Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/qsx8j-M-bXUGiadmOFF47Tgl7oo.roa
File: qsx8j-M-bXUGiadmOFF47Tgl7oo.roa (raw, json)
Hash identifier: XnPrf4MlsY0C0g+uNaAL5/fwhlSTITqppaw17IqJmi0=
Subject key identifier: AA:CC:7C:8F:E3:3E:6D:75:06:89:A7:66:38:51:78:ED:38:25:EE:8A
Certificate issuer: /CN=336f6ac82f6f28e3d3e5b66475594d8318e75ab3
Certificate serial: 0188783EF62AB1B0E9C993B71B6905A76F96
Authority key identifier: 33:6F:6A:C8:2F:6F:28:E3:D3:E5:B6:64:75:59:4D:83:18:E7:5A:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/M29qyC9vKOPT5bZkdVlNgxjnWrM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/qsx8j-M-bXUGiadmOFF47Tgl7oo.roa
Signing time: Thu 01 Jun 2023 18:36:12 +0000
ROA not before: Thu 01 Jun 2023 18:36:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7155
IP address blocks: 37.19.97.0/24 maxlen: 24
37.19.96.0/21 maxlen: 21
37.19.98.0/24 maxlen: 24
37.19.99.0/24 maxlen: 24
37.19.100.0/24 maxlen: 24
185.109.163.0/24 maxlen: 24
37.203.192.0/24 maxlen: 24
37.203.192.0/22 maxlen: 22
37.203.192.0/21 maxlen: 21
37.203.193.0/24 maxlen: 24
37.203.194.0/24 maxlen: 24
37.203.195.0/24 maxlen: 24
37.203.196.0/24 maxlen: 24
37.203.197.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:78:3e:f6:2a:b1:b0:e9:c9:93:b7:1b:69:05:a7:6f:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=336f6ac82f6f28e3d3e5b66475594d8318e75ab3
Validity
Not Before: Jun 1 18:36:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=aacc7c8fe33e6d750689a766385178ed3825ee8a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:ab:90:29:0a:6a:3c:b7:b1:41:c7:35:7d:0c:
31:fc:26:0f:26:2b:9b:19:42:e7:bc:a6:28:19:ec:
6d:22:67:d9:bb:70:c6:e9:3e:e7:e1:e6:8e:75:ac:
ae:7c:07:51:9a:8c:07:b8:8c:96:fa:74:52:30:30:
16:c2:0e:2d:11:42:0c:71:25:7d:99:77:b5:bc:87:
78:6b:67:20:38:c6:7c:ef:44:3f:a0:ad:26:26:5c:
73:49:1f:26:b7:d5:ce:0a:44:ae:ca:1c:57:56:a2:
ed:48:9a:2f:bb:69:27:81:cc:19:2d:55:88:16:4b:
41:2a:e0:7f:3e:03:08:4c:ec:aa:8a:0a:d1:5b:f8:
94:72:d9:28:29:66:21:4f:51:03:c2:3f:3d:ca:16:
e6:0e:b5:ef:fc:8c:11:77:ac:42:c5:2c:c0:c3:86:
ae:bf:a6:6f:2a:d8:ab:8c:8a:81:3c:a3:28:38:3e:
a3:05:50:95:a5:5b:09:6a:35:72:8a:42:bf:58:6c:
23:53:de:62:5a:42:96:df:c7:be:88:c2:87:f6:c4:
a9:81:72:c0:92:0b:68:f7:37:3d:c7:b9:a9:9b:4e:
a3:81:3a:d8:4a:20:d1:16:4a:55:a8:58:d4:be:4e:
d4:ef:2a:44:69:de:8e:07:bf:a2:0f:36:73:e3:c7:
4d:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:CC:7C:8F:E3:3E:6D:75:06:89:A7:66:38:51:78:ED:38:25:EE:8A
X509v3 Authority Key Identifier:
keyid:33:6F:6A:C8:2F:6F:28:E3:D3:E5:B6:64:75:59:4D:83:18:E7:5A:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M29qyC9vKOPT5bZkdVlNgxjnWrM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/qsx8j-M-bXUGiadmOFF47Tgl7oo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/915cbb-568a-4f42-8b80-ccb016ae1513/1/M29qyC9vKOPT5bZkdVlNgxjnWrM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.19.96.0/21
37.203.192.0/21
185.109.163.0/24
Signature Algorithm: sha256WithRSAEncryption
35:44:76:6b:c1:00:59:2b:90:5b:0b:3e:24:b2:89:21:fb:6c:
15:50:2a:36:00:2e:8a:3f:dd:14:33:99:54:cd:85:4b:dc:97:
17:25:02:f6:59:35:47:c4:c6:4e:0a:cb:2b:aa:a0:45:6f:0b:
51:18:b5:3f:6f:5e:f4:39:25:33:d4:11:d0:5b:08:13:ab:d9:
d0:90:d9:92:e2:03:77:d0:d7:60:ed:f8:12:b2:69:34:5d:b1:
d1:02:cb:97:7b:1e:be:37:3d:50:8a:17:4f:b5:2c:49:d5:e2:
16:1d:8b:26:ea:9d:ef:6d:95:9f:8f:29:83:98:e4:95:84:de:
b8:6f:dc:22:ac:cf:0d:43:ee:de:e0:2e:d3:68:a1:f6:a1:4f:
d1:f0:cc:e5:10:57:ea:62:a4:12:7e:d1:9a:da:55:6a:56:85:
e9:f1:28:09:c6:64:74:a1:d7:18:b6:c3:8b:4a:3a:26:5b:9d:
9c:33:07:2d:f5:31:12:43:37:50:75:de:9d:90:3d:25:21:c3:
a1:61:69:4d:0a:fa:e1:de:78:a8:be:f0:7c:51:64:fc:64:f9:
98:ad:30:1d:87:b1:45:3f:3b:be:e3:ed:f3:05:5b:ce:97:c4:
de:8e:15:48:bb:6a:c7:49:98:1f:f0:7c:b6:df:38:23:27:f9:
cf:86:b4:91
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYh4PvYqsbDpyZO3G2kFp2+WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNmY2YWM4MmY2ZjI4ZTNkM2U1YjY2NDc1NTk0ZDgzMThl
NzVhYjMwHhcNMjMwNjAxMTgzNjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWNjN2M4ZmUzM2U2ZDc1MDY4OWE3NjYzODUxNzhlZDM4MjVlZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwquQKQpqPLexQcc1fQwx/CYPJiub
GULnvKYoGextImfZu3DG6T7n4eaOdayufAdRmowHuIyW+nRSMDAWwg4tEUIMcSV9
mXe1vId4a2cgOMZ870Q/oK0mJlxzSR8mt9XOCkSuyhxXVqLtSJovu2kngcwZLVWI
FktBKuB/PgMITOyqigrRW/iUctkoKWYhT1EDwj89yhbmDrXv/IwRd6xCxSzAw4au
v6ZvKtirjIqBPKMoOD6jBVCVpVsJajVyikK/WGwjU95iWkKW38e+iMKH9sSpgXLA
kgto9zc9x7mpm06jgTrYSiDRFkpVqFjUvk7U7ypEad6OB7+iDzZz48dNVQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKrMfI/jPm11BomnZjhReO04Je6KMB8GA1UdIwQY
MBaAFDNvasgvbyjj0+W2ZHVZTYMY51qzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTI5cXlDOXZLT1BUNWJaa2RWbE5neGpuV3JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85MTVjYmItNTY4YS00ZjQyLThiODAt
Y2NiMDE2YWUxNTEzLzEvcXN4OGotTS1iWFVHaWFkbU9GRjQ3VGdsN29vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85MTVjYmItNTY4YS00ZjQyLThiODAtY2NiMDE2YWUxNTEz
LzEvTTI5cXlDOXZLT1BUNWJaa2RWbE5neGpuV3JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDJRNgAwQD
JcvAAwQAuW2jMA0GCSqGSIb3DQEBCwUAA4IBAQA1RHZrwQBZK5BbCz4ksokh+2wV
UCo2AC6KP90UM5lUzYVL3JcXJQL2WTVHxMZOCssrqqBFbwtRGLU/b170OSUz1BHQ
WwgTq9nQkNmS4gN30Ndg7fgSsmk0XbHRAsuXex6+Nz1QihdPtSxJ1eIWHYsm6p3v
bZWfjymDmOSVhN64b9wirM8NQ+7e4C7TaKH2oU/R8MzlEFfqYqQSftGa2lVqVoXp
8SgJxmR0odcYtsOLSjomW52cMwct9TESQzdQdd6dkD0lIcOhYWlNCvrh3niovvB8
UWT8ZPmYrTAdh7FFPzu+4+3zBVvOl8TejhVIu2rHSZgf8Hy23zgjJ/nPhrSR
-----END CERTIFICATE-----
Generated at Tue Jan 2 17:35:47 2024 by rpki-client on console-fra.rpki-client.org