Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/k38BE4VxujLRcdHazPVNPKyhS4c.roa
File: k38BE4VxujLRcdHazPVNPKyhS4c.roa (raw, json)
Hash identifier: DLPA41m3zL9SHFHFeIisfjLS//JkOVQNtbackXv73t8=
Subject key identifier: 93:7F:01:13:85:71:BA:32:D1:71:D1:DA:CC:F5:4D:3C:AC:A1:4B:87
Certificate issuer: /CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Certificate serial: 01856CB83531673631E59CEAB24DFF2A286B
Authority key identifier: B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/k38BE4VxujLRcdHazPVNPKyhS4c.roa
Signing time: Sun 01 Jan 2023 09:44:49 +0000
ROA not before: Sun 01 Jan 2023 09:44:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43180
IP address blocks: 45.12.0.0/24 maxlen: 24
45.12.3.0/24 maxlen: 24
45.12.1.0/24 maxlen: 24
45.11.57.0/24 maxlen: 24
195.66.210.0/24 maxlen: 24
176.119.31.0/24 maxlen: 24
91.208.115.0/24 maxlen: 24
185.254.199.0/24 maxlen: 24
2a09:2dc2::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 26 Jan 2023 11:43:47 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:b8:35:31:67:36:31:e5:9c:ea:b2:4d:ff:2a:28:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b32c9c26df7ccd8ad38d89bd5d49380b93b1e009
Validity
Not Before: Jan 1 09:44:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=937f01138571ba32d171d1daccf54d3caca14b87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:ea:da:ea:c7:2b:a6:24:d3:21:e1:31:62:a1:
b5:32:56:9f:ae:d3:35:62:d7:aa:b0:12:aa:e5:13:
c9:70:02:a0:27:a6:db:4d:d1:3a:6f:05:31:3b:c3:
dc:00:e1:ea:16:de:71:99:9a:45:a1:28:63:c7:1f:
a9:3d:c7:33:bb:5d:67:6c:12:0e:36:c4:92:00:18:
1a:f7:77:6d:df:63:df:f3:db:c1:55:17:52:36:19:
58:ea:97:5f:68:28:46:8c:53:26:0d:ce:42:07:88:
fb:52:59:53:08:42:8b:af:bd:95:d9:be:d0:d2:28:
3e:12:51:6e:9f:bf:06:cd:10:19:53:d5:7c:df:3f:
87:4e:af:9d:f1:9e:f6:de:1a:33:f2:c0:8e:f1:9d:
45:00:74:95:4d:a8:0c:7a:fd:1d:54:75:9b:28:f7:
88:35:a5:56:aa:47:35:59:21:0f:81:4f:39:f7:19:
47:43:ec:49:73:10:7a:ca:b7:19:06:82:34:cf:ac:
8d:91:11:b9:27:36:a0:99:39:00:6f:3e:26:c1:7b:
9e:d6:37:5b:e9:ac:28:50:c8:1f:e8:47:2b:74:ca:
5f:18:33:cb:e0:0b:1b:05:4d:34:fc:35:ca:5a:74:
bb:96:14:f8:98:9f:e6:17:22:72:72:13:6a:d8:18:
b0:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:7F:01:13:85:71:BA:32:D1:71:D1:DA:CC:F5:4D:3C:AC:A1:4B:87
X509v3 Authority Key Identifier:
keyid:B3:2C:9C:26:DF:7C:CD:8A:D3:8D:89:BD:5D:49:38:0B:93:B1:E0:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syycJt98zYrTjYm9XUk4C5Ox4Ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/k38BE4VxujLRcdHazPVNPKyhS4c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/d5da0c-9cf3-4f8b-a562-cb11bc5b2f1b/1/syycJt98zYrTjYm9XUk4C5Ox4Ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.11.57.0/24
45.12.0.0/23
45.12.3.0/24
91.208.115.0/24
176.119.31.0/24
185.254.199.0/24
195.66.210.0/24
IPv6:
2a09:2dc2::/32
Signature Algorithm: sha256WithRSAEncryption
a6:93:b2:b6:9d:5f:cf:24:2e:1f:b5:f7:97:1c:08:38:fa:f7:
56:a8:b9:12:56:92:e1:00:bc:fb:2c:f6:bf:82:57:62:d3:4f:
54:f5:f0:33:4b:e8:28:8d:ce:60:19:02:79:ab:ea:4e:8c:4f:
4f:d9:de:9d:08:d8:ec:73:65:79:20:db:5b:64:3c:d3:b1:3b:
10:ab:3d:83:91:b1:94:1d:c1:5f:48:c1:11:8d:63:8b:4c:95:
25:fc:f4:8a:ad:64:e5:94:3e:24:71:9a:5e:99:06:f7:19:e7:
bf:33:9e:db:85:82:9f:48:81:14:b1:85:40:be:3b:67:e3:b2:
fe:0a:47:57:a3:dc:c0:e7:d2:8a:02:8c:7d:5d:32:88:4e:34:
58:92:84:9b:a2:cd:f8:31:5e:f3:da:35:ef:5b:89:6c:5b:a8:
cc:1a:68:23:98:1f:9a:5a:50:4c:c7:3d:6f:5f:d3:6e:80:20:
9a:3a:85:09:af:59:28:72:dc:38:19:d3:e1:9d:db:12:48:33:
51:76:8a:0d:17:d2:c1:ae:5b:f1:6a:e2:08:ee:1a:e7:96:80:
6e:21:7c:f1:8b:a9:da:9f:86:79:35:0e:ce:6a:0c:7e:8e:f7:
ba:4f:16:64:b0:ef:56:e7:a1:af:d9:79:62:2a:ee:66:68:4a:
39:6b:74:ac
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYVsuDUxZzYx5Zzqsk3/KihrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMmM5YzI2ZGY3Y2NkOGFkMzhkODliZDVkNDkzODBiOTNi
MWUwMDkwHhcNMjMwMTAxMDk0NDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzdmMDExMzg1NzFiYTMyZDE3MWQxZGFjY2Y1NGQzY2FjYTE0Yjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuura6scrpiTTIeExYqG1MlafrtM1
YteqsBKq5RPJcAKgJ6bbTdE6bwUxO8PcAOHqFt5xmZpFoShjxx+pPcczu11nbBIO
NsSSABga93dt32Pf89vBVRdSNhlY6pdfaChGjFMmDc5CB4j7UllTCEKLr72V2b7Q
0ig+ElFun78GzRAZU9V83z+HTq+d8Z723hoz8sCO8Z1FAHSVTagMev0dVHWbKPeI
NaVWqkc1WSEPgU859xlHQ+xJcxB6yrcZBoI0z6yNkRG5JzagmTkAbz4mwXue1jdb
6awoUMgf6EcrdMpfGDPL4AsbBU00/DXKWnS7lhT4mJ/mFyJychNq2BiwhQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFJN/AROFcboy0XHR2sz1TTysoUuHMB8GA1UdIwQY
MBaAFLMsnCbffM2K042JvV1JOAuTseAJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjIt
Y2IxMWJjNWIyZjFiLzEvazM4QkU0Vnh1akxSY2RIYXpQVk5QS3loUzRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9kNWRhMGMtOWNmMy00ZjhiLWE1NjItY2IxMWJjNWIyZjFi
LzEvc3l5Y0p0OTh6WXJUalltOVhVazRDNU94NEFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQALQs5AwQB
LQwAAwQALQwDAwQAW9BzAwQAsHcfAwQAuf7HAwQAw0LSMA0EAgACMAcDBQAqCS3C
MA0GCSqGSIb3DQEBCwUAA4IBAQCmk7K2nV/PJC4ftfeXHAg4+vdWqLkSVpLhALz7
LPa/gldi009U9fAzS+gojc5gGQJ5q+pOjE9P2d6dCNjsc2V5INtbZDzTsTsQqz2D
kbGUHcFfSMERjWOLTJUl/PSKrWTllD4kcZpemQb3Gee/M57bhYKfSIEUsYVAvjtn
47L+CkdXo9zA59KKAox9XTKITjRYkoSbos34MV7z2jXvW4lsW6jMGmgjmB+aWlBM
xz1vX9NugCCaOoUJr1koctw4GdPhndsSSDNRdooNF9LBrlvxauII7hrnloBuIXzx
i6nan4Z5NQ7Oagx+jve6TxZksO9W56Gv2XliKu5maEo5a3Ss
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:21 2024 by rpki-client on console-fra.rpki-client.org