Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/NZ1z5N8VyY8G51eamtd_NAzIOk4.roa
File: NZ1z5N8VyY8G51eamtd_NAzIOk4.roa (raw, json)
Hash identifier: 5RHikwOY7YGAxjT+2cvLZjEvN2Do8aqe3t5EjJ1ooGo=
Subject key identifier: 35:9D:73:E4:DF:15:C9:8F:06:E7:57:9A:9A:D7:7F:34:0C:C8:3A:4E
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 019102B160C5FB09085BE762088F7A2C6706
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/NZ1z5N8VyY8G51eamtd_NAzIOk4.roa
Signing time: Tue 30 Jul 2024 08:11:04 +0000
ROA not before: Tue 30 Jul 2024 08:11:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 45.8.21.0/24 maxlen: 24
185.126.82.0/24 maxlen: 24
185.220.250.0/23 maxlen: 24
185.225.0.0/23 maxlen: 23
185.226.104.0/24 maxlen: 24
185.227.146.0/23 maxlen: 24
185.227.147.0/24 maxlen: 24
193.8.112.0/23 maxlen: 24
193.58.146.0/23 maxlen: 24
Validation: Failed, certificate revoked on Tue 06 Aug 2024 11:03:04 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:02:b1:60:c5:fb:09:08:5b:e7:62:08:8f:7a:2c:67:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Jul 30 08:11:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=359d73e4df15c98f06e7579a9ad77f340cc83a4e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:c7:fb:7a:ce:df:0c:80:0e:13:e0:24:e8:a5:
9d:a4:1b:94:57:66:39:b2:d1:e8:68:e3:aa:8b:37:
88:de:b9:df:46:24:f7:bb:8f:f0:e0:52:12:9b:4b:
05:a9:e8:56:5c:ce:98:7f:f6:df:27:91:08:63:c8:
c9:77:3a:a7:3b:75:3e:f2:e6:ed:42:b9:19:13:48:
20:74:b5:4f:a2:64:55:5e:62:ff:65:dc:17:62:7f:
be:85:54:13:d9:a3:fe:99:f1:06:d1:79:bd:a5:bf:
6a:26:39:08:5f:80:f4:f7:f1:e0:3c:21:7a:2d:7c:
7d:bd:1e:6c:81:3e:61:71:3c:69:4f:d7:76:a6:3b:
c7:9a:af:d3:1c:fb:71:54:d2:f3:f8:07:fb:6b:bc:
63:ef:fa:93:5d:67:25:87:d3:d7:1f:44:f5:6d:3f:
eb:c7:20:e7:9a:3f:e7:20:f5:f7:94:7d:14:05:74:
95:9b:88:a4:98:b3:ad:b3:f5:23:e8:b9:3c:8d:47:
32:c0:db:b5:33:b9:81:ec:4b:1e:34:fe:42:45:5e:
16:34:7f:e2:1a:c6:a3:32:0e:bf:b8:3f:87:70:81:
51:57:53:08:3b:c8:97:19:43:de:d6:ef:b0:fe:5f:
4b:3c:3f:ba:a5:29:35:59:0d:58:1c:c0:43:57:99:
73:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:9D:73:E4:DF:15:C9:8F:06:E7:57:9A:9A:D7:7F:34:0C:C8:3A:4E
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/NZ1z5N8VyY8G51eamtd_NAzIOk4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.21.0/24
185.126.82.0/24
185.220.250.0/23
185.225.0.0/23
185.226.104.0/24
185.227.146.0/23
193.8.112.0/23
193.58.146.0/23
Signature Algorithm: sha256WithRSAEncryption
2d:70:5b:7c:d3:0b:d1:df:6c:75:62:2b:de:68:10:cf:db:77:
20:35:c7:64:4a:eb:17:6c:f5:9e:f5:55:cd:50:98:a6:3f:8d:
bc:05:73:c0:64:dc:43:92:fe:7b:5e:e0:3c:c1:30:eb:08:d2:
33:fa:51:40:f4:0e:f1:f3:92:f6:02:ee:d1:5b:b5:8a:dd:07:
76:d6:ed:10:8a:45:92:95:f9:46:73:7b:d5:1d:e5:e9:76:b6:
e6:b6:03:f9:0c:0d:c9:f0:b1:34:5c:9e:05:c8:a7:1a:fa:39:
8a:38:1b:d9:98:06:62:21:36:97:c0:58:5c:4d:eb:19:44:9c:
28:ce:93:fc:63:e6:b5:4c:55:f9:87:3b:dc:02:61:96:73:86:
a3:59:99:3d:47:02:1d:d6:9a:7d:f5:6a:a1:c9:75:58:de:80:
30:13:aa:72:76:2f:a7:0a:7c:9e:2a:de:a4:9d:4b:02:da:25:
0f:d9:65:c2:3c:c3:58:dd:73:c0:6e:05:67:2c:58:1e:61:19:
c6:68:7b:a9:02:cd:81:71:c8:1a:be:b3:fb:75:f9:ab:23:84:
6a:1e:c8:9b:f1:0a:65:84:bb:74:3c:e8:7c:ea:48:9d:e1:50:
2f:cf:4a:b7:32:d2:c3:50:88:a4:60:59:e3:46:58:ff:47:ac:
0f:ee:31:fa
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZECsWDF+wkIW+diCI96LGcGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNzMwMDgxMTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTlkNzNlNGRmMTVjOThmMDZlNzU3OWE5YWQ3N2YzNDBjYzgzYTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsf7es7fDIAOE+Ak6KWdpBuUV2Y5
stHoaOOqizeI3rnfRiT3u4/w4FISm0sFqehWXM6Yf/bfJ5EIY8jJdzqnO3U+8ubt
QrkZE0ggdLVPomRVXmL/ZdwXYn++hVQT2aP+mfEG0Xm9pb9qJjkIX4D09/HgPCF6
LXx9vR5sgT5hcTxpT9d2pjvHmq/THPtxVNLz+Af7a7xj7/qTXWclh9PXH0T1bT/r
xyDnmj/nIPX3lH0UBXSVm4ikmLOts/Uj6Lk8jUcywNu1M7mB7EseNP5CRV4WNH/i
GsajMg6/uD+HcIFRV1MIO8iXGUPe1u+w/l9LPD+6pSk1WQ1YHMBDV5lzXwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFDWdc+TfFcmPBudXmprXfzQMyDpOMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTloxejVOOFZ5WThHNTFlYW10ZF9OQXpJT2s0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQgVAwQA
uX5SAwQBudz6AwQBueEAAwQAueJoAwQBueOSAwQBwQhwAwQBwTqSMA0GCSqGSIb3
DQEBCwUAA4IBAQAtcFt80wvR32x1YiveaBDP23cgNcdkSusXbPWe9VXNUJimP428
BXPAZNxDkv57XuA8wTDrCNIz+lFA9A7x85L2Au7RW7WK3Qd21u0QikWSlflGc3vV
HeXpdrbmtgP5DA3J8LE0XJ4FyKca+jmKOBvZmAZiITaXwFhcTesZRJwozpP8Y+a1
TFX5hzvcAmGWc4ajWZk9RwId1pp99WqhyXVY3oAwE6pydi+nCnyeKt6knUsC2iUP
2WXCPMNY3XPAbgVnLFgeYRnGaHupAs2BccgavrP7dfmrI4RqHsib8QplhLt0POh8
6kid4VAvz0q3MtLDUIikYFnjRlj/R6wP7jH6
-----END CERTIFICATE-----
Generated at Tue Aug 6 15:08:08 2024 by rpki-client on console-ams.rpki-client.org