Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/STQIyxG53QdHpit0RtHjBSebyQ4.roa
File: STQIyxG53QdHpit0RtHjBSebyQ4.roa (raw, json)
Hash identifier: dRKDjXdvA06ynxjr9y1mBv3Fdho6CXyYG5NTAzKjXz4=
Subject key identifier: 49:34:08:CB:11:B9:DD:07:47:A6:2B:74:46:D1:E3:05:27:9B:C9:0E
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0191700468BC5AC28AE449255AB08B9976D8
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/STQIyxG53QdHpit0RtHjBSebyQ4.roa
Signing time: Tue 20 Aug 2024 13:40:22 +0000
ROA not before: Tue 20 Aug 2024 13:40:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 2.58.148.0/22 maxlen: 24
45.144.226.0/24 maxlen: 24
185.121.120.0/24 maxlen: 24
185.121.121.0/24 maxlen: 24
185.121.122.0/23 maxlen: 24
185.239.243.0/24 maxlen: 24
193.239.164.0/23 maxlen: 24
220.158.199.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 26 Aug 2024 07:37:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:70:04:68:bc:5a:c2:8a:e4:49:25:5a:b0:8b:99:76:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Aug 20 13:40:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=493408cb11b9dd0747a62b7446d1e305279bc90e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:11:57:87:35:d2:30:09:d9:28:90:23:33:53:
20:af:65:a5:0a:23:b0:fb:e9:79:3b:fa:f7:36:fe:
28:75:91:e4:d7:56:39:c0:86:4a:91:4d:17:c4:3e:
e1:65:50:66:b7:f7:02:a8:b3:ce:20:5e:45:75:1a:
ef:5e:e8:53:3e:b7:29:4a:4a:24:02:0f:b4:02:7e:
8c:d0:ce:41:c5:4e:49:49:1c:c0:01:ea:10:37:85:
68:db:57:dd:0b:4e:2f:2d:bf:66:5b:1d:fb:0b:bd:
a2:3a:73:c8:a3:2c:e8:2a:a5:14:fc:72:99:f1:42:
4f:ef:7f:5f:c3:68:63:03:97:22:2e:5e:2d:92:cb:
a8:eb:43:f8:22:e4:6d:93:f5:39:43:9f:8f:e0:9a:
63:44:02:73:94:5a:ba:19:5d:c7:01:82:f8:20:c1:
98:88:54:12:7b:b4:5f:3c:7b:56:5a:2b:a1:a9:50:
2a:95:74:eb:db:55:23:2e:e2:a1:55:f1:01:c5:da:
c0:7b:e0:c7:fe:82:3c:80:25:2a:94:89:1b:1c:1b:
60:2d:61:21:6e:b1:97:ff:de:1e:f4:55:a9:81:14:
69:8b:99:58:e2:ce:9a:1e:6a:20:ca:a1:97:7d:3c:
54:98:e4:69:ef:74:b0:74:48:96:ec:5c:b6:ee:e4:
18:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:34:08:CB:11:B9:DD:07:47:A6:2B:74:46:D1:E3:05:27:9B:C9:0E
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/STQIyxG53QdHpit0RtHjBSebyQ4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.148.0/22
45.144.226.0/24
185.121.120.0/22
185.239.243.0/24
193.239.164.0/23
220.158.199.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:ad:2c:85:a9:c1:97:43:ef:c4:5d:4c:ce:4c:2a:77:cb:4d:
19:be:5d:a0:c4:d2:74:d3:e3:cc:1a:b5:92:61:65:e1:41:ef:
e3:9b:4a:ce:bd:fd:40:27:82:ee:2c:80:77:a0:e2:0a:d6:6e:
fb:83:3b:51:7d:9c:93:e8:07:ca:4d:5d:51:03:5d:44:c7:f4:
05:c4:83:5e:c2:c2:81:60:03:51:53:2c:76:ca:4e:38:ad:5a:
13:c9:72:71:0c:f7:3b:c5:4c:92:6b:cc:82:35:cf:ab:9c:69:
4a:3d:c9:58:93:81:8a:54:f3:75:3a:60:c9:06:a1:f1:db:3d:
a7:3f:d0:f7:70:24:de:d2:2e:be:49:38:36:71:23:05:97:73:
bd:00:ca:e9:ca:84:fa:c0:4a:56:be:41:1a:f2:99:c8:26:5b:
41:a6:db:17:7b:d0:b8:88:61:f1:28:51:87:c6:31:10:ac:a1:
a7:78:f8:b1:74:b2:b1:3d:99:0c:cb:c1:4e:1c:bd:2a:ab:09:
73:6f:2b:e0:8b:ad:09:40:44:47:a7:38:75:0f:39:aa:49:af:
c0:5a:bb:75:54:95:ca:34:cd:fb:3f:af:08:33:b0:cd:db:49:
fb:42:69:4a:0c:ea:13:70:db:f5:97:3a:ae:1b:16:c5:95:0e:
fb:21:3d:89
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZFwBGi8WsKK5EklWrCLmXbYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwODIwMTM0MDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTM0MDhjYjExYjlkZDA3NDdhNjJiNzQ0NmQxZTMwNTI3OWJjOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xFXhzXSMAnZKJAjM1Mgr2WlCiOw
++l5O/r3Nv4odZHk11Y5wIZKkU0XxD7hZVBmt/cCqLPOIF5FdRrvXuhTPrcpSkok
Ag+0An6M0M5BxU5JSRzAAeoQN4Vo21fdC04vLb9mWx37C72iOnPIoyzoKqUU/HKZ
8UJP739fw2hjA5ciLl4tksuo60P4IuRtk/U5Q5+P4JpjRAJzlFq6GV3HAYL4IMGY
iFQSe7RfPHtWWiuhqVAqlXTr21UjLuKhVfEBxdrAe+DH/oI8gCUqlIkbHBtgLWEh
brGX/94e9FWpgRRpi5lY4s6aHmogyqGXfTxUmORp73SwdEiW7Fy27uQYFQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFEk0CMsRud0HR6YrdEbR4wUnm8kOMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvU1RRSXl4RzUzUWRIcGl0MFJ0SGpCU2VieVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCAjqUAwQA
LZDiAwQCuXl4AwQAue/zAwQBwe+kAwQA3J7HMA0GCSqGSIb3DQEBCwUAA4IBAQBf
rSyFqcGXQ+/EXUzOTCp3y00Zvl2gxNJ00+PMGrWSYWXhQe/jm0rOvf1AJ4LuLIB3
oOIK1m77gztRfZyT6AfKTV1RA11Ex/QFxINewsKBYANRUyx2yk44rVoTyXJxDPc7
xUySa8yCNc+rnGlKPclYk4GKVPN1OmDJBqHx2z2nP9D3cCTe0i6+STg2cSMFl3O9
AMrpyoT6wEpWvkEa8pnIJltBptsXe9C4iGHxKFGHxjEQrKGnePixdLKxPZkMy8FO
HL0qqwlzbyvgi60JQERHpzh1DzmqSa/AWrt1VJXKNM37P68IM7DN20n7QmlKDOoT
cNv1lzquGxbFlQ77IT2J
-----END CERTIFICATE-----
Generated at Mon Aug 26 10:35:10 2024 by rpki-client on console-ams.rpki-client.org