Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vf9Zpj-n0_ZH8cnfsyIetAiTCcQ.roa
File: Vf9Zpj-n0_ZH8cnfsyIetAiTCcQ.roa (raw, json)
Hash identifier: EdimPuRUU5BWLn3XRJVcEGM2eXsuP0XjVHgsB9M7QU4=
Subject key identifier: 55:FF:59:A6:3F:A7:D3:F6:47:F1:C9:DF:B3:22:1E:B4:08:93:09:C4
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189B55256661B9099C00C4EF0BBEE8E890D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vf9Zpj-n0_ZH8cnfsyIetAiTCcQ.roa
Signing time: Wed 02 Aug 2023 08:16:59 +0000
ROA not before: Wed 02 Aug 2023 08:16:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1
IP address blocks: 87.120.166.0/24 maxlen: 24
87.121.44.0/24 maxlen: 24
87.121.46.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
45.128.233.0/24 maxlen: 24
94.156.79.0/24 maxlen: 24
87.120.36.0/24 maxlen: 24
88.218.76.0/22 maxlen: 24
185.221.64.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:b5:52:56:66:1b:90:99:c0:0c:4e:f0:bb:ee:8e:89:0d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 2 08:16:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=55ff59a63fa7d3f647f1c9dfb3221eb4089309c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:e5:33:56:52:f2:76:ce:9a:84:2c:75:98:cf:
e6:c4:32:77:fa:db:83:de:70:7c:48:89:6a:b5:b7:
54:0c:0d:bd:4c:09:7b:a4:75:84:40:de:94:1b:6f:
3e:fe:3b:0f:21:98:b3:04:ca:98:59:cf:0c:2c:21:
78:e0:a3:41:55:86:6b:bb:af:bd:6b:57:32:28:f3:
78:e9:13:4d:32:9b:73:ae:99:43:25:79:74:0c:00:
59:fc:ca:50:aa:c1:45:65:bf:64:cc:54:c8:93:6e:
76:e2:1d:90:56:a4:c2:be:9d:68:53:a7:0d:81:22:
e0:8a:a3:e9:54:74:b5:27:e4:74:c1:43:15:97:92:
1a:96:61:6c:9a:0c:4f:2b:16:e9:d4:45:62:0e:fd:
7d:f8:03:dc:17:82:d4:3e:64:f0:43:2d:e9:a2:f7:
9e:a6:c6:ae:5f:55:cf:d8:49:27:74:0e:24:53:bd:
29:65:ab:08:50:cb:45:d1:5e:60:bb:78:7f:a3:3e:
07:f3:1d:8b:ab:c6:95:a8:4d:d5:85:da:53:df:a9:
5b:93:9d:69:95:38:f3:94:36:53:8a:93:de:27:20:
3e:4d:26:8e:82:22:19:6a:cb:09:0f:3b:1d:8c:06:
e7:47:27:f3:da:05:f3:26:7c:c0:2b:0a:c0:33:02:
ef:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
55:FF:59:A6:3F:A7:D3:F6:47:F1:C9:DF:B3:22:1E:B4:08:93:09:C4
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vf9Zpj-n0_ZH8cnfsyIetAiTCcQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.233.0/24
85.31.47.0/24
87.120.36.0/24
87.120.166.0/24
87.121.44.0/24
87.121.46.0/24
88.218.76.0/22
94.156.79.0/24
185.221.64.0/24
Signature Algorithm: sha256WithRSAEncryption
38:e7:fc:3e:d6:e1:fa:42:89:42:9c:53:d2:21:85:ca:ed:ab:
f7:7b:fb:ed:26:8c:ae:5f:cb:18:5f:bc:76:b0:b2:0b:a7:d8:
a9:32:62:83:d5:57:4c:75:4b:2c:45:e6:86:28:ea:59:80:2b:
f0:5a:9f:4e:07:e6:fa:03:a4:7b:f5:6f:b2:88:1f:fe:3a:8c:
54:7e:99:06:2f:58:fd:57:a6:0e:c4:ff:7c:07:96:d3:49:e9:
fe:02:ac:ea:16:e5:9b:1e:78:84:1c:58:38:f5:2f:00:b3:c3:
f5:db:88:e4:1b:b5:55:ba:db:63:0c:f4:68:61:74:b6:36:51:
4e:37:6d:9b:bb:3a:60:30:ee:a5:2f:9d:3e:f2:e4:51:01:e9:
15:4d:8d:52:49:9c:58:29:72:48:1d:14:ae:a9:8f:89:1e:1a:
d7:be:de:26:04:8f:c8:61:4e:cd:cd:3a:8d:2a:b0:1a:76:ed:
c0:61:36:2b:25:11:5b:f4:a1:97:84:9d:3e:b1:72:b0:e9:3b:
d4:70:1e:43:c4:54:4f:ac:c6:4b:35:1e:de:f0:5d:b0:df:63:
5d:73:e6:34:f4:d5:e6:19:b6:08:ed:f2:2c:8c:36:0e:98:14:
79:a1:a5:e7:76:dc:57:d2:76:7d:22:79:2c:18:73:96:5d:f1:
01:cc:02:ef
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYm1UlZmG5CZwAxO8LvujokNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODAyMDgxNjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWZmNTlhNjNmYTdkM2Y2NDdmMWM5ZGZiMzIyMWViNDA4OTMwOWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+UzVlLyds6ahCx1mM/mxDJ3+tuD
3nB8SIlqtbdUDA29TAl7pHWEQN6UG28+/jsPIZizBMqYWc8MLCF44KNBVYZru6+9
a1cyKPN46RNNMptzrplDJXl0DABZ/MpQqsFFZb9kzFTIk2524h2QVqTCvp1oU6cN
gSLgiqPpVHS1J+R0wUMVl5IalmFsmgxPKxbp1EViDv19+APcF4LUPmTwQy3povee
psauX1XP2EkndA4kU70pZasIUMtF0V5gu3h/oz4H8x2Lq8aVqE3VhdpT36lbk51p
lTjzlDZTipPeJyA+TSaOgiIZassJDzsdjAbnRyfz2gXzJnzAKwrAMwLv4wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFX/WaY/p9P2R/HJ37MiHrQIkwnEMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVmY5WnBqLW4wX1pIOGNuZnN5SWV0QWlUQ2NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQALYDpAwQA
VR8vAwQAV3gkAwQAV3imAwQAV3ksAwQAV3kuAwQCWNpMAwQAXpxPAwQAud1AMA0G
CSqGSIb3DQEBCwUAA4IBAQA45/w+1uH6QolCnFPSIYXK7av3e/vtJoyuX8sYX7x2
sLILp9ipMmKD1VdMdUssReaGKOpZgCvwWp9OB+b6A6R79W+yiB/+OoxUfpkGL1j9
V6YOxP98B5bTSen+AqzqFuWbHniEHFg49S8As8P124jkG7VVuttjDPRoYXS2NlFO
N22buzpgMO6lL50+8uRRAekVTY1SSZxYKXJIHRSuqY+JHhrXvt4mBI/IYU7NzTqN
KrAadu3AYTYrJRFb9KGXhJ0+sXKw6TvUcB5DxFRPrMZLNR7e8F2w32Ndc+Y09NXm
GbYI7fIsjDYOmBR5oaXndtxX0nZ9InksGHOWXfEBzALv
-----END CERTIFICATE-----
Generated at Wed Aug 2 11:54:05 2023 by rpki-client on console-ams.rpki-client.org