Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/0JSK49cNRbsESUsGgYZyMDJ-WaI.roa
File: 0JSK49cNRbsESUsGgYZyMDJ-WaI.roa (raw, json)
Hash identifier: fuDwG+eAywSVKRQtXFfbNAw7gWuNiRdTdZrDcaTVO0E=
Subject key identifier: D0:94:8A:E3:D7:0D:45:BB:04:49:4B:06:81:86:72:30:32:7E:59:A2
Certificate issuer: /CN=0759f6ac173f75ed9e585ec7d872a5865cef2835
Certificate serial: 018D83A04671F38C7F0AB34211E67D7B822E
Authority key identifier: 07:59:F6:AC:17:3F:75:ED:9E:58:5E:C7:D8:72:A5:86:5C:EF:28:35
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/B1n2rBc_de2eWF7H2HKlhlzvKDU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/0JSK49cNRbsESUsGgYZyMDJ-WaI.roa
Signing time: Wed 07 Feb 2024 12:52:15 +0000
ROA not before: Wed 07 Feb 2024 12:52:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205185
IP address blocks: 45.129.172.0/22 maxlen: 24
86.105.160.0/22 maxlen: 24
185.136.236.0/22 maxlen: 24
185.152.84.0/22 maxlen: 24
185.226.108.0/22 maxlen: 24
194.135.48.0/22 maxlen: 24
2a0d:8600::/29 maxlen: 48
2a0f:dc40::/29 maxlen: 48
Validation: Failed, certificate revoked on Thu 07 Mar 2024 14:09:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:83:a0:46:71:f3:8c:7f:0a:b3:42:11:e6:7d:7b:82:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0759f6ac173f75ed9e585ec7d872a5865cef2835
Validity
Not Before: Feb 7 12:52:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d0948ae3d70d45bb04494b0681867230327e59a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:36:6d:2a:af:dd:52:63:cd:94:ba:24:51:84:
31:d0:ef:d4:28:e5:0e:4d:ef:8f:cb:af:3d:d9:b1:
83:87:93:3d:36:7f:c6:1a:bb:7c:04:b2:7f:8e:49:
50:70:98:d5:fc:dd:5c:f8:fa:30:dd:df:79:7b:19:
6c:f8:05:f6:19:51:c9:08:84:6d:09:f8:6e:3a:47:
9f:5c:8a:0d:cc:8d:3b:74:76:91:99:40:42:f7:e6:
68:04:35:cf:2f:d1:50:a9:fa:12:7b:a6:23:3a:5d:
65:30:ec:be:aa:e4:aa:37:81:6d:6e:ee:93:8c:0e:
fc:9d:99:0a:8c:96:18:4a:3c:b4:40:69:e2:51:21:
28:dc:fd:fb:e5:3c:0b:7b:f2:b7:7f:63:ee:cd:41:
25:77:71:9c:d7:69:bb:95:76:75:f1:e6:67:85:e5:
ce:df:4b:c7:08:95:ac:63:4c:58:39:b9:4c:62:31:
0d:fa:7f:c9:ed:5d:df:0a:89:38:3b:d4:17:57:cd:
54:26:cf:8d:3a:56:85:c4:bc:41:84:28:55:11:a6:
1c:b9:5f:d5:85:b1:26:4b:8b:a9:4c:5f:a9:95:dc:
82:ad:d9:59:ae:c2:81:6e:c3:2f:3c:9d:26:77:bb:
5f:50:ea:76:70:dc:61:f6:9d:52:c5:2c:fb:0b:28:
8f:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:94:8A:E3:D7:0D:45:BB:04:49:4B:06:81:86:72:30:32:7E:59:A2
X509v3 Authority Key Identifier:
keyid:07:59:F6:AC:17:3F:75:ED:9E:58:5E:C7:D8:72:A5:86:5C:EF:28:35
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B1n2rBc_de2eWF7H2HKlhlzvKDU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/0JSK49cNRbsESUsGgYZyMDJ-WaI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/B1n2rBc_de2eWF7H2HKlhlzvKDU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.172.0/22
86.105.160.0/22
185.136.236.0/22
185.152.84.0/22
185.226.108.0/22
194.135.48.0/22
IPv6:
2a0d:8600::/29
2a0f:dc40::/29
Signature Algorithm: sha256WithRSAEncryption
6f:f2:f6:fa:c4:a1:bf:22:b9:12:b6:4f:1f:d0:5e:cf:ac:32:
d7:bf:2f:61:e9:35:a6:2b:e7:ce:79:c9:d4:46:a6:c1:6c:fa:
45:2d:00:37:68:fe:09:78:20:6f:58:3e:01:93:da:36:3a:45:
87:c8:55:ab:c6:f0:ba:a8:e4:00:99:4e:34:0d:c5:9d:1d:bd:
b2:aa:c0:06:ae:e5:50:f7:fa:6d:1e:c5:1d:02:19:a1:2b:a4:
b4:31:2e:ee:45:7b:1a:84:5c:68:ef:c8:c4:61:44:e7:b8:99:
10:9d:c9:5b:eb:76:12:b5:57:4f:48:e8:23:54:08:18:c5:b7:
2a:9e:1c:9d:43:2d:14:85:f2:ff:60:46:8d:d7:c0:39:28:01:
79:93:1d:8c:ba:87:a3:2d:b0:71:a7:2f:2e:b6:8e:1c:11:ec:
60:ce:57:e5:32:c2:5e:65:80:fe:26:5f:ee:77:5b:6d:f8:e6:
51:86:17:6c:ed:9f:1f:30:2f:b1:96:99:2f:50:81:96:6a:41:
32:05:69:63:8a:1c:ab:c5:27:6d:d9:cc:3f:9f:fc:e2:76:01:
60:33:f3:a1:0d:d1:51:be:e2:3d:c0:3b:e7:03:40:d1:c4:fa:
9e:03:20:93:d0:5a:1c:c5:a6:6a:e7:7e:9f:3b:f8:a2:78:6f:
33:07:15:83
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAY2DoEZx84x/CrNCEeZ9e4IuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NTlmNmFjMTczZjc1ZWQ5ZTU4NWVjN2Q4NzJhNTg2NWNl
ZjI4MzUwHhcNMjQwMjA3MTI1MjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDk0OGFlM2Q3MGQ0NWJiMDQ0OTRiMDY4MTg2NzIzMDMyN2U1OWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TZtKq/dUmPNlLokUYQx0O/UKOUO
Te+Py6892bGDh5M9Nn/GGrt8BLJ/jklQcJjV/N1c+Pow3d95exls+AX2GVHJCIRt
CfhuOkefXIoNzI07dHaRmUBC9+ZoBDXPL9FQqfoSe6YjOl1lMOy+quSqN4Ftbu6T
jA78nZkKjJYYSjy0QGniUSEo3P375TwLe/K3f2PuzUEld3Gc12m7lXZ18eZnheXO
30vHCJWsY0xYOblMYjEN+n/J7V3fCok4O9QXV81UJs+NOlaFxLxBhChVEaYcuV/V
hbEmS4upTF+pldyCrdlZrsKBbsMvPJ0md7tfUOp2cNxh9p1SxSz7CyiPnQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFNCUiuPXDUW7BElLBoGGcjAyflmiMB8GA1UdIwQY
MBaAFAdZ9qwXP3Xtnlhex9hypYZc7yg1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjFuMnJCY19kZTJlV0Y3SDJIS2xobHp2S0RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9kMmNkMWMtMDRiNS00NGQwLTgxZDUt
N2JlM2JkYTA1OTI3LzEvMEpTSzQ5Y05SYnNFU1VzR2dZWnlNREotV2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9kMmNkMWMtMDRiNS00NGQwLTgxZDUtN2JlM2JkYTA1OTI3
LzEvQjFuMnJCY19kZTJlV0Y3SDJIS2xobHp2S0RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCLYGsAwQC
VmmgAwQCuYjsAwQCuZhUAwQCueJsAwQCwocwMBQEAgACMA4DBQMqDYYAAwUDKg/c
QDANBgkqhkiG9w0BAQsFAAOCAQEAb/L2+sShvyK5ErZPH9Bez6wy178vYek1pivn
znnJ1EamwWz6RS0AN2j+CXggb1g+AZPaNjpFh8hVq8bwuqjkAJlONA3FnR29sqrA
Bq7lUPf6bR7FHQIZoSuktDEu7kV7GoRcaO/IxGFE57iZEJ3JW+t2ErVXT0joI1QI
GMW3Kp4cnUMtFIXy/2BGjdfAOSgBeZMdjLqHoy2wcacvLraOHBHsYM5X5TLCXmWA
/iZf7ndbbfjmUYYXbO2fHzAvsZaZL1CBlmpBMgVpY4ocq8UnbdnMP5/84nYBYDPz
oQ3RUb7iPcA75wNA0cT6ngMgk9BaHMWmaud+nzv4onhvMwcVgw==
-----END CERTIFICATE-----
Generated at Thu Mar 7 19:25:59 2024 by rpki-client on console-fra.rpki-client.org