Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/xZXYqTOSiYMuxrUwlXsgoTNIsxc.roa
File: xZXYqTOSiYMuxrUwlXsgoTNIsxc.roa (raw, json)
Hash identifier: NorVU59hW8axGiln6dq23QDohez/LmNQM5kr8Rw+7o0=
Subject key identifier: C5:95:D8:A9:33:92:89:83:2E:C6:B5:30:95:7B:20:A1:33:48:B3:17
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 018CC7933B4744839D6DA216E2E18E8EB7EC
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/xZXYqTOSiYMuxrUwlXsgoTNIsxc.roa
Signing time: Tue 02 Jan 2024 00:29:24 +0000
ROA not before: Tue 02 Jan 2024 00:29:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 171.22.144.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 20
95.111.144.0/20 maxlen: 20
Validation: Failed, certificate revoked on Tue 06 Feb 2024 14:16:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:93:3b:47:44:83:9d:6d:a2:16:e2:e1:8e:8e:b7:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 2 00:29:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c595d8a9339289832ec6b530957b20a13348b317
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ea:60:0f:52:71:cd:69:d6:a5:85:ef:35:b1:
10:41:36:30:08:69:a7:5a:b1:b2:23:2e:0d:29:b7:
4e:5d:6f:fa:9e:07:11:93:27:4e:bc:a9:6a:3b:a4:
88:51:f2:9c:49:5c:52:87:e7:80:2c:61:4e:f2:00:
22:2c:e4:81:03:f9:84:db:c2:7e:e1:fe:44:46:eb:
8f:33:2a:24:56:ab:1d:26:6c:8c:18:9a:82:cf:16:
bb:4b:a6:86:89:86:f8:94:2d:19:40:5a:4d:96:81:
25:8b:db:12:f0:5b:cf:29:c5:11:13:af:d5:13:61:
6c:63:29:ad:f9:a5:05:be:41:ec:a3:98:dd:d0:d2:
50:5c:35:05:67:04:dc:8f:03:5e:5e:d1:2d:5c:8f:
d5:40:bd:b5:e3:c7:20:4d:57:3c:9e:62:07:27:64:
9f:c4:01:be:c9:e3:be:ad:8c:13:9e:b0:46:30:58:
8c:45:51:98:41:b8:f5:1e:46:7b:b5:a0:e1:62:2f:
7f:40:74:31:be:c6:86:87:98:33:93:9b:f2:95:34:
fe:f5:f1:97:d9:a0:57:ad:18:80:f6:7b:ab:3c:ef:
2d:d4:13:28:a9:dc:3b:93:3a:4d:6d:27:6f:ac:9c:
26:0c:ce:ba:80:d1:20:b2:0e:42:d9:cb:ed:12:04:
1a:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:95:D8:A9:33:92:89:83:2E:C6:B5:30:95:7B:20:A1:33:48:B3:17
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/xZXYqTOSiYMuxrUwlXsgoTNIsxc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.103.120.0/21
95.111.128.0/19
171.22.144.0/24
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
29:12:83:9d:73:71:4b:41:33:0f:b0:80:30:91:4a:53:ed:40:
d2:f2:f8:1d:21:27:63:87:6b:6d:cd:d6:8f:af:dd:51:9c:cf:
35:b8:7a:c3:81:df:65:d0:75:d9:da:68:9b:9c:25:ce:0e:c1:
0f:12:97:0c:ae:a5:20:cc:0b:a0:c9:53:17:34:9f:b9:a3:bd:
96:b7:7e:b3:b9:91:e8:b0:be:30:fa:6c:71:1c:15:5a:90:51:
2b:85:a8:f3:46:5e:c8:f7:ee:6a:82:91:c3:a3:55:34:cf:eb:
61:31:52:3c:8e:6f:10:cf:41:8b:17:6f:df:26:f2:e8:42:23:
22:84:15:7e:68:54:2c:c1:97:6e:ce:16:50:7a:69:da:40:d9:
07:49:a9:04:75:7e:68:5d:d8:17:12:be:2d:0a:ce:0a:d3:22:
6a:9d:1e:f7:fe:93:45:7a:71:85:a2:64:35:1d:b3:f1:7c:9a:
57:5a:77:6b:37:30:42:94:13:80:03:d5:a5:66:d8:9c:40:3a:
c3:fe:61:28:56:91:87:2e:49:46:ba:59:bc:0a:92:ba:5f:8d:
24:60:3e:d2:c4:30:72:c3:f5:18:dd:fa:9f:9f:ec:73:fd:f8:
fc:d0:a7:5e:cf:ea:f3:2e:3f:fb:96:e0:50:08:7d:3c:e5:53:
4e:ed:0a:3f
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzHkztHRIOdbaIW4uGOjrfsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjQwMTAyMDAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTk1ZDhhOTMzOTI4OTgzMmVjNmI1MzA5NTdiMjBhMTMzNDhiMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOpgD1JxzWnWpYXvNbEQQTYwCGmn
WrGyIy4NKbdOXW/6ngcRkydOvKlqO6SIUfKcSVxSh+eALGFO8gAiLOSBA/mE28J+
4f5ERuuPMyokVqsdJmyMGJqCzxa7S6aGiYb4lC0ZQFpNloEli9sS8FvPKcURE6/V
E2FsYymt+aUFvkHso5jd0NJQXDUFZwTcjwNeXtEtXI/VQL2148cgTVc8nmIHJ2Sf
xAG+yeO+rYwTnrBGMFiMRVGYQbj1HkZ7taDhYi9/QHQxvsaGh5gzk5vylTT+9fGX
2aBXrRiA9nurPO8t1BMoqdw7kzpNbSdvrJwmDM66gNEgsg5C2cvtEgQa7QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMWV2KkzkomDLsa1MJV7IKEzSLMXMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEveFpYWXFUT1NpWU11eHJVd2xYc2dvVE5Jc3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDW2d4AwQF
X2+AAwQAqxaQAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQApEoOdc3FLQTMPsIAw
kUpT7UDS8vgdISdjh2ttzdaPr91RnM81uHrDgd9l0HXZ2mibnCXODsEPEpcMrqUg
zAugyVMXNJ+5o72Wt36zuZHosL4w+mxxHBVakFErhajzRl7I9+5qgpHDo1U0z+th
MVI8jm8Qz0GLF2/fJvLoQiMihBV+aFQswZduzhZQemnaQNkHSakEdX5oXdgXEr4t
Cs4K0yJqnR73/pNFenGFomQ1HbPxfJpXWndrNzBClBOAA9WlZticQDrD/mEoVpGH
LklGulm8CpK6X40kYD7SxDByw/UY3fqfn+xz/fj80Kdez+rzLj/7luBQCH085VNO
7Qo/
-----END CERTIFICATE-----
Generated at Tue Feb 6 18:22:38 2024 by rpki-client on console-fra.rpki-client.org