Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CBpf7ejRZ1hbt7qnErsznxFtXgk.roa
File: CBpf7ejRZ1hbt7qnErsznxFtXgk.roa (raw, json)
Hash identifier: rVApYqPHiAvEcc92u9kWYCZ+DbIBe34ypcOMi+XOrcY=
Subject key identifier: 08:1A:5F:ED:E8:D1:67:58:5B:B7:BA:A7:12:BB:33:9F:11:6D:5E:09
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 018E2BF6112E53ADDFA48402B5857E98EC19
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CBpf7ejRZ1hbt7qnErsznxFtXgk.roa
Signing time: Mon 11 Mar 2024 05:22:10 +0000
ROA not before: Mon 11 Mar 2024 05:22:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 38136
IP address blocks: 5.34.216.0/21 maxlen: 24
5.226.48.0/22 maxlen: 24
45.137.180.0/22 maxlen: 24
178.236.36.0/22 maxlen: 24
185.36.192.0/22 maxlen: 24
185.220.236.0/22 maxlen: 24
185.248.184.0/22 maxlen: 24
188.253.4.0/22 maxlen: 24
188.253.112.0/21 maxlen: 24
212.87.192.0/22 maxlen: 24
Validation: Failed, certificate revoked on Fri 29 Mar 2024 06:19:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:2b:f6:11:2e:53:ad:df:a4:84:02:b5:85:7e:98:ec:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Mar 11 05:22:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=081a5fede8d167585bb7baa712bb339f116d5e09
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:d9:a0:7b:3d:b8:3f:cf:80:21:cc:c9:c7:ca:
39:be:b4:41:21:f3:90:c6:74:0f:76:73:fe:76:97:
56:ad:f1:4c:eb:f6:6e:c4:98:ac:10:66:ca:6a:ee:
ec:80:44:e7:df:dd:b5:80:81:6a:21:0a:1e:68:5a:
62:a0:74:e5:01:2e:48:40:b4:0a:09:c5:7e:6e:60:
0b:20:0d:72:eb:65:5e:85:66:69:ac:59:94:da:07:
90:a3:ba:91:90:de:04:03:57:a8:ce:ec:b3:2d:85:
5a:b6:c3:2a:10:ba:e8:5f:be:34:85:f5:82:48:52:
68:99:0b:c0:1d:44:08:02:14:ec:85:c5:72:7a:7a:
8b:e6:29:0d:f3:74:9a:70:5e:19:d6:51:f5:da:02:
ec:4e:d9:63:70:e2:3c:c7:0e:ba:25:79:8e:64:1a:
24:90:77:94:81:56:0c:63:4e:5a:96:ae:d4:b1:ba:
f3:e0:b8:c9:47:e0:00:aa:ea:dd:3d:cb:26:88:98:
50:ee:66:21:f8:95:6d:2d:4c:1f:36:3b:3a:f1:de:
3c:fd:5b:b3:39:bd:3f:1e:a8:a4:7b:37:de:35:1d:
b8:bd:8d:49:39:e4:91:6c:a2:9d:62:48:1a:df:58:
09:04:4b:a2:c8:d5:25:34:93:88:c6:4c:33:38:5f:
63:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:1A:5F:ED:E8:D1:67:58:5B:B7:BA:A7:12:BB:33:9F:11:6D:5E:09
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/CBpf7ejRZ1hbt7qnErsznxFtXgk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.34.216.0/21
5.226.48.0/22
45.137.180.0/22
178.236.36.0/22
185.36.192.0/22
185.220.236.0/22
185.248.184.0/22
188.253.4.0/22
188.253.112.0/21
212.87.192.0/22
Signature Algorithm: sha256WithRSAEncryption
58:81:15:73:0e:69:fd:cc:0d:e8:9a:98:9d:8e:5d:e8:83:97:
ea:36:b0:08:bd:08:8e:d3:38:83:2a:65:ea:5b:dc:1f:d6:f1:
ec:4c:64:2f:57:fb:ab:c6:bb:73:03:3b:89:b2:5d:ff:46:f1:
bb:76:c9:96:7b:9f:53:14:74:28:ed:ca:71:3f:8a:1a:7e:9f:
58:21:a8:b1:b6:6e:9f:b6:26:f4:cd:ce:3e:38:fa:95:98:c8:
d8:27:46:b9:99:01:13:c7:a4:15:3b:37:4f:5e:48:6c:39:a8:
ec:27:59:0d:3f:31:12:51:e6:2a:70:92:3d:78:ec:70:79:5b:
bb:cf:e0:63:40:2b:ea:a5:56:8c:0c:17:03:42:7a:20:4d:cd:
49:31:2c:d6:32:2e:b8:fd:a4:44:cd:29:1d:35:e1:2a:00:4c:
81:11:d0:f7:89:06:1e:b0:bb:d3:03:5b:ba:ad:91:ad:58:64:
6c:0b:1b:f2:83:6f:5d:c2:9d:d3:41:70:74:3b:f6:27:c4:b3:
55:10:a5:b8:9d:76:b4:a0:c8:51:a2:0e:a3:48:bf:08:95:93:
6c:1a:43:04:0b:95:fe:fb:7c:79:4f:94:14:23:97:7a:fb:2e:
14:fd:7a:b3:c1:df:01:7f:7c:41:fa:96:5a:9b:8e:11:18:5c:
af:dd:d5:a4
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAY4r9hEuU63fpIQCtYV+mOwZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMzExMDUyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODFhNWZlZGU4ZDE2NzU4NWJiN2JhYTcxMmJiMzM5ZjExNmQ1ZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhtmgez24P8+AIczJx8o5vrRBIfOQ
xnQPdnP+dpdWrfFM6/ZuxJisEGbKau7sgETn3921gIFqIQoeaFpioHTlAS5IQLQK
CcV+bmALIA1y62VehWZprFmU2geQo7qRkN4EA1eozuyzLYVatsMqELroX740hfWC
SFJomQvAHUQIAhTshcVyenqL5ikN83SacF4Z1lH12gLsTtljcOI8xw66JXmOZBok
kHeUgVYMY05alq7Usbrz4LjJR+AAqurdPcsmiJhQ7mYh+JVtLUwfNjs68d48/Vuz
Ob0/HqikezfeNR24vY1JOeSRbKKdYkga31gJBEuiyNUlNJOIxkwzOF9j4wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAgaX+3o0WdYW7e6pxK7M58RbV4JMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvQ0JwZjdlalJaMWhidDdxbkVyc3pueEZ0WGdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQDBSLYAwQC
BeIwAwQCLYm0AwQCsuwkAwQCuSTAAwQCudzsAwQCufi4AwQCvP0EAwQDvP1wAwQC
1FfAMA0GCSqGSIb3DQEBCwUAA4IBAQBYgRVzDmn9zA3ompidjl3og5fqNrAIvQiO
0ziDKmXqW9wf1vHsTGQvV/urxrtzAzuJsl3/RvG7dsmWe59TFHQo7cpxP4oafp9Y
Iaixtm6ftib0zc4+OPqVmMjYJ0a5mQETx6QVOzdPXkhsOajsJ1kNPzESUeYqcJI9
eOxweVu7z+BjQCvqpVaMDBcDQnogTc1JMSzWMi64/aREzSkdNeEqAEyBEdD3iQYe
sLvTA1u6rZGtWGRsCxvyg29dwp3TQXB0O/YnxLNVEKW4nXa0oMhRog6jSL8IlZNs
GkMEC5X++3x5T5QUI5d6+y4U/Xqzwd8Bf3xB+pZam44RGFyv3dWk
-----END CERTIFICATE-----
Generated at Fri Mar 29 07:14:13 2024 by rpki-client on console-ams.rpki-client.org