Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6OUgwfWQiaTQg0NfI6_0-CgpqLw.roa
File: 6OUgwfWQiaTQg0NfI6_0-CgpqLw.roa (raw, json)
Hash identifier: ab79bErELSMyJnhW928h9h/zVnHYTYqRU2LM5rpZncA=
Subject key identifier: E8:E5:20:C1:F5:90:89:A4:D0:83:43:5F:23:AF:F4:F8:28:29:A8:BC
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018EF54F69A95F0AF93A05E6DE9B57154567
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6OUgwfWQiaTQg0NfI6_0-CgpqLw.roa
Signing time: Fri 19 Apr 2024 07:43:26 +0000
ROA not before: Fri 19 Apr 2024 07:43:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20473
IP address blocks: 81.5.189.0/24 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.176.0/24 maxlen: 24
89.213.183.0/24 maxlen: 24
212.38.74.0/24 maxlen: 24
212.38.79.0/24 maxlen: 24
212.38.84.0/24 maxlen: 24
213.130.138.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 30 Apr 2024 07:54:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f5:4f:69:a9:5f:0a:f9:3a:05:e6:de:9b:57:15:45:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 19 07:43:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=e8e520c1f59089a4d083435f23aff4f82829a8bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:ff:1f:73:db:06:d5:b8:14:57:c4:33:b4:85:
f3:07:7a:13:d7:1b:29:3b:79:bb:83:dd:9c:9a:d8:
d7:90:f2:02:3c:8f:c6:45:39:ba:33:e3:95:54:1a:
96:62:a9:de:be:8a:3f:23:10:a3:df:f1:ec:01:e9:
ae:94:f4:79:49:1e:35:f0:3b:af:55:0e:04:97:24:
95:5e:69:85:e2:41:1c:a8:27:e7:8a:29:42:52:a5:
ba:86:e8:fe:7a:fa:52:f4:2b:e9:c9:37:3a:41:53:
96:1b:12:42:c5:c5:eb:26:ae:b0:0a:9c:11:66:4c:
df:a4:71:ea:56:56:45:ec:8d:39:9d:1c:d7:16:80:
36:a9:53:df:44:e5:66:b7:6c:3e:fe:77:46:5f:16:
45:db:c7:94:0e:a3:57:32:99:86:75:5c:b4:65:ca:
24:91:36:fc:4c:84:81:49:45:34:ba:14:3e:7f:c6:
c3:75:3b:f4:3b:ac:dd:67:45:f7:eb:ba:1b:4d:ad:
f9:63:17:30:97:26:8d:76:76:5c:42:7d:df:1f:1a:
76:1b:8a:ad:6c:4f:fc:04:e0:17:0f:0c:cd:77:88:
48:51:13:35:78:9d:07:d5:c0:eb:d0:15:a8:52:c8:
23:10:d9:76:5c:46:48:46:98:99:49:03:cd:1e:50:
fd:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E8:E5:20:C1:F5:90:89:A4:D0:83:43:5F:23:AF:F4:F8:28:29:A8:BC
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/6OUgwfWQiaTQg0NfI6_0-CgpqLw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.189.0/24
89.213.152.0/24
89.213.176.0/24
89.213.183.0/24
212.38.74.0/24
212.38.79.0/24
212.38.84.0/24
213.130.138.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:89:e4:4f:99:75:f5:b2:31:20:a0:e6:09:ed:d5:15:4e:8c:
d3:1e:ea:4a:1f:03:85:db:f6:0d:92:04:0d:ad:14:ee:a4:a0:
49:b9:45:6f:e5:67:a9:31:f7:9e:1f:66:55:9b:68:51:cb:19:
57:86:41:ff:9d:2f:ce:8b:af:04:6c:61:d3:30:00:ae:de:07:
d2:31:cb:45:d3:b5:38:e8:15:32:fe:75:28:cb:e0:76:53:18:
8d:bd:82:3c:7d:7b:e7:1e:db:af:13:56:3f:93:05:48:0a:06:
1c:02:d3:10:a8:6a:59:49:b5:e2:63:1f:15:f4:4d:6a:39:ce:
ac:77:8f:a2:0e:67:a8:b8:ee:10:f5:f0:f0:c3:93:b1:e6:f5:
ef:3b:04:0e:23:4a:ec:cd:ca:b0:7b:0b:d6:f8:5a:b3:5a:63:
ff:d9:ea:51:0d:74:0f:50:c5:34:03:f7:d5:51:80:a7:18:24:
be:cb:74:19:47:f1:17:36:bb:7c:18:c2:88:6c:29:52:df:f8:
95:91:5f:15:93:75:d4:4d:d9:3c:38:ec:5f:d9:68:9f:76:4e:
90:d5:4b:d1:95:9a:af:3f:43:45:93:9a:b0:6f:01:7c:03:b7:
34:59:48:cb:df:b4:c2:91:04:4f:15:b5:6c:46:5e:20:82:d6:
2c:83:f4:ec
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY71T2mpXwr5OgXm3ptXFUVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwNDE5MDc0MzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGU1MjBjMWY1OTA4OWE0ZDA4MzQzNWYyM2FmZjRmODI4MjlhOGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0f8fc9sG1bgUV8QztIXzB3oT1xsp
O3m7g92cmtjXkPICPI/GRTm6M+OVVBqWYqnevoo/IxCj3/HsAemulPR5SR418Duv
VQ4ElySVXmmF4kEcqCfniilCUqW6huj+evpS9CvpyTc6QVOWGxJCxcXrJq6wCpwR
ZkzfpHHqVlZF7I05nRzXFoA2qVPfROVmt2w+/ndGXxZF28eUDqNXMpmGdVy0Zcok
kTb8TISBSUU0uhQ+f8bDdTv0O6zdZ0X367obTa35YxcwlyaNdnZcQn3fHxp2G4qt
bE/8BOAXDwzNd4hIURM1eJ0H1cDr0BWoUsgjENl2XEZIRpiZSQPNHlD9NQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOjlIMH1kImk0INDXyOv9PgoKai8MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNk9VZ3dmV1FpYVRRZzBOZkk2XzAtQ2dwcUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUQW9AwQA
WdWYAwQAWdWwAwQAWdW3AwQA1CZKAwQA1CZPAwQA1CZUAwQA1YKKMA0GCSqGSIb3
DQEBCwUAA4IBAQCPieRPmXX1sjEgoOYJ7dUVTozTHupKHwOF2/YNkgQNrRTupKBJ
uUVv5WepMfeeH2ZVm2hRyxlXhkH/nS/Oi68EbGHTMACu3gfSMctF07U46BUy/nUo
y+B2UxiNvYI8fXvnHtuvE1Y/kwVICgYcAtMQqGpZSbXiYx8V9E1qOc6sd4+iDmeo
uO4Q9fDww5Ox5vXvOwQOI0rszcqwewvW+FqzWmP/2epRDXQPUMU0A/fVUYCnGCS+
y3QZR/EXNrt8GMKIbClS3/iVkV8Vk3XUTdk8OOxf2Wifdk6Q1UvRlZqvP0NFk5qw
bwF8A7c0WUjL37TCkQRPFbVsRl4ggtYsg/Ts
-----END CERTIFICATE-----
Generated at Tue Apr 30 12:15:44 2024 by rpki-client on console-fra.rpki-client.org