Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/84bf54-09c3-4324-a11c-e4ddfa32e52e/1/ip4o6eCnyPU86HAMg9WL3bnxQ1E.roa
File: ip4o6eCnyPU86HAMg9WL3bnxQ1E.roa (raw, json)
Hash identifier: xGRy1fWeYDn42FsAWJ9RwLP9YSnDqT87/ELSwpdlXwM=
Subject key identifier: 8A:9E:28:E9:E0:A7:C8:F5:3C:E8:70:0C:83:D5:8B:DD:B9:F1:43:51
Certificate issuer: /CN=5cfe8d72526e4e73a3b57d9360f3a51beb59a45f
Certificate serial: 018CC8DEF642AE8E6119A3C9174922996D57
Authority key identifier: 5C:FE:8D:72:52:6E:4E:73:A3:B5:7D:93:60:F3:A5:1B:EB:59:A4:5F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XP6NclJuTnOjtX2TYPOlG-tZpF8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/84bf54-09c3-4324-a11c-e4ddfa32e52e/1/ip4o6eCnyPU86HAMg9WL3bnxQ1E.roa
Signing time: Tue 02 Jan 2024 06:31:44 +0000
ROA not before: Tue 02 Jan 2024 06:31:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206894
IP address blocks: 185.215.96.0/22 maxlen: 22
45.89.132.0/22 maxlen: 22
193.142.154.0/23 maxlen: 23
185.219.192.0/22 maxlen: 22
185.192.104.0/22 maxlen: 22
185.38.88.0/22 maxlen: 22
2a0a:2bc0::/32 maxlen: 32
2a0b:a840::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 11 Apr 2024 14:50:21 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:de:f6:42:ae:8e:61:19:a3:c9:17:49:22:99:6d:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5cfe8d72526e4e73a3b57d9360f3a51beb59a45f
Validity
Not Before: Jan 2 06:31:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8a9e28e9e0a7c8f53ce8700c83d58bddb9f14351
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:f9:34:df:6e:61:a7:0f:09:6b:9a:d8:8b:50:
54:dd:e0:f4:af:38:43:27:df:07:09:6e:c9:7f:4b:
d8:b5:64:20:83:7f:81:cc:84:7b:28:2e:67:19:c5:
2d:93:6a:c0:7f:8e:8d:7a:0e:ea:f8:31:0d:5e:ea:
9b:b8:0b:94:f7:51:a5:15:c8:49:2c:8c:36:61:f8:
5f:84:ed:03:ea:08:27:98:ec:3e:51:21:41:7a:89:
0b:b4:02:87:6b:46:8b:79:c0:43:2c:29:ae:4b:da:
b1:a5:e3:50:32:8d:f5:98:3f:37:1c:e2:21:70:bd:
19:3a:1f:57:02:97:b6:91:3d:28:74:96:6a:d2:84:
b7:d2:12:c9:7f:6d:7d:b7:6a:27:20:94:c7:8e:bc:
38:d8:48:66:70:23:2f:4b:a2:ae:ad:9b:e5:33:ac:
45:57:c9:73:66:03:e3:b2:d9:82:dc:17:88:d6:03:
3d:6c:e7:d5:22:96:fb:8a:4e:18:c7:bb:b7:72:3b:
40:44:f4:f9:36:c2:2b:29:08:c6:09:34:61:8e:56:
bb:68:e3:89:43:49:24:8d:99:51:e8:20:eb:1d:0a:
6a:33:ca:8f:7e:cf:92:e4:b8:5e:f9:bc:fd:79:73:
92:68:20:94:41:f0:0b:ca:5e:b9:d5:da:b3:87:8f:
aa:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:9E:28:E9:E0:A7:C8:F5:3C:E8:70:0C:83:D5:8B:DD:B9:F1:43:51
X509v3 Authority Key Identifier:
keyid:5C:FE:8D:72:52:6E:4E:73:A3:B5:7D:93:60:F3:A5:1B:EB:59:A4:5F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XP6NclJuTnOjtX2TYPOlG-tZpF8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/84bf54-09c3-4324-a11c-e4ddfa32e52e/1/ip4o6eCnyPU86HAMg9WL3bnxQ1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/84bf54-09c3-4324-a11c-e4ddfa32e52e/1/XP6NclJuTnOjtX2TYPOlG-tZpF8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.132.0/22
185.38.88.0/22
185.192.104.0/22
185.215.96.0/22
185.219.192.0/22
193.142.154.0/23
IPv6:
2a0a:2bc0::/32
2a0b:a840::/32
Signature Algorithm: sha256WithRSAEncryption
04:a5:9b:7e:23:fd:6e:4d:b9:4f:d5:5d:ad:be:bb:f1:9b:a5:
3a:39:cf:a0:db:70:ea:b0:43:7a:11:7b:f8:58:af:52:ab:81:
98:11:7b:c6:d6:19:fd:e0:cc:6d:55:71:7b:1a:fc:49:4a:26:
8c:99:20:36:44:3a:9f:7d:94:2e:f2:1f:82:f8:38:f0:b7:2d:
a0:09:ee:0f:9e:4c:e5:2b:ef:5d:dc:85:9d:a3:70:8c:1f:91:
b0:ab:97:3a:d2:5f:7c:03:76:42:e4:7d:cd:7c:fc:3a:4b:17:
2f:ab:52:ad:27:0e:97:4d:cc:77:66:89:f5:27:b3:65:fb:e4:
75:ee:c2:b4:0c:44:23:6b:31:90:9f:4e:00:5b:c1:e9:ed:d1:
03:92:66:4a:f0:d3:ed:af:87:3b:ea:f9:bc:dc:17:ea:bb:ec:
07:89:56:ac:4d:64:4e:be:bd:12:83:97:dc:76:81:e0:64:2b:
05:40:68:a0:df:1d:94:37:3e:72:25:7b:be:a3:9b:e2:ed:d6:
6b:2c:b0:b6:b6:05:0a:22:fe:84:1a:01:5a:5e:1a:7c:84:01:
1e:bb:6c:1b:32:0e:a6:3f:0e:ac:da:2c:37:c9:f7:20:bc:43:
c9:48:34:c7:6a:0d:ee:df:a7:f6:e3:34:0c:41:08:32:63:da:
74:c5:d8:69
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYzI3vZCro5hGaPJF0kimW1XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZmU4ZDcyNTI2ZTRlNzNhM2I1N2Q5MzYwZjNhNTFiZWI1
OWE0NWYwHhcNMjQwMTAyMDYzMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTllMjhlOWUwYTdjOGY1M2NlODcwMGM4M2Q1OGJkZGI5ZjE0MzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/k0325hpw8Ja5rYi1BU3eD0rzhD
J98HCW7Jf0vYtWQgg3+BzIR7KC5nGcUtk2rAf46Neg7q+DENXuqbuAuU91GlFchJ
LIw2YfhfhO0D6ggnmOw+USFBeokLtAKHa0aLecBDLCmuS9qxpeNQMo31mD83HOIh
cL0ZOh9XApe2kT0odJZq0oS30hLJf219t2onIJTHjrw42EhmcCMvS6KurZvlM6xF
V8lzZgPjstmC3BeI1gM9bOfVIpb7ik4Yx7u3cjtARPT5NsIrKQjGCTRhjla7aOOJ
Q0kkjZlR6CDrHQpqM8qPfs+S5Lhe+bz9eXOSaCCUQfALyl651dqzh4+qVQIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFIqeKOngp8j1POhwDIPVi9258UNRMB8GA1UdIwQY
MBaAFFz+jXJSbk5zo7V9k2DzpRvrWaRfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFA2TmNsSnVUbk9qdFgyVFlQT2xHLXRacEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84NGJmNTQtMDljMy00MzI0LWExMWMt
ZTRkZGZhMzJlNTJlLzEvaXA0bzZlQ255UFU4NkhBTWc5V0wzYm54UTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84NGJmNTQtMDljMy00MzI0LWExMWMtZTRkZGZhMzJlNTJl
LzEvWFA2TmNsSnVUbk9qdFgyVFlQT2xHLXRacEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCLVmEAwQC
uSZYAwQCucBoAwQCuddgAwQCudvAAwQBwY6aMBQEAgACMA4DBQAqCivAAwUAKguo
QDANBgkqhkiG9w0BAQsFAAOCAQEABKWbfiP9bk25T9Vdrb678ZulOjnPoNtw6rBD
ehF7+FivUquBmBF7xtYZ/eDMbVVxexr8SUomjJkgNkQ6n32ULvIfgvg48LctoAnu
D55M5SvvXdyFnaNwjB+RsKuXOtJffAN2QuR9zXz8OksXL6tSrScOl03Md2aJ9Sez
Zfvkde7CtAxEI2sxkJ9OAFvB6e3RA5JmSvDT7a+HO+r5vNwX6rvsB4lWrE1kTr69
EoOX3HaB4GQrBUBooN8dlDc+ciV7vqOb4u3WayywtrYFCiL+hBoBWl4afIQBHrts
GzIOpj8OrNosN8n3ILxDyUg0x2oN7t+n9uM0DEEIMmPadMXYaQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:18 2024 by rpki-client on console-fra.rpki-client.org