Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0iMP0XchB4oRuzsfGw3Rds4BVDw.roa
File: 0iMP0XchB4oRuzsfGw3Rds4BVDw.roa (raw, json)
Hash identifier: kGFtxskIZijtchY5ubRNsLRsJE3htEUo3RorOb6rZGY=
Subject key identifier: D2:23:0F:D1:77:21:07:8A:11:BB:3B:1F:1B:0D:D1:76:CE:01:54:3C
Certificate issuer: /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial: 019224034C893F324FACFE126D8EF143B6B9
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0iMP0XchB4oRuzsfGw3Rds4BVDw.roa
Signing time: Tue 24 Sep 2024 12:30:48 +0000
ROA not before: Tue 24 Sep 2024 12:30:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42473
IP address blocks: 152.53.0.0/16 maxlen: 24
152.53.9.0/24 maxlen: 24
152.53.24.0/24 maxlen: 24
152.53.30.0/24 maxlen: 24
152.53.36.0/22 maxlen: 24
152.53.48.0/22 maxlen: 22
152.53.59.0/24 maxlen: 24
152.53.62.0/24 maxlen: 24
152.53.64.0/22 maxlen: 24
152.53.69.0/24 maxlen: 24
152.53.75.0/24 maxlen: 24
152.53.78.0/24 maxlen: 24
152.53.100.0/22 maxlen: 22
152.53.104.0/22 maxlen: 22
152.53.108.0/22 maxlen: 22
Validation: Failed, certificate revoked on Fri 04 Oct 2024 14:50:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:24:03:4c:89:3f:32:4f:ac:fe:12:6d:8e:f1:43:b6:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Validity
Not Before: Sep 24 12:30:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d2230fd17721078a11bb3b1f1b0dd176ce01543c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:d0:e6:5b:f4:b1:a4:dd:cf:84:6c:41:1f:54:
e8:cd:36:f2:4c:d2:73:ff:a0:6b:5c:85:52:ea:8d:
26:9d:68:82:2c:1c:31:fb:b4:95:ed:9d:58:55:2d:
cb:3e:fd:a0:37:a0:af:ad:41:75:12:ef:47:ac:48:
d4:bd:e0:aa:06:2a:74:da:0c:bc:c1:04:ff:05:1f:
1e:4e:6b:91:2d:d9:4e:69:e6:4b:cb:bb:0c:1e:e5:
9a:6b:d2:29:f2:8f:05:69:9e:e8:75:0e:e3:c3:f3:
9a:96:21:1c:99:67:d3:df:b5:d3:75:fd:e6:6a:7c:
59:3d:9b:f9:b2:5a:4c:a1:51:8f:f6:42:3a:f5:ef:
f5:5d:16:2a:34:47:10:f3:2d:32:c0:a7:db:6e:30:
fc:bc:33:d5:89:12:a9:c5:19:7d:84:00:e8:55:10:
c8:c5:c5:3c:e2:74:1f:9c:64:04:20:3e:bb:fe:35:
e8:8d:43:a6:89:db:41:de:d3:ba:7b:9d:8a:dd:68:
70:db:fb:ea:b9:3e:27:ca:13:3c:bd:40:bd:35:d1:
28:98:a1:3c:69:57:10:b8:75:12:79:56:86:d5:5b:
e1:77:d6:1a:75:aa:17:28:ee:e7:7f:87:de:94:ef:
db:9c:1e:94:6e:66:f8:83:39:84:53:ce:a1:89:f5:
f4:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:23:0F:D1:77:21:07:8A:11:BB:3B:1F:1B:0D:D1:76:CE:01:54:3C
X509v3 Authority Key Identifier:
keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0iMP0XchB4oRuzsfGw3Rds4BVDw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.53.0.0/16
Signature Algorithm: sha256WithRSAEncryption
1c:3a:0a:59:d1:2e:79:ec:7d:95:2d:e5:ec:9d:70:18:cf:16:
ab:ee:0f:e3:93:a7:9b:bf:46:7d:c4:bc:1a:cb:fa:5a:7f:b9:
8c:48:f7:80:5c:a1:f3:30:e0:26:a0:83:f0:c7:1f:34:04:cb:
a1:23:ee:f2:ec:3a:a2:47:75:ac:25:86:5a:0f:12:1d:70:86:
1b:b1:58:16:c7:25:b2:de:f1:05:a2:14:03:56:57:28:f3:b9:
f9:f9:01:cb:72:b4:bc:23:7b:87:21:0b:8b:06:22:26:64:1d:
d9:68:57:ae:f0:43:a4:24:a6:73:3d:55:48:fb:4f:57:7b:db:
37:7b:9d:ac:f3:ad:e3:1b:d1:19:07:81:da:ed:8d:55:6a:70:
17:1b:4a:76:fe:20:63:22:77:0a:ce:1a:11:f0:30:2c:63:d9:
13:a5:00:ae:7a:e6:52:f2:5e:9a:fc:0b:04:85:e2:ba:68:d3:
e1:35:69:3c:14:f0:a3:48:9d:d2:12:2a:fb:33:4a:f5:60:b8:
e3:3e:9d:da:e4:2c:dd:1a:ae:73:3f:28:6e:28:f1:d9:41:c5:
76:8c:45:d4:4d:ef:10:0b:08:4d:52:0b:0b:6b:48:06:08:df:
bb:16:12:3a:6f:1f:cf:be:4f:6d:b2:aa:4a:60:7d:4c:e3:5d:
62:41:08:e5
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZIkA0yJPzJPrP4SbY7xQ7a5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjQwOTI0MTIzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjIzMGZkMTc3MjEwNzhhMTFiYjNiMWYxYjBkZDE3NmNlMDE1NDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdDmW/SxpN3PhGxBH1TozTbyTNJz
/6BrXIVS6o0mnWiCLBwx+7SV7Z1YVS3LPv2gN6CvrUF1Eu9HrEjUveCqBip02gy8
wQT/BR8eTmuRLdlOaeZLy7sMHuWaa9Ip8o8FaZ7odQ7jw/OaliEcmWfT37XTdf3m
anxZPZv5slpMoVGP9kI69e/1XRYqNEcQ8y0ywKfbbjD8vDPViRKpxRl9hADoVRDI
xcU84nQfnGQEID67/jXojUOmidtB3tO6e52K3Whw2/vquT4nyhM8vUC9NdEomKE8
aVcQuHUSeVaG1Vvhd9YadaoXKO7nf4felO/bnB6Ubmb4gzmEU86hifX0MwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFNIjD9F3IQeKEbs7HxsN0XbOAVQ8MB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvMGlNUDBYY2hCNG9SdXpzZkd3M1JkczRCVkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBABw6ClnRLnnsfZUt5eydcBjPFqvuD+OTp5u/Rn3EvBrL
+lp/uYxI94BcofMw4Cagg/DHHzQEy6Ej7vLsOqJHdawlhloPEh1whhuxWBbHJbLe
8QWiFANWVyjzufn5ActytLwje4chC4sGIiZkHdloV67wQ6QkpnM9VUj7T1d72zd7
nazzreMb0RkHgdrtjVVqcBcbSnb+IGMidwrOGhHwMCxj2ROlAK565lLyXpr8CwSF
4rpo0+E1aTwU8KNIndISKvszSvVguOM+ndrkLN0arnM/KG4o8dlBxXaMRdRN7xAL
CE1SCwtrSAYI37sWEjpvH8++T22yqkpgfUzjXWJBCOU=
-----END CERTIFICATE-----
Generated at Fri Oct 4 18:58:46 2024 by rpki-client on console-fra.rpki-client.org