Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/CToemh60PHN1DRB87nDZP7xLJ9o.roa
File: CToemh60PHN1DRB87nDZP7xLJ9o.roa (raw, json)
Hash identifier: Amqk917I3mLDdwWLzLAFJDaZlUTbBq9g1391ieGBLac=
Subject key identifier: 09:3A:1E:9A:1E:B4:3C:73:75:0D:10:7C:EE:70:D9:3F:BC:4B:27:DA
Certificate issuer: /CN=89b332d57ce14fab1ebd746817dd701062c74a88
Certificate serial: 018C5A0B1AD2DDB0FF716FDFE1F62D3C92A6
Authority key identifier: 89:B3:32:D5:7C:E1:4F:AB:1E:BD:74:68:17:DD:70:10:62:C7:4A:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/CToemh60PHN1DRB87nDZP7xLJ9o.roa
Signing time: Mon 11 Dec 2023 18:02:06 +0000
ROA not before: Mon 11 Dec 2023 18:02:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34572
IP address blocks: 83.173.72.0/21 maxlen: 21
83.173.80.0/21 maxlen: 21
83.173.88.0/21 maxlen: 24
83.173.96.0/21 maxlen: 21
83.173.112.0/22 maxlen: 24
83.173.115.0/24 maxlen: 24
185.170.151.0/24 maxlen: 24
83.173.64.0/21 maxlen: 21
83.173.64.0/19 maxlen: 19
2a02:6100::/32 maxlen: 32
Validation: Failed, certificate revoked on Tue 12 Dec 2023 14:37:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:5a:0b:1a:d2:dd:b0:ff:71:6f:df:e1:f6:2d:3c:92:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=89b332d57ce14fab1ebd746817dd701062c74a88
Validity
Not Before: Dec 11 18:02:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=093a1e9a1eb43c73750d107cee70d93fbc4b27da
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:ab:94:51:3d:65:cc:ac:98:02:f1:0a:6f:b3:
8a:bd:fc:47:7d:cd:de:4f:7d:36:68:98:ea:6b:83:
3e:68:cc:f8:7f:6f:b9:88:48:3d:32:26:6f:00:da:
25:d3:4e:39:19:4e:f4:cc:60:04:13:37:e4:60:c3:
cc:a9:40:9d:62:5f:d4:70:00:04:7d:67:f0:d3:cd:
ea:99:17:3f:fa:47:6e:1a:36:51:e8:49:29:13:b5:
1b:2a:f0:96:c5:ac:08:57:70:7d:a5:95:4a:b4:58:
ee:4b:b1:42:13:36:b1:59:8b:b7:f4:83:bd:ea:c6:
9d:c5:a8:94:23:c8:9b:23:e7:e0:30:a3:e7:59:4f:
5c:8c:e4:a9:9d:38:e1:0f:4a:93:1c:ce:18:ea:be:
ed:c4:3a:e4:3f:02:44:00:37:c4:1f:03:37:60:a8:
00:b9:77:b7:23:d3:12:15:89:c4:61:90:2b:57:ff:
34:3c:ee:ff:a5:1c:ed:f1:45:58:d2:26:08:77:6d:
b0:a6:fc:0b:ca:17:14:3f:4a:f2:c9:3d:b9:41:79:
43:cc:77:e1:5a:34:85:4d:6f:22:c6:7c:b4:38:34:
be:1d:62:69:0f:f4:86:8b:f2:20:76:2f:ec:d0:9f:
84:ba:0b:1b:e3:cf:95:5e:5c:ad:7e:50:54:9a:4e:
25:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:3A:1E:9A:1E:B4:3C:73:75:0D:10:7C:EE:70:D9:3F:BC:4B:27:DA
X509v3 Authority Key Identifier:
keyid:89:B3:32:D5:7C:E1:4F:AB:1E:BD:74:68:17:DD:70:10:62:C7:4A:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ibMy1XzhT6sevXRoF91wEGLHSog.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/CToemh60PHN1DRB87nDZP7xLJ9o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/81719d-467c-4af7-a824-46a0df774fe1/1/ibMy1XzhT6sevXRoF91wEGLHSog.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.173.64.0-83.173.103.255
83.173.112.0/22
185.170.151.0/24
IPv6:
2a02:6100::/32
Signature Algorithm: sha256WithRSAEncryption
86:e9:e7:74:a7:26:d8:66:56:0a:a6:b3:e3:88:05:ac:50:3a:
5a:4c:bc:d1:e4:49:2f:4f:a6:f6:b2:5f:98:af:a7:01:8a:39:
25:74:bb:bd:ff:51:e5:42:77:4e:07:83:ca:d4:ae:92:29:88:
ed:54:a5:1f:47:0d:0d:59:e6:84:24:88:03:39:9a:2e:ed:eb:
8f:65:92:8c:71:86:3b:38:cb:64:ab:c8:15:2f:12:f4:b6:cb:
6e:35:2c:89:d0:da:b2:a7:e9:c2:4e:64:8c:35:6d:d5:2e:bc:
61:0c:58:a5:3f:44:df:a8:5e:58:3f:af:3a:63:3f:40:cf:e0:
c4:c9:12:2b:d4:9b:d3:76:bf:30:8a:2e:8c:27:c7:ca:14:41:
d4:70:32:c4:ef:b0:30:e5:a7:1a:2e:85:25:78:64:1b:75:f2:
9a:94:5d:f4:bd:86:fa:3d:bf:da:a6:f1:ff:38:d5:a2:21:14:
02:67:f5:99:28:22:91:51:7b:ec:ee:f3:50:94:91:dd:5c:98:
91:83:0e:ff:c7:dc:c1:14:08:61:3f:16:06:95:db:f8:86:4e:
ba:5b:57:12:04:24:07:80:0d:8f:9a:1d:6f:76:38:5e:21:05:
db:3a:55:8e:de:c2:74:05:cf:84:44:3b:db:49:4c:02:14:6e:
4a:a3:15:a9
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYxaCxrS3bD/cW/f4fYtPJKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5YjMzMmQ1N2NlMTRmYWIxZWJkNzQ2ODE3ZGQ3MDEwNjJj
NzRhODgwHhcNMjMxMjExMTgwMjA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNhMWU5YTFlYjQzYzczNzUwZDEwN2NlZTcwZDkzZmJjNGIyN2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKuUUT1lzKyYAvEKb7OKvfxHfc3e
T302aJjqa4M+aMz4f2+5iEg9MiZvANol0045GU70zGAEEzfkYMPMqUCdYl/UcAAE
fWfw083qmRc/+kduGjZR6EkpE7UbKvCWxawIV3B9pZVKtFjuS7FCEzaxWYu39IO9
6sadxaiUI8ibI+fgMKPnWU9cjOSpnTjhD0qTHM4Y6r7txDrkPwJEADfEHwM3YKgA
uXe3I9MSFYnEYZArV/80PO7/pRzt8UVY0iYId22wpvwLyhcUP0ryyT25QXlDzHfh
WjSFTW8ixny0ODS+HWJpD/SGi/Igdi/s0J+Eugsb48+VXlytflBUmk4lmQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFAk6HpoetDxzdQ0QfO5w2T+8SyfaMB8GA1UdIwQY
MBaAFImzMtV84U+rHr10aBfdcBBix0qIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWJNeTFYemhUNnNldlhSb0Y5MXdFR0xIU29nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84MTcxOWQtNDY3Yy00YWY3LWE4MjQt
NDZhMGRmNzc0ZmUxLzEvQ1RvZW1oNjBQSE4xRFJCODduRFpQN3hMSjlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84MTcxOWQtNDY3Yy00YWY3LWE4MjQtNDZhMGRmNzc0ZmUx
LzEvaWJNeTFYemhUNnNldlhSb0Y5MXdFR0xIU29nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaMAwDBAZTrUAD
BANTrWADBAJTrXADBAC5qpcwDQQCAAIwBwMFACoCYQAwDQYJKoZIhvcNAQELBQAD
ggEBAIbp53SnJthmVgqms+OIBaxQOlpMvNHkSS9PpvayX5ivpwGKOSV0u73/UeVC
d04Hg8rUrpIpiO1UpR9HDQ1Z5oQkiAM5mi7t649lkoxxhjs4y2SryBUvEvS2y241
LInQ2rKn6cJOZIw1bdUuvGEMWKU/RN+oXlg/rzpjP0DP4MTJEivUm9N2vzCKLown
x8oUQdRwMsTvsDDlpxouhSV4ZBt18pqUXfS9hvo9v9qm8f841aIhFAJn9ZkoIpFR
e+zu81CUkd1cmJGDDv/H3MEUCGE/FgaV2/iGTrpbVxIEJAeADY+aHW92OF4hBds6
VY7ewnQFz4REO9tJTAIUbkqjFak=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:56:53 2024 by rpki-client on console-fra.rpki-client.org