Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Tw3UaQf8ekbIUFYtrSmlR5JsswY.roa
File: Tw3UaQf8ekbIUFYtrSmlR5JsswY.roa (raw, json)
Hash identifier: WFrCgJv2t/Mh8ePNmhR/2hsjBa/94u1QHBmiuDEPffc=
Subject key identifier: 4F:0D:D4:69:07:FC:7A:46:C8:50:56:2D:AD:29:A5:47:92:6C:B3:06
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018A667AA453B52FBDD0E4D3CA4CBD76D178
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Tw3UaQf8ekbIUFYtrSmlR5JsswY.roa
Signing time: Tue 05 Sep 2023 17:53:48 +0000
ROA not before: Tue 05 Sep 2023 17:53:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 188.241.242.0/24 maxlen: 24
188.241.243.0/24 maxlen: 24
185.255.39.0/24 maxlen: 24
188.214.209.0/24 maxlen: 24
185.241.210.0/23 maxlen: 24
93.115.255.0/24 maxlen: 24
93.115.254.0/23 maxlen: 24
188.213.203.0/24 maxlen: 24
188.213.202.0/24 maxlen: 24
193.23.129.0/24 maxlen: 24
193.23.128.0/24 maxlen: 24
213.232.93.0/24 maxlen: 24
213.232.92.0/24 maxlen: 24
217.74.16.0/24 maxlen: 24
213.232.94.0/23 maxlen: 24
45.156.157.0/24 maxlen: 24
89.33.85.0/24 maxlen: 24
89.33.84.0/24 maxlen: 24
185.255.169.0/24 maxlen: 24
185.255.170.0/23 maxlen: 24
185.255.170.0/24 maxlen: 24
89.35.154.0/24 maxlen: 24
188.212.133.0/24 maxlen: 24
188.212.155.0/24 maxlen: 24
188.212.158.0/24 maxlen: 24
87.247.148.0/24 maxlen: 24
87.247.150.0/24 maxlen: 24
87.247.149.0/24 maxlen: 24
87.247.151.0/24 maxlen: 24
188.240.224.0/24 maxlen: 24
188.240.225.0/24 maxlen: 24
188.240.227.0/24 maxlen: 24
188.240.233.0/24 maxlen: 24
91.188.205.0/24 maxlen: 24
91.188.204.0/24 maxlen: 24
91.188.206.0/24 maxlen: 24
91.188.207.0/24 maxlen: 24
89.37.63.0/24 maxlen: 24
185.135.140.0/24 maxlen: 24
185.135.141.0/24 maxlen: 24
185.135.143.0/24 maxlen: 24
185.238.10.0/24 maxlen: 24
188.241.110.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:66:7a:a4:53:b5:2f:bd:d0:e4:d3:ca:4c:bd:76:d1:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Sep 5 17:53:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4f0dd46907fc7a46c850562dad29a547926cb306
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:d8:d0:8c:43:f5:1d:92:a4:b4:67:f7:67:ad:
05:78:8d:f4:e5:cb:76:71:de:7c:b2:88:b5:dc:48:
ba:0d:ed:4e:7b:fd:a0:a1:e9:75:45:de:1a:e4:46:
a9:2e:cb:56:0f:67:ce:0b:7d:ff:55:de:68:4a:62:
17:16:f2:85:16:9e:d5:4b:be:9f:dc:53:4d:1b:2b:
19:14:29:8e:76:8b:c9:8b:02:9f:4e:b2:a0:54:24:
e4:1b:31:e3:b1:a6:c8:d4:91:e4:b0:b6:9b:da:12:
fd:46:ba:93:ef:64:25:ff:4e:e4:54:91:5d:c6:fe:
23:f7:a6:e6:86:3d:1c:6f:bb:36:ac:12:0b:36:f5:
5a:c3:c8:f8:23:9c:ca:0e:42:2c:47:a9:93:63:e3:
0e:12:ff:4a:0c:a2:6b:ed:76:e0:2e:58:e2:57:7e:
86:f3:64:13:d4:13:f4:3f:74:94:91:65:65:3d:2e:
0a:9a:a7:e3:bd:5c:20:70:c9:c7:d6:93:f9:9f:c6:
2d:03:73:9c:f8:82:d7:55:8b:e2:df:ae:4a:5a:1d:
84:b8:19:40:77:f1:ba:56:3f:21:fa:23:df:eb:cb:
48:d3:8a:fa:bc:79:50:63:8c:75:81:41:f2:c2:21:
5c:2d:32:02:6c:24:59:4f:d8:15:46:f3:3b:b4:c8:
f2:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4F:0D:D4:69:07:FC:7A:46:C8:50:56:2D:AD:29:A5:47:92:6C:B3:06
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Tw3UaQf8ekbIUFYtrSmlR5JsswY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.156.157.0/24
87.247.148.0/22
89.33.84.0/23
89.35.154.0/24
89.37.63.0/24
91.188.204.0/22
93.115.254.0/23
185.135.140.0/23
185.135.143.0/24
185.238.10.0/24
185.241.210.0/23
185.255.39.0/24
185.255.169.0-185.255.171.255
188.212.133.0/24
188.212.155.0/24
188.212.158.0/24
188.213.202.0/23
188.214.209.0/24
188.240.224.0/23
188.240.227.0/24
188.240.233.0/24
188.241.110.0/24
188.241.242.0/23
193.23.128.0/23
213.232.92.0/22
217.74.16.0/24
Signature Algorithm: sha256WithRSAEncryption
77:49:a0:31:ad:5f:34:a2:51:c2:fc:e7:71:21:3b:7b:5c:b4:
a3:62:1e:1a:94:c6:a5:61:56:3e:0f:a8:59:bf:35:86:47:00:
a8:1e:24:72:24:5d:7f:6d:72:04:e6:56:34:9a:dc:40:67:04:
2a:64:cc:1b:d7:b8:79:22:91:07:86:16:b8:84:09:51:a8:7a:
0e:7d:f6:cd:c8:7e:80:42:f5:dd:a2:fc:f9:24:4e:11:c5:db:
a6:30:f6:c8:7d:08:ac:4b:f1:36:21:ba:1f:16:9f:10:34:f3:
66:77:ac:67:c4:2d:33:a8:38:37:e3:7e:20:83:98:ba:65:6a:
0e:c9:de:b8:34:c9:9b:f5:21:15:94:80:9b:56:7c:4b:3b:63:
a5:9e:6f:90:fc:d7:76:82:fe:bc:de:63:e9:1e:33:1c:81:e0:
60:3f:97:eb:b2:16:7e:23:c6:e5:60:e7:53:ac:f4:d1:93:45:
b5:26:52:96:e0:f7:6e:07:34:f4:1b:91:1e:a2:ef:8f:1f:31:
19:74:57:10:da:cf:20:a9:0e:3b:aa:d4:5c:33:70:a8:d2:e2:
17:ae:c3:8f:87:1a:f9:07:ac:07:31:73:ae:c4:88:fe:c2:00:
aa:e5:5e:46:7d:79:d6:b7:f0:16:3d:70:ff:e6:b5:ac:11:f9:
e6:d9:d3:86
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYpmeqRTtS+90OTTyky9dtF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwOTA1MTc1MzQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjBkZDQ2OTA3ZmM3YTQ2Yzg1MDU2MmRhZDI5YTU0NzkyNmNiMzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidjQjEP1HZKktGf3Z60FeI305ct2
cd58soi13Ei6De1Oe/2goel1Rd4a5EapLstWD2fOC33/Vd5oSmIXFvKFFp7VS76f
3FNNGysZFCmOdovJiwKfTrKgVCTkGzHjsabI1JHksLab2hL9RrqT72Ql/07kVJFd
xv4j96bmhj0cb7s2rBILNvVaw8j4I5zKDkIsR6mTY+MOEv9KDKJr7XbgLljiV36G
82QT1BP0P3SUkWVlPS4KmqfjvVwgcMnH1pP5n8YtA3Oc+ILXVYvi365KWh2EuBlA
d/G6Vj8h+iPf68tI04r6vHlQY4x1gUHywiFcLTICbCRZT9gVRvM7tMjyCQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFE8N1GkH/HpGyFBWLa0ppUeSbLMGMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvVHczVWFRZjhla2JJVUZZdHJTbWxSNUpzc3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAAt
nJ0DBAJX95QDBAFZIVQDBABZI5oDBABZJT8DBAJbvMwDBAFdc/4DBAG5h4wDBAC5
h48DBAC57goDBAG58dIDBAC5/ycwDAMEALn/qQMEArn/qAMEALzUhQMEALzUmwME
ALzUngMEAbzVygMEALzW0QMEAbzw4AMEALzw4wMEALzw6QMEALzxbgMEAbzx8gME
AcEXgAMEAtXoXAMEANlKEDANBgkqhkiG9w0BAQsFAAOCAQEAd0mgMa1fNKJRwvzn
cSE7e1y0o2IeGpTGpWFWPg+oWb81hkcAqB4kciRdf21yBOZWNJrcQGcEKmTMG9e4
eSKRB4YWuIQJUah6Dn32zch+gEL13aL8+SROEcXbpjD2yH0IrEvxNiG6HxafEDTz
ZnesZ8QtM6g4N+N+IIOYumVqDsneuDTJm/UhFZSAm1Z8SztjpZ5vkPzXdoL+vN5j
6R4zHIHgYD+X67IWfiPG5WDnU6z00ZNFtSZSluD3bgc09BuRHqLvjx8xGXRXENrP
IKkOO6rUXDNwqNLiF67Dj4ca+QesBzFzrsSI/sIAquVeRn151rfwFj1w/+a1rBH5
5tnThg==
-----END CERTIFICATE-----
Generated at Wed Sep 6 09:06:49 2023 by rpki-client on console-ams.rpki-client.org