Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2_3yuo5lyTb2RVPiwibounBDWRY.roa
File: 2_3yuo5lyTb2RVPiwibounBDWRY.roa (raw, json)
Hash identifier: msk3dyyj8PWUAVSqe6u0HBWN0Tuk6jiMUu2uTmLFHw8=
Subject key identifier: DB:FD:F2:BA:8E:65:C9:36:F6:45:53:E2:C2:26:E8:BA:70:43:59:16
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018CC5011C36D3D2ADB398EDC8CED77117E9
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2_3yuo5lyTb2RVPiwibounBDWRY.roa
Signing time: Mon 01 Jan 2024 12:30:33 +0000
ROA not before: Mon 01 Jan 2024 12:30:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 137409
IP address blocks: 194.5.83.0/24 maxlen: 24
45.8.70.0/24 maxlen: 24
194.5.82.0/24 maxlen: 24
45.130.202.0/23 maxlen: 24
45.133.4.0/24 maxlen: 24
45.133.6.0/24 maxlen: 24
89.34.126.0/23 maxlen: 24
45.133.5.0/24 maxlen: 24
45.133.7.0/24 maxlen: 24
194.61.40.0/23 maxlen: 24
204.75.229.0/24 maxlen: 24
185.165.45.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 02 Apr 2024 09:03:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:1c:36:d3:d2:ad:b3:98:ed:c8:ce:d7:71:17:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 12:30:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dbfdf2ba8e65c936f64553e2c226e8ba70435916
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:0a:ca:23:f9:ca:bf:01:72:b3:81:db:83:00:
17:1d:1d:a5:d1:c2:0d:d3:83:cc:fc:98:f2:8b:8a:
73:e7:36:c3:24:82:f9:9b:ba:23:ef:47:a9:66:02:
d0:4e:1a:c9:ab:62:09:90:9d:f9:da:92:37:3e:44:
fa:2a:d2:44:9a:49:6f:7b:1d:8c:4b:1c:2e:dc:d8:
01:ac:64:2f:b2:b5:e7:b3:f4:d4:15:74:a4:39:76:
f3:2a:17:6a:16:d8:72:ff:c1:b1:b3:7a:6e:12:c7:
c7:77:91:c5:de:d9:43:50:ff:cd:5c:91:21:5a:94:
17:6a:c5:e5:10:05:c2:f3:89:9a:82:74:37:b0:e1:
a5:9f:c2:ea:14:44:10:0d:50:11:b6:27:18:98:2a:
66:13:20:f9:67:9e:03:d5:10:0c:7f:78:a8:60:9c:
9d:71:21:f8:88:19:4c:8a:62:cb:65:a2:5e:89:7a:
80:41:2f:54:1e:04:eb:62:a6:fc:86:63:c0:f1:cc:
79:5c:70:51:24:a2:e0:85:97:a9:f0:0e:8d:2a:45:
82:bf:91:1c:d1:5d:e6:43:66:99:7e:b7:c9:e9:ae:
01:f7:5b:61:62:dd:38:b7:ba:60:f0:0c:22:25:a6:
35:99:31:04:6e:ef:e5:c4:7a:95:5c:45:13:a9:66:
1e:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:FD:F2:BA:8E:65:C9:36:F6:45:53:E2:C2:26:E8:BA:70:43:59:16
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/2_3yuo5lyTb2RVPiwibounBDWRY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.70.0/24
45.130.202.0/23
45.133.4.0/22
89.34.126.0/23
185.165.45.0/24
194.5.82.0/23
194.61.40.0/23
204.75.229.0/24
Signature Algorithm: sha256WithRSAEncryption
2c:39:af:ef:9c:16:d2:19:15:06:94:46:bc:b0:3e:e3:3b:30:
a2:39:d0:69:e5:f5:8b:25:2c:38:a8:9f:77:a0:33:eb:4d:93:
57:e6:f6:d0:51:ce:0a:53:cc:85:0a:e0:8b:c7:e6:20:1c:d1:
b5:47:3c:68:ca:74:7a:96:f3:9f:c8:d8:0b:b3:0c:09:19:72:
f4:1d:4b:25:c9:4c:79:31:50:8a:1c:b7:52:61:89:aa:00:75:
7a:b4:1c:a4:ea:58:52:f6:ec:2f:db:b2:df:c1:58:14:1f:80:
da:29:7b:68:d1:60:c8:a8:46:a6:6c:75:df:4c:fc:94:bf:81:
2d:ea:c4:5f:a5:b9:5c:24:c8:92:c7:9c:be:1d:71:d8:44:7d:
0f:bf:45:c4:ae:7c:c1:f9:ee:15:df:e2:1b:df:b0:9e:df:48:
03:0b:15:49:75:3f:f3:ca:43:06:b2:d0:2f:82:43:f5:62:c8:
b3:a9:da:b6:d3:37:36:02:8a:8b:79:ad:32:fa:fd:9f:0e:9d:
14:55:53:5e:5f:c8:4f:86:0f:fb:10:3d:80:9d:b2:16:13:8d:
bf:95:48:62:fc:f1:15:d2:8a:13:d3:10:33:85:4a:54:4e:f9:
04:0a:ad:54:d1:d8:c6:e3:97:6d:30:7b:39:24:5c:15:d0:45:
48:e4:ba:61
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYzFARw209Kts5jtyM7XcRfpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZkZjJiYThlNjVjOTM2ZjY0NTUzZTJjMjI2ZThiYTcwNDM1OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwrKI/nKvwFys4HbgwAXHR2l0cIN
04PM/Jjyi4pz5zbDJIL5m7oj70epZgLQThrJq2IJkJ352pI3PkT6KtJEmklvex2M
Sxwu3NgBrGQvsrXns/TUFXSkOXbzKhdqFthy/8Gxs3puEsfHd5HF3tlDUP/NXJEh
WpQXasXlEAXC84magnQ3sOGln8LqFEQQDVARticYmCpmEyD5Z54D1RAMf3ioYJyd
cSH4iBlMimLLZaJeiXqAQS9UHgTrYqb8hmPA8cx5XHBRJKLghZep8A6NKkWCv5Ec
0V3mQ2aZfrfJ6a4B91thYt04t7pg8AwiJaY1mTEEbu/lxHqVXEUTqWYesQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNv98rqOZck29kVT4sIm6LpwQ1kWMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMl8zeXVvNWx5VGIyUlZQaXdpYm91bkJEV1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQhGAwQB
LYLKAwQCLYUEAwQBWSJ+AwQAuaUtAwQBwgVSAwQBwj0oAwQAzEvlMA0GCSqGSIb3
DQEBCwUAA4IBAQAsOa/vnBbSGRUGlEa8sD7jOzCiOdBp5fWLJSw4qJ93oDPrTZNX
5vbQUc4KU8yFCuCLx+YgHNG1RzxoynR6lvOfyNgLswwJGXL0HUslyUx5MVCKHLdS
YYmqAHV6tByk6lhS9uwv27LfwVgUH4DaKXto0WDIqEambHXfTPyUv4Et6sRfpblc
JMiSx5y+HXHYRH0Pv0XErnzB+e4V3+Ib37Ce30gDCxVJdT/zykMGstAvgkP1Ysiz
qdq20zc2AoqLea0y+v2fDp0UVVNeX8hPhg/7ED2AnbIWE42/lUhi/PEV0ooT0xAz
hUpUTvkECq1U0djG45dtMHs5JFwV0EVI5Lph
-----END CERTIFICATE-----
Generated at Tue Apr 2 11:48:41 2024 by rpki-client on console-ams.rpki-client.org