Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/AFl-hwTEMBXQkcImQsBEbNwVYTA.roa
File: AFl-hwTEMBXQkcImQsBEbNwVYTA.roa (raw, json)
Hash identifier: MMmsmL0/K3UCcEZ5By8F0x6iUaT2K/04pqUXzJs+SeQ=
Subject key identifier: 00:59:7E:87:04:C4:30:15:D0:91:C2:26:42:C0:44:6C:DC:15:61:30
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0192A96ABAF4C5852F6FFEF066823B3C6B84
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/AFl-hwTEMBXQkcImQsBEbNwVYTA.roa
Signing time: Sun 20 Oct 2024 10:13:17 +0000
ROA not before: Sun 20 Oct 2024 10:13:17 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 89.43.199.0/24 maxlen: 24
93.114.193.0/24 maxlen: 24
93.115.254.0/24 maxlen: 24
103.212.81.0/24 maxlen: 24
185.121.122.0/23 maxlen: 24
Validation: Failed, certificate revoked on Tue 22 Oct 2024 17:06:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:a9:6a:ba:f4:c5:85:2f:6f:fe:f0:66:82:3b:3c:6b:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Oct 20 10:13:17 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=00597e8704c43015d091c22642c0446cdc156130
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:9f:3f:a7:f0:23:fd:9b:e0:20:35:77:5d:69:
72:36:38:ec:36:8f:79:e3:0a:af:01:9c:6f:e8:1e:
75:6e:4c:03:5c:60:64:c3:04:0b:41:95:cf:71:1e:
5b:c1:3a:c4:67:9d:c1:b0:fc:25:e8:01:3b:16:8f:
d3:18:31:55:a8:2f:56:cc:e9:1e:06:32:61:5a:13:
43:1f:37:af:fb:68:c6:ae:54:77:29:c0:36:5e:62:
24:04:47:18:36:61:7c:80:90:47:04:8a:d8:39:d3:
0f:46:e3:b6:f2:f0:4e:e4:80:b9:9f:fe:c7:1f:40:
db:1b:8e:df:88:04:0d:47:c4:49:62:be:ab:6c:9a:
ee:75:52:c5:fb:be:c4:85:9e:72:29:19:4c:3f:00:
1a:7a:da:20:1d:79:a2:52:71:f4:52:a5:12:ff:a2:
5b:21:ab:d5:90:3b:2b:d9:3b:1e:34:a5:ca:7b:5d:
dd:6f:ca:8a:65:7b:38:e3:61:c0:b0:ad:22:7e:af:
46:89:89:7a:a0:62:b6:c5:28:db:4e:6c:62:25:77:
b3:40:37:3f:2e:4e:be:ed:21:40:60:59:60:75:ea:
6b:12:bc:37:e8:81:0d:73:cb:70:84:0a:10:be:5b:
2c:8e:4b:9e:ec:55:cc:d5:5c:26:31:4d:0e:57:e4:
72:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:59:7E:87:04:C4:30:15:D0:91:C2:26:42:C0:44:6C:DC:15:61:30
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/AFl-hwTEMBXQkcImQsBEbNwVYTA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.43.199.0/24
93.114.193.0/24
93.115.254.0/24
103.212.81.0/24
185.121.122.0/23
Signature Algorithm: sha256WithRSAEncryption
44:7c:7f:53:aa:90:ad:8f:fc:f1:c3:10:6a:e8:8c:37:6b:4b:
18:10:cd:b7:d8:43:cf:f2:50:9f:1b:ac:31:e9:b5:aa:42:fb:
0a:49:95:36:46:29:12:a4:c4:79:96:2e:56:04:fb:37:ff:a7:
1c:ed:6c:a9:86:8a:10:15:ed:5c:71:11:0d:e3:6c:0c:28:31:
12:de:47:ab:75:9a:6d:00:94:3e:0d:03:6e:02:1a:8f:a3:bd:
3a:f2:2e:84:f9:0c:8d:bb:a5:3c:09:03:38:2d:f7:e3:a2:f3:
dd:52:ec:c4:80:8c:b4:aa:e9:2c:ef:74:4e:19:46:98:b0:5c:
2e:49:6d:28:91:07:10:59:69:95:8d:34:b0:39:f3:92:04:7b:
48:74:b1:47:f4:e3:af:4a:78:f6:02:10:86:40:64:6b:52:97:
f5:06:3f:1a:c6:df:45:1a:0e:15:a6:73:8a:ed:ac:1a:55:d5:
af:7c:cb:5c:9b:b0:71:f5:db:c6:31:03:52:dd:11:a5:b1:53:
9c:da:20:91:e0:d0:c5:5c:a0:4e:a5:23:43:49:57:ec:db:04:
19:8e:0d:ae:9d:45:fc:72:44:a5:0a:f9:62:f9:f0:c3:32:07:
f8:ba:18:aa:89:7e:02:48:c7:cd:64:73:d9:80:1a:39:9d:44:
a2:16:32:91
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZKparr0xYUvb/7wZoI7PGuEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQxMDIwMTAxMzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU5N2U4NzA0YzQzMDE1ZDA5MWMyMjY0MmMwNDQ2Y2RjMTU2MTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq58/p/Aj/ZvgIDV3XWlyNjjsNo95
4wqvAZxv6B51bkwDXGBkwwQLQZXPcR5bwTrEZ53BsPwl6AE7Fo/TGDFVqC9WzOke
BjJhWhNDHzev+2jGrlR3KcA2XmIkBEcYNmF8gJBHBIrYOdMPRuO28vBO5IC5n/7H
H0DbG47fiAQNR8RJYr6rbJrudVLF+77EhZ5yKRlMPwAaetogHXmiUnH0UqUS/6Jb
IavVkDsr2TseNKXKe13db8qKZXs442HAsK0ifq9GiYl6oGK2xSjbTmxiJXezQDc/
Lk6+7SFAYFlgdeprErw36IENc8twhAoQvlssjkue7FXM1VwmMU0OV+RyBQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFABZfocExDAV0JHCJkLARGzcFWEwMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvQUZsLWh3VEVNQlhRa2NJbVFzQkViTndWWVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAWSvHAwQA
XXLBAwQAXXP+AwQAZ9RRAwQBuXl6MA0GCSqGSIb3DQEBCwUAA4IBAQBEfH9TqpCt
j/zxwxBq6Iw3a0sYEM232EPP8lCfG6wx6bWqQvsKSZU2RikSpMR5li5WBPs3/6cc
7WyphooQFe1ccREN42wMKDES3kerdZptAJQ+DQNuAhqPo7068i6E+QyNu6U8CQM4
LffjovPdUuzEgIy0quks73ROGUaYsFwuSW0okQcQWWmVjTSwOfOSBHtIdLFH9OOv
Snj2AhCGQGRrUpf1Bj8axt9FGg4VpnOK7awaVdWvfMtcm7Bx9dvGMQNS3RGlsVOc
2iCR4NDFXKBOpSNDSVfs2wQZjg2unUX8ckSlCvli+fDDMgf4uhiqiX4CSMfNZHPZ
gBo5nUSiFjKR
-----END CERTIFICATE-----
Generated at Tue Oct 22 19:06:45 2024 by rpki-client on console-fra.rpki-client.org