Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pIvu5OOzOG1TsleAhLFUvc-gPr0.roa
File: pIvu5OOzOG1TsleAhLFUvc-gPr0.roa (raw, json)
Hash identifier: haYInM65h700pvgyPcHnT+u4fIWGH7XOqc4WzGgUTq4=
Subject key identifier: A4:8B:EE:E4:E3:B3:38:6D:53:B2:57:80:84:B1:54:BD:CF:A0:3E:BD
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01887B239EAF45104167EE1FF0C99ACEC339
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pIvu5OOzOG1TsleAhLFUvc-gPr0.roa
Signing time: Fri 02 Jun 2023 08:05:11 +0000
ROA not before: Fri 02 Jun 2023 08:05:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 82.152.174.0/23 maxlen: 23
82.153.249.0/24 maxlen: 24
82.153.73.0/24 maxlen: 24
81.168.123.0/24 maxlen: 24
81.168.119.0/24 maxlen: 24
82.152.249.0/24 maxlen: 24
82.153.220.0/24 maxlen: 24
82.153.222.0/24 maxlen: 24
82.153.223.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 05 Jun 2023 07:57:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:7b:23:9e:af:45:10:41:67:ee:1f:f0:c9:9a:ce:c3:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 2 08:05:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a48beee4e3b3386d53b2578084b154bdcfa03ebd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:e3:0b:13:d1:ae:71:ae:4e:71:2b:bd:2f:fb:
d7:80:f5:26:2d:dd:7f:59:b5:02:9b:34:2a:37:44:
1c:24:e0:fa:0e:b1:23:97:4a:d3:47:11:29:e7:2a:
f8:e6:1c:34:38:db:34:1a:36:a9:69:56:55:0c:ad:
12:db:49:c7:38:f4:84:d0:ff:6c:6f:7e:79:2f:d0:
d8:81:e6:66:34:7c:35:7c:f8:35:ef:e2:79:2c:82:
5b:5a:a1:48:03:0c:8f:5b:7b:77:79:42:2e:25:93:
62:e2:75:e4:d4:6d:a1:2b:a1:25:ba:6e:d4:fd:1b:
96:19:99:6d:68:de:7f:77:fc:a8:51:5c:b3:a0:ba:
9a:c7:d9:3a:23:dc:cb:79:0e:c3:01:3b:37:a1:8b:
9c:b8:58:07:71:c7:f2:8a:4d:f5:5c:f6:4d:2b:d1:
0d:f5:cd:7a:63:95:eb:18:e1:01:79:b2:25:c3:56:
46:36:f3:08:91:68:12:da:13:e6:b1:ff:02:bc:4a:
9e:ca:d9:66:4a:72:17:7d:c2:25:eb:4e:49:eb:e3:
3b:b5:b3:16:64:e1:67:8f:ab:65:27:60:48:80:36:
0f:cf:0e:60:91:5d:f7:b2:39:ef:65:8d:d0:20:ae:
2d:ff:44:85:af:f2:1f:e5:f8:ab:9b:74:c8:7a:b2:
43:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:8B:EE:E4:E3:B3:38:6D:53:B2:57:80:84:B1:54:BD:CF:A0:3E:BD
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/pIvu5OOzOG1TsleAhLFUvc-gPr0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
81.168.123.0/24
82.152.174.0/23
82.152.249.0/24
82.153.73.0/24
82.153.220.0/24
82.153.222.0/23
82.153.249.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:39:e4:27:f4:4f:24:93:55:95:59:3e:66:7e:33:42:b3:de:
fc:ca:d6:c0:f9:74:30:28:e8:71:65:17:db:7a:5b:9c:95:52:
4d:15:b6:64:8d:90:8c:ae:16:67:1b:67:a9:1d:bf:4a:c7:6a:
34:72:89:0e:ca:ee:17:02:39:8a:41:09:0c:72:c6:01:d7:88:
fd:60:02:f8:46:fa:fa:a0:9c:65:4d:e6:3f:61:13:dc:2e:2c:
cb:12:ea:f1:60:41:97:22:06:15:c3:53:ea:e9:2a:52:42:9e:
31:63:1f:9a:6b:45:e6:4e:c6:da:a5:1f:32:0f:06:7b:a2:4a:
1e:e6:95:e8:24:ec:1f:a9:24:b2:93:d5:49:f8:42:fd:e4:77:
87:b8:93:dc:40:c9:05:88:08:18:d2:2d:08:f9:92:4f:67:10:
7c:6e:7e:b1:8a:ed:2a:65:a0:a9:04:77:e1:96:2f:b3:1f:25:
fc:6a:e0:cc:b4:f1:99:81:d2:a9:9d:40:28:78:98:18:32:13:
02:e9:8b:e0:01:7e:17:5d:2f:34:7a:98:cd:d8:de:6e:ca:5a:
dd:ac:53:09:a5:65:37:26:a3:7b:76:2f:8f:91:72:31:f2:1e:
9e:bd:7c:94:75:ee:33:4a:e8:dc:4e:a6:2b:fb:54:fe:97:af:
81:a4:e5:31
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYh7I56vRRBBZ+4f8MmazsM5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjAyMDgwNTExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDhiZWVlNGUzYjMzODZkNTNiMjU3ODA4NGIxNTRiZGNmYTAzZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveMLE9Guca5OcSu9L/vXgPUmLd1/
WbUCmzQqN0QcJOD6DrEjl0rTRxEp5yr45hw0ONs0GjapaVZVDK0S20nHOPSE0P9s
b355L9DYgeZmNHw1fPg17+J5LIJbWqFIAwyPW3t3eUIuJZNi4nXk1G2hK6Elum7U
/RuWGZltaN5/d/yoUVyzoLqax9k6I9zLeQ7DATs3oYucuFgHccfyik31XPZNK9EN
9c16Y5XrGOEBebIlw1ZGNvMIkWgS2hPmsf8CvEqeytlmSnIXfcIl605J6+M7tbMW
ZOFnj6tlJ2BIgDYPzw5gkV33sjnvZY3QIK4t/0SFr/If5firm3TIerJDmwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKSL7uTjszhtU7JXgISxVL3PoD69MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcEl2dTVPT3pPRzFUc2xlQWhMRlV2Yy1nUHIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAUah3AwQA
Uah7AwQBUpiuAwQAUpj5AwQAUplJAwQAUpncAwQBUpneAwQAUpn5MA0GCSqGSIb3
DQEBCwUAA4IBAQBOOeQn9E8kk1WVWT5mfjNCs978ytbA+XQwKOhxZRfbeluclVJN
FbZkjZCMrhZnG2epHb9Kx2o0cokOyu4XAjmKQQkMcsYB14j9YAL4Rvr6oJxlTeY/
YRPcLizLEurxYEGXIgYVw1Pq6SpSQp4xYx+aa0XmTsbapR8yDwZ7okoe5pXoJOwf
qSSyk9VJ+EL95HeHuJPcQMkFiAgY0i0I+ZJPZxB8bn6xiu0qZaCpBHfhli+zHyX8
auDMtPGZgdKpnUAoeJgYMhMC6YvgAX4XXS80epjN2N5uylrdrFMJpWU3JqN7di+P
kXIx8h6evXyUde4zSujcTqYr+1T+l6+BpOUx
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:31 2024 by rpki-client on console-ams.rpki-client.org