Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/NfdJQGtEsq1rnXG_i2gz1skPy_k.roa
File: NfdJQGtEsq1rnXG_i2gz1skPy_k.roa (raw, json)
Hash identifier: k0dWz7fuoA6TlBIJTvDXGN6DiMiUfDgI46ahGq9w2vA=
Subject key identifier: 35:F7:49:40:6B:44:B2:AD:6B:9D:71:BF:8B:68:33:D6:C9:0F:CB:F9
Certificate issuer: /CN=d34fa6be3f5c38f4bb7e062b6707747f4961a048
Certificate serial: 01856BAED4F6B77A9A2842912BA17A1EC79B
Authority key identifier: D3:4F:A6:BE:3F:5C:38:F4:BB:7E:06:2B:67:07:74:7F:49:61:A0:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/00-mvj9cOPS7fgYrZwd0f0lhoEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/NfdJQGtEsq1rnXG_i2gz1skPy_k.roa
Signing time: Sun 01 Jan 2023 04:54:57 +0000
ROA not before: Sun 01 Jan 2023 04:54:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 210838
IP address blocks: 109.234.78.0/24 maxlen: 24
2a11:9c80::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ae:d4:f6:b7:7a:9a:28:42:91:2b:a1:7a:1e:c7:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d34fa6be3f5c38f4bb7e062b6707747f4961a048
Validity
Not Before: Jan 1 04:54:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=35f749406b44b2ad6b9d71bf8b6833d6c90fcbf9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:af:cf:13:25:83:be:a3:15:f8:ff:b5:27:3e:
d8:04:aa:a7:37:37:69:34:d8:8a:ef:90:17:b2:38:
da:e2:1b:63:d0:0c:6d:35:42:2f:c6:2f:1d:33:67:
bf:89:79:8e:d5:77:c7:b6:e4:db:e2:f0:01:41:97:
7a:c1:d8:33:60:de:ae:0f:b5:18:88:d4:15:56:93:
0c:a5:3b:a6:c4:1c:49:0e:3a:c5:b0:15:1d:8a:5c:
fb:2b:12:47:28:21:dc:e1:74:18:15:f6:95:b8:13:
a2:1b:bf:28:9e:c8:05:2b:86:4a:68:8a:95:fb:21:
08:f7:ff:f8:40:f6:04:c8:4e:19:7b:52:6e:10:e5:
5c:28:6b:51:f0:85:ba:32:e8:8c:be:52:23:f0:6b:
4b:7a:22:bc:e7:7e:6b:99:0b:43:f7:1b:75:41:0b:
91:8e:80:10:26:5a:68:f1:3d:89:a3:36:86:31:d4:
69:4c:a1:73:72:71:be:32:89:80:dc:78:cd:f7:de:
2c:dd:7c:8e:86:7d:04:b4:ed:fe:26:1c:e7:fa:c0:
7b:75:07:3d:f3:46:7c:b8:2f:64:e3:0f:7e:91:55:
fc:f5:19:37:56:32:19:de:a3:f6:04:07:7d:47:3c:
6c:05:b5:08:21:b7:cf:7e:5d:45:e6:83:0f:50:a4:
39:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:F7:49:40:6B:44:B2:AD:6B:9D:71:BF:8B:68:33:D6:C9:0F:CB:F9
X509v3 Authority Key Identifier:
keyid:D3:4F:A6:BE:3F:5C:38:F4:BB:7E:06:2B:67:07:74:7F:49:61:A0:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/00-mvj9cOPS7fgYrZwd0f0lhoEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/NfdJQGtEsq1rnXG_i2gz1skPy_k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/04/3bc707-76e7-4987-befa-981184dee131/1/00-mvj9cOPS7fgYrZwd0f0lhoEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
109.234.78.0/24
IPv6:
2a11:9c80::/29
Signature Algorithm: sha256WithRSAEncryption
4d:7e:24:74:84:a9:63:6e:15:36:e0:87:5f:ad:75:d3:4a:8b:
30:83:d7:05:c3:47:5c:d5:15:27:2c:0c:27:ce:5d:cc:f3:b4:
09:f4:75:a9:23:76:8a:ff:ac:13:74:50:c9:50:14:bd:e6:f6:
36:8d:43:17:2f:24:6b:39:d8:cc:26:4d:5d:dc:f9:cc:9a:df:
d0:cf:ec:a0:9c:b5:80:0f:f6:4a:b0:8c:7e:ed:4f:b3:93:db:
b2:0f:b3:35:79:f1:50:97:9b:39:b3:46:d0:dd:55:0c:f7:a2:
69:ed:3a:7d:50:04:9f:17:ba:19:54:f6:f1:4d:23:af:ff:81:
94:57:34:7f:81:bb:f3:1e:9e:7c:e1:c5:c3:69:0e:b8:68:c8:
61:72:79:c8:91:19:c0:8f:cb:87:86:66:8a:dc:8c:c2:c2:09:
0a:07:ea:f2:55:f9:58:eb:80:47:9f:92:85:28:8b:01:52:dd:
72:57:b5:ff:fa:be:b3:39:27:6c:af:8f:b0:bc:58:25:92:19:
79:fb:3a:1c:83:70:15:7d:1a:2c:84:e1:60:98:4b:e3:4c:2c:
51:8d:92:e2:e6:97:44:88:63:63:45:8f:fe:f2:00:16:3b:ff:
4f:57:b4:ff:a0:82:7a:a2:05:55:df:cd:dc:9c:ab:33:b5:f8:
a3:a1:3f:51
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVrrtT2t3qaKEKRK6F6HsebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNGZhNmJlM2Y1YzM4ZjRiYjdlMDYyYjY3MDc3NDdmNDk2
MWEwNDgwHhcNMjMwMTAxMDQ1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWY3NDk0MDZiNDRiMmFkNmI5ZDcxYmY4YjY4MzNkNmM5MGZjYmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6/PEyWDvqMV+P+1Jz7YBKqnNzdp
NNiK75AXsjja4htj0AxtNUIvxi8dM2e/iXmO1XfHtuTb4vABQZd6wdgzYN6uD7UY
iNQVVpMMpTumxBxJDjrFsBUdilz7KxJHKCHc4XQYFfaVuBOiG78onsgFK4ZKaIqV
+yEI9//4QPYEyE4Ze1JuEOVcKGtR8IW6MuiMvlIj8GtLeiK8535rmQtD9xt1QQuR
joAQJlpo8T2JozaGMdRpTKFzcnG+MomA3HjN994s3XyOhn0EtO3+Jhzn+sB7dQc9
80Z8uC9k4w9+kVX89Rk3VjIZ3qP2BAd9RzxsBbUIIbfPfl1F5oMPUKQ5DQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDX3SUBrRLKta51xv4toM9bJD8v5MB8GA1UdIwQY
MBaAFNNPpr4/XDj0u34GK2cHdH9JYaBIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDAtbXZqOWNPUFM3ZmdZclp3ZDBmMGxob0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8zYmM3MDctNzZlNy00OTg3LWJlZmEt
OTgxMTg0ZGVlMTMxLzEvTmZkSlFHdEVzcTFyblhHX2kyZ3oxc2tQeV9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8zYmM3MDctNzZlNy00OTg3LWJlZmEtOTgxMTg0ZGVlMTMx
LzEvMDAtbXZqOWNPUFM3ZmdZclp3ZDBmMGxob0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbepOMA0E
AgACMAcDBQMqEZyAMA0GCSqGSIb3DQEBCwUAA4IBAQBNfiR0hKljbhU24IdfrXXT
Soswg9cFw0dc1RUnLAwnzl3M87QJ9HWpI3aK/6wTdFDJUBS95vY2jUMXLyRrOdjM
Jk1d3PnMmt/Qz+ygnLWAD/ZKsIx+7U+zk9uyD7M1efFQl5s5s0bQ3VUM96Jp7Tp9
UASfF7oZVPbxTSOv/4GUVzR/gbvzHp584cXDaQ64aMhhcnnIkRnAj8uHhmaK3IzC
wgkKB+ryVflY64BHn5KFKIsBUt1yV7X/+r6zOSdsr4+wvFglkhl5+zocg3AVfRos
hOFgmEvjTCxRjZLi5pdEiGNjRY/+8gAWO/9PV7T/oIJ6ogVV383cnKsztfijoT9R
-----END CERTIFICATE-----
Generated at Tue Jan 2 17:33:26 2024 by rpki-client on console-fra.rpki-client.org