Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/j3ktgFN7nifIZWWpaSr2trH7QPE.roa
File: j3ktgFN7nifIZWWpaSr2trH7QPE.roa (raw, json)
Hash identifier: +x/4Z1jyPvVyLKls9Bj6RnTxMJ/aNpLqmUa+YCdhNRA=
Subject key identifier: 8F:79:2D:80:53:7B:9E:27:C8:65:65:A9:69:2A:F6:B6:B1:FB:40:F1
Certificate issuer: /CN=921b4c85caa8d8b16619bf945a2fd6af1c77fc78
Certificate serial: 01856CAF49B8A417252F0D69994113BEAFF3
Authority key identifier: 92:1B:4C:85:CA:A8:D8:B1:66:19:BF:94:5A:2F:D6:AF:1C:77:FC:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/j3ktgFN7nifIZWWpaSr2trH7QPE.roa
Signing time: Sun 01 Jan 2023 09:35:05 +0000
ROA not before: Sun 01 Jan 2023 09:35:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8283
IP address blocks: 94.142.242.0/24 maxlen: 24
94.142.240.0/21 maxlen: 21
94.142.241.0/24 maxlen: 24
94.142.245.0/24 maxlen: 24
94.142.246.0/24 maxlen: 24
94.142.244.0/24 maxlen: 24
94.142.247.0/24 maxlen: 24
185.52.225.0/24 maxlen: 24
185.52.226.0/24 maxlen: 24
185.52.224.0/24 maxlen: 24
185.52.224.0/22 maxlen: 22
185.52.227.0/24 maxlen: 24
94.142.240.0/24 maxlen: 24
2a02:898::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:af:49:b8:a4:17:25:2f:0d:69:99:41:13:be:af:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=921b4c85caa8d8b16619bf945a2fd6af1c77fc78
Validity
Not Before: Jan 1 09:35:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8f792d80537b9e27c86565a9692af6b6b1fb40f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:cc:1c:e3:c2:f9:6a:26:c7:b3:a2:03:61:78:
8f:d2:1c:cd:20:e4:6e:bc:c8:35:98:84:af:bb:d0:
9a:e0:05:0e:b5:96:92:15:45:3b:70:08:ed:a8:ba:
6e:03:ea:cf:3c:93:8b:76:76:90:af:81:ba:5b:69:
55:49:36:45:8f:40:56:4f:a0:fa:ac:33:12:e5:8c:
86:0a:07:55:78:10:86:da:b2:09:b7:2e:70:fa:fb:
25:ac:eb:36:24:2c:ee:bb:80:e6:e9:0a:ff:35:44:
92:72:c8:0a:3b:73:e5:9d:04:07:bd:e0:b2:cd:de:
c3:c1:d1:0b:a9:e3:4a:42:40:65:42:c9:6d:88:29:
b0:af:5d:36:4c:77:d4:6e:0f:fe:24:72:8a:f5:73:
3f:03:e4:99:b9:58:ae:97:e0:9f:36:f5:d4:b0:00:
75:16:16:97:83:4e:56:8a:cf:24:f3:d8:95:7f:d4:
98:d9:70:98:af:d8:d3:fe:4c:5e:ac:c8:96:77:28:
51:00:8e:b3:09:50:98:6c:f5:2e:f3:78:cd:bc:e6:
df:88:71:9e:2e:9d:38:d9:90:b1:9f:36:17:9f:55:
27:7a:10:7c:41:19:0c:0b:c6:68:27:e6:5b:72:fd:
03:2a:24:87:8e:5d:af:39:f6:09:07:b0:25:ca:51:
2a:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:79:2D:80:53:7B:9E:27:C8:65:65:A9:69:2A:F6:B6:B1:FB:40:F1
X509v3 Authority Key Identifier:
keyid:92:1B:4C:85:CA:A8:D8:B1:66:19:BF:94:5A:2F:D6:AF:1C:77:FC:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/j3ktgFN7nifIZWWpaSr2trH7QPE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/42b179-4790-4520-b174-50505382fd72/1/khtMhcqo2LFmGb-UWi_Wrxx3_Hg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.142.240.0/21
185.52.224.0/22
IPv6:
2a02:898::/32
Signature Algorithm: sha256WithRSAEncryption
ac:86:08:74:b2:35:11:c3:ce:29:8f:09:45:3a:67:4c:63:76:
8e:99:ef:79:d1:99:5c:75:eb:cd:15:2a:76:a3:85:dc:68:97:
73:a0:67:d3:1c:15:4f:2e:1c:51:57:e1:4c:41:ce:95:d2:03:
31:07:38:ae:90:b5:87:96:f1:db:a1:a9:77:18:0f:7a:c1:a8:
89:4d:bf:db:b8:af:e0:03:05:30:7f:df:64:d2:51:ab:fe:c6:
db:7f:97:a9:35:a2:e9:d6:93:d6:f0:51:a1:b5:04:a2:99:a1:
95:14:64:7a:a8:98:b7:78:35:5c:84:5c:53:3f:0f:f2:b5:38:
ae:ff:aa:24:84:a6:e6:d2:7b:e8:37:d9:47:5a:50:ba:24:0e:
07:c4:af:9f:bb:96:bc:d8:f2:67:83:d8:b7:10:e2:20:c4:6c:
e2:2b:d1:c6:6d:f7:71:16:f2:16:d0:7e:36:09:f3:7c:eb:28:
81:2f:50:e4:b6:a0:66:a2:80:d3:e9:16:a6:c5:4c:72:78:92:
d8:b1:92:8e:aa:20:72:67:c9:84:09:27:60:82:f9:ca:d3:de:
cf:51:dd:37:22:f4:d0:18:9f:9e:7b:f2:2d:aa:25:5f:35:46:
7e:20:c8:0b:b9:3a:b9:04:7a:dc:46:28:3f:23:8a:ef:74:8c:
82:be:82:4c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVsr0m4pBclLw1pmUETvq/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMWI0Yzg1Y2FhOGQ4YjE2NjE5YmY5NDVhMmZkNmFmMWM3
N2ZjNzgwHhcNMjMwMTAxMDkzNTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjc5MmQ4MDUzN2I5ZTI3Yzg2NTY1YTk2OTJhZjZiNmIxZmI0MGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Mwc48L5aibHs6IDYXiP0hzNIORu
vMg1mISvu9Ca4AUOtZaSFUU7cAjtqLpuA+rPPJOLdnaQr4G6W2lVSTZFj0BWT6D6
rDMS5YyGCgdVeBCG2rIJty5w+vslrOs2JCzuu4Dm6Qr/NUSScsgKO3PlnQQHveCy
zd7DwdELqeNKQkBlQsltiCmwr102THfUbg/+JHKK9XM/A+SZuViul+CfNvXUsAB1
FhaXg05Wis8k89iVf9SY2XCYr9jT/kxerMiWdyhRAI6zCVCYbPUu83jNvObfiHGe
Lp042ZCxnzYXn1UnehB8QRkMC8ZoJ+Zbcv0DKiSHjl2vOfYJB7AlylEqDwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFI95LYBTe54nyGVlqWkq9rax+0DxMB8GA1UdIwQY
MBaAFJIbTIXKqNixZhm/lFov1q8cd/x4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2h0TWhjcW8yTEZtR2ItVVdpX1dyeHgzX0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC80MmIxNzktNDc5MC00NTIwLWIxNzQt
NTA1MDUzODJmZDcyLzEvajNrdGdGTjduaWZJWldXcGFTcjJ0ckg3UVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC80MmIxNzktNDc5MC00NTIwLWIxNzQtNTA1MDUzODJmZDcy
LzEva2h0TWhjcW8yTEZtR2ItVVdpX1dyeHgzX0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDXo7wAwQC
uTTgMA0EAgACMAcDBQAqAgiYMA0GCSqGSIb3DQEBCwUAA4IBAQCshgh0sjURw84p
jwlFOmdMY3aOme950ZlcdevNFSp2o4XcaJdzoGfTHBVPLhxRV+FMQc6V0gMxBziu
kLWHlvHboal3GA96waiJTb/buK/gAwUwf99k0lGr/sbbf5epNaLp1pPW8FGhtQSi
maGVFGR6qJi3eDVchFxTPw/ytTiu/6okhKbm0nvoN9lHWlC6JA4HxK+fu5a82PJn
g9i3EOIgxGziK9HGbfdxFvIW0H42CfN86yiBL1DktqBmooDT6RamxUxyeJLYsZKO
qiByZ8mECSdggvnK097PUd03IvTQGJ+ee/ItqiVfNUZ+IMgLuTq5BHrcRig/I4rv
dIyCvoJM
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:09:50 2024 by rpki-client on console-ams.rpki-client.org