Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/of1WpCRSQuOl9LuqOag7ypnH44M.roa
File: of1WpCRSQuOl9LuqOag7ypnH44M.roa (raw, json)
Hash identifier: 60Hvyjocg+FME4Yq2hSqco7hx9AG7pVMEi6NMfSr+Dc=
Subject key identifier: A1:FD:56:A4:24:52:42:E3:A5:F4:BB:AA:39:A8:3B:CA:99:C7:E3:83
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01896401E28B6A46CDAAE52757A0A67D8E78
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/of1WpCRSQuOl9LuqOag7ypnH44M.roa
Signing time: Mon 17 Jul 2023 13:19:52 +0000
ROA not before: Mon 17 Jul 2023 13:19:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 204843
IP address blocks: 94.156.11.0/24 maxlen: 24
45.81.241.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
193.149.2.0/24 maxlen: 24
193.149.3.0/24 maxlen: 24
37.221.121.0/24 maxlen: 24
37.221.122.0/24 maxlen: 24
37.221.123.0/24 maxlen: 24
37.221.120.0/24 maxlen: 24
94.156.176.0/24 maxlen: 24
45.144.153.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:64:01:e2:8b:6a:46:cd:aa:e5:27:57:a0:a6:7d:8e:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 17 13:19:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a1fd56a4245242e3a5f4bbaa39a83bca99c7e383
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:7c:63:3d:6d:e8:83:af:10:19:ec:32:06:67:
aa:9e:2d:b6:14:d7:95:8f:ee:de:9f:7f:d4:32:d7:
a4:cd:57:aa:7d:12:2b:b5:db:93:a2:d0:86:04:de:
7f:3f:a1:d5:81:d3:1e:63:6c:22:ec:de:46:db:63:
20:5a:4b:d1:85:15:99:d6:ee:45:bf:1f:da:ba:87:
57:09:72:bb:f2:90:fc:90:84:99:e1:7b:4e:55:5d:
79:85:fa:28:2c:1c:f5:f4:b8:b1:a7:c4:71:56:96:
98:d4:f6:ae:76:fa:1c:83:06:e3:33:3f:17:58:70:
98:90:24:ca:16:f1:e6:f4:bd:ed:1f:9e:bb:c2:65:
c3:18:c7:ad:f9:b1:2a:a1:9c:9a:bb:f9:bd:29:02:
af:d7:e0:82:37:e8:a1:b5:b9:89:8a:f8:ac:fb:ee:
06:5a:2d:e5:f4:6e:9b:75:3b:e1:38:43:8f:06:4b:
d8:a2:30:b0:86:a9:65:72:5d:8d:cb:4b:e5:3f:93:
d3:9a:c5:54:80:71:6c:e1:ac:43:36:1f:a3:af:23:
3d:ee:ae:33:71:9f:fc:60:58:ba:ee:da:90:41:9b:
d9:c2:86:bb:2a:40:fe:1e:20:d5:b8:c8:50:02:dc:
f5:7a:36:57:5a:07:fa:1b:5b:01:25:19:78:b0:82:
7c:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:FD:56:A4:24:52:42:E3:A5:F4:BB:AA:39:A8:3B:CA:99:C7:E3:83
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/of1WpCRSQuOl9LuqOag7ypnH44M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.120.0/22
45.81.241.0/24
45.144.153.0/24
94.156.11.0/24
94.156.176.0/24
141.98.1.0/24
193.149.2.0/23
Signature Algorithm: sha256WithRSAEncryption
68:12:84:9a:d5:18:7b:44:cf:59:0c:ca:38:14:f3:28:5e:e8:
7e:dc:57:e0:52:5d:56:53:5a:ea:3a:1b:2d:ba:18:ad:56:d5:
25:c6:b9:d8:48:be:9f:f4:38:fd:28:ff:00:e9:f0:c0:1a:2e:
03:b0:23:76:c7:bd:62:d3:71:28:ab:a4:6d:45:f7:b6:5f:3c:
c8:cf:b5:fd:d2:61:0f:61:4a:5e:d1:b0:90:7d:7e:0e:31:cd:
fe:48:71:c9:75:6c:89:d6:83:cc:3f:3a:c7:81:6d:20:6a:68:
b7:cc:e5:83:c5:3b:1b:24:9d:97:d1:17:b2:bb:8a:78:18:d6:
18:5c:e9:a4:be:0c:d8:89:d7:db:a8:83:00:de:d6:80:69:5a:
44:a8:1b:76:98:1d:d2:99:0c:13:47:a6:05:c3:d2:72:9c:93:
20:8c:f9:6c:93:01:4e:61:3d:d7:67:58:20:04:31:5e:a7:85:
02:9f:1a:54:be:39:59:0c:5c:e3:9c:98:03:44:9b:00:ae:c9:
9e:78:49:0f:41:ee:67:0d:bd:cb:e2:93:a9:dc:95:07:10:a7:
43:95:95:0c:97:1b:a1:6a:c8:a3:ce:df:42:59:13:e4:4f:8c:
5c:d1:c5:b0:cc:d3:a2:85:13:c5:8c:6e:33:43:99:a5:25:93:
fb:cc:3e:72
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYlkAeKLakbNquUnV6CmfY54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzE3MTMxOTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWZkNTZhNDI0NTI0MmUzYTVmNGJiYWEzOWE4M2JjYTk5YzdlMzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXxjPW3og68QGewyBmeqni22FNeV
j+7en3/UMtekzVeqfRIrtduTotCGBN5/P6HVgdMeY2wi7N5G22MgWkvRhRWZ1u5F
vx/auodXCXK78pD8kISZ4XtOVV15hfooLBz19Lixp8RxVpaY1PaudvocgwbjMz8X
WHCYkCTKFvHm9L3tH567wmXDGMet+bEqoZyau/m9KQKv1+CCN+ihtbmJivis++4G
Wi3l9G6bdTvhOEOPBkvYojCwhqllcl2Ny0vlP5PTmsVUgHFs4axDNh+jryM97q4z
cZ/8YFi67tqQQZvZwoa7KkD+HiDVuMhQAtz1ejZXWgf6G1sBJRl4sIJ8+wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFKH9VqQkUkLjpfS7qjmoO8qZx+ODMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb2YxV3BDUlNRdU9sOUx1cU9hZzd5cG5INDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCJd14AwQA
LVHxAwQALZCZAwQAXpwLAwQAXpywAwQAjWIBAwQBwZUCMA0GCSqGSIb3DQEBCwUA
A4IBAQBoEoSa1Rh7RM9ZDMo4FPMoXuh+3FfgUl1WU1rqOhstuhitVtUlxrnYSL6f
9Dj9KP8A6fDAGi4DsCN2x71i03Eoq6RtRfe2XzzIz7X90mEPYUpe0bCQfX4OMc3+
SHHJdWyJ1oPMPzrHgW0gami3zOWDxTsbJJ2X0Reyu4p4GNYYXOmkvgzYidfbqIMA
3taAaVpEqBt2mB3SmQwTR6YFw9JynJMgjPlskwFOYT3XZ1ggBDFep4UCnxpUvjlZ
DFzjnJgDRJsArsmeeEkPQe5nDb3L4pOp3JUHEKdDlZUMlxuhasijzt9CWRPkT4xc
0cWwzNOihRPFjG4zQ5mlJZP7zD5y
-----END CERTIFICATE-----
Generated at Mon Jul 24 10:31:27 2023 by rpki-client on console-ams.rpki-client.org