Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fXuU45IpTFK8H1T5dXlrJMMZ-hc.roa
File: fXuU45IpTFK8H1T5dXlrJMMZ-hc.roa (raw, json)
Hash identifier: geIBF2v9B5xj4I2fm+SGnthuZ7a0EnEx/HPUQAZTP04=
Subject key identifier: 7D:7B:94:E3:92:29:4C:52:BC:1F:54:F9:75:79:6B:24:C3:19:FA:17
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018DF9A8D7879475054905087BD6B474C22E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fXuU45IpTFK8H1T5dXlrJMMZ-hc.roa
Signing time: Fri 01 Mar 2024 10:56:48 +0000
ROA not before: Fri 01 Mar 2024 10:56:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 81.168.119.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.165.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.173.0/24 maxlen: 24
89.213.180.0/24 maxlen: 24
185.49.126.0/23 maxlen: 24
213.152.42.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sun 03 Mar 2024 14:47:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f9:a8:d7:87:94:75:05:49:05:08:7b:d6:b4:74:c2:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Mar 1 10:56:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7d7b94e392294c52bc1f54f975796b24c319fa17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:1e:5b:e5:80:1d:67:3b:c1:7c:e4:2c:38:ab:
c1:3b:10:17:f2:c0:0f:6a:4d:97:1c:72:c9:27:48:
d9:55:d8:41:7d:00:24:37:2d:b5:39:eb:69:53:3d:
de:e0:e9:5a:ca:a1:3f:70:67:41:1e:49:c2:77:cd:
e5:31:3c:bc:b5:b7:f3:84:c5:e0:1f:a7:c4:d4:3d:
09:e5:f9:7e:3c:ea:72:e4:34:41:d0:ba:c8:f5:0d:
81:db:96:a8:bf:f6:9c:8d:1f:9e:01:5e:1c:41:95:
d8:84:43:1c:28:ee:a3:dc:d4:6b:97:cf:22:5f:f7:
81:a6:c6:2e:5c:ac:33:e6:20:26:10:b0:b9:52:5c:
ca:d6:3c:77:7d:a4:13:e7:7c:c3:51:58:59:47:87:
c9:19:e9:0e:ef:ee:02:7b:81:d3:35:ba:1c:fa:e6:
9c:58:0a:1b:fc:c6:1d:03:fb:81:78:59:ff:cc:95:
5a:66:8b:75:d3:d5:96:e9:ce:73:e0:85:be:0c:88:
e1:8e:38:27:cc:c6:b7:c6:71:a0:b5:2b:3e:77:74:
de:6f:4e:c8:54:bf:60:b7:e1:f3:8a:28:29:64:62:
a8:3c:c1:ce:0a:88:f0:d3:00:72:be:c3:97:20:ac:
a8:86:83:88:73:15:77:36:a5:f3:d1:81:7f:dd:6a:
c2:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:7B:94:E3:92:29:4C:52:BC:1F:54:F9:75:79:6B:24:C3:19:FA:17
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/fXuU45IpTFK8H1T5dXlrJMMZ-hc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
82.153.136.0/22
89.213.148.0-89.213.159.255
89.213.165.0/24
89.213.172.0/22
89.213.180.0/24
185.49.126.0/23
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:55:4a:e8:fe:15:01:8f:ee:8a:85:bd:1c:1e:78:ba:87:d5:
ea:3d:54:a4:54:36:7c:d9:f4:ca:8a:41:4e:a6:86:91:0e:5d:
e1:80:96:2c:87:e8:38:1f:6d:88:75:67:5c:1d:cd:0d:1f:f1:
e2:18:88:1a:b5:4a:76:82:6a:3b:19:88:f5:34:79:c7:24:1c:
4c:83:5b:b7:f1:ab:55:6d:4e:cb:01:5c:66:e0:43:81:4d:b0:
db:50:74:91:7d:57:8a:7c:37:54:81:1d:bd:bb:bd:1f:39:b2:
de:53:37:2e:71:79:98:72:af:20:d6:a7:07:16:68:5d:1e:4c:
ac:7f:fe:2f:7c:0b:73:9f:2d:99:4c:83:66:e8:94:a7:d1:5d:
aa:c3:17:59:ad:52:6f:94:24:24:67:a1:e2:0e:e3:0c:6d:48:
6a:78:df:6c:9d:31:27:eb:83:b8:c2:da:95:e5:63:40:6b:ae:
bd:d6:ea:1e:46:75:1a:f4:ee:71:f6:86:52:7a:db:f1:ab:ce:
7e:d1:04:9d:b6:98:a8:60:4f:19:fa:8b:25:cd:16:ff:d7:85:
b5:8e:ac:0f:80:61:77:68:4f:5e:e2:f8:25:1f:41:cb:44:3e:
e4:98:aa:5e:d4:85:4d:ba:c1:7d:22:3d:88:40:f9:b4:f0:88:
54:0a:1b:9d
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAY35qNeHlHUFSQUIe9a0dMIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwMzAxMTA1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDdiOTRlMzkyMjk0YzUyYmMxZjU0Zjk3NTc5NmIyNGMzMTlmYTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR5b5YAdZzvBfOQsOKvBOxAX8sAP
ak2XHHLJJ0jZVdhBfQAkNy21OetpUz3e4OlayqE/cGdBHknCd83lMTy8tbfzhMXg
H6fE1D0J5fl+POpy5DRB0LrI9Q2B25aov/acjR+eAV4cQZXYhEMcKO6j3NRrl88i
X/eBpsYuXKwz5iAmELC5UlzK1jx3faQT53zDUVhZR4fJGekO7+4Ce4HTNboc+uac
WAob/MYdA/uBeFn/zJVaZot109WW6c5z4IW+DIjhjjgnzMa3xnGgtSs+d3Teb07I
VL9gt+HziigpZGKoPMHOCojw0wByvsOXIKyohoOIcxV3NqXz0YF/3WrCLwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFH17lOOSKUxSvB9U+XV5ayTDGfoXMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvZlh1VTQ1SXBURks4SDFUNWRYbHJKTU1aLWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAUah3AwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBABZ1aUDBAJZ1awDBABZ1bQDBAG5MX4DBADVmCow
DQYJKoZIhvcNAQELBQADggEBAA9VSuj+FQGP7oqFvRweeLqH1eo9VKRUNnzZ9MqK
QU6mhpEOXeGAliyH6DgfbYh1Z1wdzQ0f8eIYiBq1SnaCajsZiPU0ecckHEyDW7fx
q1VtTssBXGbgQ4FNsNtQdJF9V4p8N1SBHb27vR85st5TNy5xeZhyryDWpwcWaF0e
TKx//i98C3OfLZlMg2bolKfRXarDF1mtUm+UJCRnoeIO4wxtSGp432ydMSfrg7jC
2pXlY0Brrr3W6h5GdRr07nH2hlJ62/Grzn7RBJ22mKhgTxn6iyXNFv/XhbWOrA+A
YXdoT17i+CUfQctEPuSYql7UhU26wX0iPYhA+bTwiFQKG50=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:30 2024 by rpki-client on console-ams.rpki-client.org