Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/1nOQz3DG3WvUemSiobbznZutn3g.roa
File: 1nOQz3DG3WvUemSiobbznZutn3g.roa (raw, json)
Hash identifier: ZubIXaeRzvTpxgkhfVwDjU9LYgM876rPH1qDqfNrk+I=
Subject key identifier: D6:73:90:CF:70:C6:DD:6B:D4:7A:64:A2:A1:B6:F3:9D:9B:AD:9F:78
Certificate issuer: /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial: 018ADCB62870F6BB81CF57C8A4BB963B596F
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/1nOQz3DG3WvUemSiobbznZutn3g.roa
Signing time: Thu 28 Sep 2023 16:53:59 +0000
ROA not before: Thu 28 Sep 2023 16:53:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208485
IP address blocks: 91.92.33.0/24 maxlen: 24
93.152.206.0/24 maxlen: 24
91.92.49.0/24 maxlen: 24
93.152.211.0/24 maxlen: 24
93.152.209.0/24 maxlen: 24
93.152.217.0/24 maxlen: 24
93.152.216.0/24 maxlen: 24
45.141.235.0/24 maxlen: 24
93.152.230.0/24 maxlen: 24
Validation: Failed, certificate revoked on Fri 29 Sep 2023 07:56:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:dc:b6:28:70:f6:bb:81:cf:57:c8:a4:bb:96:3b:59:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Validity
Not Before: Sep 28 16:53:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d67390cf70c6dd6bd47a64a2a1b6f39d9bad9f78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:2c:33:c5:25:62:3d:68:0e:76:b1:bd:ee:26:
b0:22:68:b9:48:b7:cd:74:3f:e9:e8:d5:ac:af:48:
20:e0:1a:26:6f:05:eb:be:7c:3f:be:78:7d:5e:c9:
4e:52:fc:c7:0f:23:2a:d5:fe:e0:f0:11:5a:5f:00:
0c:aa:94:75:cc:b1:05:0f:96:d5:94:64:43:0c:49:
d7:6e:e9:9c:e4:0f:2a:d7:48:7e:07:d1:0f:54:34:
e7:b5:ab:aa:ee:d2:ad:10:b6:1f:fa:0a:b4:f0:d3:
92:1e:29:d0:8e:8b:95:41:c4:1a:30:44:f3:07:f6:
6a:23:9a:0b:a5:6c:ee:9e:6d:3d:05:f4:e0:43:c8:
72:05:6d:1f:44:75:a6:2c:9c:4b:ca:e9:2c:3c:41:
8b:84:3d:25:6b:da:49:d7:5e:38:33:d4:0b:2b:d3:
e2:01:37:a5:d2:0a:01:75:31:7e:43:4d:61:7f:16:
0b:f2:fd:a5:f5:c0:63:00:bf:eb:7d:a6:71:4f:fa:
e0:ea:36:ce:6c:94:bb:ae:bc:6a:11:0b:f6:1d:51:
c7:6a:bb:7d:37:29:1b:1e:2f:82:10:5e:97:c7:f9:
97:5b:4d:0a:1a:5a:86:06:e4:2f:06:25:36:50:ac:
d1:57:f2:77:e7:73:c5:7c:43:cb:c7:ad:e8:01:19:
b8:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:73:90:CF:70:C6:DD:6B:D4:7A:64:A2:A1:B6:F3:9D:9B:AD:9F:78
X509v3 Authority Key Identifier:
keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/1nOQz3DG3WvUemSiobbznZutn3g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.235.0/24
91.92.33.0/24
91.92.49.0/24
93.152.206.0/24
93.152.209.0/24
93.152.211.0/24
93.152.216.0/23
93.152.230.0/24
Signature Algorithm: sha256WithRSAEncryption
2c:c7:55:a1:87:95:ce:84:11:e5:a8:bf:95:eb:ce:a0:72:62:
ae:c8:9e:f2:96:ef:4c:28:ea:65:79:3d:6e:80:61:01:27:e8:
e5:55:3d:36:22:d9:ed:64:cf:81:13:91:a1:c6:f7:07:67:30:
66:91:d6:c6:55:f6:12:0b:fc:ad:1c:40:f9:37:f9:18:44:81:
d1:f9:c2:57:47:04:cc:d5:6e:52:46:3b:b5:21:e5:69:cc:55:
ad:cb:d5:38:24:1e:97:53:e5:21:cf:ba:12:7c:7a:61:af:00:
24:b2:7b:a9:b2:f0:cf:76:59:60:ed:d8:f2:5f:80:5c:c6:e4:
e7:7f:7e:1c:40:64:12:1a:4f:17:f8:ab:1c:a3:73:14:77:85:
50:03:58:47:6e:6e:4a:8c:e7:76:dd:34:59:6c:3e:65:be:31:
c7:0a:32:78:11:3f:66:b1:69:8c:58:84:55:4f:b5:b9:0a:a5:
27:5a:8a:d5:59:2b:d6:1b:f4:c0:98:29:cc:82:bb:78:cc:9c:
be:cd:af:f8:eb:97:0a:ce:72:0f:1c:cd:28:85:f9:59:12:d8:
5a:9a:85:34:e7:9a:79:4d:8b:30:ae:38:0a:d2:29:94:5a:b6:
79:3d:5e:dd:13:4a:a0:31:c1:a5:7b:33:06:9d:b6:50:22:fd:
e6:51:7e:ac
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYrctihw9ruBz1fIpLuWO1lvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjMwOTI4MTY1MzU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjczOTBjZjcwYzZkZDZiZDQ3YTY0YTJhMWI2ZjM5ZDliYWQ5Zjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSwzxSViPWgOdrG97iawImi5SLfN
dD/p6NWsr0gg4BombwXrvnw/vnh9XslOUvzHDyMq1f7g8BFaXwAMqpR1zLEFD5bV
lGRDDEnXbumc5A8q10h+B9EPVDTntauq7tKtELYf+gq08NOSHinQjouVQcQaMETz
B/ZqI5oLpWzunm09BfTgQ8hyBW0fRHWmLJxLyuksPEGLhD0la9pJ1144M9QLK9Pi
ATel0goBdTF+Q01hfxYL8v2l9cBjAL/rfaZxT/rg6jbObJS7rrxqEQv2HVHHart9
NykbHi+CEF6Xx/mXW00KGlqGBuQvBiU2UKzRV/J353PFfEPLx63oARm47QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFNZzkM9wxt1r1HpkoqG2852brZ94MB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvMW5PUXozREczV3ZVZW1TaW9iYnpuWnV0bjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALY3rAwQA
W1whAwQAW1wxAwQAXZjOAwQAXZjRAwQAXZjTAwQBXZjYAwQAXZjmMA0GCSqGSIb3
DQEBCwUAA4IBAQAsx1Whh5XOhBHlqL+V686gcmKuyJ7ylu9MKOpleT1ugGEBJ+jl
VT02ItntZM+BE5GhxvcHZzBmkdbGVfYSC/ytHED5N/kYRIHR+cJXRwTM1W5SRju1
IeVpzFWty9U4JB6XU+Uhz7oSfHphrwAksnupsvDPdllg7djyX4BcxuTnf34cQGQS
Gk8X+Ksco3MUd4VQA1hHbm5KjOd23TRZbD5lvjHHCjJ4ET9msWmMWIRVT7W5CqUn
WorVWSvWG/TAmCnMgrt4zJy+za/465cKznIPHM0ohflZEthamoU055p5TYswrjgK
0imUWrZ5PV7dE0qgMcGlezMGnbZQIv3mUX6s
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:42 2024 by rpki-client on console-fra.rpki-client.org