Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/u628BvTtAM5HjGrWQ1JxD-lsWJQ.roa
File: u628BvTtAM5HjGrWQ1JxD-lsWJQ.roa (raw, json)
Hash identifier: Xc5FSNPfqiKxFiAScO0wvbo/+niBz8HUuAvvo09F4Mk=
Subject key identifier: BB:AD:BC:06:F4:ED:00:CE:47:8C:6A:D6:43:52:71:0F:E9:6C:58:94
Certificate issuer: /CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Certificate serial: 0189918CBD5476EBBC0BF2733357CD1DE622
Authority key identifier: 2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/u628BvTtAM5HjGrWQ1JxD-lsWJQ.roa
Signing time: Wed 26 Jul 2023 09:34:27 +0000
ROA not before: Wed 26 Jul 2023 09:34:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 91.92.33.0/24 maxlen: 24
91.92.35.0/24 maxlen: 24
91.92.34.0/24 maxlen: 24
93.152.207.0/24 maxlen: 24
91.92.49.0/24 maxlen: 24
93.152.219.0/24 maxlen: 24
45.141.232.0/24 maxlen: 24
93.152.223.0/24 maxlen: 24
212.102.107.0/24 maxlen: 24
Validation: Failed, certificate revoked on Mon 31 Jul 2023 14:56:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:91:8c:bd:54:76:eb:bc:0b:f2:73:33:57:cd:1d:e6:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2d1caa69358f8c98f7a719f2597d5daddbd0018c
Validity
Not Before: Jul 26 09:34:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bbadbc06f4ed00ce478c6ad64352710fe96c5894
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:b4:42:00:df:08:e6:40:52:5d:f3:4d:10:70:
c7:61:5b:60:ad:1d:3d:73:26:3f:f4:20:85:c3:5e:
f9:02:5b:ce:ea:da:22:45:ad:fb:36:0d:90:0a:22:
28:cc:cf:98:75:b8:89:c6:37:41:9c:10:bf:6a:36:
6b:88:f4:54:83:53:8b:bb:fd:c9:ea:e5:7f:ce:92:
0d:6b:89:dc:15:c2:35:de:d1:84:46:1f:c3:33:d9:
9c:d8:07:29:e3:2d:f7:31:7a:6b:aa:2d:5d:88:af:
df:5a:e6:29:14:1b:b6:4d:7e:6b:62:29:ac:52:6b:
88:b0:a5:fb:5d:6e:1a:8a:39:1d:c3:2f:cc:da:fc:
04:c9:05:f0:07:e8:5b:41:fb:3e:6b:33:c5:23:4a:
bb:72:64:43:ff:7d:19:33:49:92:fb:5c:28:f3:b2:
ad:20:5f:ff:e3:21:8d:2e:5b:60:f5:32:18:cd:5c:
80:09:9f:a4:15:1d:f1:a8:1b:ea:e6:a9:86:e9:3a:
1c:38:a8:9f:cd:25:43:d8:10:06:9a:ac:a0:87:41:
37:4b:59:75:fd:dd:71:eb:10:f5:bc:ac:4f:ac:38:
d3:77:30:08:01:10:a2:20:32:3f:c7:f8:7d:f3:85:
d9:bb:d8:bd:ba:47:19:4f:90:75:a7:a3:79:2b:e4:
52:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:AD:BC:06:F4:ED:00:CE:47:8C:6A:D6:43:52:71:0F:E9:6C:58:94
X509v3 Authority Key Identifier:
keyid:2D:1C:AA:69:35:8F:8C:98:F7:A7:19:F2:59:7D:5D:AD:DB:D0:01:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LRyqaTWPjJj3pxnyWX1drdvQAYw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/u628BvTtAM5HjGrWQ1JxD-lsWJQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/df/a93699-188b-470a-96b7-29b085dd23ad/1/LRyqaTWPjJj3pxnyWX1drdvQAYw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.141.232.0/24
91.92.33.0-91.92.35.255
91.92.49.0/24
93.152.207.0/24
93.152.219.0/24
93.152.223.0/24
212.102.107.0/24
Signature Algorithm: sha256WithRSAEncryption
09:c8:9c:f8:81:51:c4:e1:d3:72:f7:89:ed:a2:a2:8d:d2:b0:
45:53:cd:f4:0e:92:fb:c0:44:64:11:c7:c5:d5:0d:18:08:48:
00:f3:06:b1:57:c9:ce:fc:af:33:43:3a:3e:6a:50:ff:9a:a8:
af:f1:ba:bc:30:1a:3e:27:80:f4:d9:9b:29:73:75:2c:92:5a:
8d:d4:be:61:68:da:6d:93:3b:90:76:9c:a4:97:bd:3c:ea:84:
f8:3d:68:5f:f0:18:03:85:d1:da:58:8b:ec:79:f3:5b:c7:78:
29:ff:bd:38:77:c0:8a:22:27:da:dd:6a:61:b9:b9:d9:ad:c7:
a5:ec:e4:f9:5a:a3:ee:99:59:9b:2d:46:00:86:b6:30:29:30:
c0:56:80:87:1e:8f:12:75:66:31:37:6e:52:55:af:2f:11:5c:
be:e8:f0:1e:f6:df:03:16:9e:0e:69:5f:2c:98:43:1d:0d:cc:
bb:97:ad:8f:78:a0:ba:e5:f0:1a:e7:0d:91:23:7b:53:4c:12:
21:c6:b9:13:b5:1e:c0:54:25:de:6c:b3:d8:a1:83:c4:b6:cb:
3b:eb:03:85:51:8c:54:c6:1b:c9:42:f1:20:6f:38:ba:33:80:
7a:81:ff:0d:37:18:6f:e5:c1:8a:f2:78:f6:b5:74:34:e1:48:
b5:21:c0:fb
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYmRjL1Uduu8C/JzM1fNHeYiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMWNhYTY5MzU4ZjhjOThmN2E3MTlmMjU5N2Q1ZGFkZGJk
MDAxOGMwHhcNMjMwNzI2MDkzNDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFkYmMwNmY0ZWQwMGNlNDc4YzZhZDY0MzUyNzEwZmU5NmM1ODk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLRCAN8I5kBSXfNNEHDHYVtgrR09
cyY/9CCFw175AlvO6toiRa37Ng2QCiIozM+YdbiJxjdBnBC/ajZriPRUg1OLu/3J
6uV/zpINa4ncFcI13tGERh/DM9mc2Acp4y33MXprqi1diK/fWuYpFBu2TX5rYims
UmuIsKX7XW4aijkdwy/M2vwEyQXwB+hbQfs+azPFI0q7cmRD/30ZM0mS+1wo87Kt
IF//4yGNLltg9TIYzVyACZ+kFR3xqBvq5qmG6TocOKifzSVD2BAGmqygh0E3S1l1
/d1x6xD1vKxPrDjTdzAIARCiIDI/x/h984XZu9i9ukcZT5B1p6N5K+RSnwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFLutvAb07QDOR4xq1kNScQ/pbFiUMB8GA1UdIwQY
MBaAFC0cqmk1j4yY96cZ8ll9Xa3b0AGMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2Yjct
MjliMDg1ZGQyM2FkLzEvdTYyOEJ2VHRBTTVIakdyV1ExSnhELWxzV0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hOTM2OTktMTg4Yi00NzBhLTk2YjctMjliMDg1ZGQyM2Fk
LzEvTFJ5cWFUV1BqSmozcHhueVdYMWRyZHZRQVl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQALY3oMAwD
BABbXCEDBAJbXCADBABbXDEDBABdmM8DBABdmNsDBABdmN8DBADUZmswDQYJKoZI
hvcNAQELBQADggEBAAnInPiBUcTh03L3ie2ioo3SsEVTzfQOkvvARGQRx8XVDRgI
SADzBrFXyc78rzNDOj5qUP+aqK/xurwwGj4ngPTZmylzdSySWo3UvmFo2m2TO5B2
nKSXvTzqhPg9aF/wGAOF0dpYi+x581vHeCn/vTh3wIoiJ9rdamG5udmtx6Xs5Pla
o+6ZWZstRgCGtjApMMBWgIcejxJ1ZjE3blJVry8RXL7o8B723wMWng5pXyyYQx0N
zLuXrY94oLrl8BrnDZEje1NMEiHGuRO1HsBUJd5ss9ihg8S2yzvrA4VRjFTGG8lC
8SBvOLozgHqB/w03GG/lwYryePa1dDThSLUhwPs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:43 2024 by rpki-client on console-fra.rpki-client.org