Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/NhOvcR1_0uBvLo9NYTCj3qB7uKA.roa
File: NhOvcR1_0uBvLo9NYTCj3qB7uKA.roa (raw, json)
Hash identifier: IFdYP0sGMUHj1uHMRBpYRevKREcR04f69VbAToUJOFk=
Subject key identifier: 36:13:AF:71:1D:7F:D2:E0:6F:2E:8F:4D:61:30:A3:DE:A0:7B:B8:A0
Certificate issuer: /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial: 018E7A641D5828E6CB968A75A46CA7C7FF52
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/NhOvcR1_0uBvLo9NYTCj3qB7uKA.roa
Signing time: Tue 26 Mar 2024 10:52:45 +0000
ROA not before: Tue 26 Mar 2024 10:52:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6762
IP address blocks: 88.221.28.0/22 maxlen: 22
88.221.100.0/22 maxlen: 22
92.122.68.0/22 maxlen: 22
95.100.128.0/22 maxlen: 22
95.101.68.0/22 maxlen: 22
95.101.114.0/24 maxlen: 24
95.101.156.0/22 maxlen: 22
2a02:26f0:9700::/48 maxlen: 48
Validation: Failed, certificate revoked on Tue 26 Mar 2024 11:41:45 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:7a:64:1d:58:28:e6:cb:96:8a:75:a4:6c:a7:c7:ff:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Validity
Not Before: Mar 26 10:52:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3613af711d7fd2e06f2e8f4d6130a3dea07bb8a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:34:8e:88:23:f5:09:b2:81:d5:71:11:c1:e5:
36:50:f8:48:f2:f2:c7:76:83:53:7b:df:89:c3:1f:
74:15:f5:3b:8e:42:77:a9:20:46:0d:3b:c1:53:e9:
4f:51:d6:0d:d0:62:c7:36:2d:75:dd:a9:2c:13:e3:
d2:83:14:3a:20:df:95:5a:d8:87:cd:f6:a5:a3:84:
39:19:41:f1:d9:a8:c7:66:9a:6c:f7:48:94:3a:31:
47:2f:18:47:9a:7e:6d:5f:62:fe:a3:8d:d2:87:fd:
03:18:6b:34:17:e5:f2:5c:34:b1:6a:4a:99:d4:30:
9d:50:ad:a3:ef:ce:3a:f2:4c:bb:dd:a0:12:d6:d1:
d1:d1:c9:ec:7f:75:98:6d:16:ca:cf:c3:0c:20:82:
3e:a5:09:b6:65:8b:69:ab:d1:99:75:d1:3e:97:86:
94:01:c8:41:6d:79:f3:4c:94:48:41:10:51:a0:95:
94:8a:f8:ac:29:6a:20:59:87:fe:25:c1:71:f3:f5:
e5:f9:b6:44:4b:48:1b:e0:e1:01:aa:ba:89:9e:a4:
66:23:55:c8:08:2c:7e:f1:bb:74:33:90:2f:c9:f0:
1c:55:90:38:44:17:3d:70:a1:44:33:ce:29:39:4a:
5c:3c:8f:c5:8b:6c:50:f3:a9:75:da:a6:f0:5a:21:
77:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:13:AF:71:1D:7F:D2:E0:6F:2E:8F:4D:61:30:A3:DE:A0:7B:B8:A0
X509v3 Authority Key Identifier:
keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/NhOvcR1_0uBvLo9NYTCj3qB7uKA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.221.28.0/22
88.221.100.0/22
92.122.68.0/22
95.100.128.0/22
95.101.68.0/22
95.101.114.0/24
95.101.156.0/22
IPv6:
2a02:26f0:9700::/48
Signature Algorithm: sha256WithRSAEncryption
92:20:5c:f2:3d:f3:3c:41:2d:71:54:26:27:8a:63:a1:12:22:
05:b2:2d:28:53:a8:61:56:9e:ea:b3:bd:65:a8:7d:04:ea:9c:
c7:84:dd:61:20:87:9c:65:9d:a0:c2:1c:76:a8:a2:f8:9c:cd:
d6:fb:b6:18:ea:78:e2:c8:32:d2:07:00:35:16:a5:27:de:bc:
49:bd:65:1b:68:22:ee:e2:65:77:48:81:b5:30:45:00:e4:ae:
40:f0:18:39:a7:9f:5f:c6:4a:20:73:3b:b6:4b:9a:b1:08:3a:
c5:69:3c:9d:1c:68:53:23:97:83:92:da:b4:75:bf:b6:f2:89:
a5:c4:70:e6:b5:fd:09:7a:d7:7e:be:50:d8:34:b0:3c:92:07:
f7:67:d3:db:e5:05:bd:76:4f:71:c7:22:34:ca:1b:b5:d4:a5:
15:e1:10:fc:a4:59:e6:a3:5d:08:c0:ad:00:0c:a4:83:92:a9:
1f:ff:95:8f:22:51:ff:c3:fb:d2:a8:56:32:61:f8:a5:fa:9e:
54:23:0f:4e:bc:e0:4f:17:4c:30:19:59:fe:14:87:cc:07:d9:
95:96:26:f0:62:20:95:31:08:b6:d9:43:3b:cf:d0:25:6d:43:
2b:f2:45:f2:62:77:ae:57:c6:56:09:92:c2:63:5c:03:9c:3d:
c0:f6:fd:57
-----BEGIN CERTIFICATE-----
MIIFMjCCBBqgAwIBAgISAY56ZB1YKObLlop1pGynx/9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwMzI2MTA1MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjEzYWY3MTFkN2ZkMmUwNmYyZThmNGQ2MTMwYTNkZWEwN2JiOGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTSOiCP1CbKB1XERweU2UPhI8vLH
doNTe9+Jwx90FfU7jkJ3qSBGDTvBU+lPUdYN0GLHNi113aksE+PSgxQ6IN+VWtiH
zfalo4Q5GUHx2ajHZpps90iUOjFHLxhHmn5tX2L+o43Sh/0DGGs0F+XyXDSxakqZ
1DCdUK2j78468ky73aAS1tHR0cnsf3WYbRbKz8MMIII+pQm2ZYtpq9GZddE+l4aU
AchBbXnzTJRIQRBRoJWUivisKWogWYf+JcFx8/Xl+bZES0gb4OEBqrqJnqRmI1XI
CCx+8bt0M5AvyfAcVZA4RBc9cKFEM84pOUpcPI/Fi2xQ86l12qbwWiF3QQIDAQAB
o4ICPjCCAjowHQYDVR0OBBYEFDYTr3Edf9Lgby6PTWEwo96ge7igMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvTmhPdmNSMV8wdUJ2TG85TllUQ2ozcUI3dUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFQGCCsGAQUFBwEHAQH/BEUwQzAwBAIAATAqAwQCWN0cAwQC
WN1kAwQCXHpEAwQCX2SAAwQCX2VEAwQAX2VyAwQCX2WcMA8EAgACMAkDBwAqAibw
lwAwDQYJKoZIhvcNAQELBQADggEBAJIgXPI98zxBLXFUJieKY6ESIgWyLShTqGFW
nuqzvWWofQTqnMeE3WEgh5xlnaDCHHaooviczdb7thjqeOLIMtIHADUWpSfevEm9
ZRtoIu7iZXdIgbUwRQDkrkDwGDmnn1/GSiBzO7ZLmrEIOsVpPJ0caFMjl4OS2rR1
v7byiaXEcOa1/Ql6136+UNg0sDySB/dn09vlBb12T3HHIjTKG7XUpRXhEPykWeaj
XQjArQAMpIOSqR//lY8iUf/D+9KoVjJh+KX6nlQjD0684E8XTDAZWf4Uh8wH2ZWW
JvBiIJUxCLbZQzvP0CVtQyvyRfJid65XxlYJksJjXAOcPcD2/Vc=
-----END CERTIFICATE-----
Generated at Tue Mar 26 17:48:04 2024 by rpki-client on console.sobornost.net