Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/FLZfbW5WUUwwlvfe69_s6sDb4ng.roa
File: FLZfbW5WUUwwlvfe69_s6sDb4ng.roa (raw, json)
Hash identifier: giuSzsezkv6QqKFSVpEiPaibnVv5NJaX8DE1nfaqB5E=
Subject key identifier: 14:B6:5F:6D:6E:56:51:4C:30:96:F7:DE:EB:DF:EC:EA:C0:DB:E2:78
Certificate issuer: /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial: 018CFDE3997C7214DD7D4E7380442D4B6C94
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/FLZfbW5WUUwwlvfe69_s6sDb4ng.roa
Signing time: Fri 12 Jan 2024 13:36:40 +0000
ROA not before: Fri 12 Jan 2024 13:36:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 211415
IP address blocks: 45.147.152.0/22 maxlen: 22
85.8.168.0/22 maxlen: 22
2.56.184.0/22 maxlen: 22
194.124.144.0/24 maxlen: 24
194.121.59.0/24 maxlen: 24
45.90.248.0/22 maxlen: 22
31.40.232.0/22 maxlen: 24
194.31.180.0/22 maxlen: 22
Validation: Failed, certificate revoked on Mon 19 Feb 2024 10:29:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:fd:e3:99:7c:72:14:dd:7d:4e:73:80:44:2d:4b:6c:94
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
Validity
Not Before: Jan 12 13:36:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=14b65f6d6e56514c3096f7deebdfeceac0dbe278
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:41:64:97:0a:bc:e8:e7:d8:ca:d0:09:35:83:
67:36:5e:57:90:d8:ba:fa:30:42:24:26:6b:b7:96:
4b:40:1a:16:b3:33:fa:06:5c:11:5e:88:07:fb:66:
19:dd:8d:f8:c0:74:5a:82:61:38:a4:f2:05:eb:0d:
c6:25:22:fe:09:0b:4e:a4:74:f6:3b:06:c2:c0:42:
ff:a7:b8:2f:b5:09:c1:7d:9d:cc:8b:63:8b:28:0d:
eb:19:c8:4a:29:7a:9c:c7:91:16:25:b5:ba:9d:5d:
10:02:81:e2:eb:d4:3b:2d:1c:3c:7c:7d:b9:a5:34:
9e:b8:ce:04:f2:11:ad:7a:5a:83:1b:cf:5b:74:a0:
f0:9e:d1:28:8b:02:35:48:42:5d:93:e4:f1:e0:cf:
5d:8d:56:da:30:39:9e:65:09:9c:8e:3a:4a:92:fd:
a5:a7:f8:53:92:35:c0:54:52:47:0b:b3:63:49:d2:
23:89:7c:c5:1a:b6:64:a9:9a:60:b6:3a:f2:3b:ac:
16:ed:21:53:f1:40:ab:e6:63:db:0f:88:a8:ce:6f:
93:06:81:35:e0:83:f5:43:94:a3:39:b0:af:2a:db:
2a:99:36:49:3e:b1:2c:b5:d0:9e:89:df:dd:17:ba:
01:4d:d0:a7:05:f8:8b:04:67:df:76:3d:2b:60:19:
89:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:B6:5F:6D:6E:56:51:4C:30:96:F7:DE:EB:DF:EC:EA:C0:DB:E2:78
X509v3 Authority Key Identifier:
keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/FLZfbW5WUUwwlvfe69_s6sDb4ng.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.184.0/22
31.40.232.0/22
45.90.248.0/22
45.147.152.0/22
85.8.168.0/22
194.31.180.0/22
194.121.59.0/24
194.124.144.0/24
Signature Algorithm: sha256WithRSAEncryption
53:5f:9f:9d:04:1e:34:1c:f6:3b:f3:92:e6:ee:29:28:5d:b6:
ce:31:9c:5b:81:0f:98:77:ee:4e:e5:5b:da:b6:3a:42:f7:87:
63:70:d9:ae:04:94:62:6a:9f:f0:91:31:62:bc:49:23:ac:4d:
c7:54:41:f2:91:a5:a4:44:82:95:fe:2b:2c:1c:9f:45:fa:b4:
56:09:60:fc:d9:28:94:31:65:ed:c8:74:28:99:d3:38:9f:71:
15:9c:9a:43:f4:da:a4:da:cd:6b:60:45:d8:f5:2d:55:95:76:
f3:86:07:2a:0c:17:c5:0c:1d:e0:63:00:eb:40:2c:db:ef:8a:
25:41:18:e0:c0:e0:4c:75:e4:78:60:e6:cd:18:54:2e:dd:6f:
62:48:30:57:26:f1:eb:78:27:9e:be:bd:dc:78:a5:cb:d0:c6:
ec:20:a5:a2:89:6d:de:e6:7b:34:ac:b1:f6:2a:1a:40:cb:e5:
ac:e3:ca:0c:7b:9b:0e:80:a2:7a:71:bc:7d:f4:9e:90:b5:82:
4b:8d:1b:fa:03:3b:e4:9a:3c:15:f2:8c:fc:e1:03:05:dc:61:
f5:8b:f9:eb:0c:32:8e:6b:e0:3f:8b:90:2b:24:4f:52:c1:5c:
95:f5:ea:07:bb:2a:ea:49:7d:b3:15:9d:b6:56:a3:5d:7b:ee:
4f:c2:46:19
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYz945l8chTdfU5zgEQtS2yUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjQwMTEyMTMzNjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGI2NWY2ZDZlNTY1MTRjMzA5NmY3ZGVlYmRmZWNlYWMwZGJlMjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0Fklwq86OfYytAJNYNnNl5XkNi6
+jBCJCZrt5ZLQBoWszP6BlwRXogH+2YZ3Y34wHRagmE4pPIF6w3GJSL+CQtOpHT2
OwbCwEL/p7gvtQnBfZ3Mi2OLKA3rGchKKXqcx5EWJbW6nV0QAoHi69Q7LRw8fH25
pTSeuM4E8hGtelqDG89bdKDwntEoiwI1SEJdk+Tx4M9djVbaMDmeZQmcjjpKkv2l
p/hTkjXAVFJHC7NjSdIjiXzFGrZkqZpgtjryO6wW7SFT8UCr5mPbD4iozm+TBoE1
4IP1Q5SjObCvKtsqmTZJPrEstdCeid/dF7oBTdCnBfiLBGffdj0rYBmJRQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBS2X21uVlFMMJb33uvf7OrA2+J4MB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvRkxaZmJXNVdVVXd3bHZmZTY5X3M2c0RiNG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCAji4AwQC
HyjoAwQCLVr4AwQCLZOYAwQCVQioAwQCwh+0AwQAwnk7AwQAwnyQMA0GCSqGSIb3
DQEBCwUAA4IBAQBTX5+dBB40HPY785Lm7ikoXbbOMZxbgQ+Yd+5O5VvatjpC94dj
cNmuBJRiap/wkTFivEkjrE3HVEHykaWkRIKV/issHJ9F+rRWCWD82SiUMWXtyHQo
mdM4n3EVnJpD9Nqk2s1rYEXY9S1VlXbzhgcqDBfFDB3gYwDrQCzb74olQRjgwOBM
deR4YObNGFQu3W9iSDBXJvHreCeevr3ceKXL0MbsIKWiiW3e5ns0rLH2KhpAy+Ws
48oMe5sOgKJ6cbx99J6QtYJLjRv6AzvkmjwV8oz84QMF3GH1i/nrDDKOa+A/i5Ar
JE9SwVyV9eoHuyrqSX2zFZ22VqNde+5PwkYZ
-----END CERTIFICATE-----
Generated at Mon Feb 19 15:21:41 2024 by rpki-client on console-fra.rpki-client.org