Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/2WcMqQlGkoXa68AH4qcC4m0_mt4.roa
File: 2WcMqQlGkoXa68AH4qcC4m0_mt4.roa (raw, json)
Hash identifier: CrxzxDdW7Hd2rybhxMKRkxr+JLA+2BtKUzSqhNp9wuM=
Subject key identifier: D9:67:0C:A9:09:46:92:85:DA:EB:C0:07:E2:A7:02:E2:6D:3F:9A:DE
Certificate issuer: /CN=89b332d57ce14fab1ebd746817dd701062c74a88
Certificate serial: 018CC795118E14D62892811DD5EE58C3E5BD
Authority key identifier: 89:B3:32:D5:7C:E1:4F:AB:1E:BD:74:68:17:DD:70:10:62:C7:4A:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/2WcMqQlGkoXa68AH4qcC4m0_mt4.roa
Signing time: Tue 02 Jan 2024 00:31:24 +0000
ROA not before: Tue 02 Jan 2024 00:31:24 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34572
IP address blocks: 83.173.72.0/21 maxlen: 21
83.173.80.0/21 maxlen: 21
83.173.88.0/21 maxlen: 24
83.173.96.0/21 maxlen: 21
83.173.112.0/22 maxlen: 24
83.173.115.0/24 maxlen: 24
185.170.150.0/24 maxlen: 24
185.170.151.0/24 maxlen: 24
83.173.64.0/21 maxlen: 21
83.173.64.0/19 maxlen: 19
2a02:6100::/32 maxlen: 32
Validation: Failed, certificate revoked on Thu 14 Mar 2024 08:42:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:95:11:8e:14:d6:28:92:81:1d:d5:ee:58:c3:e5:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89b332d57ce14fab1ebd746817dd701062c74a88
Validity
Not Before: Jan 2 00:31:24 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d9670ca909469285daebc007e2a702e26d3f9ade
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:83:58:da:1d:3f:5b:a9:69:18:31:b8:fb:d1:
b0:55:62:f3:3e:87:90:50:3b:6e:05:ea:cf:a8:d8:
bf:89:bd:ea:d0:1d:6d:6e:66:59:95:8d:1a:37:fa:
ba:16:f0:7c:b2:2e:f4:c5:a5:db:48:e5:d0:65:8a:
ae:38:a3:f3:87:5e:e6:e5:d0:12:04:c4:32:3d:ac:
8c:36:61:9d:a1:d7:03:20:29:54:8a:e6:6f:d6:af:
17:ad:79:41:e0:9f:b9:ac:ae:ef:fd:50:d2:25:70:
bb:8b:43:51:0f:2e:d4:4b:8b:fa:51:df:55:de:9d:
80:a6:f4:8b:46:de:c6:12:4d:84:01:b9:21:78:cc:
c1:28:9d:50:35:7c:97:d3:e8:6c:d3:b0:9b:c8:3e:
57:bb:f9:1d:86:ac:40:04:41:8c:0c:b6:51:89:a4:
5b:c0:a1:b9:c9:83:b4:a7:16:88:39:b6:38:9e:ff:
a4:d3:f6:b8:50:3b:ca:43:ae:a3:58:c3:22:0e:48:
ff:fa:7d:a3:4e:17:a4:18:61:3c:23:b7:3f:3e:94:
06:4c:07:93:2d:1f:ce:f7:18:47:8f:be:25:28:00:
58:42:52:35:1d:d8:25:56:48:96:46:16:4f:4a:7f:
15:e5:21:05:da:b3:33:e2:b3:47:a6:96:ce:49:7c:
c7:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:67:0C:A9:09:46:92:85:DA:EB:C0:07:E2:A7:02:E2:6D:3F:9A:DE
X509v3 Authority Key Identifier:
keyid:89:B3:32:D5:7C:E1:4F:AB:1E:BD:74:68:17:DD:70:10:62:C7:4A:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/2WcMqQlGkoXa68AH4qcC4m0_mt4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/ibMy1XzhT6sevXRoF91wEGLHSog.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.173.64.0-83.173.103.255
83.173.112.0/22
185.170.150.0/23
IPv6:
2a02:6100::/32
Signature Algorithm: sha256WithRSAEncryption
10:6f:65:3d:14:98:d0:a3:d8:1d:ce:d8:23:6f:1f:0f:8f:92:
cb:a4:ef:df:32:62:79:0f:e9:16:97:09:70:a3:c8:bb:3c:25:
2b:71:70:7a:65:20:41:0d:c4:1d:f5:ba:a1:bd:5c:3e:f1:86:
7a:bc:47:44:a7:97:6e:d9:3b:9c:b8:ef:f4:15:ec:2b:9d:dc:
df:8d:5a:fa:d5:3c:6a:a2:9c:e7:cf:85:65:41:28:98:67:c6:
59:6f:1d:35:f6:bd:66:0f:27:55:e2:fc:32:dd:46:7d:03:2a:
bf:e6:77:db:0f:e2:0d:6e:b2:61:b6:0b:c4:cd:0d:ae:f7:3f:
f6:8e:8b:03:e3:6b:cd:51:1b:f3:33:be:d3:15:2e:76:7d:e8:
33:38:7d:2e:e7:51:f3:1a:af:4a:6b:8e:3f:27:c2:e2:75:5e:
01:49:39:4d:63:9b:e6:ef:76:08:82:3c:0d:de:5e:a1:12:b5:
76:0a:b7:c4:7b:26:e5:51:57:56:ef:bc:a1:d6:4c:a2:c5:80:
13:66:8b:60:30:29:65:5c:14:8d:10:3d:99:0b:78:35:0a:f5:
83:b0:e2:67:c5:18:14:b3:c0:5b:aa:02:56:ad:d2:00:ca:2b:
6b:48:db:19:37:90:fc:70:ab:96:cc:e2:cf:e4:51:9b:dd:59:
db:52:86:0c
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYzHlRGOFNYokoEd1e5Yw+W9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YjMzMmQ1N2NlMTRmYWIxZWJkNzQ2ODE3ZGQ3MDEwNjJj
NzRhODgwHhcNMjQwMTAyMDAzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTY3MGNhOTA5NDY5Mjg1ZGFlYmMwMDdlMmE3MDJlMjZkM2Y5YWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgYNY2h0/W6lpGDG4+9GwVWLzPoeQ
UDtuBerPqNi/ib3q0B1tbmZZlY0aN/q6FvB8si70xaXbSOXQZYquOKPzh17m5dAS
BMQyPayMNmGdodcDIClUiuZv1q8XrXlB4J+5rK7v/VDSJXC7i0NRDy7US4v6Ud9V
3p2ApvSLRt7GEk2EAbkheMzBKJ1QNXyX0+hs07CbyD5Xu/kdhqxABEGMDLZRiaRb
wKG5yYO0pxaIObY4nv+k0/a4UDvKQ66jWMMiDkj/+n2jThekGGE8I7c/PpQGTAeT
LR/O9xhHj74lKABYQlI1HdglVkiWRhZPSn8V5SEF2rMz4rNHppbOSXzHdQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFNlnDKkJRpKF2uvAB+KnAuJtP5reMB8GA1UdIwQY
MBaAFImzMtV84U+rHr10aBfdcBBix0qIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWJNeTFYemhUNnNldlhSb0Y5MXdFR0xIU29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84MTcxOWQtNDY3Yy00YWY3LWE4MjQt
NDZhMGRmNzc0ZmUxLzEvMldjTXFRbEdrb1hhNjhBSDRxY0M0bTBfbXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84MTcxOWQtNDY3Yy00YWY3LWE4MjQtNDZhMGRmNzc0ZmUx
LzEvaWJNeTFYemhUNnNldlhSb0Y5MXdFR0xIU29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaMAwDBAZTrUAD
BANTrWADBAJTrXADBAG5qpYwDQQCAAIwBwMFACoCYQAwDQYJKoZIhvcNAQELBQAD
ggEBABBvZT0UmNCj2B3O2CNvHw+Pksuk798yYnkP6RaXCXCjyLs8JStxcHplIEEN
xB31uqG9XD7xhnq8R0Snl27ZO5y47/QV7Cud3N+NWvrVPGqinOfPhWVBKJhnxllv
HTX2vWYPJ1Xi/DLdRn0DKr/md9sP4g1usmG2C8TNDa73P/aOiwPja81RG/MzvtMV
LnZ96DM4fS7nUfMar0prjj8nwuJ1XgFJOU1jm+bvdgiCPA3eXqEStXYKt8R7JuVR
V1bvvKHWTKLFgBNmi2AwKWVcFI0QPZkLeDUK9YOw4mfFGBSzwFuqAlat0gDKK2tI
2xk3kPxwq5bM4s/kUZvdWdtShgw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:52 2024 by rpki-client on console-fra.rpki-client.org