Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/3lUY0FHZVR6mQ3WM4K3_kMOEfoI.roa
File: 3lUY0FHZVR6mQ3WM4K3_kMOEfoI.roa (raw, json)
Hash identifier: SFsBKXD+mhhmQX/DEEQsKSefUrXgESgSPAyVSRxCneA=
Subject key identifier: DE:55:18:D0:51:D9:55:1E:A6:43:75:8C:E0:AD:FF:90:C3:84:7E:82
Certificate issuer: /CN=a088b0547f09fe9224050d70a523da5bedbe0738
Certificate serial: 018E66883008CF797D0DAFA966D359C37746
Authority key identifier: A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/3lUY0FHZVR6mQ3WM4K3_kMOEfoI.roa
Signing time: Fri 22 Mar 2024 14:19:45 +0000
ROA not before: Fri 22 Mar 2024 14:19:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212027
IP address blocks: 37.230.138.0/24 maxlen: 24
45.143.196.0/22 maxlen: 24
81.16.176.0/24 maxlen: 24
81.16.177.0/24 maxlen: 24
91.208.92.0/24 maxlen: 24
188.64.33.0/24 maxlen: 24
194.164.96.0/24 maxlen: 24
194.213.3.0/24 maxlen: 24
213.170.135.0/24 maxlen: 24
2a10:e780::/40 maxlen: 40
Validation: Failed, certificate revoked on Fri 12 Jul 2024 13:12:34 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:66:88:30:08:cf:79:7d:0d:af:a9:66:d3:59:c3:77:46
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a088b0547f09fe9224050d70a523da5bedbe0738
Validity
Not Before: Mar 22 14:19:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=de5518d051d9551ea643758ce0adff90c3847e82
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:a1:76:34:54:04:44:92:4b:8e:da:26:f0:bb:
f2:7c:7b:5c:f0:d5:f0:ce:8d:31:15:81:7d:63:21:
fd:65:01:61:ec:a6:f5:df:d5:db:22:1f:3e:61:0d:
87:9d:7c:00:a4:43:4c:30:a5:97:c6:ea:53:23:31:
72:59:0e:99:f7:87:7c:ff:eb:7a:7d:68:d5:c2:85:
f1:3a:ee:ce:cd:27:46:01:ef:f3:20:5a:fc:3d:4e:
e1:d2:10:6e:06:62:7a:e0:74:3e:85:93:d2:64:98:
37:69:87:9f:d1:1a:37:3e:63:af:7c:3a:05:b3:c1:
ea:fa:6b:b6:0a:9b:32:d1:8b:d5:05:2d:80:3e:e0:
6b:41:c5:45:24:52:48:23:a4:d4:e3:1b:2f:62:b8:
db:4c:09:7f:6a:28:a2:9f:3d:c2:1a:e2:3f:63:9a:
44:91:73:bb:7f:ad:39:db:ca:a0:94:68:ab:51:b1:
f8:59:31:83:b5:95:80:d0:ff:9c:33:bf:11:a0:cd:
b3:cb:e3:ca:97:81:cd:29:76:49:de:1f:f9:7e:5a:
26:11:c6:d1:b0:fa:27:e8:42:ee:e7:f4:f1:6c:e2:
d7:27:c9:c4:d5:ba:33:f2:20:bc:38:a6:4c:c0:7e:
91:ff:0d:7c:b5:d7:01:d3:37:d2:48:0d:e3:47:73:
bc:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:55:18:D0:51:D9:55:1E:A6:43:75:8C:E0:AD:FF:90:C3:84:7E:82
X509v3 Authority Key Identifier:
keyid:A0:88:B0:54:7F:09:FE:92:24:05:0D:70:A5:23:DA:5B:ED:BE:07:38
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/3lUY0FHZVR6mQ3WM4K3_kMOEfoI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/86/d90635-b282-4e86-9e53-df82fa897326/1/oIiwVH8J_pIkBQ1wpSPaW-2-Bzg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.230.138.0/24
45.143.196.0/22
81.16.176.0/23
91.208.92.0/24
188.64.33.0/24
194.164.96.0/24
194.213.3.0/24
213.170.135.0/24
IPv6:
2a10:e780::/40
Signature Algorithm: sha256WithRSAEncryption
4a:21:ec:66:e3:0d:54:d4:93:d3:17:75:97:ba:14:fc:77:a1:
e4:dc:40:47:d8:00:5d:a6:cc:d0:da:11:96:18:a5:cc:16:50:
28:c6:a0:7b:d4:3d:95:e2:f0:88:b4:39:8a:3d:aa:87:5e:dd:
60:bd:7f:62:d0:8e:9f:5d:ad:1b:5f:4b:f3:2b:b5:ff:18:21:
74:2b:b6:d7:73:c2:b8:a9:80:1c:cf:25:32:90:b7:a7:50:84:
81:b9:fd:55:30:3b:3b:7a:b3:dd:35:f0:bd:d6:54:30:71:aa:
4a:6b:0d:86:1e:93:0e:13:90:e6:84:4d:7a:e8:48:9b:39:17:
c0:d6:56:86:24:e8:c2:b2:a2:9b:94:b4:37:7a:f4:08:8d:b6:
6f:f8:d1:31:d1:e3:df:fd:93:57:c6:b7:63:4e:5d:0b:f7:b6:
58:cf:48:5a:d3:d5:a0:30:ce:34:3f:e7:0e:90:d7:f1:e3:29:
e3:33:7e:61:f1:0e:64:47:58:83:14:7b:5a:a8:de:67:00:b1:
03:35:44:7d:82:f5:4e:f5:e8:e0:21:98:7a:68:82:d6:53:13:
81:ca:d4:98:3e:be:3c:33:53:b7:84:e2:6c:99:92:90:ff:c4:
bd:4c:75:5f:62:86:23:e7:7a:6e:9c:43:a4:81:7c:ee:30:c2:
7b:5e:ec:77
-----BEGIN CERTIFICATE-----
MIIFNzCCBB+gAwIBAgISAY5miDAIz3l9Da+pZtNZw3dGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwODhiMDU0N2YwOWZlOTIyNDA1MGQ3MGE1MjNkYTViZWRi
ZTA3MzgwHhcNMjQwMzIyMTQxOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTU1MThkMDUxZDk1NTFlYTY0Mzc1OGNlMGFkZmY5MGMzODQ3ZTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6F2NFQERJJLjtom8LvyfHtc8NXw
zo0xFYF9YyH9ZQFh7Kb139XbIh8+YQ2HnXwApENMMKWXxupTIzFyWQ6Z94d8/+t6
fWjVwoXxOu7OzSdGAe/zIFr8PU7h0hBuBmJ64HQ+hZPSZJg3aYef0Ro3PmOvfDoF
s8Hq+mu2Cpsy0YvVBS2APuBrQcVFJFJII6TU4xsvYrjbTAl/aiiinz3CGuI/Y5pE
kXO7f60528qglGirUbH4WTGDtZWA0P+cM78RoM2zy+PKl4HNKXZJ3h/5flomEcbR
sPon6ELu5/TxbOLXJ8nE1boz8iC8OKZMwH6R/w18tdcB0zfSSA3jR3O82wIDAQAB
o4ICQzCCAj8wHQYDVR0OBBYEFN5VGNBR2VUepkN1jOCt/5DDhH6CMB8GA1UdIwQY
MBaAFKCIsFR/Cf6SJAUNcKUj2lvtvgc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMt
ZGY4MmZhODk3MzI2LzEvM2xVWTBGSFpWUjZtUTNXTTRLM19rTU9FZm9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni9kOTA2MzUtYjI4Mi00ZTg2LTllNTMtZGY4MmZhODk3MzI2
LzEvb0lpd1ZIOEpfcElrQlExd3BTUGFXLTItQnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFkGCCsGAQUFBwEHAQH/BEowSDA2BAIAATAwAwQAJeaKAwQC
LY/EAwQBURCwAwQAW9BcAwQAvEAhAwQAwqRgAwQAwtUDAwQA1aqHMA4EAgACMAgD
BgAqEOeAADANBgkqhkiG9w0BAQsFAAOCAQEASiHsZuMNVNST0xd1l7oU/Heh5NxA
R9gAXabM0NoRlhilzBZQKMage9Q9leLwiLQ5ij2qh17dYL1/YtCOn12tG19L8yu1
/xghdCu213PCuKmAHM8lMpC3p1CEgbn9VTA7O3qz3TXwvdZUMHGqSmsNhh6TDhOQ
5oRNeuhImzkXwNZWhiTowrKim5S0N3r0CI22b/jRMdHj3/2TV8a3Y05dC/e2WM9I
WtPVoDDOND/nDpDX8eMp4zN+YfEOZEdYgxR7WqjeZwCxAzVEfYL1TvXo4CGYemiC
1lMTgcrUmD6+PDNTt4TibJmSkP/EvUx1X2KGI+d6bpxDpIF87jDCe17sdw==
-----END CERTIFICATE-----
Generated at Fri Jul 12 14:49:06 2024 by rpki-client on console-fra.rpki-client.org