Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aCulOdIEAAPOPSiyohHvhGncM70.roa
File: aCulOdIEAAPOPSiyohHvhGncM70.roa (raw, json)
Hash identifier: 0noRhdO5HubPnZ643oifo4wbuV36o44tWEEFoUdQ2k8=
Subject key identifier: 68:2B:A5:39:D2:04:00:03:CE:3D:28:B2:A2:11:EF:84:69:DC:33:BD
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018E8F3651D9442DC862D2F0C6DC61F17CA7
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aCulOdIEAAPOPSiyohHvhGncM70.roa
Signing time: Sat 30 Mar 2024 11:54:45 +0000
ROA not before: Sat 30 Mar 2024 11:54:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20473
IP address blocks: 80.240.84.0/24 maxlen: 24
81.5.189.0/24 maxlen: 24
82.152.49.0/24 maxlen: 24
82.153.65.0/24 maxlen: 24
89.213.152.0/24 maxlen: 24
89.213.176.0/24 maxlen: 24
89.213.183.0/24 maxlen: 24
213.130.149.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 31 Mar 2024 20:04:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:8f:36:51:d9:44:2d:c8:62:d2:f0:c6:dc:61:f1:7c:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 30 11:54:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=682ba539d2040003ce3d28b2a211ef8469dc33bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:20:c3:77:e7:a0:49:17:f9:61:5a:bf:e0:e5:
61:7a:c9:5d:40:36:f5:38:e4:80:8b:5e:1c:d2:61:
af:2a:88:aa:b0:3b:bc:0a:ff:6e:64:75:b4:e6:f8:
50:77:df:b0:71:db:5a:8a:d4:79:02:06:fc:20:38:
7d:b1:03:1a:49:5f:a5:90:b6:29:02:59:2f:00:c9:
83:d0:e2:c2:98:a9:cd:c9:4a:40:9b:3d:cf:e6:53:
06:2c:bf:62:54:de:8e:8c:5e:24:c7:d8:a7:9d:fe:
b6:c8:d7:d3:85:56:02:72:29:89:af:e4:e3:87:11:
1a:bd:d6:72:bd:70:95:2c:ff:93:9f:f9:8b:aa:04:
be:19:fb:59:34:4e:5e:80:68:f6:11:26:74:e2:c5:
14:26:f9:8a:01:4d:fe:14:9f:48:d7:73:17:26:55:
f6:5a:8c:20:fa:2c:21:b0:4d:b1:c4:56:92:cf:3d:
3d:9f:b5:3a:1f:80:5f:41:3d:76:92:88:3a:b5:f3:
5c:21:38:7a:54:73:9a:1c:d9:28:7e:9a:5b:09:5f:
55:52:02:60:92:17:2d:6b:22:a8:49:b2:dd:9a:04:
55:99:5a:6c:e7:d1:4e:37:d1:59:a7:d5:97:88:ea:
41:0b:41:16:c9:26:d6:b3:df:4a:51:59:be:bc:76:
68:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:2B:A5:39:D2:04:00:03:CE:3D:28:B2:A2:11:EF:84:69:DC:33:BD
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/aCulOdIEAAPOPSiyohHvhGncM70.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.240.84.0/24
81.5.189.0/24
82.152.49.0/24
82.153.65.0/24
89.213.152.0/24
89.213.176.0/24
89.213.183.0/24
213.130.149.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:2a:cb:76:0d:85:80:9d:b6:da:56:eb:3b:5d:a7:d2:05:df:
05:44:3c:c6:86:cb:88:ea:4f:e5:f4:7e:f8:4a:ae:15:36:66:
6b:52:aa:da:27:c0:8e:05:ec:46:b3:b1:68:28:e4:a6:2b:b4:
d6:6a:36:1b:1a:7b:de:9f:ae:99:cd:d5:d9:95:a4:2e:d4:7c:
c7:9d:b4:e8:61:65:5e:f9:44:e0:2e:5b:26:24:88:fa:ce:c6:
9d:5c:6b:1a:36:1e:f5:b8:ea:95:ff:81:a6:e7:26:26:28:ad:
f3:2c:af:8c:7c:f4:8c:10:a0:e0:1a:74:ad:b5:e6:9d:25:c8:
81:ca:96:f7:9f:75:de:db:48:fe:e1:17:26:6f:48:d3:e4:ed:
f1:5f:47:fb:a2:c3:55:90:8b:1a:f2:12:89:e8:a5:7b:42:36:
52:11:fa:0d:13:a1:96:51:1b:06:f7:6a:c5:b7:c7:2b:b2:58:
af:56:30:cd:b6:67:ac:2f:9b:a9:62:52:bd:2f:38:39:c1:8a:
68:9e:3b:a5:82:d3:d4:e2:86:f5:ff:3f:97:d7:13:ae:92:27:
a4:1b:8e:bf:8f:73:13:69:10:74:62:20:63:6c:61:57:c7:62:
d7:23:f4:f5:46:74:99:8f:9f:96:17:eb:f4:72:1a:1d:58:4e:
06:fa:96:79
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY6PNlHZRC3IYtLwxtxh8XynMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzMwMTE1NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODJiYTUzOWQyMDQwMDAzY2UzZDI4YjJhMjExZWY4NDY5ZGMzM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyDDd+egSRf5YVq/4OVhesldQDb1
OOSAi14c0mGvKoiqsDu8Cv9uZHW05vhQd9+wcdtaitR5Agb8IDh9sQMaSV+lkLYp
AlkvAMmD0OLCmKnNyUpAmz3P5lMGLL9iVN6OjF4kx9innf62yNfThVYCcimJr+Tj
hxEavdZyvXCVLP+Tn/mLqgS+GftZNE5egGj2ESZ04sUUJvmKAU3+FJ9I13MXJlX2
Wowg+iwhsE2xxFaSzz09n7U6H4BfQT12kog6tfNcITh6VHOaHNkofppbCV9VUgJg
khctayKoSbLdmgRVmVps59FON9FZp9WXiOpBC0EWySbWs99KUVm+vHZoqwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGgrpTnSBAADzj0osqIR74Rp3DO9MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvYUN1bE9kSUVBQVBPUFNpeW9oSHZoR25jTTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUPBUAwQA
UQW9AwQAUpgxAwQAUplBAwQAWdWYAwQAWdWwAwQAWdW3AwQA1YKVMA0GCSqGSIb3
DQEBCwUAA4IBAQBPKst2DYWAnbbaVus7XafSBd8FRDzGhsuI6k/l9H74Sq4VNmZr
UqraJ8COBexGs7FoKOSmK7TWajYbGnven66ZzdXZlaQu1HzHnbToYWVe+UTgLlsm
JIj6zsadXGsaNh71uOqV/4Gm5yYmKK3zLK+MfPSMEKDgGnStteadJciBypb3n3Xe
20j+4Rcmb0jT5O3xX0f7osNVkIsa8hKJ6KV7QjZSEfoNE6GWURsG92rFt8crsliv
VjDNtmesL5upYlK9Lzg5wYponjulgtPU4ob1/z+X1xOukiekG46/j3MTaRB0YiBj
bGFXx2LXI/T1RnSZj5+WF+v0chodWE4G+pZ5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:38:16 2024 by rpki-client on console-fra.rpki-client.org