Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/55UFHlD_GtJd0kPJuHnTtAEQO3s.roa
File: 55UFHlD_GtJd0kPJuHnTtAEQO3s.roa (raw, json)
Hash identifier: QhTgBdYklxIPFxF09Dnbu5tatkXGpNaAlPl0BtYK8Ik=
Subject key identifier: E7:95:05:1E:50:FF:1A:D2:5D:D2:43:C9:B8:79:D3:B4:01:10:3B:7B
Certificate issuer: /CN=435416b2282b4533c3509c18e957ce0c836bc837
Certificate serial: 01856FCB881C619FFF3C785E5A713793DD98
Authority key identifier: 43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/55UFHlD_GtJd0kPJuHnTtAEQO3s.roa
Signing time: Mon 02 Jan 2023 00:04:47 +0000
ROA not before: Mon 02 Jan 2023 00:04:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203020
IP address blocks: 194.156.112.0/22 maxlen: 32
185.251.44.0/22 maxlen: 32
195.66.216.0/21 maxlen: 32
185.247.228.0/22 maxlen: 32
95.214.84.0/22 maxlen: 32
195.158.208.0/22 maxlen: 32
95.175.64.0/19 maxlen: 32
185.251.248.0/22 maxlen: 32
Validation: Failed, certificate revoked on Fri 06 Oct 2023 08:43:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:cb:88:1c:61:9f:ff:3c:78:5e:5a:71:37:93:dd:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=435416b2282b4533c3509c18e957ce0c836bc837
Validity
Not Before: Jan 2 00:04:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e795051e50ff1ad25dd243c9b879d3b401103b7b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:95:61:36:9f:c3:f2:5c:93:aa:9f:89:d3:39:
f5:eb:89:af:01:08:40:06:04:84:3a:4c:0f:d6:96:
5c:c0:45:fd:c5:47:84:db:75:40:ef:69:f4:e9:61:
59:e4:37:f8:75:93:6e:e5:8b:39:1d:00:3e:f1:c7:
db:00:61:5f:68:6e:86:a9:4d:56:39:d1:14:c0:d8:
d3:45:c3:7a:4d:b4:cb:0c:82:33:86:e4:3d:69:cc:
f2:37:cc:5e:b3:cf:ec:e9:de:84:41:6f:d1:9f:0e:
8d:40:7b:93:c0:49:d7:63:9b:25:64:09:06:74:63:
59:49:7e:35:91:38:80:02:70:ee:fc:6a:dc:12:9a:
f1:d5:3f:73:95:3f:e7:0a:33:d7:42:f1:b1:26:c8:
c0:b4:2d:aa:b9:fe:39:18:5f:9b:c1:da:09:bb:11:
b8:4e:e0:f3:21:e0:68:18:3d:a4:f2:62:ab:bb:7f:
8b:11:5f:f8:66:a6:4d:ce:08:f1:a5:c1:3a:4d:d4:
4b:02:d4:ea:c7:f3:79:d6:8a:8e:e7:b0:42:89:9b:
bf:53:a1:18:f5:26:59:80:20:78:8c:83:45:52:f1:
44:3f:c1:e3:8e:52:2d:1b:c6:74:ba:1a:9d:ca:6a:
9e:ad:32:12:6f:e5:f5:c6:bb:e6:13:7d:e5:96:a9:
34:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:95:05:1E:50:FF:1A:D2:5D:D2:43:C9:B8:79:D3:B4:01:10:3B:7B
X509v3 Authority Key Identifier:
keyid:43:54:16:B2:28:2B:45:33:C3:50:9C:18:E9:57:CE:0C:83:6B:C8:37
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q1QWsigrRTPDUJwY6VfODINryDc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/55UFHlD_GtJd0kPJuHnTtAEQO3s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/63ff81-6460-4c05-852d-262eb39bbe76/1/Q1QWsigrRTPDUJwY6VfODINryDc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.175.64.0/19
95.214.84.0/22
185.247.228.0/22
185.251.44.0/22
185.251.248.0/22
194.156.112.0/22
195.66.216.0/21
195.158.208.0/22
Signature Algorithm: sha256WithRSAEncryption
79:a5:33:4e:9a:f7:93:11:f3:1b:b1:cc:d0:90:66:6c:b0:ca:
1b:51:6c:25:08:f6:64:17:40:fc:1f:8b:84:7f:37:72:4e:70:
fe:55:e6:7d:f4:07:1d:a9:05:8a:16:6d:4a:7b:75:63:f4:c9:
72:0c:0d:c1:77:89:0e:87:59:d1:a4:e3:2c:58:c7:0a:2f:8c:
e6:1b:5f:ac:26:14:a8:2c:07:e5:33:a4:48:bf:0b:80:0b:61:
96:67:1e:9b:c5:8a:8f:8a:f1:d3:4c:4f:ab:5a:4e:53:72:50:
ae:04:e5:bf:0c:da:69:fe:9c:c4:54:51:5e:6f:47:48:47:55:
d1:5b:9b:6d:f4:f3:58:fb:22:dd:35:6a:f7:61:9c:8d:d7:9b:
cb:16:4c:0a:46:41:ad:c2:6e:9c:a5:7d:45:08:05:8b:92:6e:
c9:db:cf:95:b0:71:b0:70:7b:64:fb:79:38:6b:89:a3:a3:32:
f0:b7:fa:67:29:a3:3a:ba:44:7d:02:80:6d:0b:81:eb:d9:4c:
81:36:75:05:e1:6c:c4:41:be:12:39:9a:35:69:fc:06:b7:39:
62:bb:f7:48:8c:fd:7f:b9:28:cf:bd:a2:40:9d:45:d5:73:eb:
c6:85:57:e0:33:e8:85:07:76:db:f4:44:f9:f4:14:db:35:e6:
54:a5:b5:b6
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVvy4gcYZ//PHheWnE3k92YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNTQxNmIyMjgyYjQ1MzNjMzUwOWMxOGU5NTdjZTBjODM2
YmM4MzcwHhcNMjMwMTAyMDAwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzk1MDUxZTUwZmYxYWQyNWRkMjQzYzliODc5ZDNiNDAxMTAzYjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5VhNp/D8lyTqp+J0zn164mvAQhA
BgSEOkwP1pZcwEX9xUeE23VA72n06WFZ5Df4dZNu5Ys5HQA+8cfbAGFfaG6GqU1W
OdEUwNjTRcN6TbTLDIIzhuQ9aczyN8xes8/s6d6EQW/Rnw6NQHuTwEnXY5slZAkG
dGNZSX41kTiAAnDu/GrcEprx1T9zlT/nCjPXQvGxJsjAtC2quf45GF+bwdoJuxG4
TuDzIeBoGD2k8mKru3+LEV/4ZqZNzgjxpcE6TdRLAtTqx/N51oqO57BCiZu/U6EY
9SZZgCB4jINFUvFEP8HjjlItG8Z0uhqdymqerTISb+X1xrvmE33llqk0CQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFOeVBR5Q/xrSXdJDybh507QBEDt7MB8GA1UdIwQY
MBaAFENUFrIoK0Uzw1CcGOlXzgyDa8g3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQt
MjYyZWIzOWJiZTc2LzEvNTVVRkhsRF9HdEpkMGtQSnVIblR0QUVRTzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82M2ZmODEtNjQ2MC00YzA1LTg1MmQtMjYyZWIzOWJiZTc2
LzEvUTFRV3NpZ3JSVFBEVUp3WTZWZk9ESU5yeURjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQFX69AAwQC
X9ZUAwQCuffkAwQCufssAwQCufv4AwQCwpxwAwQDw0LYAwQCw57QMA0GCSqGSIb3
DQEBCwUAA4IBAQB5pTNOmveTEfMbsczQkGZssMobUWwlCPZkF0D8H4uEfzdyTnD+
VeZ99AcdqQWKFm1Ke3Vj9MlyDA3Bd4kOh1nRpOMsWMcKL4zmG1+sJhSoLAflM6RI
vwuAC2GWZx6bxYqPivHTTE+rWk5TclCuBOW/DNpp/pzEVFFeb0dIR1XRW5tt9PNY
+yLdNWr3YZyN15vLFkwKRkGtwm6cpX1FCAWLkm7J28+VsHGwcHtk+3k4a4mjozLw
t/pnKaM6ukR9AoBtC4Hr2UyBNnUF4WzEQb4SOZo1afwGtzliu/dIjP1/uSjPvaJA
nUXVc+vGhVfgM+iFB3bb9ET59BTbNeZUpbW2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:29 2024 by rpki-client on console-ams.rpki-client.org