Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/NBODTiDsRYpY5vMHEY_Il-e4K1c.roa
File: NBODTiDsRYpY5vMHEY_Il-e4K1c.roa (raw, json)
Hash identifier: latb4sIsu7p84dCmff/a5BIVfN2nYzScpV0ZaygCL0k=
Subject key identifier: 34:13:83:4E:20:EC:45:8A:58:E6:F3:07:11:8F:C8:97:E7:B8:2B:57
Certificate issuer: /CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Certificate serial: 018BA91E51507F911563E33778CF3119DCAE
Authority key identifier: A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/NBODTiDsRYpY5vMHEY_Il-e4K1c.roa
Signing time: Tue 07 Nov 2023 09:30:18 +0000
ROA not before: Tue 07 Nov 2023 09:30:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198949
IP address blocks: 149.238.32.0/19 maxlen: 24
149.238.160.0/19 maxlen: 24
149.238.64.0/19 maxlen: 24
193.33.52.0/23 maxlen: 24
192.112.208.0/24 maxlen: 24
192.77.114.0/23 maxlen: 24
149.238.192.0/19 maxlen: 24
149.238.96.0/19 maxlen: 24
149.238.0.0/19 maxlen: 24
149.238.224.0/19 maxlen: 24
149.238.128.0/19 maxlen: 24
2a13:cb40::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:a9:1e:51:50:7f:91:15:63:e3:37:78:cf:31:19:dc:ae
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Validity
Not Before: Nov 7 09:30:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3413834e20ec458a58e6f307118fc897e7b82b57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:4e:c1:c4:85:9f:59:09:cf:7c:40:18:07:63:
4f:2e:cb:95:b3:b0:bf:c7:e9:5e:e0:96:b9:8e:27:
87:18:65:2c:d1:61:c7:9d:00:ca:ea:68:de:cc:88:
7b:a7:c9:25:9a:0e:d0:0e:4e:11:89:af:de:b2:a2:
d6:66:38:26:ed:a0:2b:99:84:7b:8e:6f:43:ce:88:
82:6a:b3:bd:d4:ad:cb:31:27:2d:64:22:87:e1:d4:
fa:db:90:36:e6:62:61:3f:81:10:10:71:ed:93:0c:
ee:c1:0c:f6:8f:48:ec:46:c0:98:94:4b:b8:ac:68:
a8:3b:2a:c0:5c:91:41:67:dd:03:ef:94:ca:4e:b8:
11:03:92:56:f4:2d:1f:26:dc:81:c4:7c:13:24:d1:
a3:27:62:15:5f:45:2f:bf:d8:49:09:fc:ec:47:c8:
bd:e2:e0:bc:28:bc:92:4a:71:43:e9:38:1f:4a:fe:
2c:67:b1:ec:1a:32:23:b5:1d:5b:30:27:89:74:14:
75:4e:ca:19:89:40:6f:13:cd:6b:2e:d6:d9:62:96:
b9:c1:9e:56:da:69:90:f9:96:3e:dc:3e:bd:96:77:
66:c6:26:05:44:3d:72:5d:a7:2c:75:66:d8:04:f1:
17:46:e4:66:a4:94:9c:05:4e:ed:15:91:93:e5:b5:
22:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:13:83:4E:20:EC:45:8A:58:E6:F3:07:11:8F:C8:97:E7:B8:2B:57
X509v3 Authority Key Identifier:
keyid:A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/NBODTiDsRYpY5vMHEY_Il-e4K1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
149.238.0.0/16
192.77.114.0/23
192.112.208.0/24
193.33.52.0/23
IPv6:
2a13:cb40::/29
Signature Algorithm: sha256WithRSAEncryption
8a:2b:b4:9d:b2:58:b2:9c:a9:dd:48:88:70:5b:e2:a7:39:f9:
b8:f9:77:82:8b:a0:7d:bd:9c:82:43:a2:a4:f4:48:9a:d6:43:
a4:50:d9:35:02:57:67:60:30:38:c7:47:37:a5:1b:65:af:f1:
c1:19:c2:99:d9:a0:76:aa:ce:0a:34:d2:9a:d5:14:6b:f3:22:
f6:0e:f3:9e:1e:e3:ea:48:aa:50:6d:eb:a8:91:f9:35:14:a6:
24:34:4e:dd:48:92:d3:34:45:e0:95:de:78:db:5d:4c:52:91:
3e:04:65:09:ac:1f:94:dc:c0:3f:63:d2:a9:d4:e8:b4:02:66:
fb:1d:a6:13:39:11:ab:72:8b:9b:97:a3:7a:8f:e4:61:1d:de:
52:77:96:0f:c0:4f:58:6c:c1:f0:b2:c7:a2:47:ac:23:36:59:
68:71:99:0d:e0:f9:1c:cc:40:d5:ff:ef:37:9e:e1:1c:56:de:
97:13:c2:b5:73:ff:44:52:be:61:f4:91:1f:76:07:20:28:9f:
b5:ac:07:32:e0:a2:9c:7d:12:07:e4:ce:6f:3a:64:65:84:84:
f9:90:f8:57:85:da:b3:68:78:35:49:47:3b:3e:e0:28:58:b8:
dd:78:b8:d0:78:cd:24:25:11:ea:2b:81:a5:25:fe:00:54:ba:
49:a2:c8:e7
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYupHlFQf5EVY+M3eM8xGdyuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzI3YzU2ZTk0MTE3MWVhM2JlYmEyNmViYjllMjNmNGRm
NWJjZjMwHhcNMjMxMTA3MDkzMDE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDEzODM0ZTIwZWM0NThhNThlNmYzMDcxMThmYzg5N2U3YjgyYjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA107BxIWfWQnPfEAYB2NPLsuVs7C/
x+le4Ja5jieHGGUs0WHHnQDK6mjezIh7p8klmg7QDk4Ria/esqLWZjgm7aArmYR7
jm9DzoiCarO91K3LMSctZCKH4dT625A25mJhP4EQEHHtkwzuwQz2j0jsRsCYlEu4
rGioOyrAXJFBZ90D75TKTrgRA5JW9C0fJtyBxHwTJNGjJ2IVX0Uvv9hJCfzsR8i9
4uC8KLySSnFD6TgfSv4sZ7HsGjIjtR1bMCeJdBR1TsoZiUBvE81rLtbZYpa5wZ5W
2mmQ+ZY+3D69lndmxiYFRD1yXacsdWbYBPEXRuRmpJScBU7tFZGT5bUijQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFDQTg04g7EWKWObzBxGPyJfnuCtXMB8GA1UdIwQY
MBaAFKQyfFbpQRceo766Juu54j9N9bzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWIt
MjhjMzQzY2U5ZDVkLzEvTkJPRFRpRHNSWXBZNXZNSEVZX0lsLWU0SzFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWItMjhjMzQzY2U5ZDVk
LzEvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAdBAIAATAXAwMAle4DBAHA
TXIDBADAcNADBAHBITQwDQQCAAIwBwMFAyoTy0AwDQYJKoZIhvcNAQELBQADggEB
AIortJ2yWLKcqd1IiHBb4qc5+bj5d4KLoH29nIJDoqT0SJrWQ6RQ2TUCV2dgMDjH
RzelG2Wv8cEZwpnZoHaqzgo00prVFGvzIvYO854e4+pIqlBt66iR+TUUpiQ0Tt1I
ktM0ReCV3njbXUxSkT4EZQmsH5TcwD9j0qnU6LQCZvsdphM5Eatyi5uXo3qP5GEd
3lJ3lg/AT1hswfCyx6JHrCM2WWhxmQ3g+RzMQNX/7zee4RxW3pcTwrVz/0RSvmH0
kR92ByAon7WsBzLgopx9Egfkzm86ZGWEhPmQ+FeF2rNoeDVJRzs+4ChYuN14uNB4
zSQlEeorgaUl/gBUukmiyOc=
-----END CERTIFICATE-----
Generated at Mon Jan 1 06:16:43 2024 by rpki-client on console-ams.rpki-client.org