Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Q2_36ZvZ9f0dy8qlJJgRvRZ3Kdo.roa
File: Q2_36ZvZ9f0dy8qlJJgRvRZ3Kdo.roa (raw, json)
Hash identifier: kcJ+tx6nGJHI0WDazrJHe/3xyL2bN04tcfeIfP0jo1w=
Subject key identifier: 43:6F:F7:E9:9B:D9:F5:FD:1D:CB:CA:A5:24:98:11:BD:16:77:29:DA
Certificate issuer: /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial: 018B61AF8B627EBEDF670C2669934919F591
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Q2_36ZvZ9f0dy8qlJJgRvRZ3Kdo.roa
Signing time: Tue 24 Oct 2023 12:36:16 +0000
ROA not before: Tue 24 Oct 2023 12:36:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39543
IP address blocks: 195.28.2.0/23 maxlen: 23
193.19.192.0/24 maxlen: 24
193.19.192.0/22 maxlen: 24
89.34.228.0/24 maxlen: 24
89.34.230.0/23 maxlen: 23
89.34.230.0/24 maxlen: 24
89.34.231.0/24 maxlen: 24
93.113.181.0/24 maxlen: 24
93.113.183.0/24 maxlen: 24
93.113.204.0/24 maxlen: 24
93.114.79.0/24 maxlen: 24
89.40.67.0/24 maxlen: 24
89.43.141.0/24 maxlen: 24
89.43.140.0/22 maxlen: 22
89.43.140.0/24 maxlen: 24
89.43.143.0/24 maxlen: 24
89.43.142.0/24 maxlen: 24
89.47.96.0/24 maxlen: 24
89.47.96.0/20 maxlen: 20
89.47.97.0/24 maxlen: 24
89.47.98.0/24 maxlen: 24
89.47.99.0/24 maxlen: 24
89.47.101.0/24 maxlen: 24
93.114.194.0/24 maxlen: 24
89.47.100.0/24 maxlen: 24
89.47.103.0/24 maxlen: 24
89.47.102.0/24 maxlen: 24
89.47.104.0/24 maxlen: 24
89.47.105.0/24 maxlen: 24
89.35.158.0/24 maxlen: 24
89.47.106.0/24 maxlen: 24
89.47.108.0/24 maxlen: 24
89.47.107.0/24 maxlen: 24
89.47.110.0/24 maxlen: 24
89.47.109.0/24 maxlen: 24
89.47.111.0/24 maxlen: 24
89.47.112.0/20 maxlen: 20
89.47.113.0/24 maxlen: 24
89.47.115.0/24 maxlen: 24
89.47.114.0/24 maxlen: 24
89.47.118.0/24 maxlen: 24
89.47.119.0/24 maxlen: 24
89.45.164.0/24 maxlen: 24
89.39.111.0/24 maxlen: 24
89.34.27.0/24 maxlen: 24
89.46.3.0/24 maxlen: 24
2001:4d18::/32 maxlen: 32
2001:4d18::/48 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:61:af:8b:62:7e:be:df:67:0c:26:69:93:49:19:f5:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Validity
Not Before: Oct 24 12:36:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=436ff7e99bd9f5fd1dcbcaa5249811bd167729da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:42:b7:ca:10:cc:e0:0a:41:5e:84:38:32:d1:
49:46:a0:00:87:e0:29:ba:d1:6a:d6:cc:08:91:34:
02:2e:e4:36:4b:74:d6:1a:7b:3f:30:e5:90:ec:16:
db:75:f3:cd:56:28:1f:36:91:cf:25:37:0c:07:81:
02:79:73:dd:89:99:b8:c4:55:a5:93:43:34:19:79:
43:c2:09:78:cd:4c:64:6e:78:93:2c:20:e3:9a:b9:
15:25:d3:84:ac:2e:5e:84:b8:e1:ed:37:0d:da:49:
8a:03:d6:55:6a:1d:8c:2b:f8:3b:0c:88:7b:96:fb:
dd:c8:b1:e7:0e:ef:67:49:83:a6:98:2f:37:4d:16:
08:5e:fa:e3:6d:fd:f8:cb:51:14:7d:b2:ac:9d:4e:
07:24:0d:b8:87:f4:ec:c9:89:75:97:83:d3:bf:5e:
b5:97:38:f6:af:c1:e8:a5:7f:06:bd:f6:8d:bc:33:
b8:2a:e2:1c:2a:d0:af:95:0f:ce:ac:2c:bc:a2:4d:
90:f1:1d:07:ac:ce:4b:6a:4d:46:69:84:11:7d:f0:
01:5b:d8:02:5a:3b:5e:ff:03:ac:1d:07:ed:c5:c1:
19:cf:1d:2e:f4:54:8c:d3:01:0c:c8:5d:c0:67:7f:
f5:83:e5:58:0a:9d:55:a1:12:77:43:62:49:25:22:
d6:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:6F:F7:E9:9B:D9:F5:FD:1D:CB:CA:A5:24:98:11:BD:16:77:29:DA
X509v3 Authority Key Identifier:
keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/Q2_36ZvZ9f0dy8qlJJgRvRZ3Kdo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.27.0/24
89.34.228.0/24
89.34.230.0/23
89.35.158.0/24
89.39.111.0/24
89.40.67.0/24
89.43.140.0/22
89.45.164.0/24
89.46.3.0/24
89.47.96.0/19
93.113.181.0/24
93.113.183.0/24
93.113.204.0/24
93.114.79.0/24
93.114.194.0/24
193.19.192.0/22
195.28.2.0/23
IPv6:
2001:4d18::/32
Signature Algorithm: sha256WithRSAEncryption
25:d9:7e:01:b3:44:ff:a0:99:0a:51:a0:84:39:73:d5:aa:91:
5d:6c:78:a8:6c:36:f3:75:41:90:47:57:ed:76:ef:57:ad:4c:
67:f0:3f:a0:38:40:14:3e:f2:56:6a:66:c0:2e:fe:2d:a8:4c:
b3:e6:bd:b0:ea:10:c5:ea:7d:cd:f7:06:31:38:91:c8:e1:dc:
d8:43:b9:36:ef:df:91:3f:a8:ed:d6:ae:7c:34:78:01:36:90:
a2:7f:eb:aa:b0:d6:94:2d:12:0b:25:0a:06:64:2c:09:39:3c:
46:0a:ae:6a:c0:5e:e6:af:f8:4c:32:98:4b:0d:fd:c8:76:d5:
de:49:43:05:7e:8c:ad:11:3e:d2:78:99:4d:02:ac:ee:9d:08:
4a:df:3c:02:16:9d:6c:f6:cb:7d:5e:b3:f4:13:e7:cc:4c:61:
57:c6:20:08:17:b4:2b:1a:23:db:2a:53:72:67:f8:1f:0d:e0:
d4:2a:34:49:ea:5c:2c:98:cc:1a:c6:64:8f:d1:5b:3d:c4:31:
30:be:ff:cb:79:40:ee:78:23:ce:d6:3a:46:af:49:eb:f0:09:
6f:3e:cf:b4:91:84:00:fc:40:55:37:24:4e:43:93:2f:7d:81:
85:76:8d:60:51:24:11:79:73:bd:b7:05:50:71:5d:8f:b8:cf:
a6:61:f0:51
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAYthr4tifr7fZwwmaZNJGfWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMDI0MTIzNjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzZmZjdlOTliZDlmNWZkMWRjYmNhYTUyNDk4MTFiZDE2NzcyOWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUK3yhDM4ApBXoQ4MtFJRqAAh+Ap
utFq1swIkTQCLuQ2S3TWGns/MOWQ7BbbdfPNVigfNpHPJTcMB4ECeXPdiZm4xFWl
k0M0GXlDwgl4zUxkbniTLCDjmrkVJdOErC5ehLjh7TcN2kmKA9ZVah2MK/g7DIh7
lvvdyLHnDu9nSYOmmC83TRYIXvrjbf34y1EUfbKsnU4HJA24h/TsyYl1l4PTv161
lzj2r8HopX8GvfaNvDO4KuIcKtCvlQ/OrCy8ok2Q8R0HrM5Lak1GaYQRffABW9gC
Wjte/wOsHQftxcEZzx0u9FSM0wEMyF3AZ3/1g+VYCp1VoRJ3Q2JJJSLWOQIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFENv9+mb2fX9HcvKpSSYEb0WdynaMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvUTJfMzZadlo5ZjBkeThxbEpKZ1J2UlozS2RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wbAQCAAEwZgMEAFkiGwME
AFki5AMEAVki5gMEAFkjngMEAFknbwMEAFkoQwMEAlkrjAMEAFktpAMEAFkuAwME
BVkvYAMEAF1xtQMEAF1xtwMEAF1xzAMEAF1yTwMEAF1ywgMEAsETwAMEAcMcAjAN
BAIAAjAHAwUAIAFNGDANBgkqhkiG9w0BAQsFAAOCAQEAJdl+AbNE/6CZClGghDlz
1aqRXWx4qGw283VBkEdX7XbvV61MZ/A/oDhAFD7yVmpmwC7+LahMs+a9sOoQxep9
zfcGMTiRyOHc2EO5Nu/fkT+o7daufDR4ATaQon/rqrDWlC0SCyUKBmQsCTk8Rgqu
asBe5q/4TDKYSw39yHbV3klDBX6MrRE+0niZTQKs7p0ISt88AhadbPbLfV6z9BPn
zExhV8YgCBe0Kxoj2ypTcmf4Hw3g1Co0SepcLJjMGsZkj9FbPcQxML7/y3lA7ngj
ztY6Rq9J6/AJbz7PtJGEAPxAVTckTkOTL32BhXaNYFEkEXlzvbcFUHFdj7jPpmHw
UQ==
-----END CERTIFICATE-----
Generated at Wed Oct 25 15:01:56 2023 by rpki-client on console-fra.rpki-client.org