Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/d216ed-9a76-4a93-b6a9-468f498faf1c/1/puuitsQvYrXFMTyizQEvEdzQdac.roa
File: puuitsQvYrXFMTyizQEvEdzQdac.roa (raw, json)
Hash identifier: xxpkrdp/HobXqPO4+1tLUWrgKFr4yqLl1dkWasMU9bQ=
Subject key identifier: A6:EB:A2:B6:C4:2F:62:B5:C5:31:3C:A2:CD:01:2F:11:DC:D0:75:A7
Certificate issuer: /CN=22c5feb2d25fac4dd8baa4f71d8dc2268186a039
Certificate serial: 0190BB9751848A51BDBDF00F370A40D8BD89
Authority key identifier: 22:C5:FE:B2:D2:5F:AC:4D:D8:BA:A4:F7:1D:8D:C2:26:81:86:A0:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsX-stJfrE3YuqT3HY3CJoGGoDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e1/d216ed-9a76-4a93-b6a9-468f498faf1c/1/puuitsQvYrXFMTyizQEvEdzQdac.roa
Signing time: Tue 16 Jul 2024 12:49:34 +0000
ROA not before: Tue 16 Jul 2024 12:49:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48399
IP address blocks: 45.15.254.0/24 maxlen: 24
85.193.70.0/23 maxlen: 23
178.170.223.0/24 maxlen: 24
185.190.116.0/23 maxlen: 23
185.190.118.0/23 maxlen: 23
192.70.196.0/23 maxlen: 23
192.70.198.0/23 maxlen: 23
2a07:ecc0::/30 maxlen: 30
2a07:ecc4::/30 maxlen: 30
Validation: Failed, certificate revoked on Mon 23 Sep 2024 08:35:48 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:bb:97:51:84:8a:51:bd:bd:f0:0f:37:0a:40:d8:bd:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c5feb2d25fac4dd8baa4f71d8dc2268186a039
Validity
Not Before: Jul 16 12:49:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a6eba2b6c42f62b5c5313ca2cd012f11dcd075a7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:7f:af:58:a7:61:e6:a2:92:a1:7b:b6:83:bf:
07:bf:df:99:09:b7:c7:b3:ce:a0:90:5b:d4:31:37:
27:3b:ba:4b:fb:8b:fb:5a:d4:14:7d:d8:0e:cf:ff:
07:1f:b0:a4:e6:c3:cc:89:4c:d9:be:e8:70:b9:56:
e6:ed:59:1e:a9:ed:80:b1:80:8e:1f:84:a8:2d:39:
f2:c0:f6:5a:6f:0e:e7:43:8e:03:0b:81:ca:e1:a5:
29:36:fa:f8:b8:7c:dc:8b:3f:7f:55:aa:85:f4:f1:
e1:ab:e3:14:cd:5a:1d:2b:fe:4c:94:1e:35:f0:ef:
68:e9:f3:02:2e:0b:73:30:a9:50:b0:4d:46:f9:08:
5d:3a:e5:03:ee:55:b6:1b:dc:9f:bd:22:33:fe:ef:
48:cf:db:7e:d7:c4:23:8f:92:0f:c8:f7:1d:39:4d:
90:ef:62:eb:2d:76:9f:f2:e4:10:45:27:2c:2c:bc:
6f:4d:7a:6b:da:f0:57:db:1c:68:de:48:30:c8:b9:
40:90:3e:66:f7:5d:c7:68:38:bb:e4:5c:6e:d5:da:
4a:e3:9a:8d:9d:70:79:60:4c:d1:49:b8:76:10:fd:
40:f1:d9:0f:56:19:de:93:3d:36:cd:60:d3:8e:b8:
b7:18:e5:34:20:a9:35:41:c7:a8:90:1f:48:be:42:
d2:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:EB:A2:B6:C4:2F:62:B5:C5:31:3C:A2:CD:01:2F:11:DC:D0:75:A7
X509v3 Authority Key Identifier:
keyid:22:C5:FE:B2:D2:5F:AC:4D:D8:BA:A4:F7:1D:8D:C2:26:81:86:A0:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsX-stJfrE3YuqT3HY3CJoGGoDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d216ed-9a76-4a93-b6a9-468f498faf1c/1/puuitsQvYrXFMTyizQEvEdzQdac.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/d216ed-9a76-4a93-b6a9-468f498faf1c/1/IsX-stJfrE3YuqT3HY3CJoGGoDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.15.254.0/24
85.193.70.0/23
178.170.223.0/24
185.190.116.0/22
192.70.196.0/22
IPv6:
2a07:ecc0::/29
Signature Algorithm: sha256WithRSAEncryption
28:1d:71:15:db:39:34:4e:2c:81:35:2c:1a:dd:91:9e:4b:85:
52:62:95:0a:85:63:be:8c:36:1b:e5:6e:5d:b1:d4:5b:34:14:
a2:00:95:ab:6a:22:ba:f6:b2:01:39:04:13:80:b8:ed:16:4e:
5e:68:d5:de:db:1a:02:c3:95:1e:70:a6:b4:25:8b:d6:a8:60:
57:86:76:0c:bb:ca:d4:95:5f:dc:41:3f:be:6c:e3:34:11:27:
bc:36:51:e0:1c:ac:65:df:9a:76:cd:bc:7f:3a:99:26:81:cb:
56:26:c7:07:b9:0f:a5:84:2d:3d:e6:5c:79:15:67:a5:5b:b4:
2a:5e:59:0e:bf:6d:f0:75:c4:10:dc:3f:6c:99:c6:d3:c5:93:
8a:6f:15:2e:e0:30:0e:fa:64:62:33:d5:04:ed:5f:79:79:30:
9e:66:2a:7b:51:6b:a1:44:e9:a7:68:fa:57:87:1f:b0:92:47:
67:8e:24:a9:36:a8:0e:c1:13:e5:6a:93:fc:1c:43:40:2d:15:
24:02:fc:ba:1a:98:22:de:65:58:39:a8:3b:89:01:35:26:2d:
5f:c2:8c:e2:8c:e2:b6:de:48:92:3c:32:f6:8b:ef:2d:03:ec:
ca:66:c6:a0:d8:43:88:5c:7b:a2:48:10:2e:25:fe:42:85:09:
cf:28:34:22
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAZC7l1GEilG9vfAPNwpA2L2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzVmZWIyZDI1ZmFjNGRkOGJhYTRmNzFkOGRjMjI2ODE4
NmEwMzkwHhcNMjQwNzE2MTI0OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmViYTJiNmM0MmY2MmI1YzUzMTNjYTJjZDAxMmYxMWRjZDA3NWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxn+vWKdh5qKSoXu2g78Hv9+ZCbfH
s86gkFvUMTcnO7pL+4v7WtQUfdgOz/8HH7Ck5sPMiUzZvuhwuVbm7Vkeqe2AsYCO
H4SoLTnywPZabw7nQ44DC4HK4aUpNvr4uHzciz9/VaqF9PHhq+MUzVodK/5MlB41
8O9o6fMCLgtzMKlQsE1G+QhdOuUD7lW2G9yfvSIz/u9Iz9t+18Qjj5IPyPcdOU2Q
72LrLXaf8uQQRScsLLxvTXpr2vBX2xxo3kgwyLlAkD5m913HaDi75Fxu1dpK45qN
nXB5YEzRSbh2EP1A8dkPVhnekz02zWDTjri3GOU0IKk1QceokB9IvkLSJQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFKbrorbEL2K1xTE8os0BLxHc0HWnMB8GA1UdIwQY
MBaAFCLF/rLSX6xN2Lqk9x2NwiaBhqA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNYLXN0SmZyRTNZdXFUM0hZM0NKb0dHb0RrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9kMjE2ZWQtOWE3Ni00YTkzLWI2YTkt
NDY4ZjQ5OGZhZjFjLzEvcHV1aXRzUXZZclhGTVR5aXpRRXZFZHpRZGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9kMjE2ZWQtOWE3Ni00YTkzLWI2YTktNDY4ZjQ5OGZhZjFj
LzEvSXNYLXN0SmZyRTNZdXFUM0hZM0NKb0dHb0RrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQALQ/+AwQB
VcFGAwQAsqrfAwQCub50AwQCwEbEMA0EAgACMAcDBQMqB+zAMA0GCSqGSIb3DQEB
CwUAA4IBAQAoHXEV2zk0TiyBNSwa3ZGeS4VSYpUKhWO+jDYb5W5dsdRbNBSiAJWr
aiK69rIBOQQTgLjtFk5eaNXe2xoCw5UecKa0JYvWqGBXhnYMu8rUlV/cQT++bOM0
ESe8NlHgHKxl35p2zbx/OpkmgctWJscHuQ+lhC095lx5FWelW7QqXlkOv23wdcQQ
3D9smcbTxZOKbxUu4DAO+mRiM9UE7V95eTCeZip7UWuhROmnaPpXhx+wkkdnjiSp
NqgOwRPlapP8HENALRUkAvy6Gpgi3mVYOag7iQE1Ji1fwozijOK23kiSPDL2i+8t
A+zKZsag2EOIXHuiSBAuJf5ChQnPKDQi
-----END CERTIFICATE-----
Generated at Mon Sep 23 10:48:43 2024 by rpki-client on console-ams.rpki-client.org