Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pfltJ8ae0KBlM05bX1q9-b4CFVc.roa
File: pfltJ8ae0KBlM05bX1q9-b4CFVc.roa (raw, json)
Hash identifier: DridR/ab+kL3hTfjTEZCts+zuI2siIYRWME6QjmyhIo=
Subject key identifier: A5:F9:6D:27:C6:9E:D0:A0:65:33:4E:5B:5F:5A:BD:F9:BE:02:15:57
Certificate issuer: /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial: 018D9D4CF2BCF58A0B978448322BCA338B95
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pfltJ8ae0KBlM05bX1q9-b4CFVc.roa
Signing time: Mon 12 Feb 2024 12:31:22 +0000
ROA not before: Mon 12 Feb 2024 12:31:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29802
IP address blocks: 176.125.248.0/24 maxlen: 24
185.210.232.0/24 maxlen: 24
185.214.102.0/24 maxlen: 24
185.223.80.0/24 maxlen: 24
185.225.0.0/24 maxlen: 24
185.230.65.0/24 maxlen: 24
185.251.231.0/24 maxlen: 24
193.8.114.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 21 Feb 2024 00:06:00 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:9d:4c:f2:bc:f5:8a:0b:97:84:48:32:2b:ca:33:8b:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Validity
Not Before: Feb 12 12:31:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a5f96d27c69ed0a065334e5b5f5abdf9be021557
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:ce:08:60:a8:3c:2c:81:1b:25:e0:eb:79:63:
49:57:02:7e:b1:8d:98:3e:96:a9:e7:ff:ad:e4:b7:
bb:08:4a:05:01:ab:04:6d:99:40:48:97:58:d3:ea:
0f:1a:f5:04:bf:90:32:4c:49:a9:bc:c6:8f:02:84:
76:96:53:43:9e:0b:1c:25:b5:e0:ad:83:6f:b6:8c:
4c:48:26:f2:b3:fc:af:97:74:86:a2:6f:df:23:15:
4c:cc:79:86:6d:97:e2:dd:a1:93:cf:44:68:39:33:
90:a2:d2:fc:d1:7b:e8:2b:85:d0:51:99:7d:ea:de:
68:a6:1d:03:e6:e3:7c:88:15:df:d1:2c:02:e6:d3:
82:8d:26:78:a9:db:a1:3c:77:d2:72:0f:34:7e:93:
ae:63:00:e0:ab:f4:5b:2c:25:5c:91:3d:5b:74:19:
4d:85:e1:82:4a:d7:b7:05:c4:30:a7:19:6e:2a:2b:
cd:8e:45:8e:cd:64:4d:af:52:92:04:0f:53:a7:a2:
c0:58:51:ff:d3:6a:45:61:a8:dc:67:ad:74:c5:5f:
a4:23:77:ec:b7:db:bf:3c:e7:d1:48:f9:6f:36:dc:
1a:8a:d2:ff:39:6f:4d:c5:02:3b:26:c3:9e:ed:3c:
7a:d2:65:b6:c1:b5:74:cb:4a:7f:7d:4b:20:54:f5:
cb:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:F9:6D:27:C6:9E:D0:A0:65:33:4E:5B:5F:5A:BD:F9:BE:02:15:57
X509v3 Authority Key Identifier:
keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/pfltJ8ae0KBlM05bX1q9-b4CFVc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.125.248.0/24
185.210.232.0/24
185.214.102.0/24
185.223.80.0/24
185.225.0.0/24
185.230.65.0/24
185.251.231.0/24
193.8.114.0/24
Signature Algorithm: sha256WithRSAEncryption
30:bc:4a:27:fd:95:3e:95:1d:4a:41:40:4f:0c:65:a6:a7:b2:
f7:be:8c:2c:4a:36:e0:66:f3:f8:52:66:d6:80:16:a9:d5:75:
a2:40:62:65:75:16:fb:e5:6a:d9:ff:39:37:97:92:23:f4:eb:
a5:c7:47:4d:5e:7c:ae:68:87:ce:fe:ea:32:7e:63:52:b8:b3:
4f:23:42:99:d9:24:fb:be:6b:7d:e8:b9:0e:d5:02:37:ca:45:
ed:b3:f6:b3:23:4c:66:9e:96:7a:25:68:52:e5:9a:55:82:39:
61:2f:4e:aa:79:9f:6d:72:02:ad:8d:4b:83:a9:8e:e3:8f:07:
a3:39:97:ef:5a:91:e4:4e:0a:8e:dd:da:9d:53:95:30:ee:1b:
d3:06:70:62:f7:e5:2e:74:6c:e3:75:4c:b0:55:e8:99:0f:bd:
a2:7a:7a:fb:9a:e0:1f:66:bc:a4:60:e5:cf:6d:50:43:7b:86:
b6:79:6a:a4:ba:00:73:2b:a5:50:1d:1c:96:88:09:9e:e8:43:
f8:71:32:5e:31:b7:fc:18:f6:d8:9a:44:a3:b6:49:03:c9:9d:
f9:7f:87:e1:e7:cc:0d:90:fc:30:ea:37:8b:d4:ca:a8:70:33:
d2:33:46:83:9f:e3:38:a3:31:35:6e:cb:f5:a8:4e:1e:a9:14:
eb:ce:bf:40
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY2dTPK89YoLl4RIMivKM4uVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMjEyMTIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWY5NmQyN2M2OWVkMGEwNjUzMzRlNWI1ZjVhYmRmOWJlMDIxNTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAis4IYKg8LIEbJeDreWNJVwJ+sY2Y
Ppap5/+t5Le7CEoFAasEbZlASJdY0+oPGvUEv5AyTEmpvMaPAoR2llNDngscJbXg
rYNvtoxMSCbys/yvl3SGom/fIxVMzHmGbZfi3aGTz0RoOTOQotL80XvoK4XQUZl9
6t5oph0D5uN8iBXf0SwC5tOCjSZ4qduhPHfScg80fpOuYwDgq/RbLCVckT1bdBlN
heGCSte3BcQwpxluKivNjkWOzWRNr1KSBA9Tp6LAWFH/02pFYajcZ610xV+kI3fs
t9u/POfRSPlvNtwaitL/OW9NxQI7JsOe7Tx60mW2wbV0y0p/fUsgVPXLUwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKX5bSfGntCgZTNOW19avfm+AhVXMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcGZsdEo4YWUwS0JsTTA1YlgxcTktYjRDRlZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAsH34AwQA
udLoAwQAudZmAwQAud9QAwQAueEAAwQAueZBAwQAufvnAwQAwQhyMA0GCSqGSIb3
DQEBCwUAA4IBAQAwvEon/ZU+lR1KQUBPDGWmp7L3vowsSjbgZvP4UmbWgBap1XWi
QGJldRb75WrZ/zk3l5Ij9Oulx0dNXnyuaIfO/uoyfmNSuLNPI0KZ2ST7vmt96LkO
1QI3ykXts/azI0xmnpZ6JWhS5ZpVgjlhL06qeZ9tcgKtjUuDqY7jjwejOZfvWpHk
TgqO3dqdU5Uw7hvTBnBi9+UudGzjdUywVeiZD72ienr7muAfZrykYOXPbVBDe4a2
eWqkugBzK6VQHRyWiAme6EP4cTJeMbf8GPbYmkSjtkkDyZ35f4fh58wNkPww6jeL
1MqocDPSM0aDn+M4ozE1bsv1qE4eqRTrzr9A
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:45:29 2024 by rpki-client on console-ams.rpki-client.org