Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m8uzo0k1_XGkY8Kfr715DlO1NiY.roa
File: m8uzo0k1_XGkY8Kfr715DlO1NiY.roa (raw, json)
Hash identifier: dD8YpJULfBAVvhSGxRGIenqdQtdeOHMoSl03R0H8nsI=
Subject key identifier: 9B:CB:B3:A3:49:35:FD:71:A4:63:C2:9F:AF:BD:79:0E:53:B5:36:26
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018ABBB46962DD19392E30222257FCE3A06E
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m8uzo0k1_XGkY8Kfr715DlO1NiY.roa
Signing time: Fri 22 Sep 2023 07:04:37 +0000
ROA not before: Fri 22 Sep 2023 07:04:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.49.126.0/23 maxlen: 24
82.153.136.0/22 maxlen: 22
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.146.0/24 maxlen: 24
89.213.40.0/22 maxlen: 24
213.152.42.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 25 Sep 2023 11:19:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:bb:b4:69:62:dd:19:39:2e:30:22:22:57:fc:e3:a0:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Sep 22 07:04:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9bcbb3a34935fd71a463c29fafbd790e53b53626
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:3a:af:2c:75:00:e8:7a:b2:20:fc:31:a3:2f:
81:6d:13:c4:65:22:7b:dc:c6:ec:b3:6c:36:8f:fd:
12:f4:52:dd:85:c1:47:15:49:15:df:b6:07:8e:65:
1b:ad:1d:5c:e7:a2:8f:20:ab:92:20:28:63:58:f2:
3b:e6:c6:d8:3a:77:bc:e3:f1:d3:62:e1:a2:00:7c:
10:22:28:9e:0c:e0:73:9c:22:f7:9b:63:a7:f4:09:
4a:1b:dc:e1:1a:03:69:46:8c:4d:a3:ee:c0:3f:fc:
b5:5e:e6:5f:f9:ce:b5:92:3d:9f:4e:86:0e:9f:ea:
2e:7f:ec:35:e4:92:c1:df:2c:29:87:e7:05:44:bc:
e8:79:20:64:2c:c2:9a:90:79:57:57:d5:47:73:15:
e2:5a:4a:b0:28:85:d7:50:45:8e:2d:28:4b:48:08:
07:ec:81:94:33:a0:26:01:b3:84:80:87:f8:96:8c:
b9:75:13:08:86:3e:ac:01:c0:d1:3c:fa:73:78:e4:
93:c9:2b:b2:7a:77:bb:c9:3a:85:62:a5:d3:f3:48:
d1:d3:9e:32:fb:41:ba:be:ef:18:fc:d0:13:f9:dd:
b9:ba:88:36:57:68:cf:b2:77:1f:4b:5e:a4:bd:d9:
fa:b8:23:ef:f9:b8:58:94:d2:05:49:1d:f5:40:cc:
e8:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:CB:B3:A3:49:35:FD:71:A4:63:C2:9F:AF:BD:79:0E:53:B5:36:26
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/m8uzo0k1_XGkY8Kfr715DlO1NiY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
81.168.123.0/24
82.153.136.0/22
89.213.40.0/22
89.213.145.0-89.213.146.255
185.49.126.0/23
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
60:f9:f7:e8:7f:bd:09:6a:46:fd:e2:36:21:aa:39:ea:89:57:
d8:24:3e:5d:d0:6a:5c:d4:46:ba:a2:18:e6:d1:06:6e:ae:a3:
e9:65:9e:ab:8a:9e:a2:76:2b:91:28:da:40:08:ea:51:b1:6d:
a6:84:11:f1:4e:f9:36:b7:de:35:53:fd:81:ef:50:ce:01:13:
2f:a6:7f:18:e0:1b:ec:ac:0a:18:95:fa:27:5e:af:9f:a9:24:
b0:f5:4c:37:d8:ea:2d:b4:29:c5:5f:8f:56:41:f9:be:5e:1d:
dd:b0:88:b0:bc:35:da:0a:ec:d5:e3:ed:2a:4f:76:bb:48:be:
52:bf:54:31:7c:a6:2c:9d:83:06:1a:25:71:f9:35:f7:ab:03:
8e:3e:e4:1c:01:bc:83:51:45:56:fe:28:49:09:a9:94:55:ea:
8a:cb:2d:64:88:7d:31:aa:89:63:ac:78:c7:c5:19:13:4e:61:
39:82:de:30:54:84:fd:fa:94:42:7f:25:c2:d7:1f:62:e7:44:
71:b9:53:d4:32:dc:66:1e:36:b2:ae:ca:c6:f6:fa:b0:34:09:
21:ab:3e:34:22:0a:f7:c2:af:b3:2b:69:da:c3:3e:91:23:45:
e7:3b:18:b7:7b:82:ae:e5:16:c7:e3:f6:ee:17:42:12:fa:f7:
59:4f:02:dc
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYq7tGli3Rk5LjAiIlf846BuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTIyMDcwNDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmNiYjNhMzQ5MzVmZDcxYTQ2M2MyOWZhZmJkNzkwZTUzYjUzNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzqvLHUA6HqyIPwxoy+BbRPEZSJ7
3Mbss2w2j/0S9FLdhcFHFUkV37YHjmUbrR1c56KPIKuSIChjWPI75sbYOne84/HT
YuGiAHwQIiieDOBznCL3m2On9AlKG9zhGgNpRoxNo+7AP/y1XuZf+c61kj2fToYO
n+ouf+w15JLB3ywph+cFRLzoeSBkLMKakHlXV9VHcxXiWkqwKIXXUEWOLShLSAgH
7IGUM6AmAbOEgIf4loy5dRMIhj6sAcDRPPpzeOSTySuyene7yTqFYqXT80jR054y
+0G6vu8Y/NAT+d25uog2V2jPsncfS16kvdn6uCPv+bhYlNIFSR31QMzoewIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFJvLs6NJNf1xpGPCn6+9eQ5TtTYmMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbTh1em8wazFfWEdrWThLZnI3MTVEbE8xTmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAUah3AwQA
Uah7AwQCUpmIAwQCWdUoMAwDBABZ1ZEDBABZ1ZIDBAG5MX4DBADVmCowDQYJKoZI
hvcNAQELBQADggEBAGD59+h/vQlqRv3iNiGqOeqJV9gkPl3QalzURrqiGObRBm6u
o+llnquKnqJ2K5Eo2kAI6lGxbaaEEfFO+Ta33jVT/YHvUM4BEy+mfxjgG+ysChiV
+ider5+pJLD1TDfY6i20KcVfj1ZB+b5eHd2wiLC8NdoK7NXj7SpPdrtIvlK/VDF8
piydgwYaJXH5NferA44+5BwBvINRRVb+KEkJqZRV6orLLWSIfTGqiWOseMfFGRNO
YTmC3jBUhP36lEJ/JcLXH2LnRHG5U9Qy3GYeNrKuysb2+rA0CSGrPjQiCvfCr7Mr
adrDPpEjRec7GLd7gq7lFsfj9u4XQhL691lPAtw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:30 2024 by rpki-client on console-ams.rpki-client.org