Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/xejGNzcJufEN7aGoPCmHlwMO0sw.roa
File: xejGNzcJufEN7aGoPCmHlwMO0sw.roa (raw, json)
Hash identifier: fyiTjskD73Zyo/4VSDKsKttplVP/o8NafHRxAO+2sy4=
Subject key identifier: C5:E8:C6:37:37:09:B9:F1:0D:ED:A1:A8:3C:29:87:97:03:0E:D2:CC
Certificate issuer: /CN=91c10bfde5813ab47c38c5c1904ec26b32c2a095
Certificate serial: 018B668CA83DD654B4D352A75A83D8393E6D
Authority key identifier: 91:C1:0B:FD:E5:81:3A:B4:7C:38:C5:C1:90:4E:C2:6B:32:C2:A0:95
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kcEL_eWBOrR8OMXBkE7CazLCoJU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/xejGNzcJufEN7aGoPCmHlwMO0sw.roa
Signing time: Wed 25 Oct 2023 11:16:15 +0000
ROA not before: Wed 25 Oct 2023 11:16:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8608
IP address blocks: 89.220.0.0/17 maxlen: 17
217.17.128.0/20 maxlen: 20
84.41.128.0/17 maxlen: 17
212.67.160.0/19 maxlen: 19
217.112.112.0/20 maxlen: 20
88.211.128.0/18 maxlen: 18
195.18.64.0/18 maxlen: 18
Validation: Failed, certificate revoked on Wed 25 Oct 2023 11:41:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:66:8c:a8:3d:d6:54:b4:d3:52:a7:5a:83:d8:39:3e:6d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=91c10bfde5813ab47c38c5c1904ec26b32c2a095
Validity
Not Before: Oct 25 11:16:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5e8c6373709b9f10deda1a83c298797030ed2cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:94:01:4d:79:20:de:ef:98:fd:0f:5f:88:ab:
29:59:21:58:97:45:37:49:2b:09:c0:bd:5b:ad:bc:
27:3a:d1:3a:4d:4d:88:0b:29:57:b4:24:84:50:82:
fd:99:06:96:ab:93:d3:01:06:11:87:9a:20:4b:4d:
ad:4d:5d:1f:02:13:7e:2d:96:9e:7a:3d:bc:6d:21:
d2:7a:9d:2c:78:70:3c:fa:51:18:7d:98:13:c4:13:
a2:8d:58:57:bc:1e:55:c5:79:90:ce:c6:81:8d:ec:
77:a5:cc:e1:94:ab:bb:cf:8b:e1:5a:33:56:99:bd:
eb:e7:a2:59:a0:92:2c:f9:b1:04:74:4f:c5:90:0c:
14:49:51:e8:63:90:a8:27:f7:34:9c:ac:bd:a7:51:
5f:4f:4c:65:ef:1b:05:2b:aa:9b:b2:ef:2e:27:e1:
20:fa:11:55:55:1a:d8:77:b1:af:d5:f4:2f:e6:ce:
e1:6e:05:e8:96:21:f9:47:25:18:b8:71:f0:c7:11:
4d:2b:e9:f5:61:ff:4c:27:ca:47:1a:9a:d2:05:ff:
9e:63:bf:39:ce:cc:e2:3e:76:99:78:42:e0:e8:2f:
70:8c:bf:09:2c:6b:85:b8:22:e3:35:3a:0e:c3:96:
66:b7:0c:af:06:ac:3a:d8:bf:1c:1f:d4:0b:2d:54:
fb:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:E8:C6:37:37:09:B9:F1:0D:ED:A1:A8:3C:29:87:97:03:0E:D2:CC
X509v3 Authority Key Identifier:
keyid:91:C1:0B:FD:E5:81:3A:B4:7C:38:C5:C1:90:4E:C2:6B:32:C2:A0:95
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kcEL_eWBOrR8OMXBkE7CazLCoJU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/xejGNzcJufEN7aGoPCmHlwMO0sw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/kcEL_eWBOrR8OMXBkE7CazLCoJU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.41.128.0/17
88.211.128.0/18
89.220.0.0/17
195.18.64.0/18
212.67.160.0/19
217.17.128.0/20
217.112.112.0/20
Signature Algorithm: sha256WithRSAEncryption
11:36:9f:4f:c1:0a:cf:ae:55:37:64:82:83:30:b9:97:05:78:
e8:86:58:d3:b4:79:ca:4f:3d:86:04:1f:9e:b5:4a:54:f6:7e:
59:68:9d:a6:c4:d1:ce:dc:8c:b5:2e:74:aa:4a:59:d6:0b:50:
e5:57:a5:bc:c6:7d:e7:41:a4:d0:46:50:41:38:6d:5f:bc:7a:
95:ce:3b:44:62:ae:72:c7:0c:e5:bb:06:d6:2c:fb:52:ef:33:
da:1e:e5:06:25:72:58:6b:41:40:13:6f:03:a9:95:c9:1d:3e:
34:5f:64:15:9f:3f:ee:d6:81:c9:00:ed:51:2e:03:30:78:c0:
e2:9e:58:fb:97:85:94:2b:ef:0b:f8:c0:fe:1d:0c:0f:81:60:
00:6b:7d:93:a1:b0:e2:b8:5d:f2:f9:fe:c8:7d:c1:58:89:2f:
2c:03:23:56:48:cf:a5:b4:ec:93:32:bb:dd:f0:9f:75:2a:ca:
8f:d6:36:81:53:a8:d6:ed:7d:bf:88:55:72:12:33:af:78:6e:
72:14:58:4a:c6:5a:7c:04:6e:97:56:6c:5a:c9:cb:59:0c:7a:
cd:92:fa:ef:2d:94:4c:c4:f9:16:eb:b6:3e:f4:c1:fc:73:c9:
a0:dd:0f:73:00:9a:69:d2:f8:89:65:20:49:8b:17:1f:99:12:
59:1c:4f:ca
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYtmjKg91lS001KnWoPYOT5tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYzEwYmZkZTU4MTNhYjQ3YzM4YzVjMTkwNGVjMjZiMzJj
MmEwOTUwHhcNMjMxMDI1MTExNjE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU4YzYzNzM3MDliOWYxMGRlZGExYTgzYzI5ODc5NzAzMGVkMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJQBTXkg3u+Y/Q9fiKspWSFYl0U3
SSsJwL1brbwnOtE6TU2ICylXtCSEUIL9mQaWq5PTAQYRh5ogS02tTV0fAhN+LZae
ej28bSHSep0seHA8+lEYfZgTxBOijVhXvB5VxXmQzsaBjex3pczhlKu7z4vhWjNW
mb3r56JZoJIs+bEEdE/FkAwUSVHoY5CoJ/c0nKy9p1FfT0xl7xsFK6qbsu8uJ+Eg
+hFVVRrYd7Gv1fQv5s7hbgXoliH5RyUYuHHwxxFNK+n1Yf9MJ8pHGprSBf+eY785
zsziPnaZeELg6C9wjL8JLGuFuCLjNToOw5ZmtwyvBqw62L8cH9QLLVT7cQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMXoxjc3CbnxDe2hqDwph5cDDtLMMB8GA1UdIwQY
MBaAFJHBC/3lgTq0fDjFwZBOwmsywqCVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2NFTF9lV0JPclI4T01YQmtFN0NhekxDb0pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zZmViMTUtNjgzNC00M2UyLWI2ZTct
MDRkNzRmMzY4Njk4LzEveGVqR056Y0p1ZkVON2FHb1BDbUhsd01PMHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zZmViMTUtNjgzNC00M2UyLWI2ZTctMDRkNzRmMzY4Njk4
LzEva2NFTF9lV0JPclI4T01YQmtFN0NhekxDb0pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQHVCmAAwQG
WNOAAwQHWdwAAwQGwxJAAwQF1EOgAwQE2RGAAwQE2XBwMA0GCSqGSIb3DQEBCwUA
A4IBAQARNp9PwQrPrlU3ZIKDMLmXBXjohljTtHnKTz2GBB+etUpU9n5ZaJ2mxNHO
3Iy1LnSqSlnWC1DlV6W8xn3nQaTQRlBBOG1fvHqVzjtEYq5yxwzluwbWLPtS7zPa
HuUGJXJYa0FAE28DqZXJHT40X2QVnz/u1oHJAO1RLgMweMDinlj7l4WUK+8L+MD+
HQwPgWAAa32TobDiuF3y+f7IfcFYiS8sAyNWSM+ltOyTMrvd8J91KsqP1jaBU6jW
7X2/iFVyEjOveG5yFFhKxlp8BG6XVmxayctZDHrNkvrvLZRMxPkW67Y+9MH8c8mg
3Q9zAJpp0viJZSBJixcfmRJZHE/K
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:48 2024 by rpki-client on console-fra.rpki-client.org