cQFOmR96XnzgzCuxTqfPBv+s2XNkQIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFJFOG3TrzgyC68xKJ4DBmdgY2DX3MB8GA1UdIwQY
MBaAFN5Rw8XdxPthOBw76iTBuk90mY6rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2xIRHhkM0UtMkU0SER2cUpNRzZUM1NaanFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS82ZGU2NWUtMDRiZC00MzQ2LTg1YjEt
YTUzMjVkNDQxNzAyLzEva1U0YmRPdk9ESUxyekVvbmdNR1oyQmpZTmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS82ZGU2NWUtMDRiZC00MzQ2LTg1YjEtYTUzMjVkNDQxNzAy
LzEvM2xIRHhkM0UtMkU0SER2cUpNRzZUM1NaanFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTAsBAIAATAmAwQDWSawAwQC
uUfIAwQCufJgMAwDBAO894gDBAW894ADBALCJiwwDQQCAAIwBwMFACoDO6AwDQYJ
KoZIhvcNAQELBQADggEBAEeIYvlaO5DGswZ3QE5K3lWd6q2dp2OvJmbeWoxtzA/1
gwCHuE6DdmLt97KlWoq0T/YDDTBQz9KtoKguDOGS195CVUS7LGEkUAEVtXIeYUYf
d8r7MFA5ESmGAjn3c7J8ll6Avl253Ii3tm7I4X99KOneHaBeAqzQGPS1Y3Hs+P9p
dmRa0b/gRqhRv5afplnj+a0PtnE94ttSiYC8Vsbz14VrgvgwHQFmypp9vWA7ebPI
IJt8kjEXWqHrEYlVohzF2iZwxCVfkBa5ZW8QPB3MVxxHNnfSI3qNTGCYn6uP7yWb
4EnF4BMjq9tNz7gHFrs4QWAwo6Jz2BsfKThdxaHTIF0=
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:50:55 2024 by rpki-client on console-fra.rpki-client.org