Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mlbbKZ5aA3PCzR6brhEJOaCDTvQ.roa
File: mlbbKZ5aA3PCzR6brhEJOaCDTvQ.roa (raw, json)
Hash identifier: iwe0S4j3KmdR7KzYCy/NNo/ST3QnI48dZhRspxx4rnw=
Subject key identifier: 9A:56:DB:29:9E:5A:03:73:C2:CD:1E:9B:AE:11:09:39:A0:83:4E:F4
Certificate issuer: /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial: 018D31F9D060C2DF41DA12F91F942DB7A11A
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mlbbKZ5aA3PCzR6brhEJOaCDTvQ.roa
Signing time: Mon 22 Jan 2024 16:21:11 +0000
ROA not before: Mon 22 Jan 2024 16:21:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7018
IP address blocks: 89.34.224.0/23 maxlen: 24
89.34.228.0/24 maxlen: 24
89.34.231.0/24 maxlen: 24
89.42.81.0/24 maxlen: 24
89.42.86.0/24 maxlen: 24
89.42.95.0/24 maxlen: 24
89.42.143.0/24 maxlen: 24
89.43.140.0/24 maxlen: 24
89.43.143.0/24 maxlen: 24
89.47.125.0/24 maxlen: 24
89.47.127.0/24 maxlen: 24
93.113.181.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 31 Jan 2024 07:27:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:31:f9:d0:60:c2:df:41:da:12:f9:1f:94:2d:b7:a1:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Validity
Not Before: Jan 22 16:21:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9a56db299e5a0373c2cd1e9bae110939a0834ef4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d5:6f:e2:f5:e1:92:58:2f:6e:95:77:bf:f4:
22:81:7c:f8:10:9f:f8:c9:22:20:0f:13:98:a8:23:
4d:ff:d5:e4:dd:ae:70:a7:65:24:4b:fd:df:5a:8b:
e8:50:0e:50:1d:43:91:ed:37:49:bb:64:4c:2f:4b:
67:42:d3:ad:b5:8c:9b:dd:44:51:2c:41:f9:47:59:
8e:3c:08:f2:5f:c6:a7:2c:7c:bf:f3:75:78:f0:9b:
a4:03:79:ba:36:cc:eb:17:7c:f2:e2:02:02:5f:fb:
82:a5:d9:f3:6e:1b:39:26:f4:d8:2a:87:58:14:28:
04:e1:60:c5:f2:e4:72:3f:d4:00:3e:be:cc:f7:b2:
31:9e:e9:de:2f:4f:b8:f0:fa:5d:27:02:e5:e4:73:
0b:17:e6:96:76:b5:84:0f:23:f8:4e:dc:c5:e7:69:
96:53:5d:f8:96:2b:51:74:81:ff:46:4f:10:a9:be:
96:2c:34:41:00:de:f8:38:7b:c1:41:5c:d4:9e:e1:
85:93:2d:6c:29:29:e2:b7:f4:e4:b3:af:fe:e0:ae:
1e:f3:71:72:a5:fd:39:d0:e3:97:94:19:e8:8b:0d:
f6:a7:03:78:6e:ae:88:b8:44:7d:ab:38:4a:59:b8:
2a:4b:9e:53:aa:1d:47:f7:75:06:1f:90:70:7b:62:
a7:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:56:DB:29:9E:5A:03:73:C2:CD:1E:9B:AE:11:09:39:A0:83:4E:F4
X509v3 Authority Key Identifier:
keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/mlbbKZ5aA3PCzR6brhEJOaCDTvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.34.224.0/23
89.34.228.0/24
89.34.231.0/24
89.42.81.0/24
89.42.86.0/24
89.42.95.0/24
89.42.143.0/24
89.43.140.0/24
89.43.143.0/24
89.47.125.0/24
89.47.127.0/24
93.113.181.0/24
Signature Algorithm: sha256WithRSAEncryption
51:a7:7e:4b:4a:a5:48:a5:5d:48:f9:d6:1e:45:80:0b:0e:d4:
a7:25:5f:f9:70:31:0d:5f:26:b9:13:19:18:6e:10:7c:f8:31:
24:78:0a:ba:8d:30:bf:6f:b0:dc:4a:5d:f6:f8:a2:05:cf:9f:
8d:e9:0c:e8:e9:0a:24:5b:71:7c:8e:3a:b9:cb:c4:88:44:49:
61:4d:ca:25:08:4e:c8:d4:f0:9d:31:9b:09:e4:5b:4b:7f:c7:
87:2a:f0:c7:b5:1f:3b:fa:ae:b4:76:34:a9:c8:1f:ca:af:6d:
0e:e7:97:89:55:3e:bb:e1:60:91:a2:b1:25:f8:9a:0e:44:3f:
64:74:88:38:6f:6b:40:d3:ba:24:05:77:2b:40:c2:8f:df:12:
87:e3:1b:f3:13:55:9c:05:63:cf:67:5b:6f:86:b7:29:4b:f9:
1c:f3:8b:fb:9b:48:f5:b3:cd:19:24:0c:61:7c:b2:e6:16:54:
1c:1c:a7:87:d6:83:4d:0b:4e:30:08:4c:f3:75:54:02:fa:b0:
c4:b0:82:42:58:73:7a:b2:ec:69:01:39:1d:b1:72:22:90:fc:
e7:12:be:ce:d8:51:26:4e:da:a1:91:72:d5:a9:6b:af:04:e7:
fe:44:a1:25:cf:76:59:01:3a:ee:27:aa:11:c7:d4:98:22:ac:
da:d5:21:49
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAY0x+dBgwt9B2hL5H5Qtt6EaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwMTIyMTYyMTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTU2ZGIyOTllNWEwMzczYzJjZDFlOWJhZTExMDkzOWEwODM0ZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9Vv4vXhklgvbpV3v/QigXz4EJ/4
ySIgDxOYqCNN/9Xk3a5wp2UkS/3fWovoUA5QHUOR7TdJu2RML0tnQtOttYyb3URR
LEH5R1mOPAjyX8anLHy/83V48JukA3m6NszrF3zy4gICX/uCpdnzbhs5JvTYKodY
FCgE4WDF8uRyP9QAPr7M97IxnuneL0+48PpdJwLl5HMLF+aWdrWEDyP4TtzF52mW
U134litRdIH/Rk8Qqb6WLDRBAN74OHvBQVzUnuGFky1sKSnit/Tks6/+4K4e83Fy
pf050OOXlBnoiw32pwN4bq6IuER9qzhKWbgqS55Tqh1H93UGH5Bwe2Kn4QIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFJpW2ymeWgNzws0em64RCTmgg070MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvbWxiYktaNWFBM1BDelI2YnJoRUpPYUNEVHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQBWSLgAwQA
WSLkAwQAWSLnAwQAWSpRAwQAWSpWAwQAWSpfAwQAWSqPAwQAWSuMAwQAWSuPAwQA
WS99AwQAWS9/AwQAXXG1MA0GCSqGSIb3DQEBCwUAA4IBAQBRp35LSqVIpV1I+dYe
RYALDtSnJV/5cDENXya5ExkYbhB8+DEkeAq6jTC/b7DcSl32+KIFz5+N6Qzo6Qok
W3F8jjq5y8SIRElhTcolCE7I1PCdMZsJ5FtLf8eHKvDHtR87+q60djSpyB/Kr20O
55eJVT674WCRorEl+JoORD9kdIg4b2tA07okBXcrQMKP3xKH4xvzE1WcBWPPZ1tv
hrcpS/kc84v7m0j1s80ZJAxhfLLmFlQcHKeH1oNNC04wCEzzdVQC+rDEsIJCWHN6
suxpATkdsXIikPznEr7O2FEmTtqhkXLVqWuvBOf+RKElz3ZZATruJ6oRx9SYIqza
1SFJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:50 2024 by rpki-client on console-ams.rpki-client.org