Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/nxQvqILtfGG30Wsg9bmprnx-EN0.roa
File: nxQvqILtfGG30Wsg9bmprnx-EN0.roa (raw, json)
Hash identifier: MOZbcHinsZDpSowsyP3DzZpiDz4I97ykTkYG5wRGeeU=
Subject key identifier: 9F:14:2F:A8:82:ED:7C:61:B7:D1:6B:20:F5:B9:A9:AE:7C:7E:10:DD
Certificate issuer: /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial: 018A65D059E1C5C06F58D42F42E5E32146F9
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/nxQvqILtfGG30Wsg9bmprnx-EN0.roa
Signing time: Tue 05 Sep 2023 14:47:47 +0000
ROA not before: Tue 05 Sep 2023 14:47:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3170
IP address blocks: 83.97.16.0/22 maxlen: 24
195.191.218.0/23 maxlen: 24
193.35.56.0/22 maxlen: 24
193.105.188.0/24 maxlen: 24
185.17.196.0/22 maxlen: 24
195.74.52.0/22 maxlen: 24
185.175.90.0/24 maxlen: 24
2a03:ee40::/32 maxlen: 32
2a07:240::/29 maxlen: 48
2a10:4740::/29 maxlen: 48
Validation: Failed, certificate revoked on Sat 23 Sep 2023 10:39:37 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:65:d0:59:e1:c5:c0:6f:58:d4:2f:42:e5:e3:21:46:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
Validity
Not Before: Sep 5 14:47:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9f142fa882ed7c61b7d16b20f5b9a9ae7c7e10dd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:9b:a3:08:53:16:f0:a8:06:a9:03:ab:a6:71:
6b:1a:15:4c:10:01:7b:2f:82:64:14:ff:73:15:75:
b3:72:17:31:b8:c2:48:13:94:4a:0e:fe:22:ab:54:
c3:de:36:ad:7b:d7:09:7b:2f:6f:04:98:b8:46:4e:
a1:fc:7c:f3:3d:39:23:86:e0:58:87:e0:0b:38:23:
b7:3a:f6:9d:8d:6a:a8:21:f1:0b:f5:18:e2:c8:63:
34:74:8a:09:dd:58:83:b7:49:17:e7:6d:46:c3:31:
6b:25:82:b9:8f:3d:6f:3c:33:30:d7:87:7d:9a:1b:
60:1c:9e:89:9b:c4:40:a4:38:15:18:87:99:a8:64:
7e:82:cd:ca:2f:4d:ea:67:bd:48:33:1d:35:d5:5c:
b2:e9:7b:f7:12:4a:3f:0c:b0:f5:c1:e5:65:df:61:
4a:50:5e:bb:fd:9e:fc:0f:d5:d2:b3:9d:d4:32:aa:
8c:76:84:e7:68:87:29:c6:91:78:09:5f:e2:60:12:
df:b1:2b:70:1d:f2:54:37:3b:88:2e:d3:77:25:de:
3d:10:4b:ee:91:c9:a1:96:ac:b5:84:9a:bc:7e:f6:
c6:1a:7d:58:f0:57:78:4e:11:b3:9b:af:25:9f:d4:
d6:67:fb:15:13:73:89:14:73:6c:06:9f:43:c3:d7:
74:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9F:14:2F:A8:82:ED:7C:61:B7:D1:6B:20:F5:B9:A9:AE:7C:7E:10:DD
X509v3 Authority Key Identifier:
keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/nxQvqILtfGG30Wsg9bmprnx-EN0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.97.16.0/22
185.17.196.0/22
185.175.90.0/24
193.35.56.0/22
193.105.188.0/24
195.74.52.0/22
195.191.218.0/23
IPv6:
2a03:ee40::/32
2a07:240::/29
2a10:4740::/29
Signature Algorithm: sha256WithRSAEncryption
52:84:9f:86:5b:d5:2e:5a:2d:1b:82:94:30:a4:57:2f:11:9b:
21:1e:7e:d3:77:0c:2a:39:4f:00:4b:af:50:1f:ae:dc:a2:ca:
32:1c:2b:aa:f1:7b:f0:1f:72:65:fb:22:39:1b:05:5f:80:0d:
bf:01:e8:0d:2e:10:ee:28:88:2b:1f:e7:0a:1f:60:20:a3:e2:
a1:05:29:73:9d:90:c1:54:d1:30:d9:f2:ee:e5:fc:e1:d7:df:
0b:49:96:32:5b:43:75:ea:5c:45:9d:2a:02:38:1b:a4:bb:7d:
56:d3:8e:7a:cd:67:91:0c:59:fb:a6:b3:f0:67:3c:36:14:23:
2e:59:8f:1f:a0:e1:fa:45:2d:06:4a:29:e3:d5:d3:d6:ff:83:
7c:0b:d3:6f:f7:4f:53:94:1e:d7:03:fd:62:93:96:0e:0f:88:
58:da:50:01:8d:aa:60:96:cd:97:ef:ed:6d:2b:16:50:d0:f2:
4e:4a:ef:d5:f2:5c:50:1d:20:16:67:41:d0:bf:34:75:81:01:
49:72:52:d4:0b:cf:f1:8c:e3:fa:f0:33:a2:bf:ff:36:69:c4:
c8:21:c0:47:22:49:0a:4d:9f:48:f1:37:3f:72:df:ad:71:4f:
31:47:27:65:3c:ad:d7:a0:a3:07:94:8e:e9:6b:06:2f:1a:9e:
02:a5:23:5b
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYpl0FnhxcBvWNQvQuXjIUb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjMwOTA1MTQ0NzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjE0MmZhODgyZWQ3YzYxYjdkMTZiMjBmNWI5YTlhZTdjN2UxMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZujCFMW8KgGqQOrpnFrGhVMEAF7
L4JkFP9zFXWzchcxuMJIE5RKDv4iq1TD3jate9cJey9vBJi4Rk6h/HzzPTkjhuBY
h+ALOCO3OvadjWqoIfEL9RjiyGM0dIoJ3ViDt0kX521GwzFrJYK5jz1vPDMw14d9
mhtgHJ6Jm8RApDgVGIeZqGR+gs3KL03qZ71IMx011Vyy6Xv3Eko/DLD1weVl32FK
UF67/Z78D9XSs53UMqqMdoTnaIcpxpF4CV/iYBLfsStwHfJUNzuILtN3Jd49EEvu
kcmhlqy1hJq8fvbGGn1Y8Fd4ThGzm68ln9TWZ/sVE3OJFHNsBp9Dw9d0zQIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFJ8UL6iC7Xxht9FrIPW5qa58fhDdMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvbnhRdnFJTHRmR0czMFdzZzlibXBybngtRU4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzAwBAIAATAqAwQCU2EQAwQC
uRHEAwQAua9aAwQCwSM4AwQAwWm8AwQCw0o0AwQBw7/aMBsEAgACMBUDBQAqA+5A
AwUDKgcCQAMFAyoQR0AwDQYJKoZIhvcNAQELBQADggEBAFKEn4Zb1S5aLRuClDCk
Vy8RmyEeftN3DCo5TwBLr1AfrtyiyjIcK6rxe/AfcmX7IjkbBV+ADb8B6A0uEO4o
iCsf5wofYCCj4qEFKXOdkMFU0TDZ8u7l/OHX3wtJljJbQ3XqXEWdKgI4G6S7fVbT
jnrNZ5EMWfums/BnPDYUIy5Zjx+g4fpFLQZKKePV09b/g3wL02/3T1OUHtcD/WKT
lg4PiFjaUAGNqmCWzZfv7W0rFlDQ8k5K79XyXFAdIBZnQdC/NHWBAUlyUtQLz/GM
4/rwM6K//zZpxMghwEciSQpNn0jxNz9y361xTzFHJ2U8rdegoweUjulrBi8angKl
I1s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:06 2024 by rpki-client on console-ams.rpki-client.org