Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Pn0HLikRWSeev5kTXkqm_oT6xS0.roa
File: Pn0HLikRWSeev5kTXkqm_oT6xS0.roa (raw, json)
Hash identifier: L+sep5yxDuQ3ZJZcHKHgFy2KQwH2VSd+QuH/+MEWLPg=
Subject key identifier: 3E:7D:07:2E:29:11:59:27:9E:BF:99:13:5E:4A:A6:FE:84:FA:C5:2D
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 0187FB0EE34335E0B6E9DBCA9015C04860DA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Pn0HLikRWSeev5kTXkqm_oT6xS0.roa
Signing time: Mon 08 May 2023 11:11:09 +0000
ROA not before: Mon 08 May 2023 11:11:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.225.20.0/24 maxlen: 24
45.147.224.0/24 maxlen: 24
45.8.21.0/24 maxlen: 24
185.246.112.0/24 maxlen: 24
185.251.229.0/24 maxlen: 24
185.251.231.0/24 maxlen: 24
185.246.115.0/24 maxlen: 24
185.225.0.0/23 maxlen: 23
Validation: Failed, certificate revoked on Tue 09 May 2023 15:00:09 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:fb:0e:e3:43:35:e0:b6:e9:db:ca:90:15:c0:48:60:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: May 8 11:11:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3e7d072e291159279ebf99135e4aa6fe84fac52d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:3b:40:df:ad:79:30:20:6d:63:44:b1:9c:08:
bc:21:27:a9:63:63:c5:ee:8c:b8:7b:15:be:e0:f1:
06:d8:82:b1:2f:e6:7d:2a:b4:cc:84:e3:b4:95:69:
6e:32:cc:13:2f:03:bc:b6:67:3e:8f:f2:5e:59:a9:
53:2e:94:51:23:f2:09:78:96:59:fe:2a:71:68:38:
39:a9:62:8d:0f:cd:85:ff:5e:88:ae:a1:d3:d1:20:
05:3a:c9:33:02:54:50:22:4a:17:f9:6f:95:8a:6f:
f1:bb:8a:a6:d4:31:b5:12:45:f4:e0:35:fc:d2:78:
53:7b:79:de:01:63:59:1d:3c:a1:ca:fb:36:40:c1:
ce:d8:a2:2e:84:a0:5a:56:73:28:28:b1:b9:39:7b:
1d:47:02:d9:af:41:91:ae:f2:60:4e:60:0f:3a:b8:
b5:71:e5:0d:96:65:8d:c3:81:da:0d:3b:6c:4c:b8:
11:ab:d8:98:97:5c:75:c3:34:19:ee:ae:4d:20:0c:
b8:56:be:dd:0c:d8:2d:e1:d1:e3:27:07:0a:a1:bd:
3d:ee:5a:1e:05:58:55:27:4c:f0:b9:33:ef:73:98:
a6:96:00:98:19:7f:34:8a:ee:c5:91:d2:8b:9e:b2:
aa:92:68:22:87:de:12:5b:a6:ad:54:de:1f:5c:be:
3b:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:7D:07:2E:29:11:59:27:9E:BF:99:13:5E:4A:A6:FE:84:FA:C5:2D
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Pn0HLikRWSeev5kTXkqm_oT6xS0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.21.0/24
45.147.224.0/24
185.225.0.0/23
185.225.20.0/24
185.246.112.0/24
185.246.115.0/24
185.251.229.0/24
185.251.231.0/24
Signature Algorithm: sha256WithRSAEncryption
a9:bd:a9:2d:a1:e6:99:f4:be:50:1d:d2:3c:fc:c2:57:ed:e5:
79:f6:77:8a:59:a2:43:d5:0c:73:f6:8f:34:fc:c8:a2:17:64:
10:ea:1d:93:da:01:2a:a1:ae:a4:9c:b2:18:00:81:24:8d:0c:
a8:63:be:c9:74:36:0b:b9:ed:b0:f9:6a:34:19:92:41:41:b3:
29:91:8f:52:6d:3b:dc:81:5d:6c:ab:e5:a6:34:50:38:ff:2b:
b7:8f:10:6d:3f:c3:51:cb:9a:de:2f:ed:56:5d:ac:67:e1:51:
31:41:ed:ba:35:48:59:a4:13:7c:e0:34:e5:0e:a3:0d:9c:77:
d1:1b:e3:9d:dc:23:1c:da:c9:c9:19:26:15:f3:39:c4:5f:52:
19:24:b2:d6:ca:40:28:07:13:3b:74:f5:4c:15:29:26:1b:1b:
fc:0e:21:2f:7c:92:bd:4c:7a:bb:4d:00:8c:02:03:d9:a7:f6:
f2:77:ba:ca:71:9e:25:0b:ba:d5:21:32:c0:66:7b:30:df:14:
b3:74:a1:40:37:9a:54:97:ef:54:9d:6b:42:ea:47:ad:83:a8:
fd:5e:35:3b:7f:a9:6b:af:77:39:99:49:1d:f5:5d:3d:dc:fd:
24:e0:3c:05:6d:62:38:fa:3a:29:fc:70:fc:c1:29:94:e8:83:
69:4d:94:58
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYf7DuNDNeC26dvKkBXASGDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjMwNTA4MTExMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTdkMDcyZTI5MTE1OTI3OWViZjk5MTM1ZTRhYTZmZTg0ZmFjNTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TtA3615MCBtY0SxnAi8ISepY2PF
7oy4exW+4PEG2IKxL+Z9KrTMhOO0lWluMswTLwO8tmc+j/JeWalTLpRRI/IJeJZZ
/ipxaDg5qWKND82F/16IrqHT0SAFOskzAlRQIkoX+W+Vim/xu4qm1DG1EkX04DX8
0nhTe3neAWNZHTyhyvs2QMHO2KIuhKBaVnMoKLG5OXsdRwLZr0GRrvJgTmAPOri1
ceUNlmWNw4HaDTtsTLgRq9iYl1x1wzQZ7q5NIAy4Vr7dDNgt4dHjJwcKob097loe
BVhVJ0zwuTPvc5imlgCYGX80iu7FkdKLnrKqkmgih94SW6atVN4fXL47dwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFD59By4pEVknnr+ZE15Kpv6E+sUtMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUG4wSExpa1JXU2VldjVrVFhrcW1fb1Q2eFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQgVAwQA
LZPgAwQBueEAAwQAueEUAwQAufZwAwQAufZzAwQAufvlAwQAufvnMA0GCSqGSIb3
DQEBCwUAA4IBAQCpvaktoeaZ9L5QHdI8/MJX7eV59neKWaJD1Qxz9o80/MiiF2QQ
6h2T2gEqoa6knLIYAIEkjQyoY77JdDYLue2w+Wo0GZJBQbMpkY9SbTvcgV1sq+Wm
NFA4/yu3jxBtP8NRy5reL+1WXaxn4VExQe26NUhZpBN84DTlDqMNnHfRG+Od3CMc
2snJGSYV8znEX1IZJLLWykAoBxM7dPVMFSkmGxv8DiEvfJK9THq7TQCMAgPZp/by
d7rKcZ4lC7rVITLAZnsw3xSzdKFAN5pUl+9UnWtC6ketg6j9XjU7f6lrr3c5mUkd
9V093P0k4DwFbWI4+jop/HD8wSmU6INpTZRY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:41 2024 by rpki-client on console-fra.rpki-client.org