Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zzq2gLaV_CYXnS5AIVN_UpKcuUU.roa
File: zzq2gLaV_CYXnS5AIVN_UpKcuUU.roa (raw, json)
Hash identifier: etzBpdigl7XtAvNnnWHL49h5fzaMIkk5fEGNIckHNqs=
Subject key identifier: CF:3A:B6:80:B6:95:FC:26:17:9D:2E:40:21:53:7F:52:92:9C:B9:45
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018CB6A94F5E15A44F745A47B0090CB7DFAC
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zzq2gLaV_CYXnS5AIVN_UpKcuUU.roa
Signing time: Fri 29 Dec 2023 17:39:58 +0000
ROA not before: Fri 29 Dec 2023 17:39:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.49.126.0/23 maxlen: 24
89.213.180.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
81.168.119.0/24 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.156.0/22 maxlen: 24
213.152.42.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
Validation: Failed, certificate revoked on Mon 01 Jan 2024 04:30:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b6:a9:4f:5e:15:a4:4f:74:5a:47:b0:09:0c:b7:df:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Dec 29 17:39:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cf3ab680b695fc26179d2e4021537f52929cb945
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:fa:c2:6e:57:05:95:cd:a9:d9:80:3f:d0:13:
d1:48:a6:7c:0b:f8:99:13:09:e2:5c:66:97:2c:58:
de:35:4a:05:1d:a9:ee:4d:f6:45:76:d9:92:26:33:
91:62:09:48:32:cb:38:af:50:21:59:b3:4c:86:4d:
8c:09:86:65:b6:c4:76:a5:91:43:40:30:eb:72:2f:
2b:b2:1f:0e:4c:19:4a:b3:fe:c3:37:2f:e9:84:02:
18:c0:10:f7:f1:15:06:39:08:04:1e:39:15:f9:b7:
83:dd:fb:3a:94:ae:0d:66:e0:ac:b8:02:fa:87:a4:
59:3f:68:c3:d0:41:a6:bf:11:10:ad:cd:14:8c:84:
fe:40:88:9b:21:ac:b1:7c:6a:1a:50:03:de:7b:b0:
13:87:46:7d:c3:a6:f5:f8:24:6b:3f:8a:34:aa:0c:
06:65:ee:20:0e:91:7e:90:2e:8f:bb:94:48:09:a3:
da:df:f6:b6:b5:43:fb:ef:94:a3:26:bf:57:99:35:
da:20:08:22:ea:1a:64:f5:49:d4:52:b0:ad:c9:a0:
a3:56:50:e4:c0:3b:ce:3b:39:b0:14:6e:da:0c:34:
09:cf:69:fd:b0:8b:44:ae:be:62:fb:de:d7:82:d1:
17:74:29:12:31:16:a8:c1:50:5a:d1:dc:2f:98:7e:
45:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:3A:B6:80:B6:95:FC:26:17:9D:2E:40:21:53:7F:52:92:9C:B9:45
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/zzq2gLaV_CYXnS5AIVN_UpKcuUU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.168.119.0/24
82.153.136.0/22
89.213.148.0-89.213.159.255
89.213.172.0/22
89.213.180.0/24
185.49.126.0/23
213.152.42.0/24
Signature Algorithm: sha256WithRSAEncryption
36:89:11:d3:53:4d:6c:63:55:87:69:5b:79:54:d5:cf:d2:be:
a7:4a:d9:3b:d2:4c:04:15:bd:5c:fb:92:9c:7a:89:60:ae:7f:
da:4a:08:fc:4a:70:9d:c1:4d:7a:9b:4b:9c:2b:fe:90:9c:b1:
4e:82:da:ab:a5:8d:34:03:fc:d1:bd:67:61:1f:1b:5a:ba:40:
c2:70:b5:fd:42:54:15:e5:15:a8:79:ca:ad:82:f4:b0:61:41:
e6:8d:db:2c:58:14:de:35:4c:3e:42:d8:3b:78:09:b2:90:b3:
eb:87:98:91:c2:f7:77:46:51:b8:ab:7d:05:ad:b1:d0:79:65:
e4:9a:e3:c7:63:a6:6d:c1:c9:8e:20:08:2a:89:e2:5a:50:64:
62:d4:c1:d5:f3:76:40:d1:7c:6d:4b:8b:77:79:ec:80:eb:09:
e5:10:75:83:87:7c:f4:32:cd:c7:9a:74:81:fe:40:0e:c6:5a:
e1:b4:25:de:96:4b:19:17:6a:b8:6f:57:3c:bb:d1:8e:21:59:
0e:e3:d3:48:33:c5:fd:14:b7:f4:20:f2:f5:8d:43:6c:2c:e2:
31:52:5b:a2:be:d3:91:da:57:f2:8b:4c:49:15:e6:2b:e4:65:
b6:3a:0c:aa:8d:a0:a0:68:e6:fe:4b:06:c9:81:49:59:2b:78:
af:89:31:28
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYy2qU9eFaRPdFpHsAkMt9+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMxMjI5MTczOTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjNhYjY4MGI2OTVmYzI2MTc5ZDJlNDAyMTUzN2Y1MjkyOWNiOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/rCblcFlc2p2YA/0BPRSKZ8C/iZ
EwniXGaXLFjeNUoFHanuTfZFdtmSJjORYglIMss4r1AhWbNMhk2MCYZltsR2pZFD
QDDrci8rsh8OTBlKs/7DNy/phAIYwBD38RUGOQgEHjkV+beD3fs6lK4NZuCsuAL6
h6RZP2jD0EGmvxEQrc0UjIT+QIibIayxfGoaUAPee7ATh0Z9w6b1+CRrP4o0qgwG
Ze4gDpF+kC6Pu5RICaPa3/a2tUP775SjJr9XmTXaIAgi6hpk9UnUUrCtyaCjVlDk
wDvOOzmwFG7aDDQJz2n9sItErr5i+97XgtEXdCkSMRaowVBa0dwvmH5FLwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFM86toC2lfwmF50uQCFTf1KSnLlFMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvenpxMmdMYVZfQ1lYblM1QUlWTl9VcEtjdVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAUah3AwQC
UpmIMAwDBAJZ1ZQDBAVZ1YADBAJZ1awDBABZ1bQDBAG5MX4DBADVmCowDQYJKoZI
hvcNAQELBQADggEBADaJEdNTTWxjVYdpW3lU1c/SvqdK2TvSTAQVvVz7kpx6iWCu
f9pKCPxKcJ3BTXqbS5wr/pCcsU6C2quljTQD/NG9Z2EfG1q6QMJwtf1CVBXlFah5
yq2C9LBhQeaN2yxYFN41TD5C2Dt4CbKQs+uHmJHC93dGUbirfQWtsdB5ZeSa48dj
pm3ByY4gCCqJ4lpQZGLUwdXzdkDRfG1Li3d57IDrCeUQdYOHfPQyzceadIH+QA7G
WuG0Jd6WSxkXarhvVzy70Y4hWQ7j00gzxf0Ut/Qg8vWNQ2ws4jFSW6K+05HaV/KL
TEkV5ivkZbY6DKqNoKBo5v5LBsmBSVkreK+JMSg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:32 2024 by rpki-client on console-ams.rpki-client.org