Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_4umyuK8OXTcOiXODGFbQHQ_u5Q.roa
File: _4umyuK8OXTcOiXODGFbQHQ_u5Q.roa (raw, json)
Hash identifier: bFYBsvYQjgWOJfaw6NHluQOVWdqhsDw4JCbOHMKsmas=
Subject key identifier: FF:8B:A6:CA:E2:BC:39:74:DC:3A:25:CE:0C:61:5B:40:74:3F:BB:94
Certificate issuer: /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial: 018AA22E7D519A740A34007DFAC01E0BBA6A
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_4umyuK8OXTcOiXODGFbQHQ_u5Q.roa
Signing time: Sun 17 Sep 2023 08:07:50 +0000
ROA not before: Sun 17 Sep 2023 08:07:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2118
IP address blocks: 194.87.208.0/23 maxlen: 24
194.87.222.0/23 maxlen: 24
194.87.27.0/24 maxlen: 24
212.192.0.0/23 maxlen: 24
194.58.46.0/23 maxlen: 24
194.58.45.0/24 maxlen: 24
195.58.56.0/21 maxlen: 24
212.193.0.0/24 maxlen: 24
195.133.55.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:a2:2e:7d:51:9a:74:0a:34:00:7d:fa:c0:1e:0b:ba:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Validity
Not Before: Sep 17 08:07:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ff8ba6cae2bc3974dc3a25ce0c615b40743fbb94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:3b:5c:9a:e1:bb:79:68:94:e0:a4:9c:4e:d6:
3e:9c:cb:a6:09:0a:bd:51:66:d6:ee:ba:f2:9a:15:
4a:86:17:4e:06:a6:d6:bd:c2:2f:0d:80:ae:6f:e4:
fc:3a:2d:28:8d:2d:99:5e:15:d1:c0:d9:28:e9:94:
72:ad:eb:a5:73:5c:54:14:53:28:c4:08:fc:c9:5c:
93:73:79:79:ee:22:9c:65:c2:10:fb:d5:b0:7e:cc:
04:ac:41:88:4d:34:f6:c0:6f:d0:fb:be:04:71:e3:
1b:2b:ae:00:6e:e2:d3:1f:25:ca:f9:7a:bc:8c:65:
44:b5:6a:94:3a:c5:83:c7:d5:ed:7b:76:52:67:ab:
7a:dc:fe:d0:52:14:9b:3a:6b:6e:59:82:3a:9a:73:
cc:f6:d1:43:de:23:d9:2f:17:05:98:e5:87:49:b6:
7f:eb:d8:0c:62:b2:93:f1:44:fa:fe:f8:57:11:cb:
f1:22:ee:bd:40:bd:5c:d5:9c:d9:00:94:f9:64:49:
7f:58:b5:7c:bc:4d:a6:82:3c:5c:00:f5:9e:30:44:
64:bb:b0:1b:f1:0a:86:dd:4a:37:d0:61:50:cd:20:
45:20:48:e3:b5:60:c7:4b:88:a8:b6:66:2f:3e:53:
17:1d:27:fe:79:d1:9e:0c:7c:6d:bb:7c:20:7d:2c:
ef:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:8B:A6:CA:E2:BC:39:74:DC:3A:25:CE:0C:61:5B:40:74:3F:BB:94
X509v3 Authority Key Identifier:
keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/_4umyuK8OXTcOiXODGFbQHQ_u5Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.58.45.0-194.58.47.255
194.87.27.0/24
194.87.208.0/23
194.87.222.0/23
195.58.56.0/21
195.133.55.0/24
212.192.0.0/23
212.193.0.0/24
Signature Algorithm: sha256WithRSAEncryption
17:2f:81:1f:f5:df:ed:72:ed:e8:31:27:bb:6e:4e:48:55:a7:
d4:d0:f2:75:72:10:3e:01:d9:5d:02:40:12:4c:08:70:cc:ba:
8a:d4:ce:86:a5:94:73:c3:43:89:15:80:5d:3e:d3:02:1a:69:
ca:6d:3c:6e:cd:84:6d:1c:55:3d:40:72:6a:b6:35:35:d3:52:
f5:8a:45:3b:5c:2e:f9:87:a5:e9:8a:20:ff:e4:27:c2:cf:66:
e9:d6:c6:b9:ef:74:37:04:b7:ca:f8:10:42:3a:dd:55:72:79:
be:ad:26:04:39:63:df:8e:ce:f6:ea:ed:3f:20:26:75:52:8a:
5c:c7:dd:6b:82:59:da:08:9a:db:fe:73:f7:49:c2:61:98:0c:
9f:54:00:ad:c3:59:89:9b:db:9d:67:92:98:c1:8a:03:b9:c8:
2d:9d:e9:b6:1e:e9:02:ec:b1:87:f9:83:9c:dd:44:6e:a9:67:
14:f7:be:7f:48:d8:d1:ec:21:b3:fd:8b:c9:77:b3:8a:8a:f4:
db:9e:b4:9b:cf:3b:a7:d9:1d:d3:a6:5c:ff:c8:78:78:02:b6:
90:f3:cf:18:11:91:cf:b3:bc:23:51:fc:8a:c1:a2:44:f2:53:
44:15:8c:50:72:2f:99:90:bb:6a:dd:a3:3d:12:d1:1a:e0:76:
eb:e4:cd:b4
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYqiLn1RmnQKNAB9+sAeC7pqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjMwOTE3MDgwNzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjhiYTZjYWUyYmMzOTc0ZGMzYTI1Y2UwYzYxNWI0MDc0M2ZiYjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjDtcmuG7eWiU4KScTtY+nMumCQq9
UWbW7rrymhVKhhdOBqbWvcIvDYCub+T8Oi0ojS2ZXhXRwNko6ZRyreulc1xUFFMo
xAj8yVyTc3l57iKcZcIQ+9WwfswErEGITTT2wG/Q+74EceMbK64AbuLTHyXK+Xq8
jGVEtWqUOsWDx9Xte3ZSZ6t63P7QUhSbOmtuWYI6mnPM9tFD3iPZLxcFmOWHSbZ/
69gMYrKT8UT6/vhXEcvxIu69QL1c1ZzZAJT5ZEl/WLV8vE2mgjxcAPWeMERku7Ab
8QqG3Uo30GFQzSBFIEjjtWDHS4iotmYvPlMXHSf+edGeDHxtu3wgfSzvrwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFP+LpsrivDl03DolzgxhW0B0P7uUMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvXzR1bXl1SzhPWFRjT2lYT0RHRmJRSFFfdTVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBADCOi0D
BATCOiADBADCVxsDBAHCV9ADBAHCV94DBAPDOjgDBADDhTcDBAHUwAADBADUwQAw
DQYJKoZIhvcNAQELBQADggEBABcvgR/13+1y7egxJ7tuTkhVp9TQ8nVyED4B2V0C
QBJMCHDMuorUzoallHPDQ4kVgF0+0wIaacptPG7NhG0cVT1Acmq2NTXTUvWKRTtc
LvmHpemKIP/kJ8LPZunWxrnvdDcEt8r4EEI63VVyeb6tJgQ5Y9+Ozvbq7T8gJnVS
ilzH3WuCWdoImtv+c/dJwmGYDJ9UAK3DWYmb251nkpjBigO5yC2d6bYe6QLssYf5
g5zdRG6pZxT3vn9I2NHsIbP9i8l3s4qK9NuetJvPO6fZHdOmXP/IeHgCtpDzzxgR
kc+zvCNR/IrBokTyU0QVjFByL5mQu2rdoz0S0RrgduvkzbQ=
-----END CERTIFICATE-----
Generated at Thu Sep 21 13:32:24 2023 by rpki-client on console-ams.rpki-client.org