Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/kxp-6YQHA_DEgmxbupuJ8cq9zt0.roa
File: kxp-6YQHA_DEgmxbupuJ8cq9zt0.roa (raw, json)
Hash identifier: LORbQw7yMTJBKMDckVMUwa0eTnQVJEtwaop3RRD07mY=
Subject key identifier: 93:1A:7E:E9:84:07:03:F0:C4:82:6C:5B:BA:9B:89:F1:CA:BD:CE:DD
Certificate issuer: /CN=fca98b1d0ecccc4f6ff1a7e7db84b4bb2f55b08d
Certificate serial: 018BE49795D1B2D8521F0A5E6A2FE421E0D8
Authority key identifier: FC:A9:8B:1D:0E:CC:CC:4F:6F:F1:A7:E7:DB:84:B4:BB:2F:55:B0:8D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/kxp-6YQHA_DEgmxbupuJ8cq9zt0.roa
Signing time: Sat 18 Nov 2023 22:40:21 +0000
ROA not before: Sat 18 Nov 2023 22:40:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50272
IP address blocks: 185.41.64.0/22 maxlen: 24
62.24.32.0/19 maxlen: 19
62.24.32.0/20 maxlen: 20
62.24.48.0/20 maxlen: 20
185.155.140.0/22 maxlen: 24
185.155.140.0/24 maxlen: 24
185.155.143.0/24 maxlen: 24
185.155.142.0/24 maxlen: 24
185.155.141.0/24 maxlen: 24
2a03:1400::/32 maxlen: 32
2a07:33c0::/29 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 14:29:43 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:e4:97:95:d1:b2:d8:52:1f:0a:5e:6a:2f:e4:21:e0:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fca98b1d0ecccc4f6ff1a7e7db84b4bb2f55b08d
Validity
Not Before: Nov 18 22:40:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=931a7ee9840703f0c4826c5bba9b89f1cabdcedd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:0a:57:8d:f6:e2:0a:a6:0f:14:e9:bf:59:73:
16:cd:ec:3a:b6:81:2e:d4:a4:19:fb:2e:63:43:53:
d6:08:ec:32:c8:25:50:11:37:f2:a3:93:44:ec:44:
8e:28:6b:6a:80:54:6a:95:7e:89:e3:07:5a:79:ca:
ba:07:86:27:83:89:62:ca:3f:59:ee:76:25:fa:fb:
d2:0a:34:cc:dc:d2:a1:f7:98:90:c6:0d:e8:6b:c1:
95:79:50:8b:6c:71:fc:7a:07:ce:e7:3c:5a:f6:4a:
77:d6:66:69:c2:7a:90:b3:54:64:41:2c:7f:a9:b6:
d9:3d:91:64:91:c7:e4:c5:b8:84:77:1a:24:c9:2d:
ab:43:66:b6:0a:89:ce:41:3a:e0:9c:e7:63:c3:19:
2d:47:85:a1:42:51:73:0d:1e:4f:4f:62:ea:bd:1e:
c0:50:6d:ac:be:48:63:56:75:a0:6d:95:da:5f:0d:
89:5c:82:7e:46:c8:e5:3f:7a:d0:fe:01:4d:22:ba:
a5:ff:d1:30:59:bd:da:9d:43:e9:ce:8d:f3:85:3f:
96:2d:8f:cc:60:3b:09:32:4f:5a:e4:5b:3e:10:f0:
39:51:8e:d2:0b:1a:5d:84:a0:2e:e1:54:12:87:e7:
a0:07:ef:7c:fe:6e:97:3f:0b:39:d4:89:5f:71:db:
55:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:1A:7E:E9:84:07:03:F0:C4:82:6C:5B:BA:9B:89:F1:CA:BD:CE:DD
X509v3 Authority Key Identifier:
keyid:FC:A9:8B:1D:0E:CC:CC:4F:6F:F1:A7:E7:DB:84:B4:BB:2F:55:B0:8D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KmLHQ7MzE9v8afn24S0uy9VsI0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/kxp-6YQHA_DEgmxbupuJ8cq9zt0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/971e73-fa83-4579-8532-58f0f325c2b8/1/_KmLHQ7MzE9v8afn24S0uy9VsI0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.24.32.0/19
185.41.64.0/22
185.155.140.0/22
IPv6:
2a03:1400::/32
2a07:33c0::/29
Signature Algorithm: sha256WithRSAEncryption
09:a0:6d:e0:9d:90:34:bd:4c:b9:36:03:93:c7:f7:58:96:09:
3c:ff:12:0f:44:9f:9c:45:93:3d:94:b4:64:7b:91:10:01:7e:
e0:92:9c:1f:7f:74:17:fa:83:a7:c8:e2:69:e8:37:21:0b:e6:
42:5e:a8:80:48:ba:5b:38:81:19:53:28:48:0f:ad:bd:ff:74:
e6:38:51:f2:06:60:13:49:d7:b6:fe:ee:eb:6b:8b:a4:43:3c:
d8:ce:70:1f:6d:16:15:1d:a9:25:66:b9:8a:be:25:b3:2b:bc:
9a:b5:80:71:b2:86:ac:18:7f:b3:16:9a:59:12:a2:7a:eb:e1:
9b:22:de:d2:e0:02:16:0b:b2:d8:fd:8c:49:c5:a9:52:c4:d5:
20:43:6c:a8:c9:e7:f2:ff:bb:96:e3:f2:29:50:9e:54:f8:13:
a6:29:2d:a2:9b:88:3f:47:a8:d4:f3:c2:96:d2:d2:99:14:e7:
9e:73:65:f5:84:6d:70:e1:98:16:21:bf:01:7b:96:33:fe:53:
46:57:d3:7f:8b:33:c0:c7:b9:2e:1f:b1:79:e6:b2:a8:1a:27:
c2:cb:e1:4b:b9:8f:91:97:f2:60:35:2d:e3:e1:1e:b7:ce:aa:
f1:bf:21:5a:33:db:32:6f:49:4e:29:b8:0e:e0:48:6b:09:c2:
d0:76:23:45
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYvkl5XRsthSHwpeai/kIeDYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTk4YjFkMGVjY2NjNGY2ZmYxYTdlN2RiODRiNGJiMmY1
NWIwOGQwHhcNMjMxMTE4MjI0MDIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzFhN2VlOTg0MDcwM2YwYzQ4MjZjNWJiYTliODlmMWNhYmRjZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngpXjfbiCqYPFOm/WXMWzew6toEu
1KQZ+y5jQ1PWCOwyyCVQETfyo5NE7ESOKGtqgFRqlX6J4wdaecq6B4Yng4liyj9Z
7nYl+vvSCjTM3NKh95iQxg3oa8GVeVCLbHH8egfO5zxa9kp31mZpwnqQs1RkQSx/
qbbZPZFkkcfkxbiEdxokyS2rQ2a2ConOQTrgnOdjwxktR4WhQlFzDR5PT2LqvR7A
UG2svkhjVnWgbZXaXw2JXIJ+RsjlP3rQ/gFNIrql/9EwWb3anUPpzo3zhT+WLY/M
YDsJMk9a5Fs+EPA5UY7SCxpdhKAu4VQSh+egB+98/m6XPws51IlfcdtVewIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFJMafumEBwPwxIJsW7qbifHKvc7dMB8GA1UdIwQY
MBaAFPypix0OzMxPb/Gn59uEtLsvVbCNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0ttTEhRN016RTl2OGFmbjI0UzB1eTlWc0kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85NzFlNzMtZmE4My00NTc5LTg1MzIt
NThmMGYzMjVjMmI4LzEva3hwLTZZUUhBX0RFZ214YnVwdUo4Y3E5enQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85NzFlNzMtZmE4My00NTc5LTg1MzItNThmMGYzMjVjMmI4
LzEvX0ttTEhRN016RTl2OGFmbjI0UzB1eTlWc0kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQFPhggAwQC
uSlAAwQCuZuMMBQEAgACMA4DBQAqAxQAAwUDKgczwDANBgkqhkiG9w0BAQsFAAOC
AQEACaBt4J2QNL1MuTYDk8f3WJYJPP8SD0SfnEWTPZS0ZHuREAF+4JKcH390F/qD
p8jiaeg3IQvmQl6ogEi6WziBGVMoSA+tvf905jhR8gZgE0nXtv7u62uLpEM82M5w
H20WFR2pJWa5ir4lsyu8mrWAcbKGrBh/sxaaWRKieuvhmyLe0uACFguy2P2MScWp
UsTVIENsqMnn8v+7luPyKVCeVPgTpiktopuIP0eo1PPCltLSmRTnnnNl9YRtcOGY
FiG/AXuWM/5TRlfTf4szwMe5Lh+xeeayqBonwsvhS7mPkZfyYDUt4+Eet86q8b8h
WjPbMm9JTim4DuBIawnC0HYjRQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:19 2024 by rpki-client on console-ams.rpki-client.org