Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/byXZCcQKr_V9cs5wc4R97Md3qaM.roa
File: byXZCcQKr_V9cs5wc4R97Md3qaM.roa (raw, json)
Hash identifier: TsM+oJuUYoWmKwBVHgVwXNaQY+77zkggXFWPOKu69zE=
Subject key identifier: 6F:25:D9:09:C4:0A:AF:F5:7D:72:CE:70:73:84:7D:EC:C7:77:A9:A3
Certificate issuer: /CN=58d2d2715f43f747bea762dce166bca4b8e965eb
Certificate serial: 018CC500343A4FB28161BF7B0C4FF6ECB900
Authority key identifier: 58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/byXZCcQKr_V9cs5wc4R97Md3qaM.roa
Signing time: Mon 01 Jan 2024 12:29:34 +0000
ROA not before: Mon 01 Jan 2024 12:29:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6724
IP address blocks: 81.169.128.0/17 maxlen: 24
194.45.97.0/24 maxlen: 24
193.141.3.0/24 maxlen: 24
192.67.197.0/24 maxlen: 24
192.67.198.0/24 maxlen: 24
185.56.148.0/22 maxlen: 24
85.214.0.0/15 maxlen: 24
2a01:238::/29 maxlen: 48
Validation: Failed, certificate revoked on Thu 01 Feb 2024 11:18:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:34:3a:4f:b2:81:61:bf:7b:0c:4f:f6:ec:b9:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=58d2d2715f43f747bea762dce166bca4b8e965eb
Validity
Not Before: Jan 1 12:29:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6f25d909c40aaff57d72ce7073847decc777a9a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:99:bc:38:ef:3e:76:e6:7e:b4:46:12:ae:e1:
c6:04:de:cc:0c:23:8a:8d:22:df:6f:15:8d:4b:75:
c4:50:f5:f2:ff:ec:79:84:3e:9e:e5:40:12:8b:68:
ab:a9:81:da:92:6f:64:32:98:b9:db:65:73:57:f0:
21:20:d4:d0:ed:26:4f:92:63:5a:12:4c:df:b2:50:
06:0b:92:82:ec:ec:c0:d1:60:ce:ec:d7:1b:5d:ac:
c0:5b:83:7d:8e:3e:6f:2f:3b:b9:0b:41:9f:f1:cf:
90:1d:41:f4:21:f7:76:8e:72:67:b1:db:46:c2:e4:
fa:b8:7b:fa:ee:10:f5:40:dc:95:c0:bb:4d:98:78:
ef:f3:49:fe:22:c3:f7:90:7d:bb:96:ec:e9:da:8d:
4a:20:bf:bc:2c:05:84:50:ae:f3:2b:9f:44:c8:0f:
c8:50:79:0f:99:64:c7:58:9a:5d:e5:95:42:58:6e:
e0:0d:50:df:42:66:de:d9:2a:48:b3:52:17:0c:f5:
a4:a9:03:7f:78:a8:bd:24:15:99:bc:1a:8f:ec:6c:
8f:ab:84:24:03:aa:cf:46:ad:ef:76:f7:2f:82:09:
3e:07:20:7e:eb:1e:a6:dc:58:bb:d1:56:7c:36:8a:
42:ec:97:35:e1:06:66:d1:eb:9b:04:14:af:6d:06:
6d:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6F:25:D9:09:C4:0A:AF:F5:7D:72:CE:70:73:84:7D:EC:C7:77:A9:A3
X509v3 Authority Key Identifier:
keyid:58:D2:D2:71:5F:43:F7:47:BE:A7:62:DC:E1:66:BC:A4:B8:E9:65:EB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WNLScV9D90e-p2Lc4Wa8pLjpZes.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/byXZCcQKr_V9cs5wc4R97Md3qaM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/d67b7b-c798-4901-80f9-e3834516fc08/1/WNLScV9D90e-p2Lc4Wa8pLjpZes.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.169.128.0/17
85.214.0.0/15
185.56.148.0/22
192.67.197.0-192.67.198.255
193.141.3.0/24
194.45.97.0/24
IPv6:
2a01:238::/29
Signature Algorithm: sha256WithRSAEncryption
8d:21:cc:2a:a4:15:77:c6:57:ca:15:e6:54:10:72:73:3e:14:
9e:71:5e:32:10:ce:85:ec:38:dd:35:12:49:2b:18:c8:81:cd:
51:21:94:90:4d:c8:00:96:aa:90:8a:7d:98:58:66:ad:64:e1:
36:44:21:a6:8d:c2:56:2a:fa:ff:ee:d9:77:0a:0e:53:c8:18:
28:27:1b:d0:66:14:c5:ea:00:af:ee:d3:3e:66:a9:64:76:08:
f1:3f:78:ba:e0:c4:2d:21:be:92:ae:e2:9e:0a:5a:c3:c7:c1:
16:d0:6d:43:e5:3c:0f:6d:98:4b:cd:e3:de:bc:00:c9:0b:b0:
ed:24:7e:7e:ed:d7:fa:23:6c:e8:4e:dd:c1:ca:a4:2a:c5:3f:
ff:fd:8e:c0:7d:d2:e0:41:1d:55:18:0e:fe:77:d7:b5:70:14:
47:b4:76:36:5b:e3:a6:02:61:4a:f1:d4:fe:d2:93:bd:9a:e9:
1b:7d:53:e5:d4:fe:08:3f:20:6e:a3:07:1c:48:45:72:64:fb:
9d:91:5f:f9:b8:97:c5:e0:bb:c6:54:45:05:8e:8a:ac:d6:bf:
5c:33:4a:7e:17:3c:96:54:f3:7b:11:c3:e9:54:a3:c2:88:8e:
8d:f6:c5:44:21:2e:e6:05:eb:a5:71:5f:50:05:d6:9c:94:df:
b4:ee:90:30
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYzFADQ6T7KBYb97DE/27LkAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZDJkMjcxNWY0M2Y3NDdiZWE3NjJkY2UxNjZiY2E0Yjhl
OTY1ZWIwHhcNMjQwMTAxMTIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjI1ZDkwOWM0MGFhZmY1N2Q3MmNlNzA3Mzg0N2RlY2M3NzdhOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZm8OO8+duZ+tEYSruHGBN7MDCOK
jSLfbxWNS3XEUPXy/+x5hD6e5UASi2irqYHakm9kMpi522VzV/AhINTQ7SZPkmNa
EkzfslAGC5KC7OzA0WDO7NcbXazAW4N9jj5vLzu5C0Gf8c+QHUH0Ifd2jnJnsdtG
wuT6uHv67hD1QNyVwLtNmHjv80n+IsP3kH27luzp2o1KIL+8LAWEUK7zK59EyA/I
UHkPmWTHWJpd5ZVCWG7gDVDfQmbe2SpIs1IXDPWkqQN/eKi9JBWZvBqP7GyPq4Qk
A6rPRq3vdvcvggk+ByB+6x6m3Fi70VZ8NopC7Jc14QZm0eubBBSvbQZtGQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFG8l2QnECq/1fXLOcHOEfezHd6mjMB8GA1UdIwQY
MBaAFFjS0nFfQ/dHvqdi3OFmvKS46WXrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjkt
ZTM4MzQ1MTZmYzA4LzEvYnlYWkNjUUtyX1Y5Y3M1d2M0Ujk3TWQzcWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9kNjdiN2ItYzc5OC00OTAxLTgwZjktZTM4MzQ1MTZmYzA4
LzEvV05MU2NWOUQ5MGUtcDJMYzRXYThwTGpwWmVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAxBAIAATArAwQHUamAAwMB
VdYDBAK5OJQwDAMEAMBDxQMEAMBDxgMEAMGNAwMEAMItYTANBAIAAjAHAwUDKgEC
ODANBgkqhkiG9w0BAQsFAAOCAQEAjSHMKqQVd8ZXyhXmVBBycz4UnnFeMhDOhew4
3TUSSSsYyIHNUSGUkE3IAJaqkIp9mFhmrWThNkQhpo3CVir6/+7ZdwoOU8gYKCcb
0GYUxeoAr+7TPmapZHYI8T94uuDELSG+kq7ingpaw8fBFtBtQ+U8D22YS83j3rwA
yQuw7SR+fu3X+iNs6E7dwcqkKsU///2OwH3S4EEdVRgO/nfXtXAUR7R2NlvjpgJh
SvHU/tKTvZrpG31T5dT+CD8gbqMHHEhFcmT7nZFf+biXxeC7xlRFBY6KrNa/XDNK
fhc8llTzexHD6VSjwoiOjfbFRCEu5gXrpXFfUAXWnJTftO6QMA==
-----END CERTIFICATE-----
Generated at Thu Feb 1 16:11:03 2024 by rpki-client on console-fra.rpki-client.org