Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/aCOepT8Et7AVOE9YeMOn2yo7AJQ.roa
File: aCOepT8Et7AVOE9YeMOn2yo7AJQ.roa (raw, json)
Hash identifier: RObJUB7KpLaDHA5/U+p+wJVcmnBTHqblM7mhjPF57Fc=
Subject key identifier: 68:23:9E:A5:3F:04:B7:B0:15:38:4F:58:78:C3:A7:DB:2A:3B:00:94
Certificate issuer: /CN=5fbe65ae23f207fa695255f55a907ac1608be094
Certificate serial: 018ACC52DD213739E57160702DEF5E9D35FC
Authority key identifier: 5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/aCOepT8Et7AVOE9YeMOn2yo7AJQ.roa
Signing time: Mon 25 Sep 2023 12:31:37 +0000
ROA not before: Mon 25 Sep 2023 12:31:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211183
IP address blocks: 79.133.183.0/24 maxlen: 24
79.133.182.0/24 maxlen: 24
79.133.181.0/24 maxlen: 24
91.200.84.0/24 maxlen: 24
37.140.241.0/24 maxlen: 24
185.240.103.0/24 maxlen: 24
185.244.51.0/24 maxlen: 24
193.187.96.0/24 maxlen: 24
185.250.44.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:cc:52:dd:21:37:39:e5:71:60:70:2d:ef:5e:9d:35:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5fbe65ae23f207fa695255f55a907ac1608be094
Validity
Not Before: Sep 25 12:31:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=68239ea53f04b7b015384f5878c3a7db2a3b0094
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:7c:14:a0:17:c4:5c:aa:ca:5a:15:ce:28:d7:
31:14:8e:ba:6f:91:f3:65:9b:1a:88:1f:86:6c:91:
f5:43:89:87:62:15:5e:c0:5b:23:0a:3b:96:25:f9:
47:04:63:de:fe:7c:e3:f1:bb:91:fd:10:d4:1f:c3:
3e:b3:93:f5:a5:98:63:60:70:1e:e4:19:90:7f:9c:
ea:60:c9:ee:ce:59:37:21:19:00:a6:6d:18:c7:52:
a0:c2:c8:27:ff:fb:0b:ba:3b:d1:60:f1:1d:f9:c1:
7c:2d:6b:58:1a:b3:7c:2f:14:76:c9:80:ed:18:30:
db:36:d0:b4:b7:7e:e4:83:a1:58:02:ce:30:7b:e4:
86:2c:c9:7b:6b:c9:c7:25:c8:1d:ec:9f:06:93:ee:
79:66:18:05:cd:37:5b:da:c7:25:f8:93:f3:d8:a5:
5c:8f:69:42:bc:c8:74:2b:c4:9e:c9:45:5a:bc:51:
9e:f1:af:77:6e:6d:0d:79:99:5b:a1:75:9d:7a:8e:
9e:6c:56:1b:fa:94:45:ff:cc:23:a2:22:03:0f:3f:
fe:d6:f5:cf:7c:e9:c3:13:51:62:82:ca:b6:2e:57:
f5:4b:e9:75:00:6e:bd:2b:e8:97:12:19:af:b5:8d:
e8:50:46:fe:df:ea:a9:c8:92:be:d8:38:34:c1:96:
0e:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:23:9E:A5:3F:04:B7:B0:15:38:4F:58:78:C3:A7:DB:2A:3B:00:94
X509v3 Authority Key Identifier:
keyid:5F:BE:65:AE:23:F2:07:FA:69:52:55:F5:5A:90:7A:C1:60:8B:E0:94
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X75lriPyB_ppUlX1WpB6wWCL4JQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/aCOepT8Et7AVOE9YeMOn2yo7AJQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f4319f-3dfb-42ea-ba95-492ab372689d/1/X75lriPyB_ppUlX1WpB6wWCL4JQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.140.241.0/24
79.133.181.0-79.133.183.255
91.200.84.0/24
185.240.103.0/24
185.244.51.0/24
185.250.44.0/24
193.187.96.0/24
Signature Algorithm: sha256WithRSAEncryption
81:cc:b3:53:12:d1:25:f0:9f:f6:55:a9:62:a1:d1:ba:6c:a4:
51:fb:39:cd:23:f5:61:de:f7:6f:4b:e9:72:a6:1d:88:ff:85:
90:25:47:60:9b:e1:dc:d9:64:a6:f4:64:82:8b:89:15:16:df:
da:a4:bb:df:5c:c4:88:1e:2b:b8:f2:37:c5:55:b1:07:57:7b:
eb:c5:3c:4a:ea:c1:0c:e2:b2:0b:80:06:5b:d8:a7:fe:a6:15:
67:52:65:50:a4:82:6d:a3:6e:b9:87:1e:5a:05:30:49:87:3d:
35:1c:2a:5f:94:37:f7:07:e8:8e:7d:94:f4:16:07:d8:30:4c:
35:f7:85:ad:8d:ee:3c:b7:e5:7d:60:76:0a:e1:21:0c:37:e4:
e6:74:45:44:64:81:56:23:75:fa:09:c1:ef:bf:24:57:64:7f:
91:b0:2e:da:d9:a7:31:1a:d5:6f:33:67:2b:2a:dc:2e:a0:e5:
3d:83:e6:6f:01:2f:45:5f:d5:a7:84:18:df:52:29:c8:f5:73:
27:43:d5:a7:0d:a6:94:75:6c:d2:54:23:2d:e2:52:92:04:e9:
29:1d:07:94:5a:7c:18:64:b8:75:21:36:9e:43:a7:da:55:99:
97:61:1e:e5:be:11:5f:7a:bf:23:5c:44:b8:40:7a:f3:f1:7d:
8e:c0:54:d2
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYrMUt0hNznlcWBwLe9enTX8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYmU2NWFlMjNmMjA3ZmE2OTUyNTVmNTVhOTA3YWMxNjA4
YmUwOTQwHhcNMjMwOTI1MTIzMTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODIzOWVhNTNmMDRiN2IwMTUzODRmNTg3OGMzYTdkYjJhM2IwMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3wUoBfEXKrKWhXOKNcxFI66b5Hz
ZZsaiB+GbJH1Q4mHYhVewFsjCjuWJflHBGPe/nzj8buR/RDUH8M+s5P1pZhjYHAe
5BmQf5zqYMnuzlk3IRkApm0Yx1Kgwsgn//sLujvRYPEd+cF8LWtYGrN8LxR2yYDt
GDDbNtC0t37kg6FYAs4we+SGLMl7a8nHJcgd7J8Gk+55ZhgFzTdb2scl+JPz2KVc
j2lCvMh0K8SeyUVavFGe8a93bm0NeZlboXWdeo6ebFYb+pRF/8wjoiIDDz/+1vXP
fOnDE1Figsq2Llf1S+l1AG69K+iXEhmvtY3oUEb+3+qpyJK+2Dg0wZYO1wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFGgjnqU/BLewFThPWHjDp9sqOwCUMB8GA1UdIwQY
MBaAFF++Za4j8gf6aVJV9VqQesFgi+CUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUt
NDkyYWIzNzI2ODlkLzEvYUNPZXBUOEV0N0FWT0U5WWVNT24yeW83QUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mNDMxOWYtM2RmYi00MmVhLWJhOTUtNDkyYWIzNzI2ODlk
LzEvWDc1bHJpUHlCX3BwVWxYMVdwQjZ3V0NMNEpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAJYzxMAwD
BABPhbUDBANPhbADBABbyFQDBAC58GcDBAC59DMDBAC5+iwDBADBu2AwDQYJKoZI
hvcNAQELBQADggEBAIHMs1MS0SXwn/ZVqWKh0bpspFH7Oc0j9WHe929L6XKmHYj/
hZAlR2Cb4dzZZKb0ZIKLiRUW39qku99cxIgeK7jyN8VVsQdXe+vFPErqwQzisguA
BlvYp/6mFWdSZVCkgm2jbrmHHloFMEmHPTUcKl+UN/cH6I59lPQWB9gwTDX3ha2N
7jy35X1gdgrhIQw35OZ0RURkgVYjdfoJwe+/JFdkf5GwLtrZpzEa1W8zZysq3C6g
5T2D5m8BL0Vf1aeEGN9SKcj1cydD1acNppR1bNJUIy3iUpIE6SkdB5RafBhkuHUh
Np5Dp9pVmZdhHuW+EV96vyNcRLhAevPxfY7AVNI=
-----END CERTIFICATE-----
Generated at Wed Sep 27 18:33:02 2023 by rpki-client on console-fra.rpki-client.org