Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/ndzOB_UM5Tae5W6MmXEEYh_CQgU.roa
File: ndzOB_UM5Tae5W6MmXEEYh_CQgU.roa (raw, json)
Hash identifier: Ofgi+9gs4ROBvFUKFLx7zfSxlQsU8+P2Nkcgj38i3+Q=
Subject key identifier: 9D:DC:CE:07:F5:0C:E5:36:9E:E5:6E:8C:99:71:04:62:1F:C2:42:05
Certificate issuer: /CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Certificate serial: 0187140C0F35B056BF35DBD6DAA3AF1FC48D
Authority key identifier: D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/ndzOB_UM5Tae5W6MmXEEYh_CQgU.roa
Signing time: Fri 24 Mar 2023 14:35:47 +0000
ROA not before: Fri 24 Mar 2023 14:35:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202613
IP address blocks: 176.107.152.0/21 maxlen: 24
195.231.96.0/19 maxlen: 24
80.73.232.0/21 maxlen: 24
185.58.120.0/22 maxlen: 24
95.110.180.0/22 maxlen: 24
195.231.40.0/21 maxlen: 24
82.192.128.0/19 maxlen: 24
217.198.128.0/20 maxlen: 24
2a00:6d43::/32 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:14:0c:0f:35:b0:56:bf:35:db:d6:da:a3:af:1f:c4:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d3cb5cecc213b9f86dbba518521e8546ec93861c
Validity
Not Before: Mar 24 14:35:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9ddcce07f50ce5369ee56e8c997104621fc24205
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:14:fe:d0:82:15:20:58:58:84:13:f6:8d:8d:
3a:fc:eb:ef:0d:a3:f9:89:bf:49:0e:59:70:5b:ff:
57:ac:4d:e3:2f:95:5f:ae:08:86:17:c3:f5:08:a7:
8f:83:5f:9e:12:d9:58:c4:db:58:47:6a:72:e2:1c:
70:07:36:13:93:39:b1:51:52:14:bd:2e:6c:7c:58:
3a:3b:f1:21:2d:c5:1c:b6:85:8c:54:e7:d1:5b:58:
af:6e:f4:66:ba:20:28:cf:fb:a0:d5:fc:d5:c8:27:
d9:03:e1:a6:0d:0d:56:ed:df:00:44:85:92:e4:be:
70:c5:2e:4f:99:2a:76:bb:cd:f3:53:ff:38:c0:6f:
97:4f:8a:2c:e1:27:fa:7f:01:ad:4a:18:d4:46:b0:
0b:c9:67:e7:89:f4:c9:3a:34:3e:95:87:4c:5e:fd:
11:93:8b:bc:80:e9:da:03:cc:7b:24:e2:02:df:fd:
48:c1:fe:b9:c7:da:72:c8:0c:01:4d:65:3d:f8:70:
0f:1d:34:52:2a:da:cb:44:73:3d:44:99:70:05:49:
6c:69:a3:41:6c:48:94:43:49:a4:ca:5e:e7:92:15:
61:e0:5d:bd:d2:2b:05:fc:0c:ba:34:11:5c:65:0d:
5b:48:ae:94:7a:83:cd:6a:62:91:7a:93:fb:6d:fc:
c2:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:DC:CE:07:F5:0C:E5:36:9E:E5:6E:8C:99:71:04:62:1F:C2:42:05
X509v3 Authority Key Identifier:
keyid:D3:CB:5C:EC:C2:13:B9:F8:6D:BB:A5:18:52:1E:85:46:EC:93:86:1C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08tc7MITufhtu6UYUh6FRuyThhw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/ndzOB_UM5Tae5W6MmXEEYh_CQgU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e117fe-c9e7-4d41-94df-84269412d561/1/08tc7MITufhtu6UYUh6FRuyThhw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.73.232.0/21
82.192.128.0/19
95.110.180.0/22
176.107.152.0/21
185.58.120.0/22
195.231.40.0/21
195.231.96.0/19
217.198.128.0/20
IPv6:
2a00:6d43::/32
Signature Algorithm: sha256WithRSAEncryption
7c:fc:ae:eb:37:e1:79:7a:8b:2c:85:50:ef:39:bc:15:b4:62:
28:4e:6a:c5:dc:47:21:4f:40:11:4d:20:03:1f:3a:af:77:72:
75:d1:b4:9b:cd:b6:3b:71:76:6e:4d:f7:fd:81:1a:22:81:6f:
23:39:02:e0:6b:4b:c3:c5:26:8e:bd:e9:77:db:03:ad:8a:4f:
89:10:55:46:86:bd:f7:eb:a9:b8:65:ed:ba:5c:27:9a:05:68:
b3:66:09:43:0d:51:01:6b:35:8e:9a:92:83:3f:c1:56:87:99:
b9:c1:1a:ea:de:2c:ff:80:49:43:d2:01:9c:f0:9a:88:95:cd:
71:7a:2b:d0:95:7b:3d:eb:a3:a5:c3:d2:28:f9:ea:66:4b:fe:
9f:e1:86:8b:01:44:9e:89:c0:fa:ec:9c:c7:8d:e3:cf:7f:f6:
ce:af:5e:a2:33:71:d4:b3:ed:40:f7:11:c1:18:ac:cc:d1:ed:
dd:09:c0:27:2b:35:ae:6e:4b:42:3d:31:cf:a1:e9:61:43:46:
98:d5:db:9e:2c:35:94:83:25:14:2b:18:f6:4c:40:77:21:c2:
64:10:4a:66:6c:8a:66:1b:c4:72:4f:10:5f:68:11:e0:3c:55:
71:a6:7b:0e:24:72:c2:d1:94:b2:c9:fe:ec:80:db:dc:0c:41:
bb:de:36:56
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYcUDA81sFa/NdvW2qOvH8SNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2I1Y2VjYzIxM2I5Zjg2ZGJiYTUxODUyMWU4NTQ2ZWM5
Mzg2MWMwHhcNMjMwMzI0MTQzNTQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGRjY2UwN2Y1MGNlNTM2OWVlNTZlOGM5OTcxMDQ2MjFmYzI0MjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRT+0IIVIFhYhBP2jY06/OvvDaP5
ib9JDllwW/9XrE3jL5VfrgiGF8P1CKePg1+eEtlYxNtYR2py4hxwBzYTkzmxUVIU
vS5sfFg6O/EhLcUctoWMVOfRW1ivbvRmuiAoz/ug1fzVyCfZA+GmDQ1W7d8ARIWS
5L5wxS5PmSp2u83zU/84wG+XT4os4Sf6fwGtShjURrALyWfnifTJOjQ+lYdMXv0R
k4u8gOnaA8x7JOIC3/1Iwf65x9pyyAwBTWU9+HAPHTRSKtrLRHM9RJlwBUlsaaNB
bEiUQ0mkyl7nkhVh4F290isF/Ay6NBFcZQ1bSK6UeoPNamKRepP7bfzCSQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFJ3czgf1DOU2nuVujJlxBGIfwkIFMB8GA1UdIwQY
MBaAFNPLXOzCE7n4bbulGFIehUbsk4YcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYt
ODQyNjk0MTJkNTYxLzEvbmR6T0JfVU01VGFlNVc2TW1YRUVZaF9DUWdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lMTE3ZmUtYzllNy00ZDQxLTk0ZGYtODQyNjk0MTJkNTYx
LzEvMDh0YzdNSVR1Zmh0dTZVWVVoNkZSdXlUaGh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDUEnoAwQF
UsCAAwQCX260AwQDsGuYAwQCuTp4AwQDw+coAwQFw+dgAwQE2caAMA0EAgACMAcD
BQAqAG1DMA0GCSqGSIb3DQEBCwUAA4IBAQB8/K7rN+F5eosshVDvObwVtGIoTmrF
3EchT0ARTSADHzqvd3J10bSbzbY7cXZuTff9gRoigW8jOQLga0vDxSaOvel32wOt
ik+JEFVGhr3366m4Ze26XCeaBWizZglDDVEBazWOmpKDP8FWh5m5wRrq3iz/gElD
0gGc8JqIlc1xeivQlXs966Olw9Io+epmS/6f4YaLAUSeicD67JzHjePPf/bOr16i
M3HUs+1A9xHBGKzM0e3dCcAnKzWubktCPTHPoelhQ0aY1dueLDWUgyUUKxj2TEB3
IcJkEEpmbIpmG8RyTxBfaBHgPFVxpnsOJHLC0ZSyyf7sgNvcDEG73jZW
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:03 2023 by rpki-client on console-ams.rpki-client.org