Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/nzKezzjy0zEw688jHxZJUpjYrLQ.roa
File: nzKezzjy0zEw688jHxZJUpjYrLQ.roa (raw, json)
Hash identifier: 3WiNjoUATYIbz1yagJroLMZoI2h3onmaKk2zy/Q3CCw=
Subject key identifier: 9F:32:9E:CF:38:F2:D3:31:30:EB:CF:23:1F:16:49:52:98:D8:AC:B4
Certificate issuer: /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial: 01856DC1BE18D6DE8A1AD555816116CFA3A7
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/nzKezzjy0zEw688jHxZJUpjYrLQ.roa
Signing time: Sun 01 Jan 2023 14:34:51 +0000
ROA not before: Sun 01 Jan 2023 14:34:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 26383
IP address blocks: 91.149.232.0/23 maxlen: 23
91.149.240.0/24 maxlen: 24
91.149.236.0/23 maxlen: 23
91.149.243.0/24 maxlen: 24
91.149.242.0/24 maxlen: 24
91.149.241.0/24 maxlen: 24
91.149.253.0/24 maxlen: 24
91.149.255.0/24 maxlen: 24
91.149.254.0/24 maxlen: 24
91.149.202.0/23 maxlen: 23
91.149.218.0/24 maxlen: 24
91.149.222.0/23 maxlen: 23
91.149.221.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 22 Mar 2023 15:32:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:c1:be:18:d6:de:8a:1a:d5:55:81:61:16:cf:a3:a7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Validity
Not Before: Jan 1 14:34:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9f329ecf38f2d33130ebcf231f16495298d8acb4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:c9:1c:bb:8f:f5:82:84:88:81:89:7f:d0:62:
ab:b9:db:e5:e1:a1:3f:ca:03:b4:ad:1d:6a:b4:a4:
fc:8f:3e:95:97:7b:15:cf:80:98:94:07:56:c7:52:
ff:cc:ce:94:74:50:7d:7a:c6:76:b9:38:d0:fe:84:
43:66:b8:e3:89:06:8e:ec:42:d4:b9:2b:49:cf:fe:
18:12:11:f7:60:ba:32:06:7a:06:72:7d:bc:50:ff:
ad:5b:c3:15:a3:14:af:f7:36:95:db:b0:44:0e:89:
e7:89:f8:83:b0:c7:ae:4f:6a:dd:0e:c8:9a:23:e1:
41:d8:46:40:e5:65:28:cd:7b:f9:73:91:37:d0:d3:
3d:13:4c:28:44:07:28:4f:58:5a:bc:18:08:cb:5d:
ea:ee:96:4f:c6:d2:40:05:7a:66:db:ad:ad:cf:32:
b7:79:30:5f:d1:99:ad:97:ad:5d:2a:1a:7a:36:28:
40:2e:db:b1:4b:99:bf:2f:f5:e8:0a:fd:77:ba:ea:
de:28:e1:ca:52:8c:b2:a1:44:85:36:a7:db:6a:d5:
3c:09:26:ac:5f:cf:71:de:0d:35:66:71:da:02:87:
0e:5a:84:bc:98:34:65:3a:ef:e9:32:dd:d8:49:dd:
ee:f8:ff:77:e4:96:34:81:2e:2e:16:13:ed:78:40:
5c:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:32:9E:CF:38:F2:D3:31:30:EB:CF:23:1F:16:49:52:98:D8:AC:B4
X509v3 Authority Key Identifier:
keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/nzKezzjy0zEw688jHxZJUpjYrLQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.149.202.0/23
91.149.218.0/24
91.149.221.0-91.149.223.255
91.149.232.0/23
91.149.236.0/23
91.149.240.0/22
91.149.253.0-91.149.255.255
Signature Algorithm: sha256WithRSAEncryption
b6:a0:39:a1:6d:7b:c9:c4:b3:6a:82:24:40:ce:c4:19:69:9f:
d8:5c:21:d2:b3:ad:bc:dd:3d:5a:0f:c7:87:7e:2a:38:ca:c7:
00:0c:39:05:08:7d:db:64:a9:41:ae:6f:f9:86:ee:d5:c7:38:
1d:42:97:a1:b7:e1:a6:b5:92:79:82:46:b1:f8:36:12:51:c9:
0e:28:b1:03:d1:f3:1c:82:9b:07:0d:2e:33:ca:de:76:bf:83:
b8:a9:32:7d:56:e4:58:5e:86:3c:1b:03:3b:3c:8b:f2:82:f6:
fd:b0:aa:e2:1c:38:c5:21:d4:90:f6:e3:dc:15:a5:38:57:b9:
e5:46:30:7e:a7:47:ff:d5:2c:ab:9a:25:25:eb:c5:b1:78:8c:
99:da:fd:e8:fe:46:fd:8f:e2:8d:38:23:ea:bc:00:c9:74:ed:
31:d9:b3:e5:9e:69:55:6b:87:c7:90:2c:99:11:ef:aa:de:95:
93:2b:27:db:f1:9f:0b:6a:96:51:10:1d:97:55:7c:d5:91:e9:
a6:b0:8a:97:f2:2a:1b:5f:0e:ac:89:a2:0f:8b:b0:aa:70:c2:
2a:9b:d1:3c:36:89:3c:4a:3d:52:e1:68:bb:3e:98:01:20:2b:
ae:2a:f4:5d:d5:38:29:37:40:7c:8b:90:a5:1d:c2:0c:e0:78:
77:77:f8:df
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVtwb4Y1t6KGtVVgWEWz6OnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjMwMTAxMTQzNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjMyOWVjZjM4ZjJkMzMxMzBlYmNmMjMxZjE2NDk1Mjk4ZDhhY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8kcu4/1goSIgYl/0GKrudvl4aE/
ygO0rR1qtKT8jz6Vl3sVz4CYlAdWx1L/zM6UdFB9esZ2uTjQ/oRDZrjjiQaO7ELU
uStJz/4YEhH3YLoyBnoGcn28UP+tW8MVoxSv9zaV27BEDonnifiDsMeuT2rdDsia
I+FB2EZA5WUozXv5c5E30NM9E0woRAcoT1havBgIy13q7pZPxtJABXpm262tzzK3
eTBf0Zmtl61dKhp6NihALtuxS5m/L/XoCv13uureKOHKUoyyoUSFNqfbatU8CSas
X89x3g01ZnHaAocOWoS8mDRlOu/pMt3YSd3u+P935JY0gS4uFhPteEBcowIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJ8yns848tMxMOvPIx8WSVKY2Ky0MB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvbnpLZXp6ankwekV3Njg4akh4WkpVcGpZckxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTA/BAIAATA5AwQBW5XKAwQA
W5XaMAwDBABbld0DBAVblcADBAFblegDBAFblewDBAJblfAwCwMEAFuV/QMDAVuU
MA0GCSqGSIb3DQEBCwUAA4IBAQC2oDmhbXvJxLNqgiRAzsQZaZ/YXCHSs6283T1a
D8eHfio4yscADDkFCH3bZKlBrm/5hu7VxzgdQpeht+GmtZJ5gkax+DYSUckOKLED
0fMcgpsHDS4zyt52v4O4qTJ9VuRYXoY8GwM7PIvygvb9sKriHDjFIdSQ9uPcFaU4
V7nlRjB+p0f/1SyrmiUl68WxeIyZ2v3o/kb9j+KNOCPqvADJdO0x2bPlnmlVa4fH
kCyZEe+q3pWTKyfb8Z8LapZREB2XVXzVkemmsIqX8iobXw6siaIPi7CqcMIqm9E8
Nok8Sj1S4Wi7PpgBICuuKvRd1TgpN0B8i5ClHcIM4Hh3d/jf
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:16 2024 by rpki-client on console-ams.rpki-client.org