Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/8b58e9-3230-4418-8f68-81224e480c03/1/QQbwP53Nmo-8HZHzgoNeFlTO3QI.roa
File: QQbwP53Nmo-8HZHzgoNeFlTO3QI.roa (raw, json)
Hash identifier: IYMaEkja64J/nI2qE2Te9pZHHZB/CANe0EdKuvTnFWc=
Subject key identifier: 41:06:F0:3F:9D:CD:9A:8F:BC:1D:91:F3:82:83:5E:16:54:CE:DD:02
Certificate issuer: /CN=f8b3d58d993f960840f7ef2fe20c008adc971f97
Certificate serial: 01856F1D8DBCA532874D177714596372EF55
Authority key identifier: F8:B3:D5:8D:99:3F:96:08:40:F7:EF:2F:E2:0C:00:8A:DC:97:1F:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-LPVjZk_lghA9-8v4gwAityXH5c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/8b58e9-3230-4418-8f68-81224e480c03/1/QQbwP53Nmo-8HZHzgoNeFlTO3QI.roa
Signing time: Sun 01 Jan 2023 20:54:45 +0000
ROA not before: Sun 01 Jan 2023 20:54:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41000
IP address blocks: 194.110.243.0/24 maxlen: 24
193.23.224.0/24 maxlen: 24
176.74.16.0/21 maxlen: 21
193.33.178.0/23 maxlen: 23
185.86.108.0/22 maxlen: 22
185.176.248.0/22 maxlen: 22
195.170.173.0/24 maxlen: 24
2a00:b980::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:1d:8d:bc:a5:32:87:4d:17:77:14:59:63:72:ef:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f8b3d58d993f960840f7ef2fe20c008adc971f97
Validity
Not Before: Jan 1 20:54:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4106f03f9dcd9a8fbc1d91f382835e1654cedd02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:44:2f:2f:c1:ea:24:7d:5d:9d:c2:e8:36:ac:
9f:88:53:ed:04:e3:44:89:78:d3:97:d0:ee:98:44:
c5:63:77:d4:b2:77:bd:b6:8f:7d:0f:78:7c:7e:81:
75:7c:d2:1a:bf:2b:52:8f:10:45:17:2d:a1:05:db:
11:7a:6b:07:e2:af:55:0e:f6:20:63:38:77:c5:fd:
c9:eb:26:ba:c8:89:04:64:c9:6c:65:44:26:d1:88:
87:48:e6:e6:18:b6:3c:0a:f1:ff:19:fd:14:59:ac:
00:c3:96:a5:f1:6c:6b:c0:d5:5c:8d:f5:58:8b:77:
ae:28:61:60:76:05:21:3a:3c:04:38:f4:54:2c:cf:
19:1c:dc:e4:44:b2:e9:16:ba:45:b4:f1:f3:91:15:
b0:65:e3:3b:04:e7:ba:5a:81:b6:04:a3:93:2e:13:
13:f7:2e:d0:a5:e1:6e:24:ac:8d:7b:93:22:1d:19:
38:95:4f:e7:bc:12:2a:2b:0c:66:5f:21:c3:af:73:
67:f2:28:cf:3f:13:db:27:64:3c:15:af:34:1c:57:
06:d6:0e:f7:1a:d4:06:52:12:b8:a5:93:31:a9:5b:
51:e2:09:a4:24:c4:0f:40:99:91:2e:fe:5b:ba:c8:
a8:54:2b:3b:dd:62:9e:ac:cf:d7:70:cc:d2:64:ab:
38:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:06:F0:3F:9D:CD:9A:8F:BC:1D:91:F3:82:83:5E:16:54:CE:DD:02
X509v3 Authority Key Identifier:
keyid:F8:B3:D5:8D:99:3F:96:08:40:F7:EF:2F:E2:0C:00:8A:DC:97:1F:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-LPVjZk_lghA9-8v4gwAityXH5c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8b58e9-3230-4418-8f68-81224e480c03/1/QQbwP53Nmo-8HZHzgoNeFlTO3QI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/8b58e9-3230-4418-8f68-81224e480c03/1/1-LPVjZk_lghA9-8v4gwAityXH5c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.74.16.0/21
185.86.108.0/22
185.176.248.0/22
193.23.224.0/24
193.33.178.0/23
194.110.243.0/24
195.170.173.0/24
IPv6:
2a00:b980::/29
Signature Algorithm: sha256WithRSAEncryption
35:7f:56:fc:ba:7f:49:03:f2:eb:f9:5c:1f:37:05:30:c0:a3:
04:8d:12:40:e8:46:12:17:c3:58:97:cf:ea:53:95:85:28:0e:
36:82:63:f4:74:87:c2:3e:b4:0e:b0:89:0c:f2:89:1b:c4:29:
5d:6b:84:98:6a:50:79:b0:7e:2e:d7:f0:d2:84:b0:76:68:09:
50:df:c9:6d:6a:01:48:a6:18:e6:ef:92:0b:89:b1:ec:4c:d8:
8d:69:07:ed:f6:e4:e1:4b:43:54:84:e2:b4:04:43:15:76:34:
9d:d0:37:15:86:ba:8a:d2:bc:72:95:63:42:78:3d:53:16:35:
ed:df:11:86:63:6e:cc:2c:8c:ce:15:bb:fa:2b:f9:4c:ac:1d:
de:3f:0d:fc:0f:13:f1:a2:32:fa:d4:06:5d:33:3c:0f:88:d5:
59:7d:8e:24:33:99:84:09:91:54:ec:42:67:f0:15:6c:c7:7c:
04:1a:bb:70:00:4a:e5:c3:4a:c9:64:ba:1a:20:e8:b7:a8:28:
7c:51:40:f5:5e:1f:5a:c1:8d:7b:fe:08:89:ed:77:26:cb:52:
2e:7f:1e:a3:f2:cb:d5:19:b3:16:e9:bb:86:9f:ed:96:78:ed:
22:17:56:ab:35:72:98:fc:0a:4f:df:eb:ea:32:65:51:21:f7:
e2:86:68:c5
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAYVvHY28pTKHTRd3FFljcu9VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YjNkNThkOTkzZjk2MDg0MGY3ZWYyZmUyMGMwMDhhZGM5
NzFmOTcwHhcNMjMwMTAxMjA1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTA2ZjAzZjlkY2Q5YThmYmMxZDkxZjM4MjgzNWUxNjU0Y2VkZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUQvL8HqJH1dncLoNqyfiFPtBONE
iXjTl9DumETFY3fUsne9to99D3h8foF1fNIavytSjxBFFy2hBdsRemsH4q9VDvYg
Yzh3xf3J6ya6yIkEZMlsZUQm0YiHSObmGLY8CvH/Gf0UWawAw5al8WxrwNVcjfVY
i3euKGFgdgUhOjwEOPRULM8ZHNzkRLLpFrpFtPHzkRWwZeM7BOe6WoG2BKOTLhMT
9y7QpeFuJKyNe5MiHRk4lU/nvBIqKwxmXyHDr3Nn8ijPPxPbJ2Q8Fa80HFcG1g73
GtQGUhK4pZMxqVtR4gmkJMQPQJmRLv5busioVCs73WKerM/XcMzSZKs4+wIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFEEG8D+dzZqPvB2R84KDXhZUzt0CMB8GA1UdIwQY
MBaAFPiz1Y2ZP5YIQPfvL+IMAIrclx+XMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1MUFZqWmtfbGdoQTktOHY0Z3dBaXR5WEg1Yy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIvOGI1OGU5LTMyMzAtNDQxOC04ZjY4
LTgxMjI0ZTQ4MGMwMy8xL1FRYndQNTNObW8tOEhaSHpnb05lRmxUTzNRSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTIvOGI1OGU5LTMyMzAtNDQxOC04ZjY4LTgxMjI0ZTQ4MGMw
My8xLzEtTFBWalprX2xnaEE5LTh2NGd3QWl0eVhINWMuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwUgYIKwYBBQUHAQcBAf8EQzBBMDAEAgABMCoDBAOwShAD
BAK5VmwDBAK5sPgDBADBF+ADBAHBIbIDBADCbvMDBADDqq0wDQQCAAIwBwMFAyoA
uYAwDQYJKoZIhvcNAQELBQADggEBADV/Vvy6f0kD8uv5XB83BTDAowSNEkDoRhIX
w1iXz+pTlYUoDjaCY/R0h8I+tA6wiQzyiRvEKV1rhJhqUHmwfi7X8NKEsHZoCVDf
yW1qAUimGObvkguJsexM2I1pB+325OFLQ1SE4rQEQxV2NJ3QNxWGuorSvHKVY0J4
PVMWNe3fEYZjbswsjM4Vu/or+UysHd4/DfwPE/GiMvrUBl0zPA+I1Vl9jiQzmYQJ
kVTsQmfwFWzHfAQau3AASuXDSslkuhog6LeoKHxRQPVeH1rBjXv+CIntdybLUi5/
HqPyy9UZsxbpu4af7ZZ47SIXVqs1cpj8Ck/f6+oyZVEh9+KGaMU=
-----END CERTIFICATE-----
Generated at Mon Jan 1 15:15:18 2024 by rpki-client on console-fra.rpki-client.org