Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2bHaI0IEKZld3vDq1b_YE2OUfdI.roa
File: 2bHaI0IEKZld3vDq1b_YE2OUfdI.roa (raw, json)
Hash identifier: ZhslQmeOLPWwKQLusxidFDCjlYGRnbWhasRsHtzeGfk=
Subject key identifier: D9:B1:DA:23:42:04:29:99:5D:DE:F0:EA:D5:BF:D8:13:63:94:7D:D2
Certificate issuer: /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial: 018B3C225BE22AD23C6466E0978F3816B101
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2bHaI0IEKZld3vDq1b_YE2OUfdI.roa
Signing time: Tue 17 Oct 2023 05:36:06 +0000
ROA not before: Tue 17 Oct 2023 05:36:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62390
IP address blocks: 89.33.13.0/24 maxlen: 24
93.119.105.0/24 maxlen: 24
89.47.232.0/24 maxlen: 24
188.240.210.0/24 maxlen: 24
89.37.116.0/24 maxlen: 24
89.37.117.0/24 maxlen: 24
89.45.12.0/24 maxlen: 24
89.45.12.0/23 maxlen: 23
89.45.13.0/24 maxlen: 24
188.240.221.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 01 Jan 2024 00:29:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:3c:22:5b:e2:2a:d2:3c:64:66:e0:97:8f:38:16:b1:01
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Validity
Not Before: Oct 17 05:36:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d9b1da23420429995ddef0ead5bfd81363947dd2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:80:7e:c3:a5:08:74:3e:61:61:39:4e:cd:0d:
ce:53:db:2e:38:a0:2a:9d:97:c4:b5:c7:fc:29:b4:
65:79:b6:87:24:4c:0f:a7:75:44:d0:45:94:74:d8:
10:33:fa:92:08:59:55:26:66:46:fc:6c:90:86:67:
d3:40:bf:72:74:97:ab:d2:d3:ea:55:2d:92:ee:02:
43:f0:19:fd:ba:db:39:33:96:52:ce:b7:a0:7f:ff:
f2:f0:fa:0f:8d:be:8c:49:4b:d0:d7:f2:a8:bc:79:
ce:d3:f3:7e:5e:08:37:7a:67:28:31:e2:6e:5a:f9:
2e:88:9e:f7:5f:6f:f3:79:3e:fe:21:bc:1b:e0:07:
4a:b4:ac:4f:08:c5:a5:de:c5:fc:c7:93:85:7f:05:
0f:bf:8c:c2:ce:bc:e1:6d:6f:7c:91:14:fa:45:7a:
0e:93:2f:b0:b6:b7:52:a8:2b:2e:04:3e:65:45:e7:
91:ac:50:ac:fb:7f:81:06:17:2d:9d:38:4b:e7:b7:
07:7f:8a:e0:61:45:a7:14:26:fc:aa:52:0b:0f:0c:
63:4f:2f:39:df:ba:fe:4c:20:79:9f:28:2f:ed:7b:
35:1e:90:bb:d4:74:64:55:b2:de:25:ae:d4:20:77:
aa:2a:5b:56:3d:ec:8b:b1:27:07:e7:3d:bd:b7:2b:
c8:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:B1:DA:23:42:04:29:99:5D:DE:F0:EA:D5:BF:D8:13:63:94:7D:D2
X509v3 Authority Key Identifier:
keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/2bHaI0IEKZld3vDq1b_YE2OUfdI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.33.13.0/24
89.37.116.0/23
89.45.12.0/23
89.47.232.0/24
93.119.105.0/24
188.240.210.0/24
188.240.221.0/24
Signature Algorithm: sha256WithRSAEncryption
41:18:2e:6e:76:cd:1f:e0:c2:a8:2e:79:12:09:f8:8c:90:dd:
c4:d6:6b:51:8a:8d:bf:5b:c1:15:54:1b:64:39:d1:9b:0d:d9:
0e:b1:3c:0c:17:84:07:e0:79:e5:81:5d:89:17:ac:aa:71:ba:
ca:2d:da:f7:46:44:24:e1:ab:36:b0:69:c9:5b:bc:ee:44:23:
06:d6:5b:39:88:25:c0:1b:e0:8d:05:7f:68:f8:f2:e3:be:96:
ad:cd:1a:0f:74:6d:dc:5d:03:dd:67:05:1f:4a:4a:24:5a:59:
9d:fe:ae:1a:6c:49:cb:dc:29:e6:cd:d3:15:55:83:0a:aa:1d:
84:3a:51:2e:8f:95:da:fe:9a:b0:42:70:c7:a1:e6:bd:ac:82:
d2:21:97:e2:35:59:18:60:05:8c:ab:5d:0f:d2:1c:38:2e:32:
66:b5:64:88:08:97:6e:48:d9:45:81:fc:73:44:86:d5:26:df:
c0:7d:a2:5e:ff:32:4e:d8:9a:bb:7c:59:f5:5d:11:06:16:fb:
5a:47:39:a6:53:e4:3e:e7:c8:6f:37:2e:4a:b6:00:5b:a4:c5:
80:4b:17:c5:92:91:35:76:b1:a1:c9:c5:43:44:ef:55:13:ca:
87:3d:85:ec:3a:b9:75:7d:cf:77:f4:e1:d2:7d:b7:e5:e0:c6:
c3:c8:c3:da
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYs8IlviKtI8ZGbgl484FrEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMDE3MDUzNjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWIxZGEyMzQyMDQyOTk5NWRkZWYwZWFkNWJmZDgxMzYzOTQ3ZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYB+w6UIdD5hYTlOzQ3OU9suOKAq
nZfEtcf8KbRlebaHJEwPp3VE0EWUdNgQM/qSCFlVJmZG/GyQhmfTQL9ydJer0tPq
VS2S7gJD8Bn9uts5M5ZSzregf//y8PoPjb6MSUvQ1/KovHnO0/N+Xgg3emcoMeJu
WvkuiJ73X2/zeT7+Ibwb4AdKtKxPCMWl3sX8x5OFfwUPv4zCzrzhbW98kRT6RXoO
ky+wtrdSqCsuBD5lReeRrFCs+3+BBhctnThL57cHf4rgYUWnFCb8qlILDwxjTy85
37r+TCB5nygv7Xs1HpC71HRkVbLeJa7UIHeqKltWPeyLsScH5z29tyvIjQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNmx2iNCBCmZXd7w6tW/2BNjlH3SMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvMmJIYUkwSUVLWmxkM3ZEcTFiX1lFMk9VZmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAWSENAwQB
WSV0AwQBWS0MAwQAWS/oAwQAXXdpAwQAvPDSAwQAvPDdMA0GCSqGSIb3DQEBCwUA
A4IBAQBBGC5uds0f4MKoLnkSCfiMkN3E1mtRio2/W8EVVBtkOdGbDdkOsTwMF4QH
4HnlgV2JF6yqcbrKLdr3RkQk4as2sGnJW7zuRCMG1ls5iCXAG+CNBX9o+PLjvpat
zRoPdG3cXQPdZwUfSkokWlmd/q4abEnL3CnmzdMVVYMKqh2EOlEuj5Xa/pqwQnDH
oea9rILSIZfiNVkYYAWMq10P0hw4LjJmtWSICJduSNlFgfxzRIbVJt/AfaJe/zJO
2Jq7fFn1XREGFvtaRzmmU+Q+58hvNy5KtgBbpMWASxfFkpE1drGhycVDRO9VE8qH
PYXsOrl1fc939OHSfbfl4MbDyMPa
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:49 2024 by rpki-client on console-ams.rpki-client.org