Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M7cdKv0dTBPk2dbZFxo6DK-eqck.roa
File: M7cdKv0dTBPk2dbZFxo6DK-eqck.roa (raw, json)
Hash identifier: 3oCCcVqu4BZ3nS9tZ6cS8jKE8Ig6vExbULNf6GkldI0=
Subject key identifier: 33:B7:1D:2A:FD:1D:4C:13:E4:D9:D6:D9:17:1A:3A:0C:AF:9E:A9:C9
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018AD29E0B73D92C293E564A88F80B5760FA
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M7cdKv0dTBPk2dbZFxo6DK-eqck.roa
Signing time: Tue 26 Sep 2023 17:51:27 +0000
ROA not before: Tue 26 Sep 2023 17:51:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.112.64.0/22 maxlen: 24
188.241.242.0/24 maxlen: 24
188.241.243.0/24 maxlen: 24
185.255.39.0/24 maxlen: 24
188.214.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
188.213.202.0/24 maxlen: 24
193.23.129.0/24 maxlen: 24
193.23.128.0/24 maxlen: 24
213.232.93.0/24 maxlen: 24
213.232.92.0/24 maxlen: 24
213.232.94.0/23 maxlen: 24
45.156.157.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
89.33.84.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.255.170.0/24 maxlen: 24
89.35.154.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.155.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
87.247.149.0/24 maxlen: 24
87.247.151.0/24 maxlen: 24
188.240.224.0/24 maxlen: 24
188.240.225.0/24 maxlen: 24
188.240.227.0/24 maxlen: 24
188.240.233.0/24 maxlen: 24
91.188.205.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
91.188.206.0/24 maxlen: 24
91.188.207.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
45.146.184.0/22 maxlen: 24
185.135.140.0/24 maxlen: 24
185.135.141.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
188.241.110.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:d2:9e:0b:73:d9:2c:29:3e:56:4a:88:f8:0b:57:60:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Sep 26 17:51:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=33b71d2afd1d4c13e4d9d6d9171a3a0caf9ea9c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:8e:48:ce:89:83:d2:94:bf:ae:9a:40:1d:22:
8d:d5:46:3f:b0:f9:eb:d7:34:8e:b0:42:08:43:b1:
4d:34:13:6f:47:3e:aa:aa:b8:b2:d7:42:b1:b2:5e:
69:a5:c0:8f:92:c8:05:6d:8a:42:ab:d3:a7:00:e3:
22:20:7d:bc:11:76:96:81:d2:46:36:b1:27:45:c7:
7b:f8:41:9a:ff:56:83:30:40:ae:38:07:cc:20:5d:
d4:db:25:20:67:12:ab:9d:ee:12:82:b6:b3:7d:d3:
d2:6c:4a:e7:46:0c:ab:fd:49:f3:59:c6:3a:37:3d:
bc:4b:a9:80:1c:3d:56:ec:8c:5a:1c:13:33:14:fd:
ce:03:96:56:be:75:07:25:38:18:22:95:b4:d2:06:
b3:ce:5e:bb:53:a0:43:2a:00:56:df:bc:88:8d:cb:
70:8e:f0:46:80:e4:12:56:fa:43:43:18:48:70:48:
d9:51:79:c1:3c:ca:cf:74:33:59:fe:b7:ea:54:cb:
5c:db:bf:5c:58:04:14:71:9e:b0:55:25:a6:b4:45:
c0:3b:da:97:c4:26:c0:1f:8e:34:d7:e8:a7:67:c4:
4b:cd:1f:14:93:ee:18:52:df:39:3d:69:30:29:d3:
18:6e:b8:2f:03:74:b6:74:4b:56:7b:fe:7c:69:6c:
46:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:B7:1D:2A:FD:1D:4C:13:E4:D9:D6:D9:17:1A:3A:0C:AF:9E:A9:C9
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/M7cdKv0dTBPk2dbZFxo6DK-eqck.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.146.184.0/22
45.156.157.0/24
87.247.148.0/22
89.33.84.0/23
89.35.154.0/24
89.37.63.0/24
91.188.204.0/22
93.115.254.0/23
185.112.64.0/22
185.135.140.0/23
185.135.143.0/24
185.238.10.0/24
185.241.210.0/23
185.255.39.0/24
185.255.169.0-185.255.171.255
188.212.133.0/24
188.212.155.0/24
188.212.158.0/24
188.213.202.0/23
188.214.209.0/24
188.240.224.0/23
188.240.227.0/24
188.240.233.0/24
188.241.110.0/24
188.241.242.0/23
193.23.128.0/23
213.232.92.0/22
Signature Algorithm: sha256WithRSAEncryption
95:f9:cf:aa:d2:95:99:ec:c2:bf:1f:d9:7e:b7:3e:9c:65:16:
93:5e:72:1e:be:15:52:43:67:21:05:61:af:1f:88:01:16:a7:
ae:ce:b6:92:5d:29:f0:28:c3:64:84:4a:81:b7:b6:4a:11:16:
c4:fb:2f:56:4c:66:73:3e:e0:5a:53:0b:0a:71:6a:fa:61:22:
f9:66:b1:b1:57:e3:bf:f5:65:53:52:ee:df:20:68:04:c2:c3:
df:00:c2:b3:e0:4e:e4:a2:8b:57:6c:6c:c3:2e:eb:73:61:7a:
55:f9:8b:3b:eb:57:9e:b7:8c:32:f0:28:99:fc:80:9e:5e:80:
6b:22:ba:0f:32:0f:69:2a:28:62:ea:9b:ba:19:e9:c3:8c:6e:
03:a1:06:50:02:a6:4f:bd:5a:f4:00:94:5d:e3:bf:85:85:4c:
3c:44:b3:ec:f4:f5:80:98:7b:df:ae:a4:21:81:68:bd:60:89:
7d:b5:3f:ba:0d:5c:d2:a6:df:1f:55:eb:27:7f:b9:c2:6b:3c:
c3:d0:b2:0a:14:32:01:b4:0b:10:78:e9:91:e9:2e:1c:88:76:
93:69:48:4b:49:f0:bf:4e:9f:81:2e:e4:70:72:51:91:c0:b1:
0a:56:ea:f4:09:64:7b:e2:45:80:2d:55:d5:ae:f2:f8:be:3c:
0e:f6:33:1d
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAYrSngtz2SwpPlZKiPgLV2D6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwOTI2MTc1MTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2I3MWQyYWZkMWQ0YzEzZTRkOWQ2ZDkxNzFhM2EwY2FmOWVhOWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiY5IzomD0pS/rppAHSKN1UY/sPnr
1zSOsEIIQ7FNNBNvRz6qqriy10Kxsl5ppcCPksgFbYpCq9OnAOMiIH28EXaWgdJG
NrEnRcd7+EGa/1aDMECuOAfMIF3U2yUgZxKrne4SgrazfdPSbErnRgyr/UnzWcY6
Nz28S6mAHD1W7IxaHBMzFP3OA5ZWvnUHJTgYIpW00gazzl67U6BDKgBW37yIjctw
jvBGgOQSVvpDQxhIcEjZUXnBPMrPdDNZ/rfqVMtc279cWAQUcZ6wVSWmtEXAO9qX
xCbAH4401+inZ8RLzR8Uk+4YUt85PWkwKdMYbrgvA3S2dEtWe/58aWxGywIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFDO3HSr9HUwT5NnW2RcaOgyvnqnJMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTTdjZEt2MGRUQlBrMmRiWkZ4bzZESy1lcWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAIt
krgDBAAtnJ0DBAJX95QDBAFZIVQDBABZI5oDBABZJT8DBAJbvMwDBAFdc/4DBAK5
cEADBAG5h4wDBAC5h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQMEArn/qAME
ALzUhQMEALzUmwMEALzUngMEAbzVygMEALzW0QMEAbzw4AMEALzw4wMEALzw6QME
ALzxbgMEAbzx8gMEAcEXgAMEAtXoXDANBgkqhkiG9w0BAQsFAAOCAQEAlfnPqtKV
mezCvx/Zfrc+nGUWk15yHr4VUkNnIQVhrx+IARanrs62kl0p8CjDZIRKgbe2ShEW
xPsvVkxmcz7gWlMLCnFq+mEi+WaxsVfjv/VlU1Lu3yBoBMLD3wDCs+BO5KKLV2xs
wy7rc2F6VfmLO+tXnreMMvAomfyAnl6AayK6DzIPaSooYuqbuhnpw4xuA6EGUAKm
T71a9ACUXeO/hYVMPESz7PT1gJh7366kIYFovWCJfbU/ug1c0qbfH1XrJ3+5wms8
w9CyChQyAbQLEHjpkekuHIh2k2lIS0nwv06fgS7kcHJRkcCxClbq9Alke+JFgC1V
1a7y+L48DvYzHQ==
-----END CERTIFICATE-----
Generated at Wed Sep 27 18:59:59 2023 by rpki-client on console-fra.rpki-client.org