Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/TuG9tkp1pbZ_gH3wX8IT2bgg31A.roa
File: TuG9tkp1pbZ_gH3wX8IT2bgg31A.roa (raw, json)
Hash identifier: KZGXX4BaaUGEcZDM4AsipP8ClbauDRCp9ARD1q0cH4k=
Subject key identifier: 4E:E1:BD:B6:4A:75:A5:B6:7F:80:7D:F0:5F:C2:13:D9:B8:20:DF:50
Certificate issuer: /CN=73189d26bae7f85cb4e06ab5ab536de5a80c16a1
Certificate serial: 01856EA68B7770F7AA07656B12D98432FA79
Authority key identifier: 73:18:9D:26:BA:E7:F8:5C:B4:E0:6A:B5:AB:53:6D:E5:A8:0C:16:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/TuG9tkp1pbZ_gH3wX8IT2bgg31A.roa
Signing time: Sun 01 Jan 2023 18:44:46 +0000
ROA not before: Sun 01 Jan 2023 18:44:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60876
IP address blocks: 185.24.168.0/22 maxlen: 24
85.204.120.0/23 maxlen: 24
85.204.132.0/23 maxlen: 24
85.204.136.0/23 maxlen: 24
212.237.96.0/20 maxlen: 24
85.204.194.0/23 maxlen: 24
195.192.248.0/23 maxlen: 24
185.166.120.0/22 maxlen: 24
2a00:7660::/29 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:a6:8b:77:70:f7:aa:07:65:6b:12:d9:84:32:fa:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=73189d26bae7f85cb4e06ab5ab536de5a80c16a1
Validity
Not Before: Jan 1 18:44:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4ee1bdb64a75a5b67f807df05fc213d9b820df50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:07:75:d6:a4:7d:37:c7:b6:5f:35:51:73:cc:
aa:b2:27:b5:85:a9:b7:c9:72:79:0e:d3:fc:a6:b1:
70:c5:e0:46:93:9b:a2:80:f9:8e:ca:44:8a:c2:84:
87:8a:a8:5c:bf:f1:af:af:e2:47:5a:7e:2b:72:63:
81:01:be:e9:e9:23:2e:7e:b8:b5:05:95:05:13:4b:
f4:40:12:49:b0:62:2a:48:c9:ff:51:52:ac:72:c2:
50:6c:9b:cf:0b:9a:12:20:30:a1:82:47:78:13:e8:
35:7c:da:92:a1:46:a1:36:0d:eb:8d:20:94:aa:f3:
94:6e:17:99:20:ff:c1:ac:74:6b:4a:be:eb:18:11:
5f:92:86:6e:0f:4e:82:bf:8c:42:52:23:e9:90:e3:
90:16:44:cd:60:3b:68:cb:9d:92:ed:ce:6e:c8:1e:
47:d8:13:e8:b0:53:40:95:7d:7a:8b:f9:c9:8a:ce:
a3:b1:ac:0b:e6:1a:6a:b7:aa:aa:66:db:0a:c2:3e:
59:03:81:9f:12:99:08:21:27:12:5a:a4:7c:75:78:
42:1c:55:ff:3b:d4:99:7f:2c:33:b9:c9:d4:c5:52:
27:63:f8:7e:92:a9:7b:c3:e0:1f:70:1e:63:e2:af:
88:94:39:d4:cf:0e:8a:6e:8b:2d:1a:b3:40:87:e2:
ec:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:E1:BD:B6:4A:75:A5:B6:7F:80:7D:F0:5F:C2:13:D9:B8:20:DF:50
X509v3 Authority Key Identifier:
keyid:73:18:9D:26:BA:E7:F8:5C:B4:E0:6A:B5:AB:53:6D:E5:A8:0C:16:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxidJrrn-Fy04Gq1q1Nt5agMFqE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/TuG9tkp1pbZ_gH3wX8IT2bgg31A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/360a9d-b121-45ae-830d-066b63237d85/1/cxidJrrn-Fy04Gq1q1Nt5agMFqE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.120.0/23
85.204.132.0/23
85.204.136.0/23
85.204.194.0/23
185.24.168.0/22
185.166.120.0/22
195.192.248.0/23
212.237.96.0/20
IPv6:
2a00:7660::/29
Signature Algorithm: sha256WithRSAEncryption
9b:b1:02:46:cc:f1:60:70:ee:8f:77:93:a1:21:03:e0:55:a1:
e1:ec:58:c7:f8:7e:2b:75:c2:97:dc:1e:1c:fa:e9:29:6d:77:
d4:8a:4e:82:d8:b0:2b:0a:5d:d1:3c:d1:d2:1a:54:b0:b0:96:
82:19:c9:28:e8:a3:71:23:12:b8:12:7f:ee:86:b5:5b:7b:c6:
3b:61:d5:ca:ec:93:67:78:7c:0e:d8:f5:c3:19:a3:85:4e:ed:
48:fe:4e:83:9c:80:60:08:1e:07:a9:f1:4f:76:53:68:ba:08:
25:a3:eb:f6:c1:0f:99:b6:20:cf:38:10:28:76:1b:0e:73:b6:
fe:e1:98:bc:7c:9c:f6:d9:8d:0a:aa:44:32:87:aa:f3:0c:43:
db:2e:1e:22:19:98:68:11:9d:07:06:db:ab:ff:72:75:ce:38:
82:d4:ee:02:c0:cb:f7:32:12:dd:3e:37:40:de:17:7b:f3:ef:
e1:45:b5:00:7c:d6:65:d7:51:8e:ee:d8:11:4d:a8:4c:72:b7:
01:a0:e7:9c:88:13:81:cf:f6:ef:c3:e9:74:0d:74:9a:ba:e8:
cf:40:28:7d:06:23:c9:59:0b:d0:b3:dc:f0:d0:fd:42:04:e5:
67:6b:41:a7:bc:7d:20:f5:e9:a7:39:82:f2:ba:34:82:7a:9a:
b1:81:92:3e
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVupot3cPeqB2VrEtmEMvp5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMTg5ZDI2YmFlN2Y4NWNiNGUwNmFiNWFiNTM2ZGU1YTgw
YzE2YTEwHhcNMjMwMTAxMTg0NDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWUxYmRiNjRhNzVhNWI2N2Y4MDdkZjA1ZmMyMTNkOWI4MjBkZjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwd11qR9N8e2XzVRc8yqsie1ham3
yXJ5DtP8prFwxeBGk5uigPmOykSKwoSHiqhcv/Gvr+JHWn4rcmOBAb7p6SMufri1
BZUFE0v0QBJJsGIqSMn/UVKscsJQbJvPC5oSIDChgkd4E+g1fNqSoUahNg3rjSCU
qvOUbheZIP/BrHRrSr7rGBFfkoZuD06Cv4xCUiPpkOOQFkTNYDtoy52S7c5uyB5H
2BPosFNAlX16i/nJis6jsawL5hpqt6qqZtsKwj5ZA4GfEpkIIScSWqR8dXhCHFX/
O9SZfywzucnUxVInY/h+kql7w+AfcB5j4q+IlDnUzw6KbostGrNAh+LscQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFE7hvbZKdaW2f4B98F/CE9m4IN9QMB8GA1UdIwQY
MBaAFHMYnSa65/hctOBqtatTbeWoDBahMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3hpZEpycm4tRnkwNEdxMXExTnQ1YWdNRnFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zNjBhOWQtYjEyMS00NWFlLTgzMGQt
MDY2YjYzMjM3ZDg1LzEvVHVHOXRrcDFwYlpfZ0gzd1g4SVQyYmdnMzFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zNjBhOWQtYjEyMS00NWFlLTgzMGQtMDY2YjYzMjM3ZDg1
LzEvY3hpZEpycm4tRnkwNEdxMXExTnQ1YWdNRnFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQBVcx4AwQB
VcyEAwQBVcyIAwQBVczCAwQCuRioAwQCuaZ4AwQBw8D4AwQE1O1gMA0EAgACMAcD
BQMqAHZgMA0GCSqGSIb3DQEBCwUAA4IBAQCbsQJGzPFgcO6Pd5OhIQPgVaHh7FjH
+H4rdcKX3B4c+ukpbXfUik6C2LArCl3RPNHSGlSwsJaCGcko6KNxIxK4En/uhrVb
e8Y7YdXK7JNneHwO2PXDGaOFTu1I/k6DnIBgCB4HqfFPdlNougglo+v2wQ+ZtiDP
OBAodhsOc7b+4Zi8fJz22Y0KqkQyh6rzDEPbLh4iGZhoEZ0HBtur/3J1zjiC1O4C
wMv3MhLdPjdA3hd78+/hRbUAfNZl11GO7tgRTahMcrcBoOeciBOBz/bvw+l0DXSa
uujPQCh9BiPJWQvQs9zw0P1CBOVna0GnvH0g9emnOYLyujSCepqxgZI+
-----END CERTIFICATE-----
Generated at Tue Jan 2 09:01:37 2024 by rpki-client on console-ams.rpki-client.org