Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/chVss1nBWKVVgc5OHHN7EEsXnnE.roa
File: chVss1nBWKVVgc5OHHN7EEsXnnE.roa (raw, json)
Hash identifier: r2EXhRi0jH1P2ItJBryeg/INviix2D0XFJVAjJsp8Q8=
Subject key identifier: 72:15:6C:B3:59:C1:58:A5:55:81:CE:4E:1C:73:7B:10:4B:17:9E:71
Certificate issuer: /CN=a4767bc5fbcbcefb1c1c747bb0eb5337dab691c0
Certificate serial: 018570CBED9241F1EA0198D12DCFC01F5934
Authority key identifier: A4:76:7B:C5:FB:CB:CE:FB:1C:1C:74:7B:B0:EB:53:37:DA:B6:91:C0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pHZ7xfvLzvscHHR7sOtTN9q2kcA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/chVss1nBWKVVgc5OHHN7EEsXnnE.roa
Signing time: Mon 02 Jan 2023 04:44:50 +0000
ROA not before: Mon 02 Jan 2023 04:44:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 30880
IP address blocks: 185.98.192.0/22 maxlen: 22
185.98.195.0/24 maxlen: 24
193.42.215.0/24 maxlen: 24
193.27.201.0/24 maxlen: 24
193.27.200.0/23 maxlen: 23
193.27.200.0/24 maxlen: 24
212.63.192.0/19 maxlen: 19
2a01:298::/32 maxlen: 32
2a01:299::/32 maxlen: 32
2a01:298:fd::/48 maxlen: 48
Validation: Failed, certificate revoked on Mon 01 Jan 2024 20:31:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:cb:ed:92:41:f1:ea:01:98:d1:2d:cf:c0:1f:59:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a4767bc5fbcbcefb1c1c747bb0eb5337dab691c0
Validity
Not Before: Jan 2 04:44:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=72156cb359c158a55581ce4e1c737b104b179e71
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:49:96:eb:8e:22:89:57:2a:b9:60:4a:cb:7e:
e2:b4:0a:0f:ac:32:c6:d5:ea:4e:55:04:24:6e:8a:
59:cc:49:53:eb:19:2a:71:3c:25:12:1d:a4:cb:1c:
fa:7f:06:9d:0b:3e:70:39:22:df:b0:b5:aa:55:fd:
95:77:7d:ce:5f:1e:fa:7a:18:94:91:c6:56:4b:6b:
b7:70:a9:7f:da:17:06:02:29:4f:3a:67:ae:88:73:
0f:cf:65:f4:87:7e:b2:56:89:ca:61:6a:bb:69:d4:
38:87:9d:db:16:fb:de:36:7c:aa:ee:b7:59:af:14:
a1:c5:87:cb:a6:5f:8f:4e:7b:02:27:a0:47:a6:12:
6a:25:56:ed:a8:63:0a:7f:14:e6:5c:ab:03:c8:79:
23:1b:93:99:2d:43:0d:83:d1:82:c6:a3:64:84:cd:
c8:6b:be:dd:9a:17:47:5b:c6:6b:f1:11:8c:f5:2f:
4d:81:03:fd:66:3f:d5:08:0a:2c:d3:80:89:95:f2:
ff:3a:58:b7:fe:53:04:5b:e6:0e:a7:1f:dd:c0:e1:
41:40:7a:19:14:42:71:27:6e:78:d9:12:1c:55:da:
c9:fe:a6:68:b3:00:7e:9c:ae:79:02:20:f8:dc:d8:
95:08:e8:d5:b4:70:4b:c6:b1:af:34:4d:15:73:07:
24:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:15:6C:B3:59:C1:58:A5:55:81:CE:4E:1C:73:7B:10:4B:17:9E:71
X509v3 Authority Key Identifier:
keyid:A4:76:7B:C5:FB:CB:CE:FB:1C:1C:74:7B:B0:EB:53:37:DA:B6:91:C0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pHZ7xfvLzvscHHR7sOtTN9q2kcA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/chVss1nBWKVVgc5OHHN7EEsXnnE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/8065d5-04d0-43e5-a2f4-041a48d2123f/1/pHZ7xfvLzvscHHR7sOtTN9q2kcA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.98.192.0/22
193.27.200.0/23
193.42.215.0/24
212.63.192.0/19
IPv6:
2a01:298::/31
Signature Algorithm: sha256WithRSAEncryption
06:c2:00:4a:90:d9:69:86:e5:ff:66:24:7e:46:52:a2:f9:fb:
1e:91:38:8a:f6:60:90:17:fc:17:49:d3:47:c0:4b:da:c6:87:
ed:2a:5d:e6:d6:e0:63:35:4e:31:02:a3:64:46:91:4b:5c:78:
fc:a6:4f:50:79:9d:52:dd:5b:e8:e6:e3:25:9b:0d:ad:75:0e:
76:fe:e9:87:ae:d6:b1:74:ef:b7:77:92:e3:4b:9b:82:01:1c:
f1:a9:70:b5:6d:1d:f3:6d:34:8e:6f:67:96:b0:6b:94:64:c1:
68:a8:82:32:45:85:31:d6:b2:e7:66:57:1a:61:9f:52:59:9a:
34:09:0c:b5:c0:a5:a1:6d:e8:7b:a0:d4:2b:b3:7b:9f:6b:cf:
3e:0e:76:dc:4b:91:c7:22:75:e7:1d:6f:66:27:50:7a:ad:0a:
d7:14:15:c4:28:f0:37:d3:86:7f:18:e5:ed:72:35:94:24:09:
5f:86:c9:23:f8:19:f7:71:e3:da:b9:60:b1:d5:2c:3d:ed:f6:
4a:53:b2:c2:76:d6:d3:98:43:1a:78:50:83:c4:23:05:f4:b6:
5e:09:2c:43:e0:76:a1:44:6a:2c:41:1c:18:91:58:97:0c:ad:
71:3e:dd:dd:d1:09:3b:b4:44:5d:20:cb:43:c8:b0:34:4e:9c:
e4:89:82:9f
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVwy+2SQfHqAZjRLc/AH1k0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NzY3YmM1ZmJjYmNlZmIxYzFjNzQ3YmIwZWI1MzM3ZGFi
NjkxYzAwHhcNMjMwMTAyMDQ0NDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjE1NmNiMzU5YzE1OGE1NTU4MWNlNGUxYzczN2IxMDRiMTc5ZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUmW644iiVcquWBKy37itAoPrDLG
1epOVQQkbopZzElT6xkqcTwlEh2kyxz6fwadCz5wOSLfsLWqVf2Vd33OXx76ehiU
kcZWS2u3cKl/2hcGAilPOmeuiHMPz2X0h36yVonKYWq7adQ4h53bFvveNnyq7rdZ
rxShxYfLpl+PTnsCJ6BHphJqJVbtqGMKfxTmXKsDyHkjG5OZLUMNg9GCxqNkhM3I
a77dmhdHW8Zr8RGM9S9NgQP9Zj/VCAos04CJlfL/Oli3/lMEW+YOpx/dwOFBQHoZ
FEJxJ2542RIcVdrJ/qZoswB+nK55AiD43NiVCOjVtHBLxrGvNE0VcwckmwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFHIVbLNZwVilVYHOThxzexBLF55xMB8GA1UdIwQY
MBaAFKR2e8X7y877HBx0e7DrUzfatpHAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEhaN3hmdkx6dnNjSEhSN3NPdFROOXEya2NBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS84MDY1ZDUtMDRkMC00M2U1LWEyZjQt
MDQxYTQ4ZDIxMjNmLzEvY2hWc3MxbkJXS1ZWZ2M1T0hITjdFRXNYbm5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS84MDY1ZDUtMDRkMC00M2U1LWEyZjQtMDQxYTQ4ZDIxMjNm
LzEvcEhaN3hmdkx6dnNjSEhSN3NPdFROOXEya2NBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQCuWLAAwQB
wRvIAwQAwSrXAwQF1D/AMA0EAgACMAcDBQEqAQKYMA0GCSqGSIb3DQEBCwUAA4IB
AQAGwgBKkNlphuX/ZiR+RlKi+fsekTiK9mCQF/wXSdNHwEvaxoftKl3m1uBjNU4x
AqNkRpFLXHj8pk9QeZ1S3Vvo5uMlmw2tdQ52/umHrtaxdO+3d5LjS5uCARzxqXC1
bR3zbTSOb2eWsGuUZMFoqIIyRYUx1rLnZlcaYZ9SWZo0CQy1wKWhbeh7oNQrs3uf
a88+DnbcS5HHInXnHW9mJ1B6rQrXFBXEKPA304Z/GOXtcjWUJAlfhskj+Bn3cePa
uWCx1Sw97fZKU7LCdtbTmEMaeFCDxCMF9LZeCSxD4HahRGosQRwYkViXDK1xPt3d
0Qk7tERdIMtDyLA0TpzkiYKf
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:14 2024 by rpki-client on console-fra.rpki-client.org