Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/nrMUYc3mPl-Sjej6C4oxWUl4uY0.roa
File: nrMUYc3mPl-Sjej6C4oxWUl4uY0.roa (raw, json)
Hash identifier: EADpe4vQbcugkAF2T7Brl9bOFxyBI4AI7lsF3V0R4no=
Subject key identifier: 9E:B3:14:61:CD:E6:3E:5F:92:8D:E8:FA:0B:8A:31:59:49:78:B9:8D
Certificate issuer: /CN=d5620cec70974d037d7769758c74668305b32cf2
Certificate serial: 018969661AE6100E47A1E422A8544E313BAA
Authority key identifier: D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/nrMUYc3mPl-Sjej6C4oxWUl4uY0.roa
Signing time: Tue 18 Jul 2023 14:27:26 +0000
ROA not before: Tue 18 Jul 2023 14:27:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62212
IP address blocks: 87.236.146.0/24 maxlen: 24
91.199.137.0/24 maxlen: 24
188.127.247.0/24 maxlen: 24
91.199.147.0/24 maxlen: 24
91.199.154.0/24 maxlen: 24
91.199.160.0/24 maxlen: 24
2a11:3b80::/29 maxlen: 48
2a11:3b80::/32 maxlen: 48
Validation: Failed, certificate revoked on Tue 02 Jan 2024 10:31:32 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:69:66:1a:e6:10:0e:47:a1:e4:22:a8:54:4e:31:3b:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d5620cec70974d037d7769758c74668305b32cf2
Validity
Not Before: Jul 18 14:27:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9eb31461cde63e5f928de8fa0b8a31594978b98d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:60:e7:0b:17:9f:53:28:1c:ee:fd:09:c5:48:
f3:1c:e3:ad:1c:30:14:7f:3f:70:73:45:5d:74:18:
d6:ad:35:f8:21:ee:51:cb:51:37:73:7c:67:13:1f:
10:e7:a2:cf:6b:b5:d1:10:d6:b2:a9:e6:e0:d1:55:
31:dd:9d:a7:91:67:9b:e2:57:5c:61:71:6a:68:05:
c9:65:e5:59:d1:b5:74:40:a2:fb:bc:b3:07:63:35:
d8:5a:11:3f:fa:a2:af:62:fb:18:c1:e2:d3:06:fa:
0e:8b:36:77:48:76:ad:e3:41:51:91:8b:52:c0:5a:
5c:ac:d6:1e:2f:47:f8:6e:32:06:da:04:d3:37:36:
83:aa:ba:d4:11:92:73:a5:ef:bc:b2:00:90:bb:33:
33:2c:3c:e9:fc:60:3c:73:af:3d:60:7c:a1:b2:9d:
06:6a:ec:90:b9:34:d2:cf:28:03:ce:71:d5:e3:13:
97:c3:a0:80:9c:93:68:45:80:cf:14:59:87:aa:0f:
c8:87:06:9f:39:69:df:f2:4d:68:fa:ec:96:af:24:
ac:d7:df:2b:e2:71:fb:c8:86:35:37:0e:31:c1:d3:
a1:ba:93:5c:90:1a:66:45:15:7f:b0:56:1a:79:18:
7c:56:c6:79:0d:7f:9a:b3:2f:e8:58:c6:a9:8a:22:
df:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9E:B3:14:61:CD:E6:3E:5F:92:8D:E8:FA:0B:8A:31:59:49:78:B9:8D
X509v3 Authority Key Identifier:
keyid:D5:62:0C:EC:70:97:4D:03:7D:77:69:75:8C:74:66:83:05:B3:2C:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WIM7HCXTQN9d2l1jHRmgwWzLPI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/nrMUYc3mPl-Sjej6C4oxWUl4uY0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/323a92-7d38-49ec-ba99-be434cb9f8f8/1/1WIM7HCXTQN9d2l1jHRmgwWzLPI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.236.146.0/24
91.199.137.0/24
91.199.147.0/24
91.199.154.0/24
91.199.160.0/24
188.127.247.0/24
IPv6:
2a11:3b80::/29
Signature Algorithm: sha256WithRSAEncryption
5d:ef:1d:59:95:41:5d:81:5c:cc:74:c5:09:28:a9:47:f2:36:
4a:6a:da:09:b7:9d:e2:61:c7:27:e5:5c:13:ba:8b:ad:e1:df:
b0:10:14:4e:b5:f8:85:4d:45:32:e2:92:36:e2:9f:06:9d:0a:
ca:1c:1a:9d:ca:b3:17:ed:64:a1:13:0d:ba:43:75:8c:0e:21:
a0:f4:c4:8b:b0:96:24:1b:c4:b3:65:31:b9:8a:41:cf:0a:db:
91:8c:35:6e:e2:af:96:ce:81:b6:d6:4d:0f:28:c7:21:64:4d:
cb:66:8f:91:48:c3:83:44:e5:a6:9f:fb:f7:ce:db:8a:5b:59:
9b:da:32:f7:f2:e3:24:7d:bd:24:0e:e7:53:43:75:b2:35:72:
08:58:d8:65:36:5f:e4:79:46:8d:4e:57:32:ac:cc:74:81:75:
1d:19:c5:90:27:04:8d:ce:d3:0c:07:1b:3e:25:db:e8:7e:c5:
c9:b3:26:47:03:81:30:f5:ce:6f:14:02:fe:ee:d9:8b:d4:7b:
85:35:4e:27:98:a3:90:d4:46:a7:2d:15:f6:df:47:2d:dc:30:
62:21:29:91:e5:f8:51:c9:c2:36:9d:f5:c2:b3:86:24:54:a1:
d6:8d:92:99:b6:5d:43:d4:ca:6f:91:d5:6d:db:e9:eb:31:34:
28:34:89:a7
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYlpZhrmEA5HoeQiqFROMTuqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjIwY2VjNzA5NzRkMDM3ZDc3Njk3NThjNzQ2NjgzMDVi
MzJjZjIwHhcNMjMwNzE4MTQyNzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWIzMTQ2MWNkZTYzZTVmOTI4ZGU4ZmEwYjhhMzE1OTQ5NzhiOThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGDnCxefUygc7v0JxUjzHOOtHDAU
fz9wc0VddBjWrTX4Ie5Ry1E3c3xnEx8Q56LPa7XRENayqebg0VUx3Z2nkWeb4ldc
YXFqaAXJZeVZ0bV0QKL7vLMHYzXYWhE/+qKvYvsYweLTBvoOizZ3SHat40FRkYtS
wFpcrNYeL0f4bjIG2gTTNzaDqrrUEZJzpe+8sgCQuzMzLDzp/GA8c689YHyhsp0G
auyQuTTSzygDznHV4xOXw6CAnJNoRYDPFFmHqg/IhwafOWnf8k1o+uyWrySs198r
4nH7yIY1Nw4xwdOhupNckBpmRRV/sFYaeRh8VsZ5DX+asy/oWMapiiLfEwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFJ6zFGHN5j5fko3o+guKMVlJeLmNMB8GA1UdIwQY
MBaAFNViDOxwl00DfXdpdYx0ZoMFsyzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTkt
YmU0MzRjYjlmOGY4LzEvbnJNVVljM21QbC1TamVqNkM0b3hXVWw0dVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8zMjNhOTItN2QzOC00OWVjLWJhOTktYmU0MzRjYjlmOGY4
LzEvMVdJTTdIQ1hUUU45ZDJsMWpIUm1nd1d6TFBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQAV+ySAwQA
W8eJAwQAW8eTAwQAW8eaAwQAW8egAwQAvH/3MA0EAgACMAcDBQMqETuAMA0GCSqG
SIb3DQEBCwUAA4IBAQBd7x1ZlUFdgVzMdMUJKKlH8jZKatoJt53iYccn5VwTuout
4d+wEBROtfiFTUUy4pI24p8GnQrKHBqdyrMX7WShEw26Q3WMDiGg9MSLsJYkG8Sz
ZTG5ikHPCtuRjDVu4q+WzoG21k0PKMchZE3LZo+RSMODROWmn/v3ztuKW1mb2jL3
8uMkfb0kDudTQ3WyNXIIWNhlNl/keUaNTlcyrMx0gXUdGcWQJwSNztMMBxs+Jdvo
fsXJsyZHA4Ew9c5vFAL+7tmL1HuFNU4nmKOQ1EanLRX230ct3DBiISmR5fhRycI2
nfXCs4YkVKHWjZKZtl1D1MpvkdVt2+nrMTQoNImn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:46 2024 by rpki-client on console-ams.rpki-client.org