Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/GZ_kHz0FjLaypJWXCGRfXI0JOVw.roa
File: GZ_kHz0FjLaypJWXCGRfXI0JOVw.roa (raw, json)
Hash identifier: 8l7jtDir+17iIwLVglC4/N9I+FMOjE5pQr6aMMqNfm4=
Subject key identifier: 19:9F:E4:1F:3D:05:8C:B6:B2:A4:95:97:08:64:5F:5C:8D:09:39:5C
Certificate issuer: /CN=34ba9c223241eb80e2bc71853bb7d2e58286bdd3
Certificate serial: 0192AE9B28C0B4A656B0A354FDDFE6DEE06B
Authority key identifier: 34:BA:9C:22:32:41:EB:80:E2:BC:71:85:3B:B7:D2:E5:82:86:BD:D3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NLqcIjJB64DivHGFO7fS5YKGvdM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/GZ_kHz0FjLaypJWXCGRfXI0JOVw.roa
Signing time: Mon 21 Oct 2024 10:24:16 +0000
ROA not before: Mon 21 Oct 2024 10:24:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204877
IP address blocks: 185.141.120.0/22 maxlen: 32
185.141.120.0/23 maxlen: 23
185.141.120.0/24 maxlen: 32
185.141.121.0/24 maxlen: 32
185.141.121.243/32 maxlen: 32
185.141.122.0/23 maxlen: 23
185.141.122.0/24 maxlen: 32
185.141.123.0/24 maxlen: 32
2a0d:ff00::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 21 Oct 2024 12:46:16 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:ae:9b:28:c0:b4:a6:56:b0:a3:54:fd:df:e6:de:e0:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=34ba9c223241eb80e2bc71853bb7d2e58286bdd3
Validity
Not Before: Oct 21 10:24:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=199fe41f3d058cb6b2a4959708645f5c8d09395c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:c4:cf:1a:2a:b3:84:49:27:8c:52:4e:84:db:
8e:ec:2e:6b:c8:c9:17:e8:b7:aa:2b:5e:8e:54:25:
54:ab:33:d7:0a:1e:6b:28:bd:33:5a:6e:03:d3:ee:
6c:d0:38:10:72:18:fb:08:38:b5:ba:47:08:2a:7a:
bc:8a:cd:dc:06:59:13:df:45:cb:35:ff:d9:6f:b6:
11:09:60:7e:74:d2:9d:3e:95:65:de:9d:5f:3a:a1:
47:5f:15:b8:82:b7:54:e2:da:55:e5:93:77:f0:7b:
c1:92:85:a4:31:d2:b0:4a:de:d7:99:bf:1e:cb:ac:
1c:3a:0b:d4:61:fa:c3:ea:1c:48:ad:02:a9:be:d4:
78:d2:35:1b:be:98:94:2d:f2:8d:04:93:c8:cd:a1:
dc:09:80:d9:38:22:50:0b:c1:4e:ec:21:0b:7a:1e:
7d:4b:73:7e:00:22:77:f5:59:fa:8a:95:30:f7:24:
3f:22:40:e6:7f:75:b3:c0:31:1d:14:11:dc:58:45:
e1:aa:59:3f:d7:37:d9:fd:93:65:cf:f2:c4:6c:bc:
0c:b7:81:c8:36:6c:0f:7a:7c:93:01:a2:d3:bd:51:
e0:9f:0e:8b:16:f4:87:e2:bd:15:6e:98:fe:6d:67:
18:d7:2a:1b:e9:ca:6f:be:c9:13:87:ba:23:fe:e3:
88:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:9F:E4:1F:3D:05:8C:B6:B2:A4:95:97:08:64:5F:5C:8D:09:39:5C
X509v3 Authority Key Identifier:
keyid:34:BA:9C:22:32:41:EB:80:E2:BC:71:85:3B:B7:D2:E5:82:86:BD:D3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NLqcIjJB64DivHGFO7fS5YKGvdM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/GZ_kHz0FjLaypJWXCGRfXI0JOVw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/c2ec61-37ab-405b-a6c2-13ee4c8d3082/1/NLqcIjJB64DivHGFO7fS5YKGvdM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.141.120.0/22
IPv6:
2a0d:ff00::/29
Signature Algorithm: sha256WithRSAEncryption
2e:14:a0:9c:95:b8:cd:d3:09:fc:25:8c:0a:dd:6f:50:c1:fe:
f9:dc:37:97:7b:b6:1d:e5:53:65:6c:2b:bb:01:32:74:ca:ca:
f5:be:bd:e8:f1:38:2c:84:62:80:f4:d6:a1:45:ad:7c:52:4a:
d2:55:be:ef:3e:98:62:75:50:15:b2:41:9d:4a:6e:d5:c4:d0:
42:1e:64:d9:f8:f7:39:d2:2b:41:1c:13:32:8d:93:49:06:c4:
2d:b5:41:43:ad:6a:71:3b:61:12:3f:cf:31:ff:a1:36:d7:65:
67:f6:a9:ed:50:27:9a:28:fa:20:93:42:12:27:f3:55:4d:3c:
23:69:ea:ff:71:b5:b8:ff:4c:f7:27:83:d1:f0:53:20:ac:1b:
37:5f:84:c9:15:cd:70:9b:3c:f8:3a:67:6a:dd:e6:d0:3d:d5:
65:7d:99:11:db:51:23:c0:d8:66:3e:93:7f:ae:c2:72:83:e1:
d1:68:7f:ee:dd:41:23:f1:04:f5:33:a2:26:22:d4:2c:7c:a6:
1f:c4:3a:bb:dd:a4:49:65:fe:7e:2c:1e:16:53:29:4b:e9:bc:
6d:4b:8a:8a:b8:33:cb:77:80:b5:3a:c2:fe:46:06:a1:6a:bc:
71:9f:71:21:18:a1:d5:09:ab:97:32:df:8d:4e:8e:fa:40:a0:
2f:51:85:1e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZKumyjAtKZWsKNU/d/m3uBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0YmE5YzIyMzI0MWViODBlMmJjNzE4NTNiYjdkMmU1ODI4
NmJkZDMwHhcNMjQxMDIxMTAyNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTlmZTQxZjNkMDU4Y2I2YjJhNDk1OTcwODY0NWY1YzhkMDkzOTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcTPGiqzhEknjFJOhNuO7C5ryMkX
6LeqK16OVCVUqzPXCh5rKL0zWm4D0+5s0DgQchj7CDi1ukcIKnq8is3cBlkT30XL
Nf/Zb7YRCWB+dNKdPpVl3p1fOqFHXxW4grdU4tpV5ZN38HvBkoWkMdKwSt7Xmb8e
y6wcOgvUYfrD6hxIrQKpvtR40jUbvpiULfKNBJPIzaHcCYDZOCJQC8FO7CELeh59
S3N+ACJ39Vn6ipUw9yQ/IkDmf3WzwDEdFBHcWEXhqlk/1zfZ/ZNlz/LEbLwMt4HI
NmwPenyTAaLTvVHgnw6LFvSH4r0Vbpj+bWcY1yob6cpvvskTh7oj/uOIjwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBmf5B89BYy2sqSVlwhkX1yNCTlcMB8GA1UdIwQY
MBaAFDS6nCIyQeuA4rxxhTu30uWChr3TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkxxY0lqSkI2NERpdkhHRk83ZlM1WUtHdmRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9jMmVjNjEtMzdhYi00MDViLWE2YzIt
MTNlZTRjOGQzMDgyLzEvR1pfa0h6MEZqTGF5cEpXWENHUmZYSTBKT1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9jMmVjNjEtMzdhYi00MDViLWE2YzItMTNlZTRjOGQzMDgy
LzEvTkxxY0lqSkI2NERpdkhHRk83ZlM1WUtHdmRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY14MA0E
AgACMAcDBQMqDf8AMA0GCSqGSIb3DQEBCwUAA4IBAQAuFKCclbjN0wn8JYwK3W9Q
wf753DeXe7Yd5VNlbCu7ATJ0ysr1vr3o8TgshGKA9NahRa18UkrSVb7vPphidVAV
skGdSm7VxNBCHmTZ+Pc50itBHBMyjZNJBsQttUFDrWpxO2ESP88x/6E212Vn9qnt
UCeaKPogk0ISJ/NVTTwjaer/cbW4/0z3J4PR8FMgrBs3X4TJFc1wmzz4Omdq3ebQ
PdVlfZkR21EjwNhmPpN/rsJyg+HRaH/u3UEj8QT1M6ImItQsfKYfxDq73aRJZf5+
LB4WUylL6bxtS4qKuDPLd4C1OsL+Rgaharxxn3EhGKHVCauXMt+NTo76QKAvUYUe
-----END CERTIFICATE-----
Generated at Mon Oct 21 15:40:34 2024 by rpki-client on console-fra.rpki-client.org