Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Qs2ZFHXJtR7kIBaCYcbHhHHN-oE.roa
File: Qs2ZFHXJtR7kIBaCYcbHhHHN-oE.roa (raw, json)
Hash identifier: I57RYCZ9q08KDDsJ5IYd0CZpL18I65uiJxqLYLcG5ak=
Subject key identifier: 42:CD:99:14:75:C9:B5:1E:E4:20:16:82:61:C6:C7:84:71:CD:FA:81
Certificate issuer: /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial: 0188C88DED8762D266E3B8D96339A233FE88
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Qs2ZFHXJtR7kIBaCYcbHhHHN-oE.roa
Signing time: Sat 17 Jun 2023 08:52:04 +0000
ROA not before: Sat 17 Jun 2023 08:52:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 11938
IP address blocks: 85.133.178.0/24 maxlen: 24
85.133.218.0/24 maxlen: 24
85.133.228.0/24 maxlen: 24
85.133.132.0/24 maxlen: 24
85.133.241.0/24 maxlen: 24
85.133.250.0/24 maxlen: 24
85.133.151.0/24 maxlen: 24
85.133.153.0/24 maxlen: 24
Validation: Failed, certificate revoked on Thu 29 Jun 2023 09:20:17 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:c8:8d:ed:87:62:d2:66:e3:b8:d9:63:39:a2:33:fe:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Validity
Not Before: Jun 17 08:52:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=42cd991475c9b51ee420168261c6c78471cdfa81
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:85:ca:d7:2c:e9:f2:f9:f7:65:f7:29:52:8d:
d4:7e:de:71:d5:4a:f0:25:e8:84:2b:ee:a3:d1:86:
0c:96:ff:c5:ac:e6:7b:a9:3b:e4:7b:2d:2d:92:f2:
8c:b7:66:f4:ca:b0:64:03:78:5d:df:81:79:8c:4a:
d2:b1:68:11:00:b1:92:bf:ce:51:2f:24:12:bb:fe:
3d:36:fe:f9:32:3f:40:57:97:87:63:84:ce:c3:6b:
e5:c9:57:c0:70:9d:e3:1c:29:ee:d2:1c:70:da:1a:
b3:02:c1:cc:ce:a2:55:84:7d:5e:00:43:4e:d6:38:
b5:1b:b1:ea:ce:5b:cf:ae:f9:2f:91:1a:5e:31:73:
97:fa:e2:fb:f3:1d:3d:57:da:e5:bc:17:2e:7e:de:
e4:ce:a8:53:4b:92:ed:03:7b:fa:e6:a1:61:23:43:
d9:4b:94:38:02:95:d1:2c:12:8e:3c:10:01:46:3f:
e6:e5:ba:47:e1:70:58:f2:de:d0:13:66:14:0b:fa:
56:b7:cb:45:69:bd:30:81:59:c2:62:81:88:fb:29:
ec:8f:b4:cc:94:00:04:17:3b:37:8c:f0:db:ad:4c:
64:7b:b4:f6:93:95:95:c6:8e:6d:2d:47:87:2f:cb:
6f:96:10:69:02:90:d3:db:45:08:cf:be:75:af:6c:
6c:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:CD:99:14:75:C9:B5:1E:E4:20:16:82:61:C6:C7:84:71:CD:FA:81
X509v3 Authority Key Identifier:
keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/Qs2ZFHXJtR7kIBaCYcbHhHHN-oE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.133.132.0/24
85.133.151.0/24
85.133.153.0/24
85.133.178.0/24
85.133.218.0/24
85.133.228.0/24
85.133.241.0/24
85.133.250.0/24
Signature Algorithm: sha256WithRSAEncryption
62:c6:94:87:c1:76:19:cf:30:4a:3f:e1:4f:1a:1e:10:90:eb:
c3:6f:7a:83:e8:92:cb:8f:a6:5c:52:a2:50:8f:9e:fe:2e:b2:
5c:88:ce:31:af:20:13:56:bc:b4:8c:46:1f:af:e8:5d:f4:47:
ff:4f:bf:57:70:d2:c7:76:35:33:bc:13:01:95:05:48:b9:ea:
52:5e:18:81:31:02:3f:6d:c6:92:20:64:df:1f:ad:d6:dc:60:
95:29:be:fe:4e:47:c8:f4:6e:b9:d3:49:72:8f:fe:23:81:04:
76:f1:b6:45:15:94:58:86:e5:61:4f:fa:ca:02:f5:52:9c:cb:
d9:66:32:01:cb:7e:8f:1c:b5:f5:61:71:58:da:7e:31:60:fb:
4a:71:45:0c:12:8d:11:86:16:21:2e:8b:76:ec:42:59:79:ad:
05:40:69:d7:bc:db:24:fa:73:7a:1f:30:7c:eb:ca:98:6a:a7:
86:41:22:a5:3b:db:bc:40:bf:78:9e:0f:a2:0c:f2:84:de:d3:
09:d5:47:1e:e3:95:33:b0:ff:44:e3:3f:a5:64:db:e2:25:41:
ec:22:5b:85:f1:0e:75:f8:53:1b:97:f5:65:9d:4c:a4:49:d8:
fa:92:b0:45:fd:32:f5:54:42:5c:12:b6:40:1e:bf:b2:b0:bf:
c0:c3:2d:37
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYjIje2HYtJm47jZYzmiM/6IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjMwNjE3MDg1MjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MmNkOTkxNDc1YzliNTFlZTQyMDE2ODI2MWM2Yzc4NDcxY2RmYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioXK1yzp8vn3ZfcpUo3Uft5x1Urw
JeiEK+6j0YYMlv/FrOZ7qTvkey0tkvKMt2b0yrBkA3hd34F5jErSsWgRALGSv85R
LyQSu/49Nv75Mj9AV5eHY4TOw2vlyVfAcJ3jHCnu0hxw2hqzAsHMzqJVhH1eAENO
1ji1G7HqzlvPrvkvkRpeMXOX+uL78x09V9rlvBcuft7kzqhTS5LtA3v65qFhI0PZ
S5Q4ApXRLBKOPBABRj/m5bpH4XBY8t7QE2YUC/pWt8tFab0wgVnCYoGI+ynsj7TM
lAAEFzs3jPDbrUxke7T2k5WVxo5tLUeHL8tvlhBpApDT20UIz751r2xscQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFELNmRR1ybUe5CAWgmHGx4RxzfqBMB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvUXMyWkZIWEp0UjdrSUJhQ1ljYkhoSEhOLW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAVYWEAwQA
VYWXAwQAVYWZAwQAVYWyAwQAVYXaAwQAVYXkAwQAVYXxAwQAVYX6MA0GCSqGSIb3
DQEBCwUAA4IBAQBixpSHwXYZzzBKP+FPGh4QkOvDb3qD6JLLj6ZcUqJQj57+LrJc
iM4xryATVry0jEYfr+hd9Ef/T79XcNLHdjUzvBMBlQVIuepSXhiBMQI/bcaSIGTf
H63W3GCVKb7+TkfI9G6500lyj/4jgQR28bZFFZRYhuVhT/rKAvVSnMvZZjIBy36P
HLX1YXFY2n4xYPtKcUUMEo0RhhYhLot27EJZea0FQGnXvNsk+nN6HzB868qYaqeG
QSKlO9u8QL94ng+iDPKE3tMJ1Uce45UzsP9E4z+lZNviJUHsIluF8Q51+FMbl/Vl
nUykSdj6krBF/TL1VEJcErZAHr+ysL/Awy03
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:01 2024 by rpki-client on console-ams.rpki-client.org