Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/89abb8-636d-4084-81a0-c63adb6ee5d9/1/NtZ-BpcekPBsY9tuIp_Ad-npDIw.roa
File: NtZ-BpcekPBsY9tuIp_Ad-npDIw.roa (raw, json)
Hash identifier: cMvrXFP5hd4a3k0uMBuP0mVJFY+YqGJ7US/qCKafF88=
Subject key identifier: 36:D6:7E:06:97:1E:90:F0:6C:63:DB:6E:22:9F:C0:77:E9:E9:0C:8C
Certificate issuer: /CN=9bea3a3a4a3606c7396f15f501ac5c641785750c
Certificate serial: 018CC5DC49525E77F57736E9B02D5B0368A4
Authority key identifier: 9B:EA:3A:3A:4A:36:06:C7:39:6F:15:F5:01:AC:5C:64:17:85:75:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/m-o6Oko2Bsc5bxX1AaxcZBeFdQw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e8/89abb8-636d-4084-81a0-c63adb6ee5d9/1/NtZ-BpcekPBsY9tuIp_Ad-npDIw.roa
Signing time: Mon 01 Jan 2024 16:29:57 +0000
ROA not before: Mon 01 Jan 2024 16:29:57 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197524
IP address blocks: 5.22.240.0/21 maxlen: 21
88.133.0.0/17 maxlen: 17
88.133.0.0/19 maxlen: 19
185.9.64.0/22 maxlen: 22
88.133.128.0/20 maxlen: 20
109.199.160.0/19 maxlen: 19
88.133.156.0/22 maxlen: 22
88.133.64.0/19 maxlen: 19
2a01:a980::/29 maxlen: 29
Validation: Failed, certificate revoked on Thu 11 Apr 2024 09:15:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:49:52:5e:77:f5:77:36:e9:b0:2d:5b:03:68:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9bea3a3a4a3606c7396f15f501ac5c641785750c
Validity
Not Before: Jan 1 16:29:57 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=36d67e06971e90f06c63db6e229fc077e9e90c8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:73:fd:27:c8:25:2b:43:04:86:b5:47:4d:1f:
9a:7c:10:9b:25:b5:ab:7f:ec:b7:a3:67:c0:a9:82:
ff:54:29:93:f9:25:91:9a:1b:f2:b2:58:10:31:2f:
1f:a5:bd:34:1a:8f:82:b8:49:25:79:0e:14:4a:46:
44:62:5f:08:54:0a:26:6e:14:e9:3b:ef:e6:8a:cc:
6c:02:60:9a:1f:50:43:4d:f9:87:f8:c7:79:2b:f0:
e3:13:e0:f2:24:60:e6:1c:1f:cf:1d:f8:23:6a:1e:
fd:c1:f5:ec:4b:fa:df:71:ea:d1:2d:90:7d:70:82:
e0:b6:d0:56:c3:16:bf:e4:08:ef:16:83:45:a1:d9:
9d:88:e1:e0:c2:6f:d4:e9:94:b3:c4:80:d7:69:72:
f7:5a:52:00:0b:f2:27:c7:99:bd:70:81:f4:5b:64:
71:7f:ad:cf:30:4a:2f:69:6b:b3:18:6b:e2:7d:14:
62:42:12:8e:3f:95:a5:d1:64:76:36:14:1f:be:47:
c3:77:c5:28:60:20:af:27:8a:bf:3e:9e:f8:b0:89:
15:36:ef:c8:c6:32:b9:47:fa:ef:04:21:43:dc:d7:
f0:30:db:38:d7:48:70:85:1b:90:78:56:90:e6:5d:
0d:14:2c:cf:f1:ef:45:dc:79:ab:35:30:73:fa:c0:
10:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:D6:7E:06:97:1E:90:F0:6C:63:DB:6E:22:9F:C0:77:E9:E9:0C:8C
X509v3 Authority Key Identifier:
keyid:9B:EA:3A:3A:4A:36:06:C7:39:6F:15:F5:01:AC:5C:64:17:85:75:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m-o6Oko2Bsc5bxX1AaxcZBeFdQw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/89abb8-636d-4084-81a0-c63adb6ee5d9/1/NtZ-BpcekPBsY9tuIp_Ad-npDIw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/89abb8-636d-4084-81a0-c63adb6ee5d9/1/m-o6Oko2Bsc5bxX1AaxcZBeFdQw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.240.0/21
88.133.0.0-88.133.143.255
88.133.156.0/22
109.199.160.0/19
185.9.64.0/22
IPv6:
2a01:a980::/29
Signature Algorithm: sha256WithRSAEncryption
2e:ec:78:b9:9d:85:ab:9b:80:6b:70:ed:ba:fe:06:0a:b6:1a:
1d:21:42:3c:1d:17:29:ca:a8:0a:97:e0:46:c4:a2:03:80:0b:
94:81:8c:88:4b:60:70:16:01:dc:c4:32:85:20:2a:14:1d:10:
0d:03:1e:88:5e:c0:87:62:e6:3f:53:7a:e5:34:88:ff:59:57:
78:9f:a5:f0:b9:af:2d:98:ea:14:bf:44:65:38:d4:28:9e:19:
05:e0:3c:cc:a0:30:c7:87:58:d6:e9:91:04:ff:58:9d:c3:9d:
80:da:9a:aa:78:52:38:60:e1:b8:98:39:36:e9:5a:2e:53:46:
61:e8:ae:54:19:49:c5:27:29:25:03:27:10:f8:4e:0a:c1:fc:
48:be:db:48:1a:ca:57:ea:d2:5d:18:63:e6:82:d2:1b:f6:3c:
5e:3f:b6:2a:25:34:25:e4:4b:26:95:40:7a:a4:85:25:77:55:
97:72:a5:00:db:73:be:19:7d:63:54:f7:13:af:64:6c:f9:aa:
e6:6f:08:a8:b0:39:f7:ea:36:9e:d7:35:5e:2e:ec:60:68:0a:
bc:77:83:58:04:8b:60:c8:b8:20:d5:0a:2b:9e:18:50:b0:eb:
8b:db:bd:69:6c:e5:71:08:45:43:9e:11:bc:a1:02:e2:b8:b2:
08:c5:0c:c0
-----BEGIN CERTIFICATE-----
MIIFKzCCBBOgAwIBAgISAYzF3ElSXnf1dzbpsC1bA2ikMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliZWEzYTNhNGEzNjA2YzczOTZmMTVmNTAxYWM1YzY0MTc4
NTc1MGMwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmQ2N2UwNjk3MWU5MGYwNmM2M2RiNmUyMjlmYzA3N2U5ZTkwYzhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnP9J8glK0MEhrVHTR+afBCbJbWr
f+y3o2fAqYL/VCmT+SWRmhvyslgQMS8fpb00Go+CuEkleQ4USkZEYl8IVAombhTp
O+/misxsAmCaH1BDTfmH+Md5K/DjE+DyJGDmHB/PHfgjah79wfXsS/rfcerRLZB9
cILgttBWwxa/5AjvFoNFodmdiOHgwm/U6ZSzxIDXaXL3WlIAC/Inx5m9cIH0W2Rx
f63PMEovaWuzGGvifRRiQhKOP5Wl0WR2NhQfvkfDd8UoYCCvJ4q/Pp74sIkVNu/I
xjK5R/rvBCFD3NfwMNs410hwhRuQeFaQ5l0NFCzP8e9F3HmrNTBz+sAQZwIDAQAB
o4ICNzCCAjMwHQYDVR0OBBYEFDbWfgaXHpDwbGPbbiKfwHfp6QyMMB8GA1UdIwQY
MBaAFJvqOjpKNgbHOW8V9QGsXGQXhXUMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbS1vNk9rbzJCc2M1YnhYMUFheGNaQmVGZFF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84OWFiYjgtNjM2ZC00MDg0LTgxYTAt
YzYzYWRiNmVlNWQ5LzEvTnRaLUJwY2VrUEJzWTl0dUlwX0FkLW5wREl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84OWFiYjgtNjM2ZC00MDg0LTgxYTAtYzYzYWRiNmVlNWQ5
LzEvbS1vNk9rbzJCc2M1YnhYMUFheGNaQmVGZFF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME0GCCsGAQUFBwEHAQH/BD4wPDArBAIAATAlAwQDBRbwMAsD
AwBYhQMEBFiFgAMEAliFnAMEBW3HoAMEArkJQDANBAIAAjAHAwUDKgGpgDANBgkq
hkiG9w0BAQsFAAOCAQEALux4uZ2Fq5uAa3Dtuv4GCrYaHSFCPB0XKcqoCpfgRsSi
A4ALlIGMiEtgcBYB3MQyhSAqFB0QDQMeiF7Ah2LmP1N65TSI/1lXeJ+l8LmvLZjq
FL9EZTjUKJ4ZBeA8zKAwx4dY1umRBP9YncOdgNqaqnhSOGDhuJg5NulaLlNGYeiu
VBlJxScpJQMnEPhOCsH8SL7bSBrKV+rSXRhj5oLSG/Y8Xj+2KiU0JeRLJpVAeqSF
JXdVl3KlANtzvhl9Y1T3E69kbPmq5m8IqLA59+o2ntc1Xi7sYGgKvHeDWASLYMi4
INUKK54YULDri9u9aWzlcQhFQ54RvKEC4riyCMUMwA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:16 2024 by rpki-client on console-ams.rpki-client.org