Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/KoXMBcgsdaeFDWA7N4-WQwoZgUE.roa
File: KoXMBcgsdaeFDWA7N4-WQwoZgUE.roa (raw, json)
Hash identifier: 7rsep+WnHL2VIfKtlx5Pa90SkF1kqyOrUP65hRO4qoE=
Subject key identifier: 2A:85:CC:05:C8:2C:75:A7:85:0D:60:3B:37:8F:96:43:0A:19:81:41
Certificate issuer: /CN=23446da7a70bce773ec2bc1655aae30c3c18412c
Certificate serial: 01867996E3E8C3F06A0DF0EF371C8442FE09
Authority key identifier: 23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/KoXMBcgsdaeFDWA7N4-WQwoZgUE.roa
Signing time: Wed 22 Feb 2023 14:46:17 +0000
ROA not before: Wed 22 Feb 2023 14:46:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 9009
IP address blocks: 45.153.238.0/24 maxlen: 24
45.153.236.0/24 maxlen: 24
45.153.237.0/24 maxlen: 24
77.83.71.0/24 maxlen: 24
171.22.188.0/24 maxlen: 24
171.22.189.0/24 maxlen: 24
84.252.84.0/23 maxlen: 23
45.11.232.0/24 maxlen: 24
84.252.86.0/24 maxlen: 24
84.252.87.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 16 Mar 2023 15:23:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:79:96:e3:e8:c3:f0:6a:0d:f0:ef:37:1c:84:42:fe:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23446da7a70bce773ec2bc1655aae30c3c18412c
Validity
Not Before: Feb 22 14:46:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2a85cc05c82c75a7850d603b378f96430a198141
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:6b:9f:10:92:94:bc:fc:8e:d6:7f:36:31:db:
43:7e:81:5b:12:77:7c:38:69:a9:d6:40:ce:be:66:
22:f0:5f:04:84:4a:0f:7f:13:6e:e2:85:69:93:08:
a7:25:58:02:03:1d:47:61:e3:3b:2a:bf:81:50:db:
a3:54:f4:eb:52:09:df:92:3b:c3:c3:a8:28:09:00:
9a:f4:58:e5:76:8b:70:a3:e5:e6:e0:2e:31:d9:3a:
70:52:eb:d4:9c:d0:0a:3f:a1:82:f6:20:9c:23:f8:
8c:34:2c:83:b8:e2:52:ee:c2:7a:bd:9a:89:6b:8c:
f3:02:68:af:2b:4b:e4:09:42:19:60:30:5f:3e:d2:
23:f0:44:37:8e:e8:65:d0:3b:f2:12:66:f6:0b:64:
1f:38:a0:66:bc:c1:6d:78:c0:85:8b:8c:cc:39:96:
cc:bb:b8:23:bb:3e:05:b6:1d:50:59:07:93:1c:f2:
ae:2a:94:1a:a8:9c:eb:a7:3d:22:68:50:51:f1:9e:
2b:44:55:5b:c8:ee:e4:ec:ee:33:5b:18:ff:19:19:
97:12:22:a7:3b:92:75:7d:f0:73:6c:b0:8b:1c:6f:
47:85:f0:5d:ec:cd:1e:53:66:45:2e:f4:10:27:28:
54:45:57:fd:5f:92:97:ed:a0:70:ae:1e:df:66:22:
fb:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:85:CC:05:C8:2C:75:A7:85:0D:60:3B:37:8F:96:43:0A:19:81:41
X509v3 Authority Key Identifier:
keyid:23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/KoXMBcgsdaeFDWA7N4-WQwoZgUE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.232.0/24
45.153.236.0-45.153.238.255
77.83.71.0/24
84.252.84.0/22
171.22.188.0/23
Signature Algorithm: sha256WithRSAEncryption
7e:05:34:49:35:7f:74:26:3f:cf:04:9a:10:4c:fb:f6:8b:84:
55:33:3a:9f:34:e0:fc:f1:c8:ad:42:7b:4a:99:f7:d8:c6:93:
f6:85:1d:06:70:04:a6:52:61:dd:b4:be:34:45:53:8a:ed:4a:
01:b6:e3:02:93:b6:e3:7b:16:04:7c:43:55:68:9e:72:d4:84:
a8:05:69:2b:1d:f5:b7:8e:53:81:86:38:4e:65:da:5d:4b:f8:
4a:0b:70:88:26:03:68:d4:ab:26:ee:9b:16:be:e7:60:f8:6a:
fc:ea:e1:64:51:9d:06:86:9a:36:39:a0:cf:9f:1f:d5:83:94:
af:d5:f7:de:c3:bb:d0:28:ea:02:4e:e8:50:c6:be:e8:0a:1c:
1c:f4:40:7d:b2:8c:ad:8c:c2:01:09:62:c0:d6:0a:fa:a6:88:
86:08:49:9d:b9:51:59:d8:67:9e:30:da:85:3d:3d:8f:4a:4a:
31:05:4c:b9:33:a9:a7:37:49:81:99:00:6e:d2:6b:71:ec:08:
bc:61:77:ff:25:07:7e:5a:3a:79:a9:c2:4b:4f:64:95:33:93:
ee:f3:66:53:f5:34:77:bc:53:36:57:04:a0:e1:aa:4c:e0:c5:
1f:33:b1:87:a7:6c:b9:ca:55:95:3a:9b:48:53:ad:e9:88:e9:
bb:58:ad:c4
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYZ5luPow/BqDfDvNxyEQv4JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDQ2ZGE3YTcwYmNlNzczZWMyYmMxNjU1YWFlMzBjM2Mx
ODQxMmMwHhcNMjMwMjIyMTQ0NjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTg1Y2MwNWM4MmM3NWE3ODUwZDYwM2IzNzhmOTY0MzBhMTk4MTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGufEJKUvPyO1n82MdtDfoFbEnd8
OGmp1kDOvmYi8F8EhEoPfxNu4oVpkwinJVgCAx1HYeM7Kr+BUNujVPTrUgnfkjvD
w6goCQCa9Fjldotwo+Xm4C4x2TpwUuvUnNAKP6GC9iCcI/iMNCyDuOJS7sJ6vZqJ
a4zzAmivK0vkCUIZYDBfPtIj8EQ3juhl0DvyEmb2C2QfOKBmvMFteMCFi4zMOZbM
u7gjuz4Fth1QWQeTHPKuKpQaqJzrpz0iaFBR8Z4rRFVbyO7k7O4zWxj/GRmXEiKn
O5J1ffBzbLCLHG9HhfBd7M0eU2ZFLvQQJyhURVf9X5KX7aBwrh7fZiL7HQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFCqFzAXILHWnhQ1gOzePlkMKGYFBMB8GA1UdIwQY
MBaAFCNEbaenC853PsK8FlWq4ww8GEEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQt
MjVjYzlkNmNmYmI5LzEvS29YTUJjZ3NkYWVGRFdBN040LVdRd29aZ1VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQtMjVjYzlkNmNmYmI5
LzEvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQALQvoMAwD
BAItmewDBAAtme4DBABNU0cDBAJU/FQDBAGrFrwwDQYJKoZIhvcNAQELBQADggEB
AH4FNEk1f3QmP88EmhBM+/aLhFUzOp804PzxyK1Ce0qZ99jGk/aFHQZwBKZSYd20
vjRFU4rtSgG24wKTtuN7FgR8Q1VonnLUhKgFaSsd9beOU4GGOE5l2l1L+EoLcIgm
A2jUqybumxa+52D4avzq4WRRnQaGmjY5oM+fH9WDlK/V997Du9Ao6gJO6FDGvugK
HBz0QH2yjK2MwgEJYsDWCvqmiIYISZ25UVnYZ54w2oU9PY9KSjEFTLkzqac3SYGZ
AG7Sa3HsCLxhd/8lB35aOnmpwktPZJUzk+7zZlP1NHe8UzZXBKDhqkzgxR8zsYen
bLnKVZU6m0hTremI6btYrcQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:08 2024 by rpki-client on console-ams.rpki-client.org