Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/QPn3Tr6B42iWQM3pW-q2Zko0AYg.roa
File: QPn3Tr6B42iWQM3pW-q2Zko0AYg.roa (raw, json)
Hash identifier: 38Ui0Jghz2/yGHJ6+IeAm+StanoWnfRLzqZwUveHsrY=
Subject key identifier: 40:F9:F7:4E:BE:81:E3:68:96:40:CD:E9:5B:EA:B6:66:4A:34:01:88
Certificate issuer: /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial: 018C024DCA9B444129F51328426F8CE7F515
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/QPn3Tr6B42iWQM3pW-q2Zko0AYg.roa
Signing time: Fri 24 Nov 2023 17:08:21 +0000
ROA not before: Fri 24 Nov 2023 17:08:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.42.81.0/24 maxlen: 24
89.42.82.0/23 maxlen: 23
89.42.80.0/23 maxlen: 23
89.34.227.0/24 maxlen: 24
Validation: Failed, certificate revoked on Sat 25 Nov 2023 09:48:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:02:4d:ca:9b:44:41:29:f5:13:28:42:6f:8c:e7:f5:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Validity
Not Before: Nov 24 17:08:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=40f9f74ebe81e3689640cde95beab6664a340188
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:db:b0:20:70:a6:5a:74:d1:1e:86:eb:02:ba:
c0:51:e9:3d:c0:c6:51:1d:c5:c1:6a:fd:0a:56:45:
6a:41:f6:f8:59:dd:76:1a:ff:08:30:d1:a1:96:e7:
2c:cf:01:9b:db:4b:dc:fd:3b:bf:3a:8c:09:0a:88:
dc:9f:1e:c4:7b:d6:42:48:6f:a5:23:bc:de:a9:ef:
1a:f7:f2:b2:f7:a2:4d:ec:be:72:4e:87:87:33:f0:
8d:66:94:27:51:96:c1:51:6d:10:ff:3d:64:76:0b:
58:95:56:34:cb:51:11:27:02:90:fe:2e:9f:4e:10:
51:42:16:b2:11:b4:17:a9:82:ef:5d:db:2f:66:27:
50:e2:62:eb:83:86:23:3a:20:a6:18:22:c8:d5:c3:
7f:df:42:b6:58:96:ca:a5:f9:41:e9:a0:77:85:f1:
68:84:4d:3e:30:b3:72:68:53:3f:07:b8:7a:5a:16:
12:7c:fd:cc:93:b8:f8:57:96:5f:f2:31:d1:d6:62:
57:e7:8e:5e:a3:ec:4b:59:9d:da:76:15:1f:fa:f6:
ac:d1:33:c8:3e:fd:93:76:69:3d:57:0e:42:72:bf:
17:a0:0f:5a:4f:58:0b:a8:8c:99:b7:a9:93:49:33:
3a:e1:34:0e:2c:f1:2b:85:ea:8a:b2:cf:2b:bb:c6:
28:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:F9:F7:4E:BE:81:E3:68:96:40:CD:E9:5B:EA:B6:66:4A:34:01:88
X509v3 Authority Key Identifier:
keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/QPn3Tr6B42iWQM3pW-q2Zko0AYg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.227.0/24
89.42.80.0/22
Signature Algorithm: sha256WithRSAEncryption
0c:cd:80:53:97:de:be:00:af:72:22:be:a2:dd:24:05:5c:06:
ac:10:03:8b:04:a5:40:67:cb:e4:04:6b:a8:70:00:15:89:25:
76:ba:c0:51:ce:1e:30:f6:84:21:2e:23:0e:28:a9:9b:8e:3e:
bc:0f:b5:90:02:71:c9:1f:7f:6c:c5:25:32:1b:37:75:e6:ad:
16:82:21:f8:43:a6:22:99:f4:01:dc:6a:77:59:10:6f:e9:47:
7f:c5:8e:7c:b5:d3:22:c1:e9:4c:26:fe:0e:08:cf:fb:97:c9:
f9:98:c7:9d:7a:fb:e8:ba:ff:b7:06:bc:43:60:c4:5a:fd:68:
60:a5:1b:55:a4:28:8e:46:27:b7:f2:20:f0:bf:47:d2:65:13:
85:aa:bc:66:90:f7:aa:98:81:38:e9:4b:2c:f8:82:eb:40:50:
19:50:70:04:1a:1d:b5:ca:03:48:47:80:be:b9:27:ee:9d:a2:
1e:d8:81:d5:fe:49:e9:cb:dd:04:dc:3b:ea:31:dc:91:88:0c:
42:5f:84:51:cf:1b:b4:49:08:c6:54:3c:0d:52:7f:93:a3:52:
84:03:3c:b9:c9:c6:3d:65:a4:ac:b4:31:c9:ca:38:57:63:42:
0f:44:4a:76:8b:d3:7c:7b:35:fa:b8:f6:4a:fe:40:18:67:7c:
58:08:bf:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYwCTcqbREEp9RMoQm+M5/UVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjMxMTI0MTcwODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGY5Zjc0ZWJlODFlMzY4OTY0MGNkZTk1YmVhYjY2NjRhMzQwMTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhNuwIHCmWnTRHobrArrAUek9wMZR
HcXBav0KVkVqQfb4Wd12Gv8IMNGhlucszwGb20vc/Tu/OowJCojcnx7Ee9ZCSG+l
I7zeqe8a9/Ky96JN7L5yToeHM/CNZpQnUZbBUW0Q/z1kdgtYlVY0y1ERJwKQ/i6f
ThBRQhayEbQXqYLvXdsvZidQ4mLrg4YjOiCmGCLI1cN/30K2WJbKpflB6aB3hfFo
hE0+MLNyaFM/B7h6WhYSfP3Mk7j4V5Zf8jHR1mJX545eo+xLWZ3adhUf+vas0TPI
Pv2Tdmk9Vw5Ccr8XoA9aT1gLqIyZt6mTSTM64TQOLPErheqKss8ru8Yo6wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFED5906+geNolkDN6VvqtmZKNAGIMB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvUVBuM1RyNkI0MmlXUU0zcFctcTJaa28wQVlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSLjAwQC
WSpQMA0GCSqGSIb3DQEBCwUAA4IBAQAMzYBTl96+AK9yIr6i3SQFXAasEAOLBKVA
Z8vkBGuocAAViSV2usBRzh4w9oQhLiMOKKmbjj68D7WQAnHJH39sxSUyGzd15q0W
giH4Q6YimfQB3Gp3WRBv6Ud/xY58tdMiwelMJv4OCM/7l8n5mMedevvouv+3BrxD
YMRa/WhgpRtVpCiORie38iDwv0fSZROFqrxmkPeqmIE46Uss+ILrQFAZUHAEGh21
ygNIR4C+uSfunaIe2IHV/knpy90E3DvqMdyRiAxCX4RRzxu0SQjGVDwNUn+To1KE
Azy5ycY9ZaSstDHJyjhXY0IPREp2i9N8ezX6uPZK/kAYZ3xYCL/Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:50 2024 by rpki-client on console-ams.rpki-client.org