Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hzP9jyGasSGBsNlndII0rBeaCME.roa
File: hzP9jyGasSGBsNlndII0rBeaCME.roa (raw, json)
Hash identifier: K0ZpTVIO2nm678lLMfREV8HSSY7bOzxQy1mXG4tH60o=
Subject key identifier: 87:33:FD:8F:21:9A:B1:21:81:B0:D9:67:74:82:34:AC:17:9A:08:C1
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018B89F1A2B0DEF23E990113318E38DA7C96
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hzP9jyGasSGBsNlndII0rBeaCME.roa
Signing time: Wed 01 Nov 2023 08:13:16 +0000
ROA not before: Wed 01 Nov 2023 08:13:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 40676
IP address blocks: 45.91.50.0/24 maxlen: 24
45.8.68.0/24 maxlen: 24
45.67.97.0/24 maxlen: 24
45.67.99.0/24 maxlen: 24
188.214.208.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:89:f1:a2:b0:de:f2:3e:99:01:13:31:8e:38:da:7c:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Nov 1 08:13:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8733fd8f219ab12181b0d967748234ac179a08c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:48:39:9f:9d:d3:51:fc:da:9d:4e:02:5d:ab:
89:4a:71:21:16:d1:4f:82:0d:70:9b:89:10:a3:48:
5c:26:f7:59:d4:38:12:78:9e:dd:e5:0b:c1:d9:0d:
b0:d7:dd:6b:de:e5:48:21:23:80:d3:98:a4:77:87:
10:ec:9b:75:71:b0:69:15:8a:81:7b:0d:0d:8b:d0:
6b:1b:cd:22:db:47:c3:86:de:58:52:7d:03:55:3c:
1c:83:cd:27:f9:f5:bf:51:0e:75:84:7b:6d:0d:c4:
a1:00:b1:a5:0f:83:3f:b6:cb:77:b2:00:17:19:e1:
30:f7:51:67:84:fe:07:3b:41:ea:99:65:ab:51:fe:
30:b1:29:50:c0:cc:8b:e6:4b:0d:59:9f:1c:2f:88:
eb:45:6f:26:cd:7a:36:05:c8:ca:f5:d1:e5:d8:fe:
dd:92:01:c7:f9:da:19:fb:48:83:a3:b5:88:7a:7b:
8f:c9:6a:a0:83:cd:b4:4f:ce:26:57:cb:b8:45:0a:
d0:f5:e5:88:58:94:69:59:8e:79:00:16:58:7b:7d:
b5:ce:c4:03:af:57:19:96:2c:d7:6f:b9:8e:7a:b9:
ce:74:7e:5d:cf:ec:6f:5d:60:0b:34:c7:fa:19:17:
2d:68:01:bd:a7:33:8e:49:79:74:0b:c7:b8:25:43:
9c:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:33:FD:8F:21:9A:B1:21:81:B0:D9:67:74:82:34:AC:17:9A:08:C1
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/hzP9jyGasSGBsNlndII0rBeaCME.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.68.0/24
45.67.97.0/24
45.67.99.0/24
45.91.50.0/24
188.214.208.0/24
Signature Algorithm: sha256WithRSAEncryption
01:02:99:23:2c:a7:38:b6:b4:20:d7:24:8c:01:fb:88:a7:68:
d9:1a:ca:c1:57:b5:50:3f:59:91:65:a9:18:f4:4c:83:ee:bd:
6e:3e:84:59:49:6d:16:9e:d5:e7:d7:72:62:22:b1:76:ee:76:
3d:a0:73:09:45:91:7c:dc:0b:1e:39:cf:ad:df:0e:b5:e4:11:
85:aa:71:65:72:f4:35:c5:6d:19:64:a8:0a:92:dd:f9:0b:ef:
e4:77:a4:be:13:6c:f6:ed:fe:16:2a:51:18:56:aa:76:f8:54:
3c:c1:df:e3:a0:52:a6:1f:ae:65:33:b3:63:9e:fa:18:a3:23:
5e:42:77:83:76:c7:63:8f:7d:4c:73:ec:42:35:0e:28:78:c2:
ea:74:cb:0c:ab:ad:86:f9:f2:92:1a:24:f9:c0:fb:78:f0:e5:
5c:35:0f:a1:98:14:4c:c8:a3:ad:6a:0b:08:00:29:fb:c8:52:
6d:7b:1d:f7:2e:2c:f4:a2:53:45:1f:20:04:00:3e:01:09:19:
e9:fc:0a:25:08:78:ee:81:f8:34:d0:31:28:0a:01:4a:62:dc:
cc:7b:66:d3:f7:1c:ef:c1:9e:b7:d1:66:91:7d:06:08:cb:7e:
4e:c8:47:ea:26:23:bd:9d:b0:47:f3:23:e7:89:b5:11:2f:6a:
43:14:55:19
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYuJ8aKw3vI+mQETMY442nyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMxMTAxMDgxMzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzMzZmQ4ZjIxOWFiMTIxODFiMGQ5Njc3NDgyMzRhYzE3OWEwOGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkg5n53TUfzanU4CXauJSnEhFtFP
gg1wm4kQo0hcJvdZ1DgSeJ7d5QvB2Q2w191r3uVIISOA05ikd4cQ7Jt1cbBpFYqB
ew0Ni9BrG80i20fDht5YUn0DVTwcg80n+fW/UQ51hHttDcShALGlD4M/tst3sgAX
GeEw91FnhP4HO0HqmWWrUf4wsSlQwMyL5ksNWZ8cL4jrRW8mzXo2BcjK9dHl2P7d
kgHH+doZ+0iDo7WIenuPyWqgg820T84mV8u4RQrQ9eWIWJRpWY55ABZYe321zsQD
r1cZlizXb7mOernOdH5dz+xvXWALNMf6GRctaAG9pzOOSXl0C8e4JUOcsQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIcz/Y8hmrEhgbDZZ3SCNKwXmgjBMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaHpQOWp5R2FzU0dCc05sbmRJSTByQmVhQ01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQALQhEAwQA
LUNhAwQALUNjAwQALVsyAwQAvNbQMA0GCSqGSIb3DQEBCwUAA4IBAQABApkjLKc4
trQg1ySMAfuIp2jZGsrBV7VQP1mRZakY9EyD7r1uPoRZSW0WntXn13JiIrF27nY9
oHMJRZF83AseOc+t3w615BGFqnFlcvQ1xW0ZZKgKkt35C+/kd6S+E2z27f4WKlEY
Vqp2+FQ8wd/joFKmH65lM7NjnvoYoyNeQneDdsdjj31Mc+xCNQ4oeMLqdMsMq62G
+fKSGiT5wPt48OVcNQ+hmBRMyKOtagsIACn7yFJtex33Liz0olNFHyAEAD4BCRnp
/AolCHjugfg00DEoCgFKYtzMe2bT9xzvwZ630WaRfQYIy35OyEfqJiO9nbBH8yPn
ibURL2pDFFUZ
-----END CERTIFICATE-----
Generated at Wed Nov 1 15:53:36 2023 by rpki-client on console-fra.rpki-client.org