Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OiT7l3utCEndTDYfSQwsMXYISzQ.roa
File: OiT7l3utCEndTDYfSQwsMXYISzQ.roa (raw, json)
Hash identifier: oATEG7pFmBSvN2mNTt0EK7QsT+kdAzGNOV9gDe5f2Ps=
Subject key identifier: 3A:24:FB:97:7B:AD:08:49:DD:4C:36:1F:49:0C:2C:31:76:08:4B:34
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018AD578A145C1C7EAAE9A25B5E61B42DB84
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OiT7l3utCEndTDYfSQwsMXYISzQ.roa
Signing time: Wed 27 Sep 2023 07:09:27 +0000
ROA not before: Wed 27 Sep 2023 07:09:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.49.126.0/23 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.68.0/24 maxlen: 24
82.153.71.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
89.213.40.0/22 maxlen: 24
213.152.42.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 27 Sep 2023 16:24:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:d5:78:a1:45:c1:c7:ea:ae:9a:25:b5:e6:1b:42:db:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Sep 27 07:09:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3a24fb977bad0849dd4c361f490c2c3176084b34
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:ea:62:ce:91:29:03:bf:4c:fc:0c:1a:63:9d:
2f:5b:1c:2a:1d:7c:81:26:2f:0d:41:b1:07:10:8b:
0e:9f:d1:b6:70:a3:fb:44:21:c0:22:dd:ae:3e:a3:
e5:fd:4f:73:8d:46:c6:13:45:48:74:10:89:1c:2a:
e7:f4:19:0e:d3:d0:bc:18:f6:06:5d:89:95:bf:14:
09:4c:7b:44:2b:42:45:d8:48:55:cf:25:3d:17:6b:
b9:82:da:a3:a6:b1:62:c8:37:c7:5f:6c:93:0b:76:
97:1c:15:d1:5c:c8:6b:75:e2:b5:58:3e:a3:17:0a:
b6:70:96:9d:b0:83:5c:5e:98:38:4c:c6:f9:58:4d:
57:e9:14:43:de:35:01:3a:82:d3:d5:ce:43:eb:49:
54:4a:29:70:38:4d:72:32:e9:09:7a:82:a6:18:3b:
7b:72:1d:34:2f:2d:0a:96:97:e2:f2:54:02:7e:50:
14:a0:d1:92:87:c9:ba:02:2b:05:be:04:d5:a0:44:
02:a0:5e:07:77:ca:b0:68:2e:b1:93:e1:d5:39:0f:
be:96:32:2c:32:d6:65:0a:d3:1a:67:b3:d8:6a:0a:
37:60:09:00:49:0a:dc:ba:87:a6:13:ff:e5:d6:29:
a3:f2:9d:8b:eb:b4:74:6e:48:c5:4f:a5:b0:5f:ae:
40:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:24:FB:97:7B:AD:08:49:DD:4C:36:1F:49:0C:2C:31:76:08:4B:34
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/OiT7l3utCEndTDYfSQwsMXYISzQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
81.168.123.0/24
82.153.68.0/24
82.153.71.0/24
82.153.136.0/22
89.213.40.0/22
185.49.126.0/23
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
55:53:dd:c0:9e:64:8b:8c:b8:5d:aa:5f:f5:72:9f:e2:b4:dc:
1f:6b:75:2b:76:a1:3b:31:cf:1c:25:25:bd:ad:bf:2a:13:e8:
94:ae:72:a9:fd:b2:29:61:11:76:49:cd:64:61:a6:83:cc:f6:
c5:16:64:03:48:0e:7a:02:fc:30:d6:e9:68:69:f0:84:59:48:
7a:b0:eb:28:f9:7e:86:fe:ab:27:f5:4d:7e:a0:c1:48:aa:8b:
d9:87:df:a2:d2:4f:24:4a:58:3c:76:d9:e0:0c:f0:0f:b4:38:
92:73:cd:85:c9:4b:ff:90:7a:be:ee:d0:80:16:bc:90:25:10:
73:b4:df:83:b9:aa:e5:45:78:9e:48:0b:b7:33:f6:40:7b:64:
47:df:27:90:60:80:c1:ee:c7:a0:94:ef:91:02:4a:66:c3:2e:
57:2b:19:a1:58:d6:cd:ba:0d:b5:43:20:b1:74:9b:e1:8a:40:
38:cb:bc:aa:22:dc:d4:19:80:46:59:a3:3c:b2:eb:33:90:06:
0f:5e:40:15:57:c6:88:35:55:5b:c2:f6:0b:54:05:d5:3c:a9:
cf:01:ea:99:8d:29:2e:49:dd:21:0d:a6:7d:f7:71:9d:ae:49:
f6:04:33:98:24:54:e1:ef:18:f4:48:8f:21:a9:3b:a4:5e:84:
d9:5d:96:9e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYrVeKFFwcfqrpolteYbQtuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTI3MDcwOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTI0ZmI5NzdiYWQwODQ5ZGQ0YzM2MWY0OTBjMmMzMTc2MDg0YjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsepizpEpA79M/AwaY50vWxwqHXyB
Ji8NQbEHEIsOn9G2cKP7RCHAIt2uPqPl/U9zjUbGE0VIdBCJHCrn9BkO09C8GPYG
XYmVvxQJTHtEK0JF2EhVzyU9F2u5gtqjprFiyDfHX2yTC3aXHBXRXMhrdeK1WD6j
Fwq2cJadsINcXpg4TMb5WE1X6RRD3jUBOoLT1c5D60lUSilwOE1yMukJeoKmGDt7
ch00Ly0Klpfi8lQCflAUoNGSh8m6AisFvgTVoEQCoF4Hd8qwaC6xk+HVOQ++ljIs
MtZlCtMaZ7PYago3YAkASQrcuoemE//l1imj8p2L67R0bkjFT6WwX65AAwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDok+5d7rQhJ3Uw2H0kMLDF2CEs0MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvT2lUN2wzdXRDRW5kVERZZlNRd3NNWFlJU3pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUah3AwQA
Uah7AwQAUplEAwQAUplHAwQCUpmIAwQCWdUoAwQBuTF+AwQA1ZgqMA0GCSqGSIb3
DQEBCwUAA4IBAQBVU93AnmSLjLhdql/1cp/itNwfa3UrdqE7Mc8cJSW9rb8qE+iU
rnKp/bIpYRF2Sc1kYaaDzPbFFmQDSA56Avww1uloafCEWUh6sOso+X6G/qsn9U1+
oMFIqovZh9+i0k8kSlg8dtngDPAPtDiSc82FyUv/kHq+7tCAFryQJRBztN+Duarl
RXieSAu3M/ZAe2RH3yeQYIDB7seglO+RAkpmwy5XKxmhWNbNug21QyCxdJvhikA4
y7yqItzUGYBGWaM8suszkAYPXkAVV8aINVVbwvYLVAXVPKnPAeqZjSkuSd0hDaZ9
93Gdrkn2BDOYJFTh7xj0SI8hqTukXoTZXZae
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:23 2024 by rpki-client on console-ams.rpki-client.org