Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZBQ8KDU_VXYo54Kmwcd7PPBvIiM.roa
File: ZBQ8KDU_VXYo54Kmwcd7PPBvIiM.roa (raw, json)
Hash identifier: /kH6Y0Kxp/UiRIaO2RftHGEXrkcNcDtfOugmn17ay3k=
Subject key identifier: 64:14:3C:28:35:3F:55:76:28:E7:82:A6:C1:C7:7B:3C:F0:6F:22:23
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 018D694EEDAC4A7BB926B4CECE46534EFE30
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZBQ8KDU_VXYo54Kmwcd7PPBvIiM.roa
Signing time: Fri 02 Feb 2024 10:13:16 +0000
ROA not before: Fri 02 Feb 2024 10:13:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 45.8.21.0/24 maxlen: 24
185.220.248.0/24 maxlen: 24
185.220.250.0/23 maxlen: 24
185.223.82.0/24 maxlen: 24
185.225.0.0/23 maxlen: 23
185.227.146.0/23 maxlen: 24
185.251.229.0/24 maxlen: 24
193.58.146.0/23 maxlen: 24
Validation: Failed, certificate revoked on Sun 04 Feb 2024 15:27:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:69:4e:ed:ac:4a:7b:b9:26:b4:ce:ce:46:53:4e:fe:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Feb 2 10:13:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=64143c28353f557628e782a6c1c77b3cf06f2223
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:d6:3c:66:82:77:19:98:ed:98:6a:a5:36:5d:
03:87:6c:73:ba:0f:7a:f7:dc:87:2b:c4:64:6e:93:
9e:01:cb:79:92:e5:11:8e:ff:38:09:20:66:86:e4:
d1:81:fc:74:4a:69:44:0b:8c:1a:30:13:ad:dd:81:
2d:ed:c5:42:5b:fd:00:eb:83:21:ce:3c:56:3b:56:
26:9e:83:b1:dc:18:20:72:70:9c:79:ef:1e:de:2b:
d2:ec:cb:fc:9e:4c:35:f9:4f:0e:ba:21:a0:48:29:
98:6f:1f:5a:1d:aa:e6:75:af:9e:37:0e:d5:7e:bf:
2f:79:50:1d:aa:97:cf:36:0e:3e:00:24:7c:b8:4f:
61:0e:59:15:60:6e:6e:1b:a8:f1:01:f8:6f:77:79:
1e:03:5d:f3:b5:3c:3c:ad:83:96:e3:af:47:96:c1:
d3:3e:59:88:4f:ef:81:9c:4d:59:49:77:71:f6:a6:
a4:c4:dc:23:39:1f:31:be:af:c1:7c:56:b0:d5:47:
5c:16:76:6c:57:c6:2d:87:00:e8:0a:a5:84:fb:6e:
a0:57:57:3e:da:10:15:c8:e9:1d:12:c7:b3:ab:2b:
8e:c2:dd:ef:cb:45:d7:45:c8:cf:80:ae:00:96:77:
53:4a:46:93:15:15:7c:e5:2f:52:ca:09:cf:fa:4b:
97:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:14:3C:28:35:3F:55:76:28:E7:82:A6:C1:C7:7B:3C:F0:6F:22:23
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ZBQ8KDU_VXYo54Kmwcd7PPBvIiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.21.0/24
185.220.248.0/24
185.220.250.0/23
185.223.82.0/24
185.225.0.0/23
185.227.146.0/23
185.251.229.0/24
193.58.146.0/23
Signature Algorithm: sha256WithRSAEncryption
a3:0f:92:97:37:e0:e4:84:2f:7c:02:8f:48:16:84:ce:7d:fe:
fd:2a:74:7d:9d:eb:29:ab:68:c5:98:1b:ed:37:cb:d7:3a:3b:
10:53:49:8a:e9:66:62:9c:72:53:54:53:27:ee:e1:b2:a4:e4:
53:3b:82:24:23:71:ec:e3:ac:fb:13:1a:3f:e3:ca:a1:d2:ee:
29:2f:4d:ab:10:c2:8d:70:bf:ac:8f:c3:0a:8c:89:8f:d9:66:
b3:9b:d2:db:8a:eb:20:6c:c7:e1:d4:e8:87:60:80:33:23:ea:
d7:9a:c2:92:52:03:af:eb:bf:74:7d:27:83:e8:7f:65:d7:f5:
c0:09:58:10:02:0d:5b:5d:13:74:29:49:e0:c5:ef:5c:81:ab:
65:67:ff:fd:50:f0:1c:be:be:51:57:c5:3a:dd:9b:29:7c:7c:
88:95:0f:5a:25:1b:5c:49:21:74:05:77:40:44:09:d8:57:92:
63:40:66:ac:04:3b:ed:c0:70:c6:65:2e:13:42:bd:a1:57:3f:
6f:b1:27:0a:fd:f2:10:eb:01:71:ea:f3:74:75:c1:e2:8d:f1:
15:1c:f0:f2:03:12:9e:68:83:d7:b6:94:46:46:6b:eb:77:3e:
1a:b2:50:7c:bb:2d:d0:32:97:d3:4d:3a:fe:8b:78:42:c1:69:
e6:3e:a8:6b
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY1pTu2sSnu5JrTOzkZTTv4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjAyMTAxMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDE0M2MyODM1M2Y1NTc2MjhlNzgyYTZjMWM3N2IzY2YwNmYyMjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9Y8ZoJ3GZjtmGqlNl0Dh2xzug96
99yHK8RkbpOeAct5kuURjv84CSBmhuTRgfx0SmlEC4waMBOt3YEt7cVCW/0A64Mh
zjxWO1YmnoOx3BggcnCcee8e3ivS7Mv8nkw1+U8OuiGgSCmYbx9aHarmda+eNw7V
fr8veVAdqpfPNg4+ACR8uE9hDlkVYG5uG6jxAfhvd3keA13ztTw8rYOW469HlsHT
PlmIT++BnE1ZSXdx9qakxNwjOR8xvq/BfFaw1UdcFnZsV8YthwDoCqWE+26gV1c+
2hAVyOkdEsezqyuOwt3vy0XXRcjPgK4AlndTSkaTFRV85S9SygnP+kuX3wIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGQUPCg1P1V2KOeCpsHHezzwbyIjMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWkJROEtEVV9WWFlvNTRLbXdjZDdQUEJ2SWlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALQgVAwQA
udz4AwQBudz6AwQAud9SAwQBueEAAwQBueOSAwQAufvlAwQBwTqSMA0GCSqGSIb3
DQEBCwUAA4IBAQCjD5KXN+DkhC98Ao9IFoTOff79KnR9nespq2jFmBvtN8vXOjsQ
U0mK6WZinHJTVFMn7uGypORTO4IkI3Hs46z7Exo/48qh0u4pL02rEMKNcL+sj8MK
jImP2Wazm9LbiusgbMfh1OiHYIAzI+rXmsKSUgOv6790fSeD6H9l1/XACVgQAg1b
XRN0KUngxe9cgatlZ//9UPAcvr5RV8U63ZspfHyIlQ9aJRtcSSF0BXdARAnYV5Jj
QGasBDvtwHDGZS4TQr2hVz9vsScK/fIQ6wFx6vN0dcHijfEVHPDyAxKeaIPXtpRG
Rmvrdz4aslB8uy3QMpfTTTr+i3hCwWnmPqhr
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:42 2024 by rpki-client on console-fra.rpki-client.org