Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/qe9UYguZpiznz9uaaxhFN0aTlB8.roa
File: qe9UYguZpiznz9uaaxhFN0aTlB8.roa (raw, json)
Hash identifier: wogrNTS0BmlpR6+yTPP8CD3djAcfn9K/Dosh9ZGNGBw=
Subject key identifier: A9:EF:54:62:0B:99:A6:2C:E7:CF:DB:9A:6B:18:45:37:46:93:94:1F
Certificate issuer: /CN=464952bc165441ec6e2e2010c933dc830f361731
Certificate serial: 018D5E0B5D63A2D2548658E355418773ABB3
Authority key identifier: 46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/qe9UYguZpiznz9uaaxhFN0aTlB8.roa
Signing time: Wed 31 Jan 2024 05:43:39 +0000
ROA not before: Wed 31 Jan 2024 05:43:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 20668
IP address blocks: 89.35.0.0/24 maxlen: 24
89.40.42.0/24 maxlen: 24
93.113.128.0/24 maxlen: 24
93.113.205.0/24 maxlen: 24
188.213.35.0/24 maxlen: 24
188.213.50.0/24 maxlen: 24
188.213.213.0/24 maxlen: 24
188.214.150.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 06 Mar 2024 09:02:11 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:5e:0b:5d:63:a2:d2:54:86:58:e3:55:41:87:73:ab:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=464952bc165441ec6e2e2010c933dc830f361731
Validity
Not Before: Jan 31 05:43:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a9ef54620b99a62ce7cfdb9a6b1845374693941f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:e2:e9:fe:73:76:26:32:ba:94:fe:94:a4:31:
2b:45:2c:ac:4e:39:24:fb:53:6e:7f:4f:0f:b9:f7:
62:e9:b4:2f:83:a4:42:8a:a6:80:5b:ac:7b:39:b8:
e1:b3:55:4b:a5:e4:f3:73:3f:e5:8f:4f:46:bd:ce:
7d:8d:67:78:8c:89:f2:a0:3d:16:9c:39:55:87:0b:
1d:01:cd:74:54:ed:3f:0a:06:c3:fa:7e:85:cb:a1:
e0:2e:53:20:b2:52:0a:c9:5c:1d:74:6f:50:e3:fe:
ea:a4:a6:41:e4:63:27:df:73:5b:54:e3:43:f0:53:
28:2d:b5:25:c3:d4:f1:8d:76:ec:68:68:ff:ee:2c:
4a:c5:81:3d:d2:8f:26:28:9a:38:3a:31:91:a2:6c:
f6:f9:79:1e:7b:ac:0f:a0:25:91:e4:0e:98:45:37:
d7:97:52:cc:e3:5b:b5:fd:ab:a8:08:c6:e4:61:31:
47:39:6d:32:1e:c0:0d:a2:e3:60:2b:f1:79:bf:6c:
82:fc:2a:d3:e6:89:67:f2:e5:30:4f:a0:0c:82:09:
8c:37:a9:38:8b:a2:65:36:c3:94:d8:f8:f1:97:19:
7b:db:32:e4:92:31:01:cd:3b:58:74:dc:c2:8c:0d:
ac:df:f7:f7:7f:71:18:70:6c:ef:58:1b:a8:c4:c2:
1c:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:EF:54:62:0B:99:A6:2C:E7:CF:DB:9A:6B:18:45:37:46:93:94:1F
X509v3 Authority Key Identifier:
keyid:46:49:52:BC:16:54:41:EC:6E:2E:20:10:C9:33:DC:83:0F:36:17:31
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RklSvBZUQexuLiAQyTPcgw82FzE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/qe9UYguZpiznz9uaaxhFN0aTlB8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/01058a-4a82-4818-972d-842858122bbc/1/RklSvBZUQexuLiAQyTPcgw82FzE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.35.0.0/24
89.40.42.0/24
93.113.128.0/24
93.113.205.0/24
188.213.35.0/24
188.213.50.0/24
188.213.213.0/24
188.214.150.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:ef:d2:ba:50:e8:f2:0e:5c:a0:f7:59:4a:43:b7:79:37:d1:
94:a2:56:c2:3f:f3:96:b6:71:ff:77:9e:19:a2:ba:16:ea:4e:
48:35:19:f7:bf:f2:2c:58:36:66:ab:74:db:83:53:ce:99:29:
a0:9f:8d:04:60:11:73:f3:d0:04:91:d5:97:7c:97:d9:f2:ea:
69:87:91:16:dd:7c:0d:ff:92:15:61:74:a1:4c:61:d1:92:22:
d6:22:62:1e:48:75:ce:1d:70:a0:c7:ab:d5:d2:14:13:1f:13:
ba:9e:54:ef:45:1f:b2:a1:3c:97:1f:b1:11:00:95:71:34:00:
20:4e:14:f3:34:84:d6:2c:e8:b7:65:fd:3b:08:bb:bf:d8:08:
73:e6:92:72:e1:ba:f3:61:07:cc:4d:eb:8b:45:bb:88:cd:40:
87:62:5d:cb:a5:b9:90:73:67:14:1c:1c:9a:18:71:56:23:f1:
43:63:38:c1:7c:25:d4:39:ca:51:c9:51:f3:b2:2e:30:67:cd:
51:41:8e:81:b8:25:38:0f:b3:4f:cc:94:ad:85:0e:55:49:1a:
72:ae:fe:b0:12:13:87:46:45:38:7c:01:22:8e:b3:70:a9:4c:
a9:9e:b6:ab:90:b9:84:d1:20:93:e6:df:0f:01:75:b2:0a:07:
45:dd:e0:e1
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY1eC11jotJUhljjVUGHc6uzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NDk1MmJjMTY1NDQxZWM2ZTJlMjAxMGM5MzNkYzgzMGYz
NjE3MzEwHhcNMjQwMTMxMDU0MzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWVmNTQ2MjBiOTlhNjJjZTdjZmRiOWE2YjE4NDUzNzQ2OTM5NDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+Lp/nN2JjK6lP6UpDErRSysTjkk
+1Nuf08Pufdi6bQvg6RCiqaAW6x7Objhs1VLpeTzcz/lj09Gvc59jWd4jInyoD0W
nDlVhwsdAc10VO0/CgbD+n6Fy6HgLlMgslIKyVwddG9Q4/7qpKZB5GMn33NbVOND
8FMoLbUlw9TxjXbsaGj/7ixKxYE90o8mKJo4OjGRomz2+Xkee6wPoCWR5A6YRTfX
l1LM41u1/auoCMbkYTFHOW0yHsANouNgK/F5v2yC/CrT5oln8uUwT6AMggmMN6k4
i6JlNsOU2Pjxlxl72zLkkjEBzTtYdNzCjA2s3/f3f3EYcGzvWBuoxMIc1QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFKnvVGILmaYs58/bmmsYRTdGk5QfMB8GA1UdIwQY
MBaAFEZJUrwWVEHsbi4gEMkz3IMPNhcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQt
ODQyODU4MTIyYmJjLzEvcWU5VVlndVpwaXpuejl1YWF4aEZOMGFUbEI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8wMTA1OGEtNGE4Mi00ODE4LTk3MmQtODQyODU4MTIyYmJj
LzEvUmtsU3ZCWlVRZXh1TGlBUXlUUGNndzgyRnpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAWSMAAwQA
WSgqAwQAXXGAAwQAXXHNAwQAvNUjAwQAvNUyAwQAvNXVAwQAvNaWMA0GCSqGSIb3
DQEBCwUAA4IBAQAM79K6UOjyDlyg91lKQ7d5N9GUolbCP/OWtnH/d54ZoroW6k5I
NRn3v/IsWDZmq3Tbg1POmSmgn40EYBFz89AEkdWXfJfZ8upph5EW3XwN/5IVYXSh
TGHRkiLWImIeSHXOHXCgx6vV0hQTHxO6nlTvRR+yoTyXH7ERAJVxNAAgThTzNITW
LOi3Zf07CLu/2Ahz5pJy4brzYQfMTeuLRbuIzUCHYl3LpbmQc2cUHByaGHFWI/FD
YzjBfCXUOcpRyVHzsi4wZ81RQY6BuCU4D7NPzJSthQ5VSRpyrv6wEhOHRkU4fAEi
jrNwqUypnrarkLmE0SCT5t8PAXWyCgdF3eDh
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:38 2024 by rpki-client on console-fra.rpki-client.org