Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iqexBZbDDgb9QrepSCvk27waMIQ.roa
File: iqexBZbDDgb9QrepSCvk27waMIQ.roa (raw, json)
Hash identifier: wVPqbRYf9vxZUfuh97I7m3TWzbCvPM4YLoQ05HVJkGk=
Subject key identifier: 8A:A7:B1:05:96:C3:0E:06:FD:42:B7:A9:48:2B:E4:DB:BC:1A:30:84
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 019098D464AFC3F60C56D074F17CFDEBE47B
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iqexBZbDDgb9QrepSCvk27waMIQ.roa
Signing time: Tue 09 Jul 2024 18:49:34 +0000
ROA not before: Tue 09 Jul 2024 18:49:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212238
IP address blocks: 62.197.144.0/24 maxlen: 24
62.197.147.0/24 maxlen: 24
62.197.148.0/24 maxlen: 24
62.197.150.0/24 maxlen: 24
62.197.152.0/24 maxlen: 24
92.62.121.0/24 maxlen: 24
193.19.108.0/24 maxlen: 24
220.158.199.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 22 Jul 2024 11:21:39 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:98:d4:64:af:c3:f6:0c:56:d0:74:f1:7c:fd:eb:e4:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jul 9 18:49:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8aa7b10596c30e06fd42b7a9482be4dbbc1a3084
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:2b:45:c7:99:2f:42:53:d2:3e:df:0f:8a:e1:
dd:dd:9c:e0:a8:a7:89:9e:21:af:15:94:7b:0c:47:
3e:15:83:47:3d:e2:85:d7:00:1f:ce:c6:ef:66:c9:
a2:0a:41:2d:7b:cd:83:1c:6b:cf:4a:de:3f:4b:a8:
e1:f3:0e:3a:5a:cb:e8:d4:c5:76:9e:62:f2:46:80:
15:b3:f5:0b:7c:67:e9:d6:a7:5d:25:30:6a:e5:f4:
33:97:5a:b6:a6:47:32:44:5e:02:8e:69:c5:7b:de:
59:d9:56:6e:f2:57:7d:91:94:aa:87:9b:29:ae:c0:
d4:56:bb:22:f0:2d:f0:5c:ce:a0:36:87:86:31:bb:
8c:5a:97:63:61:60:b6:05:ef:0c:5c:0c:dd:70:b9:
81:76:07:27:bf:d1:90:fd:db:8f:df:51:89:d0:fa:
79:79:e7:98:f6:b2:e3:91:fa:ef:39:92:f1:77:de:
df:87:e5:45:6d:6c:f4:fe:df:00:29:6d:5c:66:a9:
bd:b7:68:14:3a:4f:10:a3:33:ce:9b:db:ef:e1:56:
86:42:fc:f9:31:d2:dc:37:f8:57:e0:70:d3:01:ee:
9b:b5:cc:05:a7:42:81:69:02:3e:da:45:e6:aa:08:
f1:ff:75:81:50:d7:e1:ca:3e:ff:ac:dc:d1:0e:af:
3e:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:A7:B1:05:96:C3:0E:06:FD:42:B7:A9:48:2B:E4:DB:BC:1A:30:84
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/iqexBZbDDgb9QrepSCvk27waMIQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.197.144.0/24
62.197.147.0-62.197.148.255
62.197.150.0/24
62.197.152.0/24
92.62.121.0/24
193.19.108.0/24
220.158.199.0/24
Signature Algorithm: sha256WithRSAEncryption
15:4c:dc:c3:74:91:60:86:f0:82:21:80:38:bb:6e:62:63:e5:
b7:89:e5:4b:6a:62:17:5d:3b:47:bb:ae:1a:f1:95:51:11:c8:
9a:58:22:a8:07:4b:89:98:60:0a:63:0c:77:f1:f6:b5:82:4e:
e3:ab:1a:72:82:cc:bf:c1:8f:0c:a8:a0:ed:f7:25:f1:7a:c2:
69:fb:81:bf:b8:10:a1:69:2a:3b:92:c1:d0:ce:57:5b:21:dd:
67:87:08:26:22:dd:ec:4a:32:61:c9:a3:13:7f:8f:90:7a:56:
65:f6:d4:ce:8c:b1:8f:7f:d1:c1:09:b4:75:99:9b:b5:3f:98:
90:7e:57:90:47:01:2b:d4:10:cb:ad:10:e3:f3:d4:4e:97:b6:
51:17:00:fc:ee:29:0d:42:e8:f8:b3:61:e1:f8:8e:e0:f5:ef:
57:d9:56:a7:31:ad:1a:34:81:ba:ed:ac:f2:32:a1:08:ce:de:
b1:46:0b:89:a8:d0:1c:92:25:43:c4:bc:3a:99:de:cb:45:16:
92:a2:d3:7b:f0:f4:b5:42:65:1f:f1:5e:43:13:f7:38:ba:80:
01:8a:1c:fb:e2:b0:fa:47:ef:9d:91:f1:5c:3e:9b:a5:82:0e:
b5:e5:d6:d5:d7:79:2d:92:42:dd:33:4d:ef:54:50:37:f0:1d:
f0:1b:b5:7a
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAZCY1GSvw/YMVtB08Xz96+R7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwNzA5MTg0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWE3YjEwNTk2YzMwZTA2ZmQ0MmI3YTk0ODJiZTRkYmJjMWEzMDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0StFx5kvQlPSPt8PiuHd3ZzgqKeJ
niGvFZR7DEc+FYNHPeKF1wAfzsbvZsmiCkEte82DHGvPSt4/S6jh8w46Wsvo1MV2
nmLyRoAVs/ULfGfp1qddJTBq5fQzl1q2pkcyRF4CjmnFe95Z2VZu8ld9kZSqh5sp
rsDUVrsi8C3wXM6gNoeGMbuMWpdjYWC2Be8MXAzdcLmBdgcnv9GQ/duP31GJ0Pp5
eeeY9rLjkfrvOZLxd97fh+VFbWz0/t8AKW1cZqm9t2gUOk8QozPOm9vv4VaGQvz5
MdLcN/hX4HDTAe6btcwFp0KBaQI+2kXmqgjx/3WBUNfhyj7/rNzRDq8+fQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFIqnsQWWww4G/UK3qUgr5Nu8GjCEMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvaXFleEJaYkREZ2I5UXJlcFNDdmsyN3dhTUlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAPsWQMAwD
BAA+xZMDBAA+xZQDBAA+xZYDBAA+xZgDBABcPnkDBADBE2wDBADcnscwDQYJKoZI
hvcNAQELBQADggEBABVM3MN0kWCG8IIhgDi7bmJj5beJ5UtqYhddO0e7rhrxlVER
yJpYIqgHS4mYYApjDHfx9rWCTuOrGnKCzL/BjwyooO33JfF6wmn7gb+4EKFpKjuS
wdDOV1sh3WeHCCYi3exKMmHJoxN/j5B6VmX21M6MsY9/0cEJtHWZm7U/mJB+V5BH
ASvUEMutEOPz1E6XtlEXAPzuKQ1C6PizYeH4juD171fZVqcxrRo0gbrtrPIyoQjO
3rFGC4mo0BySJUPEvDqZ3stFFpKi03vw9LVCZR/xXkMT9zi6gAGKHPvisPpH752R
8Vw+m6WCDrXl1tXXeS2SQt0zTe9UUDfwHfAbtXo=
-----END CERTIFICATE-----
Generated at Mon Jul 22 14:12:10 2024 by rpki-client on console-ams.rpki-client.org