Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/3796fa-c02e-45f9-a1a4-622bb4899887/1/RSftKrwBuhFDguyuuveFg32jbVY.roa
File: RSftKrwBuhFDguyuuveFg32jbVY.roa (raw, json)
Hash identifier: Lu1uACZdc27SGtYeoTeC63el2hRvTQ+IMaNWJE+rzow=
Subject key identifier: 45:27:ED:2A:BC:01:BA:11:43:82:EC:AE:BA:F7:85:83:7D:A3:6D:56
Certificate issuer: /CN=0e086b67d8989653baeb68b8d24ab9e9bd0caf2a
Certificate serial: 018572D5A4AC60D564C04619A9E4B675C1C9
Authority key identifier: 0E:08:6B:67:D8:98:96:53:BA:EB:68:B8:D2:4A:B9:E9:BD:0C:AF:2A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DghrZ9iYllO662i40kq56b0Mryo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fe/3796fa-c02e-45f9-a1a4-622bb4899887/1/RSftKrwBuhFDguyuuveFg32jbVY.roa
Signing time: Mon 02 Jan 2023 14:14:41 +0000
ROA not before: Mon 02 Jan 2023 14:14:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51964
IP address blocks: 194.9.145.0/24 maxlen: 24
194.9.141.0/24 maxlen: 24
194.9.142.0/24 maxlen: 24
194.9.149.0/24 maxlen: 24
193.17.48.0/24 maxlen: 24
194.9.166.0/24 maxlen: 24
194.9.164.0/24 maxlen: 24
2a04:1447::/45 maxlen: 45
Validation: Failed, certificate revoked on Tue 02 Jan 2024 06:30:50 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:d5:a4:ac:60:d5:64:c0:46:19:a9:e4:b6:75:c1:c9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0e086b67d8989653baeb68b8d24ab9e9bd0caf2a
Validity
Not Before: Jan 2 14:14:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4527ed2abc01ba114382ecaebaf785837da36d56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d6:60:b3:7f:ef:97:59:75:24:a0:d2:f7:1f:
66:77:32:22:3a:ae:c4:89:53:1b:bd:8e:e5:8c:84:
5d:c9:5c:ec:f1:e5:fb:d2:0a:df:97:7d:01:77:95:
c6:04:56:e5:7f:06:3d:33:82:4e:52:f5:da:1d:e6:
58:7d:66:55:e1:0c:68:7d:c6:03:c7:31:b0:d8:4b:
4b:b2:15:cb:4b:cf:47:a5:89:0b:4e:3d:0b:5a:d3:
76:37:2a:18:b8:26:bc:54:54:99:5d:31:7a:41:d8:
6a:67:13:d3:5f:8c:30:f1:94:af:f2:a8:5e:4a:52:
08:74:c1:12:41:c0:05:8e:b1:d5:e7:50:c8:c4:6b:
41:22:6c:8f:a7:12:5d:80:d0:58:1c:55:fd:07:21:
e6:55:3e:de:e1:b3:79:bf:8a:77:ee:35:3f:9f:e0:
1f:c5:6a:59:ee:be:ea:0a:6d:a8:d2:97:32:db:0a:
5e:d5:df:c5:db:f6:cb:a1:7a:3f:44:9e:6d:5e:f4:
eb:e6:90:16:9d:ce:51:98:74:08:f2:57:c1:73:f9:
11:65:bf:fb:c4:33:6b:c7:c1:6c:05:c2:da:88:60:
d2:c6:77:d9:ba:22:90:d1:e3:35:51:bc:30:da:65:
57:f1:8d:e1:13:bb:cf:82:a6:99:13:a0:c7:ac:3c:
94:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:27:ED:2A:BC:01:BA:11:43:82:EC:AE:BA:F7:85:83:7D:A3:6D:56
X509v3 Authority Key Identifier:
keyid:0E:08:6B:67:D8:98:96:53:BA:EB:68:B8:D2:4A:B9:E9:BD:0C:AF:2A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DghrZ9iYllO662i40kq56b0Mryo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/3796fa-c02e-45f9-a1a4-622bb4899887/1/RSftKrwBuhFDguyuuveFg32jbVY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/3796fa-c02e-45f9-a1a4-622bb4899887/1/DghrZ9iYllO662i40kq56b0Mryo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.17.48.0/24
194.9.141.0-194.9.142.255
194.9.145.0/24
194.9.149.0/24
194.9.164.0/24
194.9.166.0/24
IPv6:
2a04:1447::/45
Signature Algorithm: sha256WithRSAEncryption
b5:61:5d:dc:af:e8:01:e5:ab:7c:15:d9:f7:e9:5e:e0:a1:5a:
fe:c3:33:b2:46:0a:30:4c:d6:51:a8:b8:25:50:a8:22:aa:d4:
23:42:22:c7:62:50:46:d4:ba:3b:17:18:12:77:d0:93:d5:82:
cb:c6:9b:28:a6:62:d2:01:9b:0c:75:f7:6d:b1:b8:7a:0e:b6:
66:78:26:5c:b8:d8:97:9d:59:4e:1f:06:61:e7:78:ba:fa:b8:
c4:aa:f9:5f:9b:75:9a:d0:ae:c0:5a:e2:16:b3:d7:95:9f:ea:
39:1e:51:39:88:de:e4:7e:8b:59:47:ab:64:d8:d9:5a:75:82:
cc:ac:df:6a:78:90:a3:d7:35:a3:60:54:73:97:ea:83:04:8f:
03:31:10:1a:6a:7a:b6:c0:db:cc:f0:5f:e1:6d:f6:28:45:fe:
c4:31:78:3f:51:98:6b:a1:24:0d:df:47:11:35:b7:c4:5d:08:
ff:b3:28:c3:df:2d:80:90:a4:7d:06:03:71:33:e8:0b:3b:9d:
dd:f2:61:aa:c7:72:8a:09:e1:5f:00:65:6a:57:6b:e1:d1:e0:
4b:e2:f9:3c:ca:be:78:67:6d:f5:93:44:9e:89:b5:2d:6e:33:
1e:56:75:b0:b1:68:4b:b4:0e:ac:7e:15:04:ee:34:87:7d:0a:
7d:2e:30:ec
-----BEGIN CERTIFICATE-----
MIIFNDCCBBygAwIBAgISAYVy1aSsYNVkwEYZqeS2dcHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMDg2YjY3ZDg5ODk2NTNiYWViNjhiOGQyNGFiOWU5YmQw
Y2FmMmEwHhcNMjMwMTAyMTQxNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTI3ZWQyYWJjMDFiYTExNDM4MmVjYWViYWY3ODU4MzdkYTM2ZDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9Zgs3/vl1l1JKDS9x9mdzIiOq7E
iVMbvY7ljIRdyVzs8eX70grfl30Bd5XGBFblfwY9M4JOUvXaHeZYfWZV4QxofcYD
xzGw2EtLshXLS89HpYkLTj0LWtN2NyoYuCa8VFSZXTF6QdhqZxPTX4ww8ZSv8qhe
SlIIdMESQcAFjrHV51DIxGtBImyPpxJdgNBYHFX9ByHmVT7e4bN5v4p37jU/n+Af
xWpZ7r7qCm2o0pcy2wpe1d/F2/bLoXo/RJ5tXvTr5pAWnc5RmHQI8lfBc/kRZb/7
xDNrx8FsBcLaiGDSxnfZuiKQ0eM1Ubww2mVX8Y3hE7vPgqaZE6DHrDyU0QIDAQAB
o4ICQDCCAjwwHQYDVR0OBBYEFEUn7Sq8AboRQ4Lsrrr3hYN9o21WMB8GA1UdIwQY
MBaAFA4Ia2fYmJZTuutouNJKuem9DK8qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGdoclo5aVlsbE82NjJpNDBrcTU2YjBNcnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8zNzk2ZmEtYzAyZS00NWY5LWExYTQt
NjIyYmI0ODk5ODg3LzEvUlNmdEtyd0J1aEZEZ3V5dXV2ZUZnMzJqYlZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8zNzk2ZmEtYzAyZS00NWY5LWExYTQtNjIyYmI0ODk5ODg3
LzEvRGdoclo5aVlsbE82NjJpNDBrcTU2YjBNcnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFYGCCsGAQUFBwEHAQH/BEcwRTAyBAIAATAsAwQAwREwMAwD
BADCCY0DBADCCY4DBADCCZEDBADCCZUDBADCCaQDBADCCaYwDwQCAAIwCQMHAyoE
FEcAADANBgkqhkiG9w0BAQsFAAOCAQEAtWFd3K/oAeWrfBXZ9+le4KFa/sMzskYK
MEzWUai4JVCoIqrUI0Iix2JQRtS6OxcYEnfQk9WCy8abKKZi0gGbDHX3bbG4eg62
ZngmXLjYl51ZTh8GYed4uvq4xKr5X5t1mtCuwFriFrPXlZ/qOR5ROYje5H6LWUer
ZNjZWnWCzKzfaniQo9c1o2BUc5fqgwSPAzEQGmp6tsDbzPBf4W32KEX+xDF4P1GY
a6EkDd9HETW3xF0I/7Mow98tgJCkfQYDcTPoCzud3fJhqsdyignhXwBlaldr4dHg
S+L5PMq+eGdt9ZNEnom1LW4zHlZ1sLFoS7QOrH4VBO40h30KfS4w7A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:35 2024 by rpki-client on console-ams.rpki-client.org