Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/KkjloXtsg82x09NzQpTVzWX-Y7o.roa
File: KkjloXtsg82x09NzQpTVzWX-Y7o.roa (raw, json)
Hash identifier: ZxE1+6SEDigZ28btfX7y9txP06U6FqK8/y2uzWii1yw=
Subject key identifier: 2A:48:E5:A1:7B:6C:83:CD:B1:D3:D3:73:42:94:D5:CD:65:FE:63:BA
Certificate issuer: /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial: 018ED78C158CF1DDD24445933FEE4CE942B9
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/KkjloXtsg82x09NzQpTVzWX-Y7o.roa
Signing time: Sat 13 Apr 2024 13:01:05 +0000
ROA not before: Sat 13 Apr 2024 13:01:05 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3267
IP address blocks: 80.250.160.0/19 maxlen: 24
82.137.128.0/18 maxlen: 24
82.137.176.0/20 maxlen: 22
82.179.32.0/20 maxlen: 24
82.179.63.0/24 maxlen: 24
82.179.64.0/19 maxlen: 24
82.179.140.0/23 maxlen: 23
83.149.192.0/18 maxlen: 24
85.142.8.0/21 maxlen: 21
85.142.16.0/20 maxlen: 24
85.142.32.0/21 maxlen: 24
85.142.52.0/22 maxlen: 24
85.142.56.0/22 maxlen: 24
85.142.102.0/23 maxlen: 24
85.142.104.0/21 maxlen: 24
85.142.116.0/22 maxlen: 24
85.142.120.0/21 maxlen: 24
85.142.148.0/23 maxlen: 24
85.142.153.0/24 maxlen: 24
85.142.162.0/23 maxlen: 24
85.143.0.0/20 maxlen: 24
85.143.18.0/23 maxlen: 24
85.143.26.0/24 maxlen: 24
85.143.96.0/22 maxlen: 24
85.143.112.0/22 maxlen: 24
85.143.124.0/22 maxlen: 24
85.143.224.0/21 maxlen: 21
85.143.239.0/24 maxlen: 24
86.110.96.0/19 maxlen: 19
86.110.96.0/22 maxlen: 22
86.110.101.0/24 maxlen: 24
86.110.102.0/24 maxlen: 24
86.110.103.0/24 maxlen: 24
86.110.112.0/20 maxlen: 20
185.71.96.0/22 maxlen: 22
188.93.107.0/24 maxlen: 24
193.27.214.0/23 maxlen: 24
194.85.32.0/20 maxlen: 20
194.85.160.0/21 maxlen: 21
194.85.168.0/22 maxlen: 22
194.85.174.0/23 maxlen: 23
194.149.64.0/24 maxlen: 24
194.190.224.0/19 maxlen: 24
194.190.232.0/21 maxlen: 24
194.190.240.0/24 maxlen: 24
194.190.241.0/24 maxlen: 24
194.190.242.0/23 maxlen: 23
194.190.244.0/22 maxlen: 22
194.190.248.0/21 maxlen: 21
194.226.192.0/20 maxlen: 20
2001:b08:22::/48 maxlen: 48
2001:b08:26::/48 maxlen: 48
2a00:db8::/32 maxlen: 48
2a07:a6c0::/29 maxlen: 29
2a07:a6c4::/32 maxlen: 32
Validation: Failed, certificate revoked on Sat 13 Apr 2024 15:37:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:d7:8c:15:8c:f1:dd:d2:44:45:93:3f:ee:4c:e9:42:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Validity
Not Before: Apr 13 13:01:05 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2a48e5a17b6c83cdb1d3d3734294d5cd65fe63ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:2f:6b:6b:9b:5f:c0:77:3e:99:78:82:06:61:
f1:0b:d2:1e:a5:7d:04:10:e3:48:44:86:5b:df:7a:
fd:6a:c8:ad:8f:6c:45:60:c6:d4:c0:83:04:98:3f:
f9:85:83:77:0c:ee:7c:6c:98:63:51:09:8a:fc:93:
b5:04:bd:6f:c1:62:27:21:e3:e7:d6:fc:32:26:d6:
01:9b:c6:f3:64:3d:a9:59:2f:81:a7:d6:b5:d1:af:
b3:f2:e8:ce:61:e6:e4:9b:0d:8c:28:98:5a:bd:8b:
0d:99:f8:2a:d9:5b:7f:39:a5:63:df:88:d6:2d:01:
23:6d:44:fa:bb:8f:62:6c:a7:f2:c2:9a:b5:eb:a3:
bb:8a:d5:7b:d2:f7:bf:35:99:b6:c8:5b:4b:38:35:
6c:9e:d5:62:1e:01:d0:5b:d2:d6:bd:ca:17:0b:de:
02:03:51:5e:67:e5:be:83:2b:f7:86:b9:52:fa:d7:
9e:eb:92:9e:7a:dc:ef:0b:6e:e4:a9:f9:69:14:46:
7f:60:23:d7:9c:c1:0b:89:6f:e5:db:81:96:a2:36:
74:e9:38:2c:0a:1e:b0:0b:ce:12:86:cc:7a:ab:ef:
d7:e1:fe:0d:bf:c5:ab:cc:57:81:47:f0:4b:f0:fe:
04:b8:88:53:d4:2c:0d:47:ef:41:d1:b1:10:82:54:
f3:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:48:E5:A1:7B:6C:83:CD:B1:D3:D3:73:42:94:D5:CD:65:FE:63:BA
X509v3 Authority Key Identifier:
keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/KkjloXtsg82x09NzQpTVzWX-Y7o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.250.160.0/19
82.137.128.0/18
82.179.32.0/20
82.179.63.0-82.179.95.255
82.179.140.0/23
83.149.192.0/18
85.142.8.0-85.142.39.255
85.142.52.0-85.142.59.255
85.142.102.0-85.142.111.255
85.142.116.0-85.142.127.255
85.142.148.0/23
85.142.153.0/24
85.142.162.0/23
85.143.0.0/20
85.143.18.0/23
85.143.26.0/24
85.143.96.0/22
85.143.112.0/22
85.143.124.0/22
85.143.224.0/21
85.143.239.0/24
86.110.96.0/19
185.71.96.0/22
188.93.107.0/24
193.27.214.0/23
194.85.32.0/20
194.85.160.0-194.85.171.255
194.85.174.0/23
194.149.64.0/24
194.190.224.0/19
194.226.192.0/20
IPv6:
2001:b08:22::/48
2001:b08:26::/48
2a00:db8::/32
2a07:a6c0::/29
Signature Algorithm: sha256WithRSAEncryption
05:ab:aa:31:f8:85:2e:0e:e8:38:de:b3:34:65:2f:eb:f8:5d:
62:6c:d4:45:44:31:dc:77:ed:8d:63:78:fe:17:f9:74:73:b5:
94:9a:ab:77:34:6c:b7:24:70:c7:7a:e6:90:9b:3d:d4:2c:1b:
cb:7f:0a:34:44:62:e9:9a:9a:62:52:ef:06:84:b9:2d:1a:df:
f6:b6:31:69:5e:33:d3:b3:4d:78:df:11:5e:fe:fe:0c:c9:93:
37:a0:9e:c9:4f:64:e7:dc:8c:69:c1:12:fb:9c:3c:df:17:0c:
a3:e3:6a:7e:8f:fb:6f:8d:cb:43:40:77:be:2f:d4:00:0a:43:
ac:2f:3b:cf:79:06:c2:66:3f:dc:20:e4:21:0a:bd:21:54:f6:
94:74:f4:a5:0b:2a:b6:db:9d:28:f5:c4:38:bb:49:9d:8a:ce:
7e:5f:33:50:22:4e:63:70:54:78:54:a8:83:b0:40:d6:a3:2b:
72:54:a0:2c:de:0d:f7:02:e8:f1:4a:e0:34:06:d1:4f:7d:71:
13:40:1a:4b:85:99:6e:b7:01:7b:ce:6d:68:dd:6f:52:f3:c1:
80:ad:83:f8:65:34:60:da:b0:70:f6:a7:2a:62:90:fe:c5:01:
83:25:0a:57:17:f1:ff:ea:43:5e:9a:b8:58:aa:a4:d8:11:f7:
e5:1e:86:e7
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgISAY7XjBWM8d3SREWTP+5M6UK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNDEzMTMwMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQ4ZTVhMTdiNmM4M2NkYjFkM2QzNzM0Mjk0ZDVjZDY1ZmU2M2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry9ra5tfwHc+mXiCBmHxC9IepX0E
EONIRIZb33r9asitj2xFYMbUwIMEmD/5hYN3DO58bJhjUQmK/JO1BL1vwWInIePn
1vwyJtYBm8bzZD2pWS+Bp9a10a+z8ujOYebkmw2MKJhavYsNmfgq2Vt/OaVj34jW
LQEjbUT6u49ibKfywpq166O7itV70ve/NZm2yFtLODVsntViHgHQW9LWvcoXC94C
A1FeZ+W+gyv3hrlS+tee65KeetzvC27kqflpFEZ/YCPXnMELiW/l24GWojZ06Tgs
Ch6wC84Shsx6q+/X4f4Nv8WrzFeBR/BL8P4EuIhT1CwNR+9B0bEQglTzHQIDAQAB
o4IDHTCCAxkwHQYDVR0OBBYEFCpI5aF7bIPNsdPTc0KU1c1l/mO6MB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvS2tqbG9YdHNnODJ4MDlOelFwVFZ6V1gtWTdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMQYIKwYBBQUHAQcBAf8EggEgMIIBHDCB8QQCAAEwgeoD
BAVQ+qADBAZSiYADBARSsyAwDAMEAFKzPwMEBVKzQAMEAVKzjAMEBlOVwDAMAwQD
VY4IAwQDVY4gMAwDBAJVjjQDBAJVjjgwDAMEAVWOZgMEBFWOYDAMAwQCVY50AwQH
VY4AAwQBVY6UAwQAVY6ZAwQBVY6iAwQEVY8AAwQBVY8SAwQAVY8aAwQCVY9gAwQC
VY9wAwQCVY98AwQDVY/gAwQAVY/vAwQFVm5gAwQCuUdgAwQAvF1rAwQBwRvWAwQE
wlUgMAwDBAXCVaADBALCVagDBAHCVa4DBADClUADBAXCvuADBATC4sAwJgQCAAIw
IAMHACABCwgAIgMHACABCwgAJgMFACoADbgDBQMqB6bAMA0GCSqGSIb3DQEBCwUA
A4IBAQAFq6ox+IUuDug43rM0ZS/r+F1ibNRFRDHcd+2NY3j+F/l0c7WUmqt3NGy3
JHDHeuaQmz3ULBvLfwo0RGLpmppiUu8GhLktGt/2tjFpXjPTs0143xFe/v4MyZM3
oJ7JT2Tn3IxpwRL7nDzfFwyj42p+j/tvjctDQHe+L9QACkOsLzvPeQbCZj/cIOQh
Cr0hVPaUdPSlCyq2250o9cQ4u0mdis5+XzNQIk5jcFR4VKiDsEDWoytyVKAs3g33
AujxSuA0BtFPfXETQBpLhZlutwF7zm1o3W9S88GArYP4ZTRg2rBw9qcqYpD+xQGD
JQpXF/H/6kNemrhYqqTYEfflHobn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:46 2024 by rpki-client on console-fra.rpki-client.org