Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8n3G9SdEZcRqrNwPQO8tk17SvBE.roa
File: 8n3G9SdEZcRqrNwPQO8tk17SvBE.roa (raw, json)
Hash identifier: jZ2MiwjGBb4iQePLlrjpu6hQcuH5/vsDtAa/E8Pdkrg=
Subject key identifier: F2:7D:C6:F5:27:44:65:C4:6A:AC:DC:0F:40:EF:2D:93:5E:D2:BC:11
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01861857C110EE29855E4E71D47AB8D1765D
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8n3G9SdEZcRqrNwPQO8tk17SvBE.roa
Signing time: Fri 03 Feb 2023 17:34:09 +0000
ROA not before: Fri 03 Feb 2023 17:34:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61138
IP address blocks: 188.212.133.0/24 maxlen: 24
213.232.93.0/24 maxlen: 24
213.232.95.0/24 maxlen: 24
94.176.110.0/24 maxlen: 24
185.255.168.0/24 maxlen: 24
188.214.208.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
91.188.207.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 06 Feb 2023 19:27:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:18:57:c1:10:ee:29:85:5e:4e:71:d4:7a:b8:d1:76:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Feb 3 17:34:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f27dc6f5274465c46aacdc0f40ef2d935ed2bc11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a9:d0:71:24:c3:69:79:60:9e:d7:4b:ee:a9:
a0:9c:95:2b:32:b4:88:6e:0d:36:3d:05:3c:b7:4a:
12:e5:7e:49:2e:af:02:bc:ab:29:7f:db:b8:0c:e7:
f1:fa:c8:8e:73:b5:0d:7e:df:eb:c5:e3:cc:f6:83:
ca:1b:d5:ee:9b:ca:cc:87:7c:02:bd:88:1f:23:d1:
1a:8f:c6:6c:79:ee:4e:03:f0:14:1a:22:8a:d7:d3:
d1:a2:7f:df:f0:b1:f7:e2:58:0e:ca:19:50:49:33:
33:de:75:79:8d:68:18:2c:df:8b:bb:61:24:1f:28:
ee:26:43:a4:27:a2:3e:3f:d6:70:40:35:e0:72:dd:
2c:78:b9:4d:3b:3c:12:e0:a8:53:a4:5d:b1:c0:43:
7c:80:dc:a2:d7:37:fd:9a:45:fa:24:74:aa:04:11:
d0:8a:27:e2:d5:9c:e7:8d:e8:05:37:86:90:3b:59:
30:0d:d4:cb:6b:04:41:b6:d1:63:ce:8f:9e:68:ed:
d8:12:34:0d:44:fb:56:07:02:4f:68:7d:2d:db:b6:
ed:11:7b:2d:93:54:9d:66:4a:4a:b8:e8:b7:fc:f5:
4c:e2:2b:91:57:83:64:17:40:b5:23:4c:24:cd:ba:
65:1c:0e:26:c7:e0:33:33:8c:df:79:f2:3e:fd:05:
5d:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:7D:C6:F5:27:44:65:C4:6A:AC:DC:0F:40:EF:2D:93:5E:D2:BC:11
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/8n3G9SdEZcRqrNwPQO8tk17SvBE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.188.207.0/24
94.176.110.0/24
185.238.10.0/24
185.255.168.0/24
188.212.133.0/24
188.214.208.0/24
213.232.93.0/24
213.232.95.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:91:de:ba:3e:4e:ee:e5:43:63:6c:a0:d5:cf:2e:53:ed:9f:
41:93:5f:8c:38:e8:df:74:de:f0:f2:b2:c0:df:3f:e6:36:9a:
cb:e8:eb:fd:46:18:b6:43:0d:aa:46:26:41:c2:3b:90:ad:1c:
0a:1a:76:6c:36:61:d0:0f:e4:65:78:66:be:42:ea:f7:e4:1b:
5f:69:1a:37:d5:e5:c8:d5:ad:7a:9a:8d:12:85:84:cc:61:ff:
9f:5f:37:a6:b4:b7:6b:02:94:b5:59:52:33:2b:db:91:b8:2d:
fa:53:df:a5:0f:eb:74:a4:7c:a5:b2:fd:2e:a3:60:cc:d6:fb:
c0:61:6c:3e:85:26:5c:f9:e9:f1:c3:0d:59:d4:04:59:75:3e:
fa:37:cc:c2:bd:6b:c2:52:ca:5e:ff:10:4d:f8:09:70:f1:b0:
4e:15:1d:30:26:99:b1:33:b0:f2:71:5d:87:ed:25:e4:cb:a0:
90:b5:ff:ff:dd:40:73:5e:e4:e8:ee:2b:0b:95:46:08:06:37:
d0:26:7e:d2:e0:ed:54:d4:81:2e:76:90:48:e1:27:82:75:a8:
1e:71:96:8e:53:76:de:f0:38:09:50:52:02:80:ee:0f:cf:e8:
1f:b6:44:4c:02:f5:31:71:8b:3a:29:ff:f1:e8:6f:6d:77:3b:
90:fc:5f:74
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYYYV8EQ7imFXk5x1Hq40XZdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMjAzMTczNDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjdkYzZmNTI3NDQ2NWM0NmFhY2RjMGY0MGVmMmQ5MzVlZDJiYzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKnQcSTDaXlgntdL7qmgnJUrMrSI
bg02PQU8t0oS5X5JLq8CvKspf9u4DOfx+siOc7UNft/rxePM9oPKG9Xum8rMh3wC
vYgfI9Eaj8Zsee5OA/AUGiKK19PRon/f8LH34lgOyhlQSTMz3nV5jWgYLN+Lu2Ek
HyjuJkOkJ6I+P9ZwQDXgct0seLlNOzwS4KhTpF2xwEN8gNyi1zf9mkX6JHSqBBHQ
iifi1ZznjegFN4aQO1kwDdTLawRBttFjzo+eaO3YEjQNRPtWBwJPaH0t27btEXst
k1SdZkpKuOi3/PVM4iuRV4NkF0C1I0wkzbplHA4mx+AzM4zfefI+/QVdnwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFPJ9xvUnRGXEaqzcD0DvLZNe0rwRMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvOG4zRzlTZEVaY1Jxck53UFFPOHRrMTdTdkJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAW7zPAwQA
XrBuAwQAue4KAwQAuf+oAwQAvNSFAwQAvNbQAwQA1ehdAwQA1ehfMA0GCSqGSIb3
DQEBCwUAA4IBAQB6kd66Pk7u5UNjbKDVzy5T7Z9Bk1+MOOjfdN7w8rLA3z/mNprL
6Ov9Rhi2Qw2qRiZBwjuQrRwKGnZsNmHQD+RleGa+Qur35BtfaRo31eXI1a16mo0S
hYTMYf+fXzemtLdrApS1WVIzK9uRuC36U9+lD+t0pHylsv0uo2DM1vvAYWw+hSZc
+enxww1Z1ARZdT76N8zCvWvCUspe/xBN+Alw8bBOFR0wJpmxM7DycV2H7SXky6CQ
tf//3UBzXuTo7isLlUYIBjfQJn7S4O1U1IEudpBI4SeCdagecZaOU3be8DgJUFIC
gO4Pz+gftkRMAvUxcYs6Kf/x6G9tdzuQ/F90
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:44 2024 by rpki-client on console-fra.rpki-client.org