Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/b8bce4-3142-46d8-bf8d-4ca7b4c02be9/1/cWkPMdK1DKgh_oFztO6MYLNh_K8.roa
File: cWkPMdK1DKgh_oFztO6MYLNh_K8.roa (raw, json)
Hash identifier: 77b+JIb9Z7lWvcf+e+pbicY2rIWW0St8VG/KHujIj8c=
Subject key identifier: 71:69:0F:31:D2:B5:0C:A8:21:FE:81:73:B4:EE:8C:60:B3:61:FC:AF
Certificate issuer: /CN=afe79e8f63e991ddf13e6def27e008999d4d4ad9
Certificate serial: 01856BCA27F7A418F0052061E6D5370E9DFB
Authority key identifier: AF:E7:9E:8F:63:E9:91:DD:F1:3E:6D:EF:27:E0:08:99:9D:4D:4A:D9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r-eej2Ppkd3xPm3vJ-AImZ1NStk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/b8bce4-3142-46d8-bf8d-4ca7b4c02be9/1/cWkPMdK1DKgh_oFztO6MYLNh_K8.roa
Signing time: Sun 01 Jan 2023 05:24:48 +0000
ROA not before: Sun 01 Jan 2023 05:24:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5484
IP address blocks: 185.46.216.0/24 maxlen: 24
185.46.217.0/24 maxlen: 24
185.46.218.0/24 maxlen: 24
185.46.219.0/24 maxlen: 24
185.128.152.0/24 maxlen: 24
185.128.153.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ca:27:f7:a4:18:f0:05:20:61:e6:d5:37:0e:9d:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=afe79e8f63e991ddf13e6def27e008999d4d4ad9
Validity
Not Before: Jan 1 05:24:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=71690f31d2b50ca821fe8173b4ee8c60b361fcaf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:69:50:c1:45:55:89:68:ef:24:59:06:01:aa:
0a:91:cd:14:ba:02:6f:dc:51:61:90:5a:48:a8:7a:
36:64:b0:09:f5:cb:7d:30:c7:7c:b9:4f:2f:38:5c:
00:69:41:0d:b4:96:31:8c:10:b1:1f:e9:c1:ed:ba:
5e:e9:f5:20:d7:5b:9a:e0:74:44:e6:36:1c:93:9c:
00:0c:39:27:fb:5f:1c:c1:50:84:0d:f9:f7:bc:e5:
19:93:53:95:d5:2a:d1:73:cb:74:f8:a5:d3:3e:81:
bf:05:e4:b6:c3:3f:ff:00:94:83:6e:e1:40:11:be:
d5:3e:e9:7d:15:77:7f:f5:ad:05:10:42:fe:eb:80:
8b:75:5d:0d:e7:53:84:a0:9a:52:3e:55:56:82:4b:
a8:f8:85:5e:e9:97:12:d9:d7:39:3b:d7:f4:4d:a1:
30:2f:40:a8:94:14:54:64:08:56:d2:22:a4:56:26:
a0:15:fa:3f:87:38:b8:fc:0a:31:70:76:4a:51:aa:
34:c2:22:66:09:06:31:b3:4d:5a:dc:d2:3f:d4:bc:
26:15:09:23:10:fb:f0:9f:00:dc:e9:b7:7a:05:f6:
c1:84:a4:9b:bd:e6:23:7a:38:a9:64:1f:58:a6:4e:
5f:8f:f4:de:cf:69:cd:44:a3:90:32:c0:fe:cc:2c:
74:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:69:0F:31:D2:B5:0C:A8:21:FE:81:73:B4:EE:8C:60:B3:61:FC:AF
X509v3 Authority Key Identifier:
keyid:AF:E7:9E:8F:63:E9:91:DD:F1:3E:6D:EF:27:E0:08:99:9D:4D:4A:D9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r-eej2Ppkd3xPm3vJ-AImZ1NStk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/b8bce4-3142-46d8-bf8d-4ca7b4c02be9/1/cWkPMdK1DKgh_oFztO6MYLNh_K8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/b8bce4-3142-46d8-bf8d-4ca7b4c02be9/1/r-eej2Ppkd3xPm3vJ-AImZ1NStk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.46.216.0/22
185.128.152.0/23
Signature Algorithm: sha256WithRSAEncryption
c7:bf:b1:df:70:ab:38:04:5d:31:a2:c2:0f:41:ef:f2:ff:64:
12:f8:46:0c:d9:b2:de:b3:36:89:ac:19:17:1e:b7:5e:49:71:
45:79:0f:dd:ba:ff:7e:0c:a2:f6:4f:28:86:f7:9c:c0:33:cc:
f0:d9:49:5d:fb:23:7e:aa:19:33:d4:f8:69:01:ab:e1:de:7d:
01:23:b0:1e:ab:35:a9:e9:29:87:fe:bc:f6:e0:f0:bf:65:62:
fc:f1:8c:0d:b6:b3:70:1d:1f:49:eb:06:6a:72:b7:d5:ae:fc:
60:26:2e:73:9c:f3:83:0a:67:05:a9:88:1d:26:97:b5:29:87:
8f:49:10:4f:43:22:90:8e:c2:60:36:92:55:54:87:2f:3a:2e:
36:c3:6c:89:99:bd:62:0d:f0:11:6c:74:24:db:f5:3c:a5:7b:
88:fe:98:a3:aa:2a:d0:4d:41:c7:05:4a:57:d7:d4:e6:f2:79:
b7:82:d6:8b:ca:cf:37:d5:2c:05:11:20:17:eb:52:97:1a:8f:
b2:dc:bc:18:03:e5:d9:2d:ca:00:43:fc:e6:8f:89:d7:95:ed:
0b:67:64:5f:47:e2:3e:7e:1e:e9:75:ed:f6:d8:86:4b:e3:c3:
50:10:53:c4:5b:24:7d:c9:75:6c:8a:30:4e:fe:ea:e2:cd:99:
f0:e2:bb:66
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVryif3pBjwBSBh5tU3Dp37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZTc5ZThmNjNlOTkxZGRmMTNlNmRlZjI3ZTAwODk5OWQ0
ZDRhZDkwHhcNMjMwMTAxMDUyNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTY5MGYzMWQyYjUwY2E4MjFmZTgxNzNiNGVlOGM2MGIzNjFmY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh2lQwUVViWjvJFkGAaoKkc0UugJv
3FFhkFpIqHo2ZLAJ9ct9MMd8uU8vOFwAaUENtJYxjBCxH+nB7bpe6fUg11ua4HRE
5jYck5wADDkn+18cwVCEDfn3vOUZk1OV1SrRc8t0+KXTPoG/BeS2wz//AJSDbuFA
Eb7VPul9FXd/9a0FEEL+64CLdV0N51OEoJpSPlVWgkuo+IVe6ZcS2dc5O9f0TaEw
L0ColBRUZAhW0iKkViagFfo/hzi4/AoxcHZKUao0wiJmCQYxs01a3NI/1LwmFQkj
EPvwnwDc6bd6BfbBhKSbveYjejipZB9Ypk5fj/Tez2nNRKOQMsD+zCx0OQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHFpDzHStQyoIf6Bc7TujGCzYfyvMB8GA1UdIwQY
MBaAFK/nno9j6ZHd8T5t7yfgCJmdTUrZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvci1lZWoyUHBrZDN4UG0zdkotQUltWjFOU3RrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9iOGJjZTQtMzE0Mi00NmQ4LWJmOGQt
NGNhN2I0YzAyYmU5LzEvY1drUE1kSzFES2doX29GenRPNk1ZTE5oX0s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9iOGJjZTQtMzE0Mi00NmQ4LWJmOGQtNGNhN2I0YzAyYmU5
LzEvci1lZWoyUHBrZDN4UG0zdkotQUltWjFOU3RrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuS7YAwQB
uYCYMA0GCSqGSIb3DQEBCwUAA4IBAQDHv7HfcKs4BF0xosIPQe/y/2QS+EYM2bLe
szaJrBkXHrdeSXFFeQ/duv9+DKL2TyiG95zAM8zw2Uld+yN+qhkz1PhpAavh3n0B
I7AeqzWp6SmH/rz24PC/ZWL88YwNtrNwHR9J6wZqcrfVrvxgJi5znPODCmcFqYgd
Jpe1KYePSRBPQyKQjsJgNpJVVIcvOi42w2yJmb1iDfARbHQk2/U8pXuI/pijqirQ
TUHHBUpX19Tm8nm3gtaLys831SwFESAX61KXGo+y3LwYA+XZLcoAQ/zmj4nXle0L
Z2RfR+I+fh7pde322IZL48NQEFPEWyR9yXVsijBO/urizZnw4rtm
-----END CERTIFICATE-----
Generated at Mon Jan 1 15:02:16 2024 by rpki-client on console-ams.rpki-client.org