Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/tI3zH2l8Huo2o7KlVNWgO7TBAqQ.roa
File: tI3zH2l8Huo2o7KlVNWgO7TBAqQ.roa (raw, json)
Hash identifier: PdW6JFiQAZU8dPV7L+KdqNKP8w6LTcdxwgaRFv9r3ns=
Subject key identifier: B4:8D:F3:1F:69:7C:1E:EA:36:A3:B2:A5:54:D5:A0:3B:B4:C1:02:A4
Certificate issuer: /CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Certificate serial: 018AEF1D757528E965B2FA91A914C815613B
Authority key identifier: 9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/tI3zH2l8Huo2o7KlVNWgO7TBAqQ.roa
Signing time: Mon 02 Oct 2023 06:39:59 +0000
ROA not before: Mon 02 Oct 2023 06:39:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7393
IP address blocks: 193.201.13.0/24 maxlen: 24
188.244.127.0/24 maxlen: 24
185.249.55.0/24 maxlen: 24
80.71.151.0/24 maxlen: 24
5.172.176.0/24 maxlen: 24
89.107.8.0/24 maxlen: 24
185.235.224.0/24 maxlen: 24
195.225.97.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 30 Oct 2023 18:42:15 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ef:1d:75:75:28:e9:65:b2:fa:91:a9:14:c8:15:61:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9dc28ae9937ff7e49ec4f1234e53d8b9dd694541
Validity
Not Before: Oct 2 06:39:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b48df31f697c1eea36a3b2a554d5a03bb4c102a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:4f:35:e4:e4:d9:05:92:03:9f:1c:f6:cd:d5:
e5:95:11:fd:9c:31:98:50:45:dd:f3:db:0e:39:18:
c0:6d:0b:df:cd:67:40:29:e5:76:da:9a:5a:a1:25:
eb:ff:ee:bd:2a:93:46:12:45:d5:9e:74:3e:8b:16:
69:ab:9b:76:e2:4b:c7:b3:b3:90:c6:42:59:e1:c4:
2a:d2:27:0d:b0:09:da:91:82:10:f5:7f:ea:e8:3b:
5a:06:16:21:63:96:b8:61:3c:06:63:0c:0a:c8:6f:
8a:62:fe:e4:7a:35:93:42:19:cc:77:7b:4e:e0:9a:
61:1a:ba:21:f2:58:00:f2:1a:d3:e6:05:09:61:43:
f7:22:03:11:3c:45:e5:84:4e:22:0c:d6:f6:60:41:
69:13:68:97:ac:0c:f6:5c:4e:ff:41:cd:ea:3b:15:
a6:53:22:2f:65:8b:c6:11:6c:13:7f:ab:de:68:76:
8d:57:42:79:3b:ca:05:05:ec:23:78:89:87:56:59:
83:4a:e5:57:c6:7f:54:5e:ec:49:27:e1:a4:8c:71:
d4:7e:42:5d:21:59:1c:ee:48:f0:66:46:8c:51:8d:
09:a9:af:a3:b6:9f:c7:76:24:46:d3:05:f5:1f:09:
29:44:1a:c8:eb:10:25:48:3b:bc:97:f0:76:61:87:
72:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:8D:F3:1F:69:7C:1E:EA:36:A3:B2:A5:54:D5:A0:3B:B4:C1:02:A4
X509v3 Authority Key Identifier:
keyid:9D:C2:8A:E9:93:7F:F7:E4:9E:C4:F1:23:4E:53:D8:B9:DD:69:45:41
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ncKK6ZN_9-SexPEjTlPYud1pRUE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/tI3zH2l8Huo2o7KlVNWgO7TBAqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/c0330c-9872-4ac6-a22c-192cbd08db51/1/ncKK6ZN_9-SexPEjTlPYud1pRUE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.172.176.0/24
80.71.151.0/24
89.107.8.0/24
185.235.224.0/24
185.249.55.0/24
188.244.127.0/24
193.201.13.0/24
195.225.97.0/24
Signature Algorithm: sha256WithRSAEncryption
48:be:63:b8:82:84:ee:b0:b4:dc:46:ad:ee:71:e3:bf:4a:a9:
e4:a7:93:06:4a:c8:8f:cc:9b:b7:a9:b5:a8:fc:19:51:c9:86:
e2:6c:42:40:9d:d4:be:60:e3:66:7a:13:aa:7f:e5:e1:e2:68:
31:4e:d8:3a:24:ab:5f:6e:a3:a1:d4:7e:0f:f4:b5:4b:81:4a:
de:e3:54:2b:8a:19:75:d0:1b:19:29:dc:bd:c0:3d:a3:6a:99:
ca:8d:f6:f5:43:02:2f:02:81:fa:fa:26:50:c5:c3:5c:09:59:
96:50:e7:af:98:6e:98:9e:a6:8e:8c:8c:56:6b:ea:b0:9a:d6:
5f:99:dc:6f:8d:37:e7:b5:e6:a4:4d:82:fb:1a:57:ec:d4:2e:
68:67:06:2f:61:cf:ad:04:be:8d:34:00:b8:59:2a:1b:2e:56:
4e:26:d8:3b:97:27:ca:7f:ff:58:6e:1b:3c:9a:8c:71:e8:62:
07:5e:ca:fd:f9:ce:ee:39:be:f9:35:1c:3c:0b:47:d1:8c:27:
dc:cf:04:0c:90:ab:bb:4d:4e:5f:30:63:59:98:80:15:d8:da:
07:49:01:21:75:e1:dc:8d:7d:70:04:93:70:59:9a:c3:50:04:
6f:4d:04:5d:f0:12:70:8a:20:e5:40:ff:8f:90:2d:a6:ce:ee:
54:ff:2a:aa
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYrvHXV1KOllsvqRqRTIFWE7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzI4YWU5OTM3ZmY3ZTQ5ZWM0ZjEyMzRlNTNkOGI5ZGQ2
OTQ1NDEwHhcNMjMxMDAyMDYzOTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDhkZjMxZjY5N2MxZWVhMzZhM2IyYTU1NGQ1YTAzYmI0YzEwMmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApE815OTZBZIDnxz2zdXllRH9nDGY
UEXd89sOORjAbQvfzWdAKeV22ppaoSXr/+69KpNGEkXVnnQ+ixZpq5t24kvHs7OQ
xkJZ4cQq0icNsAnakYIQ9X/q6DtaBhYhY5a4YTwGYwwKyG+KYv7kejWTQhnMd3tO
4JphGroh8lgA8hrT5gUJYUP3IgMRPEXlhE4iDNb2YEFpE2iXrAz2XE7/Qc3qOxWm
UyIvZYvGEWwTf6veaHaNV0J5O8oFBewjeImHVlmDSuVXxn9UXuxJJ+GkjHHUfkJd
IVkc7kjwZkaMUY0Jqa+jtp/HdiRG0wX1HwkpRBrI6xAlSDu8l/B2YYdyywIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFLSN8x9pfB7qNqOypVTVoDu0wQKkMB8GA1UdIwQY
MBaAFJ3CiumTf/fknsTxI05T2LndaUVBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMt
MTkyY2JkMDhkYjUxLzEvdEkzekgybDhIdW8ybzdLbFZOV2dPN1RCQXFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jMDMzMGMtOTg3Mi00YWM2LWEyMmMtMTkyY2JkMDhkYjUx
LzEvbmNLSzZaTl85LVNleFBFalRsUFl1ZDFwUlVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQABaywAwQA
UEeXAwQAWWsIAwQAuevgAwQAufk3AwQAvPR/AwQAwckNAwQAw+FhMA0GCSqGSIb3
DQEBCwUAA4IBAQBIvmO4goTusLTcRq3uceO/Sqnkp5MGSsiPzJu3qbWo/BlRyYbi
bEJAndS+YONmehOqf+Xh4mgxTtg6JKtfbqOh1H4P9LVLgUre41Qrihl10BsZKdy9
wD2japnKjfb1QwIvAoH6+iZQxcNcCVmWUOevmG6YnqaOjIxWa+qwmtZfmdxvjTfn
teakTYL7Glfs1C5oZwYvYc+tBL6NNAC4WSobLlZOJtg7lyfKf/9Ybhs8moxx6GIH
Xsr9+c7uOb75NRw8C0fRjCfczwQMkKu7TU5fMGNZmIAV2NoHSQEhdeHcjX1wBJNw
WZrDUARvTQRd8BJwiiDlQP+PkC2mzu5U/yqq
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:52:54 2024 by rpki-client on console-fra.rpki-client.org