Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/435l3JLWANrx_VLja3oa9Vs4UuU.roa
File: 435l3JLWANrx_VLja3oa9Vs4UuU.roa (raw, json)
Hash identifier: 549LoAPHFL9Vf36QQB9bC3GMVMRSQyiG8UfQ6h5sB64=
Subject key identifier: E3:7E:65:DC:92:D6:00:DA:F1:FD:52:E3:6B:7A:1A:F5:5B:38:52:E5
Certificate issuer: /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial: 018E5A1E66A106307114F8C13F9584CB68D6
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/435l3JLWANrx_VLja3oa9Vs4UuU.roa
Signing time: Wed 20 Mar 2024 04:28:45 +0000
ROA not before: Wed 20 Mar 2024 04:28:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 30738
IP address blocks: 46.8.224.0/20 maxlen: 24
109.248.240.0/22 maxlen: 24
188.130.154.0/24 maxlen: 24
188.130.182.0/24 maxlen: 24
188.130.252.0/23 maxlen: 24
195.211.53.0/24 maxlen: 24
2001:1468::/32 maxlen: 33
2001:1468:8000::/36 maxlen: 36
Validation: Failed, certificate revoked on Wed 20 Mar 2024 06:10:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:5a:1e:66:a1:06:30:71:14:f8:c1:3f:95:84:cb:68:d6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
Validity
Not Before: Mar 20 04:28:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e37e65dc92d600daf1fd52e36b7a1af55b3852e5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:df:2a:33:52:28:fb:41:0e:ed:e0:6a:3f:a5:
cd:42:1d:5b:74:7e:a9:e7:ba:c0:72:e0:ed:ad:c3:
aa:d3:ef:86:a7:42:c4:63:4f:13:bc:ad:f9:a5:75:
08:a6:d6:b5:3c:b4:6d:49:ab:02:cd:fe:25:19:2f:
20:2c:e3:94:b4:60:bc:a3:07:97:ef:2f:c6:13:05:
0f:57:7a:52:30:70:55:bf:9a:94:db:f1:5e:d0:5f:
32:c0:0e:b6:d2:0a:6a:45:41:c1:90:76:9e:b0:76:
35:72:a1:88:ec:f0:8e:7d:c3:14:d5:e5:ab:dc:d7:
8a:59:73:8d:fe:27:49:60:b0:3f:31:a0:5b:f7:7a:
ef:7c:3d:08:11:17:e1:19:46:03:15:10:21:dd:5b:
03:28:1c:9d:f6:46:e6:df:45:9d:05:c9:4b:b3:57:
d2:bd:94:c6:fb:6f:33:9c:65:50:fe:20:e8:32:2f:
28:5c:95:f1:55:4f:85:80:45:c3:b0:8e:bd:7f:2a:
40:87:f7:38:54:32:a3:7f:e8:41:e1:02:d9:5a:40:
37:53:d0:3d:39:38:30:61:11:46:53:6f:ff:cd:b0:
72:c1:13:a2:3e:94:2c:56:d0:2a:6e:b9:92:c2:13:
c3:b3:54:03:36:f2:5d:3c:e2:65:8e:fc:89:97:44:
3f:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:7E:65:DC:92:D6:00:DA:F1:FD:52:E3:6B:7A:1A:F5:5B:38:52:E5
X509v3 Authority Key Identifier:
keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/435l3JLWANrx_VLja3oa9Vs4UuU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.8.224.0/20
109.248.240.0/22
188.130.154.0/24
188.130.182.0/24
188.130.252.0/23
195.211.53.0/24
IPv6:
2001:1468::/32
Signature Algorithm: sha256WithRSAEncryption
40:65:01:63:4a:83:58:65:a8:a7:65:3b:40:e1:13:b6:54:c9:
1c:cf:55:42:76:51:6a:ef:c9:37:6d:71:af:87:23:d4:b1:4d:
72:d4:3a:be:a4:46:9b:e6:82:1b:1e:73:28:04:30:9f:5e:0f:
f3:9f:a9:07:12:dc:8b:ec:7d:00:57:ad:65:8e:d8:c3:d0:85:
a6:bb:01:b9:56:31:b3:b8:f7:8b:47:d6:0c:4c:a6:ee:59:fd:
6d:77:4c:3c:fe:90:fc:b7:ba:0b:4f:94:7b:38:fe:c4:6e:4c:
73:aa:84:ff:14:69:e9:63:21:54:e7:29:ea:0f:74:fb:4a:a4:
0d:1b:8b:f5:da:16:4f:2e:7f:36:84:d2:d3:47:18:ff:a8:7b:
09:7d:a0:fc:b4:ea:74:1f:8e:25:12:4a:ad:63:53:30:dc:b0:
66:be:63:b5:a3:2a:b2:e5:6c:e5:aa:bc:82:7a:06:23:7a:5d:
98:fb:1f:ee:ad:bd:14:12:6e:0d:d3:2e:56:d3:63:db:34:c8:
17:3f:84:a7:b2:e2:ad:38:2d:ca:e9:9b:35:72:ba:32:d2:b8:
9c:2e:e6:73:bf:5a:7d:c5:49:b9:b9:13:28:6f:2f:ac:b2:97:
a2:88:03:33:9a:9f:67:e8:ad:15:84:83:48:17:fa:20:19:58:
30:48:e5:bb
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAY5aHmahBjBxFPjBP5WEy2jWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMzIwMDQyODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzdlNjVkYzkyZDYwMGRhZjFmZDUyZTM2YjdhMWFmNTViMzg1MmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo98qM1Io+0EO7eBqP6XNQh1bdH6p
57rAcuDtrcOq0++Gp0LEY08TvK35pXUIpta1PLRtSasCzf4lGS8gLOOUtGC8oweX
7y/GEwUPV3pSMHBVv5qU2/Fe0F8ywA620gpqRUHBkHaesHY1cqGI7PCOfcMU1eWr
3NeKWXON/idJYLA/MaBb93rvfD0IERfhGUYDFRAh3VsDKByd9kbm30WdBclLs1fS
vZTG+28znGVQ/iDoMi8oXJXxVU+FgEXDsI69fypAh/c4VDKjf+hB4QLZWkA3U9A9
OTgwYRFGU2//zbBywROiPpQsVtAqbrmSwhPDs1QDNvJdPOJljvyJl0Q/ZwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFON+ZdyS1gDa8f1S42t6GvVbOFLlMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvNDM1bDNKTFdBTnJ4X1ZMamEzb2E5VnM0VXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQELgjgAwQC
bfjwAwQAvIKaAwQAvIK2AwQBvIL8AwQAw9M1MA0EAgACMAcDBQAgARRoMA0GCSqG
SIb3DQEBCwUAA4IBAQBAZQFjSoNYZainZTtA4RO2VMkcz1VCdlFq78k3bXGvhyPU
sU1y1Dq+pEab5oIbHnMoBDCfXg/zn6kHEtyL7H0AV61ljtjD0IWmuwG5VjGzuPeL
R9YMTKbuWf1td0w8/pD8t7oLT5R7OP7EbkxzqoT/FGnpYyFU5ynqD3T7SqQNG4v1
2hZPLn82hNLTRxj/qHsJfaD8tOp0H44lEkqtY1Mw3LBmvmO1oyqy5WzlqryCegYj
el2Y+x/urb0UEm4N0y5W02PbNMgXP4SnsuKtOC3K6Zs1croy0ricLuZzv1p9xUm5
uRMoby+sspeiiAMzmp9n6K0VhINIF/ogGVgwSOW7
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:00 2024 by rpki-client on console-ams.rpki-client.org