Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/mEHb7p8xKndvk2_v40fDdTVHAFA.roa
File: mEHb7p8xKndvk2_v40fDdTVHAFA.roa (raw, json)
Hash identifier: nUvVcSX86Vmhc51v8tzox3FPF2zsPJdZZefTBispqfY=
Subject key identifier: 98:41:DB:EE:9F:31:2A:77:6F:93:6F:EF:E3:47:C3:75:35:47:00:50
Certificate issuer: /CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Certificate serial: 018C444F9A077499FCC4A52F4CB528330DF9
Authority key identifier: 52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/mEHb7p8xKndvk2_v40fDdTVHAFA.roa
Signing time: Thu 07 Dec 2023 12:45:16 +0000
ROA not before: Thu 07 Dec 2023 12:45:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59729
IP address blocks: 88.204.42.0/24 maxlen: 24
88.204.43.0/24 maxlen: 24
88.204.44.0/24 maxlen: 24
88.204.45.0/24 maxlen: 24
88.204.46.0/24 maxlen: 24
88.204.47.0/24 maxlen: 24
78.136.248.0/24 maxlen: 24
78.136.249.0/24 maxlen: 24
78.136.250.0/24 maxlen: 24
78.136.251.0/24 maxlen: 24
78.136.252.0/24 maxlen: 24
78.136.253.0/24 maxlen: 24
78.136.254.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:44:4f:9a:07:74:99:fc:c4:a5:2f:4c:b5:28:33:0d:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=529c273098b52768ca0e44a3a2c16efed4a65ca0
Validity
Not Before: Dec 7 12:45:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9841dbee9f312a776f936fefe347c37535470050
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:95:8d:f6:c7:fd:75:f6:5e:d2:55:0c:4b:51:
53:7f:df:00:8c:ab:a3:f6:e8:53:2a:3f:ca:0a:04:
dc:c5:42:c4:81:0e:3e:72:b1:ed:d0:f3:d7:1c:ae:
ca:49:91:f9:b4:59:ed:0c:89:7f:72:59:7e:fb:18:
06:68:0f:a9:70:a7:02:b4:b0:02:bc:30:45:5b:43:
43:45:80:bd:ce:c8:a4:88:82:e4:f4:d4:42:ef:bd:
d5:fc:0c:27:f1:7c:f8:97:b6:41:71:16:d0:01:95:
61:0e:4a:e2:7c:6e:40:e8:e8:22:c4:c5:40:7e:08:
92:52:28:f0:09:57:99:d1:aa:34:f1:bf:eb:99:2c:
2c:2b:0c:91:3d:65:77:12:48:38:db:00:74:aa:2c:
d8:e9:51:30:9c:c4:4a:a4:df:80:c2:42:af:f5:04:
81:3c:1f:75:40:bf:48:2c:08:13:4e:93:19:53:f9:
56:05:05:8c:49:80:74:7f:a3:40:02:da:87:6e:81:
bf:e9:8d:7f:19:3c:83:19:b8:ea:37:88:d0:0c:85:
ea:a7:9f:3b:73:7b:c4:63:b0:f0:fd:fc:b4:3c:ce:
e0:7e:53:65:8c:c1:db:bc:ae:71:6d:7b:88:79:94:
08:9a:63:de:e2:1a:b6:d4:ef:3a:16:9a:4a:b4:da:
ae:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:41:DB:EE:9F:31:2A:77:6F:93:6F:EF:E3:47:C3:75:35:47:00:50
X509v3 Authority Key Identifier:
keyid:52:9C:27:30:98:B5:27:68:CA:0E:44:A3:A2:C1:6E:FE:D4:A6:5C:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UpwnMJi1J2jKDkSjosFu_tSmXKA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/mEHb7p8xKndvk2_v40fDdTVHAFA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/6d9359-afef-4535-9c93-f33d3bb36484/1/UpwnMJi1J2jKDkSjosFu_tSmXKA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.136.248.0-78.136.254.255
88.204.42.0-88.204.47.255
Signature Algorithm: sha256WithRSAEncryption
8b:85:8f:90:0d:3a:ce:24:30:a6:54:6f:af:93:90:4e:fd:71:
dc:c3:0b:03:e9:5e:f2:d1:1e:46:0c:58:ea:b6:5b:cb:3c:0a:
e4:3d:64:7c:a6:a3:53:c5:76:6f:fc:8e:51:ec:38:6c:e4:c0:
e3:9a:4f:a2:e3:09:56:5f:e4:97:f6:16:b7:4b:59:f6:15:02:
be:8b:24:99:34:c0:3f:ab:b3:c2:52:84:a6:49:e4:9a:70:59:
7a:d2:97:5b:a7:3f:00:7c:d4:2d:5c:3a:0a:a9:53:d4:b4:a2:
aa:c2:69:a0:fe:8c:de:5d:fa:c3:b4:76:8c:b3:ff:af:30:ff:
e0:64:a6:53:2b:73:44:5d:a2:46:6c:cb:76:1d:14:83:95:a4:
b6:50:d0:5b:56:a6:26:b9:f9:fd:cc:be:d7:22:b0:01:66:84:
55:a1:cd:16:d8:5f:9b:47:68:af:54:b6:76:3a:8d:56:02:25:
74:92:74:28:61:ab:13:f0:61:22:8a:c0:b0:6a:77:19:45:32:
49:e0:68:c2:0e:31:8c:34:6f:11:12:12:ec:80:78:d7:65:56:
8e:47:28:23:e3:35:cd:a3:78:61:e3:ab:cf:4e:f7:3b:f4:f8:
bb:ad:98:f2:23:3d:b6:c8:21:3a:26:54:11:e2:3b:3b:9a:c9:
02:0b:90:ca
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAYxET5oHdJn8xKUvTLUoMw35MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyOWMyNzMwOThiNTI3NjhjYTBlNDRhM2EyYzE2ZWZlZDRh
NjVjYTAwHhcNMjMxMjA3MTI0NTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODQxZGJlZTlmMzEyYTc3NmY5MzZmZWZlMzQ3YzM3NTM1NDcwMDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipWN9sf9dfZe0lUMS1FTf98AjKuj
9uhTKj/KCgTcxULEgQ4+crHt0PPXHK7KSZH5tFntDIl/cll++xgGaA+pcKcCtLAC
vDBFW0NDRYC9zsikiILk9NRC773V/Awn8Xz4l7ZBcRbQAZVhDkrifG5A6OgixMVA
fgiSUijwCVeZ0ao08b/rmSwsKwyRPWV3Ekg42wB0qizY6VEwnMRKpN+AwkKv9QSB
PB91QL9ILAgTTpMZU/lWBQWMSYB0f6NAAtqHboG/6Y1/GTyDGbjqN4jQDIXqp587
c3vEY7Dw/fy0PM7gflNljMHbvK5xbXuIeZQImmPe4hq21O86FppKtNquOQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJhB2+6fMSp3b5Nv7+NHw3U1RwBQMB8GA1UdIwQY
MBaAFFKcJzCYtSdoyg5Eo6LBbv7UplygMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMt
ZjMzZDNiYjM2NDg0LzEvbUVIYjdwOHhLbmR2azJfdjQwZkRkVFZIQUZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS82ZDkzNTktYWZlZi00NTM1LTljOTMtZjMzZDNiYjM2NDg0
LzEvVXB3bk1KaTFKMmpLRGtTam9zRnVfdFNtWEtBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAATAcMAwDBANOiPgD
BABOiP4wDAMEAVjMKgMEBFjMIDANBgkqhkiG9w0BAQsFAAOCAQEAi4WPkA06ziQw
plRvr5OQTv1x3MMLA+le8tEeRgxY6rZbyzwK5D1kfKajU8V2b/yOUew4bOTA45pP
ouMJVl/kl/YWt0tZ9hUCvoskmTTAP6uzwlKEpknkmnBZetKXW6c/AHzULVw6CqlT
1LSiqsJpoP6M3l36w7R2jLP/rzD/4GSmUytzRF2iRmzLdh0Ug5WktlDQW1amJrn5
/cy+1yKwAWaEVaHNFthfm0dor1S2djqNVgIldJJ0KGGrE/BhIorAsGp3GUUySeBo
wg4xjDRvERIS7IB412VWjkcoI+M1zaN4YeOrz073O/T4u62Y8iM9tsghOiZUEeI7
O5rJAguQyg==
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:51:41 2024 by rpki-client on console-fra.rpki-client.org