Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/VxEs108oKR-yDlUcewku2A94I-I.roa
File: VxEs108oKR-yDlUcewku2A94I-I.roa (raw, json)
Hash identifier: gATWEnWvKMeEe5k9yEJJU9KFsxJP6nvmbWCbeVGheBM=
Subject key identifier: 57:11:2C:D7:4F:28:29:1F:B2:0E:55:1C:7B:09:2E:D8:0F:78:23:E2
Certificate issuer: /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial: 018EC2BD09B29E3DA793BD0B3DD254FF73B5
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/VxEs108oKR-yDlUcewku2A94I-I.roa
Signing time: Tue 09 Apr 2024 12:02:32 +0000
ROA not before: Tue 09 Apr 2024 12:02:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62212
IP address blocks: 87.236.146.0/24 maxlen: 24
91.199.137.0/24 maxlen: 24
91.199.147.0/24 maxlen: 24
91.199.154.0/24 maxlen: 24
91.199.160.0/24 maxlen: 24
188.127.246.0/23 maxlen: 24
2a11:3b80::/29 maxlen: 48
2a11:3b80::/32 maxlen: 48
Validation: Failed, certificate revoked on Fri 23 Aug 2024 09:00:36 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:c2:bd:09:b2:9e:3d:a7:93:bd:0b:3d:d2:54:ff:73:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
Validity
Not Before: Apr 9 12:02:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=57112cd74f28291fb20e551c7b092ed80f7823e2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:40:b0:df:b3:0e:b8:ea:49:ad:14:af:a0:27:
9d:40:e1:47:b3:79:37:da:8e:9f:07:29:4e:15:7b:
ba:67:15:8c:e6:16:20:64:bc:fd:81:32:ea:c9:45:
28:99:eb:91:0e:a2:7e:43:d9:fb:c0:0f:c8:e0:cb:
cf:4f:7a:85:64:9f:94:ba:01:55:ef:04:af:34:82:
39:02:4b:a5:83:f7:8e:e4:ee:65:a2:77:8e:fb:f3:
fe:0e:2c:e6:28:0a:73:02:83:d4:ef:6b:7a:4f:c3:
24:54:31:de:21:0b:d2:a5:ee:71:d1:39:66:c0:49:
67:50:e3:ad:e9:a6:cb:e1:05:b8:bc:ba:62:b1:c1:
ab:96:ca:38:97:2f:cb:db:f9:fe:ea:04:ac:c2:af:
88:93:e1:7f:cd:9c:f7:32:94:88:a8:e8:1d:9c:b9:
de:2a:df:59:c7:f9:4a:81:46:17:73:68:0c:22:9f:
da:4c:64:15:10:a6:c2:71:e9:e0:58:58:32:46:d9:
a7:7d:ef:4a:a3:70:8d:ac:43:fc:e4:87:8b:19:2d:
5a:66:12:b0:9c:74:4e:d6:e9:e0:77:53:2c:eb:07:
ef:d7:b4:4f:21:b0:f0:7a:36:a3:c4:eb:bc:e9:23:
2c:34:f5:3a:de:bf:ea:3c:2e:29:cf:a8:49:1e:ba:
f5:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:11:2C:D7:4F:28:29:1F:B2:0E:55:1C:7B:09:2E:D8:0F:78:23:E2
X509v3 Authority Key Identifier:
keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/VxEs108oKR-yDlUcewku2A94I-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.236.146.0/24
91.199.137.0/24
91.199.147.0/24
91.199.154.0/24
91.199.160.0/24
188.127.246.0/23
IPv6:
2a11:3b80::/29
Signature Algorithm: sha256WithRSAEncryption
06:ad:6e:cd:86:a5:ba:bf:3b:bf:4e:d3:38:c7:c1:4f:f9:2d:
0d:d4:a6:53:38:27:94:a0:96:41:ae:d6:ab:14:9a:aa:8c:36:
47:d8:c8:b1:a9:b6:7e:04:29:fb:83:66:de:42:60:9a:42:4f:
75:47:0f:1e:a9:56:92:87:05:bf:67:7a:6f:45:18:f8:15:c0:
d2:3e:c3:4a:50:f1:0e:26:ac:9a:5e:16:84:ed:d0:ca:1c:aa:
91:ce:6b:60:a5:94:51:bd:fd:8f:e6:7e:dd:0d:89:ba:f9:c0:
cc:e2:85:b5:d3:49:4e:80:dc:a5:2d:6b:52:db:52:b0:c2:c4:
0b:5e:f7:12:b7:d9:75:0d:d2:19:89:8c:76:01:66:b6:09:98:
54:51:8b:11:cd:04:19:dc:97:d2:66:4d:a6:23:05:d9:7d:40:
55:d1:57:ef:fe:c6:8f:62:b7:28:a2:1b:0e:6f:fa:bc:ad:35:
62:02:4e:58:b0:b7:c5:79:91:11:c7:d0:21:bc:58:df:3d:0a:
92:69:5a:6d:d0:18:a8:55:0b:3b:1d:1a:9e:29:a6:3c:14:4d:
d6:80:33:4b:a8:3d:82:d4:c7:f4:b3:28:06:67:86:b5:58:be:
16:c1:59:e5:4a:6f:95:c9:17:34:e5:7d:9b:ab:03:ba:a2:42:
0b:42:7d:fc
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAY7CvQmynj2nk70LPdJU/3O1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjQwNDA5MTIwMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzExMmNkNzRmMjgyOTFmYjIwZTU1MWM3YjA5MmVkODBmNzgyM2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkCw37MOuOpJrRSvoCedQOFHs3k3
2o6fBylOFXu6ZxWM5hYgZLz9gTLqyUUomeuRDqJ+Q9n7wA/I4MvPT3qFZJ+UugFV
7wSvNII5Akulg/eO5O5loneO+/P+DizmKApzAoPU72t6T8MkVDHeIQvSpe5x0Tlm
wElnUOOt6abL4QW4vLpiscGrlso4ly/L2/n+6gSswq+Ik+F/zZz3MpSIqOgdnLne
Kt9Zx/lKgUYXc2gMIp/aTGQVEKbCcengWFgyRtmnfe9Ko3CNrEP85IeLGS1aZhKw
nHRO1ungd1Ms6wfv17RPIbDwejajxOu86SMsNPU63r/qPC4pz6hJHrr18wIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFFcRLNdPKCkfsg5VHHsJLtgPeCPiMB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEvVnhFczEwOG9LUi15RGxVY2V3a3UyQTk0SS1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAV+ySAwQA
W8eJAwQAW8eTAwQAW8eaAwQAW8egAwQBvH/2MA0EAgACMAcDBQMqETuAMA0GCSqG
SIb3DQEBCwUAA4IBAQAGrW7NhqW6vzu/TtM4x8FP+S0N1KZTOCeUoJZBrtarFJqq
jDZH2MixqbZ+BCn7g2beQmCaQk91Rw8eqVaShwW/Z3pvRRj4FcDSPsNKUPEOJqya
XhaE7dDKHKqRzmtgpZRRvf2P5n7dDYm6+cDM4oW100lOgNylLWtS21KwwsQLXvcS
t9l1DdIZiYx2AWa2CZhUUYsRzQQZ3JfSZk2mIwXZfUBV0Vfv/saPYrcoohsOb/q8
rTViAk5YsLfFeZERx9AhvFjfPQqSaVpt0BioVQs7HRqeKaY8FE3WgDNLqD2C1Mf0
sygGZ4a1WL4WwVnlSm+VyRc05X2bqwO6okILQn38
-----END CERTIFICATE-----
Generated at Fri Aug 23 11:11:49 2024 by rpki-client on console-fra.rpki-client.org