Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/0c9dbb-f2ef-4f15-8b2e-643e447444d6/1/AEvqS-OcOs3F9zqNgAioh2HYYJY.roa
File: AEvqS-OcOs3F9zqNgAioh2HYYJY.roa (raw, json)
Hash identifier: FPNPI09HIQGcqRLE9xMuLV2TwjIz+Gt2veqQYO8+UVA=
Subject key identifier: 00:4B:EA:4B:E3:9C:3A:CD:C5:F7:3A:8D:80:08:A8:87:61:D8:60:96
Certificate issuer: /CN=fce25aca434feeb6f573aa463a12c6940bc4d198
Certificate serial: 0186E5C967E64A4CFBF1F5366E0194282320
Authority key identifier: FC:E2:5A:CA:43:4F:EE:B6:F5:73:AA:46:3A:12:C6:94:0B:C4:D1:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/_OJaykNP7rb1c6pGOhLGlAvE0Zg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d7/0c9dbb-f2ef-4f15-8b2e-643e447444d6/1/AEvqS-OcOs3F9zqNgAioh2HYYJY.roa
Signing time: Wed 15 Mar 2023 15:00:27 +0000
ROA not before: Wed 15 Mar 2023 15:00:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 21351
IP address blocks: 93.121.128.0/17 maxlen: 24
95.138.0.0/17 maxlen: 24
5.187.96.0/19 maxlen: 24
213.188.160.0/19 maxlen: 24
213.16.0.0/19 maxlen: 24
185.29.48.0/22 maxlen: 25
46.238.128.0/18 maxlen: 24
2a02:1390::/29 maxlen: 48
Validation: Failed, certificate revoked on Fri 17 Mar 2023 10:02:27 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e5:c9:67:e6:4a:4c:fb:f1:f5:36:6e:01:94:28:23:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=fce25aca434feeb6f573aa463a12c6940bc4d198
Validity
Not Before: Mar 15 15:00:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=004bea4be39c3acdc5f73a8d8008a88761d86096
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:09:ce:7b:e1:72:ca:0a:02:69:07:81:f0:97:
56:12:04:83:1d:3e:20:95:89:3f:5e:74:c4:fb:0f:
fb:c2:17:99:e3:b3:fc:ee:3b:a7:9a:1f:78:13:a3:
a6:61:78:79:9f:91:61:17:2e:3b:01:04:bf:e3:6f:
89:05:e4:f5:bc:1c:de:7b:70:92:ac:e3:f2:e0:5e:
7a:3f:2b:d7:18:72:d7:29:8f:47:04:2c:ce:08:86:
0a:72:8f:19:20:bf:0a:7f:f8:b8:47:c9:c8:a9:5b:
ae:bb:41:3c:da:68:eb:53:e9:e6:20:be:72:b4:a2:
69:01:e8:22:8b:47:9a:b9:6a:5a:4e:55:fd:7c:ff:
31:c2:eb:69:ae:6d:c0:4d:37:d8:36:19:f3:93:5f:
9a:60:6f:26:b7:47:f7:83:59:77:e5:46:04:1a:9c:
84:8d:e8:a3:ba:5f:74:02:3e:12:1d:09:26:44:0d:
43:b8:6d:47:4b:56:59:9a:65:0a:27:38:1f:c8:7a:
51:fd:f3:81:b7:2b:07:ed:67:56:c3:f2:9f:74:ad:
38:28:21:56:05:cb:d5:0a:6c:e6:7e:f1:20:af:79:
c3:2b:24:3b:d3:f9:fd:d8:cf:d2:84:5c:1f:f3:b9:
ec:cb:f3:e1:91:9d:c5:f6:bc:18:27:b0:42:9c:34:
0c:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:4B:EA:4B:E3:9C:3A:CD:C5:F7:3A:8D:80:08:A8:87:61:D8:60:96
X509v3 Authority Key Identifier:
keyid:FC:E2:5A:CA:43:4F:EE:B6:F5:73:AA:46:3A:12:C6:94:0B:C4:D1:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_OJaykNP7rb1c6pGOhLGlAvE0Zg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0c9dbb-f2ef-4f15-8b2e-643e447444d6/1/AEvqS-OcOs3F9zqNgAioh2HYYJY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/0c9dbb-f2ef-4f15-8b2e-643e447444d6/1/_OJaykNP7rb1c6pGOhLGlAvE0Zg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.96.0/19
46.238.128.0/18
93.121.128.0/17
95.138.0.0/17
185.29.48.0/22
213.16.0.0/19
213.188.160.0/19
IPv6:
2a02:1390::/29
Signature Algorithm: sha256WithRSAEncryption
46:7f:67:6f:da:c7:78:1e:53:27:f6:ff:2d:6c:a6:31:73:04:
55:a9:f1:52:d7:66:cb:b9:81:2f:f7:6f:80:57:23:2c:e6:9f:
bf:cd:6e:30:05:29:7b:45:bc:1a:e4:15:72:db:56:2c:34:41:
77:47:0a:2b:2f:26:e5:ff:3f:72:1e:a2:11:95:cf:b5:79:21:
d8:ae:9b:84:aa:20:53:69:97:ea:b4:e6:4b:cb:90:8c:0d:f2:
c4:0f:b0:ae:c6:92:a3:c0:8a:23:73:e4:0c:23:d7:ea:37:05:
2e:73:8c:8d:a0:b1:2b:31:79:de:8e:fe:df:a0:cd:e8:cb:5c:
db:26:b2:09:1b:cf:d8:37:05:59:7f:a8:8f:ef:bd:ac:75:1d:
b4:40:89:3a:4f:00:b2:75:43:b0:70:97:7c:c5:59:ff:99:e8:
e0:91:e3:49:1f:95:55:08:ab:f6:b5:27:f8:6a:1a:1b:3d:3c:
05:4c:b2:33:6f:1d:42:76:5d:df:79:9c:8f:c5:cc:c2:ea:ac:
7b:84:22:45:80:c8:81:47:ed:1e:d2:f3:3d:2a:ce:2e:69:57:
7a:86:1d:33:8f:b2:27:2b:a8:ed:28:67:bd:68:8e:49:ee:c7:
fb:a1:56:d7:33:c6:34:5c:5c:d0:1f:cc:55:a4:8c:13:c5:fc:
5a:df:85:16
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYblyWfmSkz78fU2bgGUKCMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjZTI1YWNhNDM0ZmVlYjZmNTczYWE0NjNhMTJjNjk0MGJj
NGQxOTgwHhcNMjMwMzE1MTUwMDI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDRiZWE0YmUzOWMzYWNkYzVmNzNhOGQ4MDA4YTg4NzYxZDg2MDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQnOe+FyygoCaQeB8JdWEgSDHT4g
lYk/XnTE+w/7wheZ47P87junmh94E6OmYXh5n5FhFy47AQS/42+JBeT1vBzee3CS
rOPy4F56PyvXGHLXKY9HBCzOCIYKco8ZIL8Kf/i4R8nIqVuuu0E82mjrU+nmIL5y
tKJpAegii0eauWpaTlX9fP8xwutprm3ATTfYNhnzk1+aYG8mt0f3g1l35UYEGpyE
jeijul90Aj4SHQkmRA1DuG1HS1ZZmmUKJzgfyHpR/fOBtysH7WdWw/KfdK04KCFW
BcvVCmzmfvEgr3nDKyQ70/n92M/ShFwf87nsy/PhkZ3F9rwYJ7BCnDQMywIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFABL6kvjnDrNxfc6jYAIqIdh2GCWMB8GA1UdIwQY
MBaAFPziWspDT+629XOqRjoSxpQLxNGYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX09KYXlrTlA3cmIxYzZwR09oTEdsQXZFMFpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8wYzlkYmItZjJlZi00ZjE1LThiMmUt
NjQzZTQ0NzQ0NGQ2LzEvQUV2cVMtT2NPczNGOXpxTmdBaW9oMkhZWUpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8wYzlkYmItZjJlZi00ZjE1LThiMmUtNjQzZTQ0NzQ0NGQ2
LzEvX09KYXlrTlA3cmIxYzZwR09oTEdsQXZFMFpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQFBbtgAwQG
Lu6AAwQHXXmAAwQHX4oAAwQCuR0wAwQF1RAAAwQF1bygMA0EAgACMAcDBQMqAhOQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBGf2dv2sd4HlMn9v8tbKYxcwRVqfFS12bLuYEv
92+AVyMs5p+/zW4wBSl7Rbwa5BVy21YsNEF3RworLybl/z9yHqIRlc+1eSHYrpuE
qiBTaZfqtOZLy5CMDfLED7CuxpKjwIojc+QMI9fqNwUuc4yNoLErMXnejv7foM3o
y1zbJrIJG8/YNwVZf6iP772sdR20QIk6TwCydUOwcJd8xVn/mejgkeNJH5VVCKv2
tSf4ahobPTwFTLIzbx1Cdl3feZyPxczC6qx7hCJFgMiBR+0e0vM9Ks4uaVd6hh0z
j7InK6jtKGe9aI5J7sf7oVbXM8Y0XFzQH8xVpIwTxfxa34UW
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:46 2024 by rpki-client on console-ams.rpki-client.org