Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KQqT78_fw-fbTtbGqPIzPS1fhIo.roa
File: KQqT78_fw-fbTtbGqPIzPS1fhIo.roa (raw, json)
Hash identifier: UOrFMkYqK+TAhtIXb/DZrrQojmGhzVm4QSGQMHgIdBc=
Subject key identifier: 29:0A:93:EF:CF:DF:C3:E7:DB:4E:D6:C6:A8:F2:33:3D:2D:5F:84:8A
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 018D30D882E34421A3FCF2FD63B9F49E2AFD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KQqT78_fw-fbTtbGqPIzPS1fhIo.roa
Signing time: Mon 22 Jan 2024 11:05:12 +0000
ROA not before: Mon 22 Jan 2024 11:05:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29802
IP address blocks: 176.125.248.0/24 maxlen: 24
185.210.232.0/24 maxlen: 24
185.214.102.0/24 maxlen: 24
185.223.80.0/24 maxlen: 24
185.225.0.0/24 maxlen: 24
185.251.231.0/24 maxlen: 24
193.8.114.0/24 maxlen: 24
194.76.172.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 23 Jan 2024 11:28:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:30:d8:82:e3:44:21:a3:fc:f2:fd:63:b9:f4:9e:2a:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Jan 22 11:05:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=290a93efcfdfc3e7db4ed6c6a8f2333d2d5f848a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:33:27:b0:92:f6:83:6b:fc:0c:10:41:ce:dd:
a2:f8:70:49:38:93:5d:3e:2b:53:57:2f:f2:7e:4e:
67:ab:83:0b:dc:4d:f1:18:11:90:f5:26:75:e9:cf:
93:8a:dc:e1:e0:6d:62:50:ea:66:05:dc:07:17:a1:
65:e1:7e:18:75:9d:22:16:9d:68:25:b2:c4:66:27:
d7:ea:37:8c:74:73:ba:fe:31:5c:4f:a0:66:86:1e:
49:ad:da:08:65:1e:59:ad:c5:4f:91:59:9c:47:5a:
ae:e5:97:0b:5c:95:71:0d:6d:35:45:bf:0d:76:f1:
64:81:e5:34:51:80:47:9b:50:f7:db:21:48:12:67:
8f:27:e8:e6:36:80:4a:ba:25:be:03:16:3f:65:74:
86:a5:c7:c3:73:ec:c7:d6:de:96:01:00:99:af:78:
77:5a:d5:e2:28:98:1d:b1:5a:45:4f:27:60:7b:71:
3c:5c:aa:0c:0d:71:17:03:e2:0e:4d:7e:89:37:74:
e8:62:56:b3:f2:81:aa:f9:3b:1c:74:c5:ce:80:97:
5e:7e:18:5a:bf:83:65:34:72:e1:21:b7:af:20:bf:
14:05:71:40:9c:ea:2a:9d:78:90:99:94:6c:fd:04:
b9:88:4c:22:8b:83:be:63:6f:af:77:93:0f:b4:6d:
84:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:0A:93:EF:CF:DF:C3:E7:DB:4E:D6:C6:A8:F2:33:3D:2D:5F:84:8A
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KQqT78_fw-fbTtbGqPIzPS1fhIo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.125.248.0/24
185.210.232.0/24
185.214.102.0/24
185.223.80.0/24
185.225.0.0/24
185.251.231.0/24
193.8.114.0/24
194.76.172.0/24
Signature Algorithm: sha256WithRSAEncryption
95:c9:85:d5:4e:8d:48:46:18:cb:58:3f:06:74:7f:aa:6c:22:
03:0d:c9:7f:89:84:c9:02:8b:3f:f2:b6:5a:39:c4:68:70:72:
16:2b:4e:e2:b2:65:57:64:86:99:e5:fc:99:23:ae:03:19:f1:
cf:ef:52:10:62:51:6a:99:da:fb:22:0c:0a:82:dc:03:4e:ea:
c3:7a:4e:3f:c8:4a:65:36:7c:71:47:5b:59:74:d3:3c:c3:91:
1d:48:69:be:48:2d:46:1a:94:c4:1a:4d:0c:d5:6d:34:9e:6c:
e7:0b:e6:69:8b:2f:de:49:8e:30:c4:2e:b2:dd:ef:09:f5:33:
89:7c:43:cb:0f:fd:18:83:51:03:f4:6c:db:9a:81:d4:e7:9f:
3e:93:00:0f:d1:87:8a:a3:73:6a:13:a6:71:a0:e5:54:2f:c9:
99:a0:d3:2d:c9:0c:bb:1e:52:aa:cd:63:84:d6:59:3d:b4:99:
cf:45:9b:c9:e1:5d:51:bf:75:a8:f5:4a:f1:40:8d:38:2c:a6:
5c:31:a8:5f:b5:40:b7:43:93:13:df:eb:fe:2c:7c:74:cf:35:
f6:b5:62:33:59:71:08:b9:0a:70:8a:76:1b:14:f7:8c:23:95:
ac:bd:68:ea:db:ce:cb:23:01:87:02:83:22:06:6f:34:e4:11:
f6:ee:8b:77
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY0w2ILjRCGj/PL9Y7n0nir9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTIyMTEwNTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTBhOTNlZmNmZGZjM2U3ZGI0ZWQ2YzZhOGYyMzMzZDJkNWY4NDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzMnsJL2g2v8DBBBzt2i+HBJOJNd
PitTVy/yfk5nq4ML3E3xGBGQ9SZ16c+Titzh4G1iUOpmBdwHF6Fl4X4YdZ0iFp1o
JbLEZifX6jeMdHO6/jFcT6Bmhh5JrdoIZR5ZrcVPkVmcR1qu5ZcLXJVxDW01Rb8N
dvFkgeU0UYBHm1D32yFIEmePJ+jmNoBKuiW+AxY/ZXSGpcfDc+zH1t6WAQCZr3h3
WtXiKJgdsVpFTydge3E8XKoMDXEXA+IOTX6JN3ToYlaz8oGq+TscdMXOgJdefhha
v4NlNHLhIbevIL8UBXFAnOoqnXiQmZRs/QS5iEwii4O+Y2+vd5MPtG2EawIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFCkKk+/P38Pn207WxqjyMz0tX4SKMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvS1FxVDc4X2Z3LWZiVHRiR3FQSXpQUzFmaElvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAsH34AwQA
udLoAwQAudZmAwQAud9QAwQAueEAAwQAufvnAwQAwQhyAwQAwkysMA0GCSqGSIb3
DQEBCwUAA4IBAQCVyYXVTo1IRhjLWD8GdH+qbCIDDcl/iYTJAos/8rZaOcRocHIW
K07ismVXZIaZ5fyZI64DGfHP71IQYlFqmdr7IgwKgtwDTurDek4/yEplNnxxR1tZ
dNM8w5EdSGm+SC1GGpTEGk0M1W00nmznC+Zpiy/eSY4wxC6y3e8J9TOJfEPLD/0Y
g1ED9GzbmoHU558+kwAP0YeKo3NqE6ZxoOVUL8mZoNMtyQy7HlKqzWOE1lk9tJnP
RZvJ4V1Rv3Wo9UrxQI04LKZcMahftUC3Q5MT3+v+LHx0zzX2tWIzWXEIuQpwinYb
FPeMI5WsvWjq287LIwGHAoMiBm805BH27ot3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:21 2024 by rpki-client on console-ams.rpki-client.org