Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/KHL0K1BYsMWKqjdq3AHAOhkiavo.roa
File: KHL0K1BYsMWKqjdq3AHAOhkiavo.roa (raw, json)
Hash identifier: JElO4l0EDGu+uMsunpoRly2/7iX+P8yab626Sz0MS60=
Subject key identifier: 28:72:F4:2B:50:58:B0:C5:8A:AA:37:6A:DC:01:C0:3A:19:22:6A:FA
Certificate issuer: /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial: 018ACB685B7161CB3A0D3C9F9F0197B6CF08
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/KHL0K1BYsMWKqjdq3AHAOhkiavo.roa
Signing time: Mon 25 Sep 2023 08:15:28 +0000
ROA not before: Mon 25 Sep 2023 08:15:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 81.22.135.0/24 maxlen: 24
109.72.116.0/24 maxlen: 24
109.72.120.0/24 maxlen: 24
109.72.127.0/24 maxlen: 24
89.185.1.0/24 maxlen: 24
81.22.129.0/24 maxlen: 24
81.22.130.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 26 Sep 2023 19:44:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:cb:68:5b:71:61:cb:3a:0d:3c:9f:9f:01:97:b6:cf:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Validity
Not Before: Sep 25 08:15:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2872f42b5058b0c58aaa376adc01c03a19226afa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:35:e1:be:23:c2:09:83:b1:b2:37:5d:ae:fe:
33:de:3c:53:17:6f:47:84:fc:66:98:80:5f:8b:87:
38:a0:ea:ee:0d:51:8d:35:83:3a:6d:79:4e:4d:0d:
91:b8:f9:8b:27:43:0d:fe:3a:8f:93:1d:be:e2:1c:
62:a6:88:28:c7:51:46:32:83:89:00:78:d4:35:52:
3d:86:94:32:51:7b:43:03:8f:ad:96:26:93:8e:7e:
f1:21:98:ac:20:76:cb:4e:63:49:ba:79:0e:61:e4:
b5:4f:17:d3:79:9e:3e:e4:4d:77:c2:3e:e9:ba:df:
3b:9e:08:e7:7a:16:40:2b:b8:29:6c:72:e3:2b:2b:
87:da:1b:90:dd:1c:d9:84:06:8c:6d:73:2c:6c:82:
e7:5f:6a:a2:8c:4a:fe:50:9e:00:42:6e:9c:6b:2d:
20:d5:b2:83:95:5c:46:84:7d:5b:94:85:fc:3b:96:
c9:63:8f:bb:02:4f:22:cf:91:b2:2a:5b:4e:fe:56:
67:4b:25:1e:25:8d:d0:e5:32:06:8a:0f:83:59:e4:
d7:99:03:dd:2c:7f:78:1b:02:bb:f3:f7:9c:7d:66:
58:c7:8a:88:66:74:28:f9:2c:c1:29:46:be:37:28:
da:e5:87:47:89:33:2c:58:a5:cd:f8:5c:aa:66:44:
99:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:72:F4:2B:50:58:B0:C5:8A:AA:37:6A:DC:01:C0:3A:19:22:6A:FA
X509v3 Authority Key Identifier:
keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/KHL0K1BYsMWKqjdq3AHAOhkiavo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.22.129.0-81.22.130.255
81.22.135.0/24
89.185.1.0/24
109.72.116.0/24
109.72.120.0/24
109.72.127.0/24
Signature Algorithm: sha256WithRSAEncryption
61:7c:f7:56:c9:82:c6:da:1a:a4:8a:1e:78:27:28:d3:e1:cf:
04:7a:7e:4f:bc:9e:fa:d4:fc:d8:dc:f6:29:cb:86:3f:77:eb:
e3:0f:31:2a:13:0b:08:57:61:36:dc:ac:fd:8c:3a:bf:2b:4a:
ec:83:bb:f0:10:08:4a:cb:2e:e3:de:72:48:27:19:f3:8c:5e:
77:bb:fd:bc:4e:85:00:1b:cf:3a:a1:58:01:b9:25:43:17:6c:
4a:ef:5f:40:c5:b3:fc:ef:37:ae:fb:e4:41:4a:6e:9c:38:2e:
0b:c3:6e:98:4c:af:22:ef:4f:02:94:65:26:75:e0:21:92:d9:
87:61:9a:66:9c:70:54:e1:ce:fc:34:02:e7:41:24:31:3e:e1:
6a:8b:8d:e1:4e:9a:af:fe:c4:6d:c9:63:30:30:5a:0e:68:95:
7c:60:fd:8e:78:16:a5:18:53:4b:f2:8c:30:28:e0:44:8b:de:
65:a7:f3:26:5c:08:72:19:d9:fe:64:44:eb:0c:e2:c6:50:57:
d0:f8:6b:ef:f4:9d:06:2a:6c:7c:95:70:08:0d:d2:90:a5:fc:
68:3f:39:6a:4f:33:c0:27:f1:5f:60:52:d2:62:d4:f3:f1:de:
05:de:3f:ea:52:2e:25:96:3d:dc:3d:b9:98:56:df:40:d1:26:
b7:80:32:09
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYrLaFtxYcs6DTyfnwGXts8IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjMwOTI1MDgxNTI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODcyZjQyYjUwNThiMGM1OGFhYTM3NmFkYzAxYzAzYTE5MjI2YWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjXhviPCCYOxsjddrv4z3jxTF29H
hPxmmIBfi4c4oOruDVGNNYM6bXlOTQ2RuPmLJ0MN/jqPkx2+4hxipogox1FGMoOJ
AHjUNVI9hpQyUXtDA4+tliaTjn7xIZisIHbLTmNJunkOYeS1TxfTeZ4+5E13wj7p
ut87ngjnehZAK7gpbHLjKyuH2huQ3RzZhAaMbXMsbILnX2qijEr+UJ4AQm6cay0g
1bKDlVxGhH1blIX8O5bJY4+7Ak8iz5GyKltO/lZnSyUeJY3Q5TIGig+DWeTXmQPd
LH94GwK78/ecfWZYx4qIZnQo+SzBKUa+Nyja5YdHiTMsWKXN+FyqZkSZAQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFChy9CtQWLDFiqo3atwBwDoZImr6MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvS0hMMEsxQllzTVdLcWpkcTNBSEFPaGtpYXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsMAwDBABRFoED
BABRFoIDBABRFocDBABZuQEDBABtSHQDBABtSHgDBABtSH8wDQYJKoZIhvcNAQEL
BQADggEBAGF891bJgsbaGqSKHngnKNPhzwR6fk+8nvrU/Njc9inLhj936+MPMSoT
CwhXYTbcrP2MOr8rSuyDu/AQCErLLuPeckgnGfOMXne7/bxOhQAbzzqhWAG5JUMX
bErvX0DFs/zvN6775EFKbpw4LgvDbphMryLvTwKUZSZ14CGS2YdhmmaccFThzvw0
AudBJDE+4WqLjeFOmq/+xG3JYzAwWg5olXxg/Y54FqUYU0vyjDAo4ESL3mWn8yZc
CHIZ2f5kROsM4sZQV9D4a+/0nQYqbHyVcAgN0pCl/Gg/OWpPM8An8V9gUtJi1PPx
3gXeP+pSLiWWPdw9uZhW30DRJreAMgk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:46 2024 by rpki-client on console-ams.rpki-client.org