Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/pnao31ME4nD7s-40XIu9oKQkGaM.roa
File: pnao31ME4nD7s-40XIu9oKQkGaM.roa (raw, json)
Hash identifier: GuYXYaCZswUD3LUDFvQauypSsdEQ4QvvRBLZmbNfHR8=
Subject key identifier: A6:76:A8:DF:53:04:E2:70:FB:B3:EE:34:5C:8B:BD:A0:A4:24:19:A3
Certificate issuer: /CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Certificate serial: 0185780C7908E5BA74D13D2AE5F3D5CA0C1D
Authority key identifier: 1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/pnao31ME4nD7s-40XIu9oKQkGaM.roa
Signing time: Tue 03 Jan 2023 14:32:41 +0000
ROA not before: Tue 03 Jan 2023 14:32:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60767
IP address blocks: 45.95.204.0/22 maxlen: 24
2a0e:3940:1000::/36 maxlen: 44
2a0e:3940:f000::/36 maxlen: 44
2a0e:3940:d000::/36 maxlen: 36
2a0e:3940::/34 maxlen: 36
2a0e:3940::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 03 Jan 2023 16:16:41 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:78:0c:79:08:e5:ba:74:d1:3d:2a:e5:f3:d5:ca:0c:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f61aa5d1befd7a0fe3e4dfe3aa8da73efcfba34
Validity
Not Before: Jan 3 14:32:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a676a8df5304e270fbb3ee345c8bbda0a42419a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:21:ed:eb:d7:d0:1c:9f:65:e8:cf:51:96:68:
22:0b:32:0d:7e:b9:09:33:43:9c:a7:dd:f2:9b:b4:
0e:ce:66:0b:db:3d:2c:75:13:8d:a1:1d:76:c7:37:
df:1b:70:c3:80:7e:c5:4d:62:66:85:be:17:7b:98:
f8:fc:5b:64:0d:b8:73:a5:a3:af:d1:38:1b:96:94:
cd:9a:ed:70:51:fc:40:c7:d1:fe:b7:29:90:b2:17:
81:19:4a:3d:f0:9d:76:67:b3:9d:ac:5d:92:5c:ed:
e8:27:38:83:e8:fb:98:1e:b5:e8:ec:4e:11:e3:46:
c4:83:ae:9f:c7:d7:be:da:21:d6:15:64:f0:1c:85:
fe:f2:5a:18:9b:b9:62:55:e3:a9:d3:94:67:a7:3b:
ee:72:db:a4:0a:26:b9:d7:eb:34:87:fc:ca:93:1b:
e0:e8:d7:c2:20:6e:98:fe:f0:d4:99:d1:78:83:1d:
63:11:7a:fe:0d:5d:e4:fc:b9:12:be:57:0d:7f:17:
a7:c2:f0:3d:f8:ab:0f:34:a2:9a:26:e9:a8:1b:cd:
60:52:33:c3:a8:86:0a:7b:f3:14:45:8d:18:ac:4c:
21:da:55:f6:1b:fa:45:8f:8c:88:06:c5:63:69:7b:
33:52:dd:45:12:56:7c:7a:14:7e:f7:b2:13:07:9e:
cf:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:76:A8:DF:53:04:E2:70:FB:B3:EE:34:5C:8B:BD:A0:A4:24:19:A3
X509v3 Authority Key Identifier:
keyid:1F:61:AA:5D:1B:EF:D7:A0:FE:3E:4D:FE:3A:A8:DA:73:EF:CF:BA:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2GqXRvv16D-Pk3-Oqjac-_PujQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/pnao31ME4nD7s-40XIu9oKQkGaM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0ad414-3df1-4b38-869e-c621e8df95ff/1/H2GqXRvv16D-Pk3-Oqjac-_PujQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.204.0/22
IPv6:
2a0e:3940::/29
Signature Algorithm: sha256WithRSAEncryption
50:fd:59:3d:3d:ea:be:9c:3c:64:e2:79:32:ed:94:cc:39:2c:
a7:52:39:5b:ac:e0:5d:d8:a7:0e:fe:f8:6f:00:56:2d:3d:a9:
81:6a:8f:08:64:4c:19:38:b4:5a:27:31:02:7b:e0:4b:bb:eb:
e2:a6:86:f9:3c:2d:3a:cd:20:75:6b:b8:5a:13:a3:b5:31:14:
60:5e:3a:ee:48:49:f7:77:c5:28:3c:df:f3:46:fb:65:24:50:
00:68:4c:10:31:38:91:3c:aa:69:39:55:eb:d3:c2:e1:14:22:
56:1e:06:c1:b3:99:b3:be:6d:bf:31:66:4f:89:c7:d1:54:0b:
86:22:e9:8e:c0:35:6a:ab:66:f0:47:55:67:b6:82:00:44:c8:
9d:7a:37:0f:c7:44:f4:bd:ec:8d:52:5d:ce:1e:f5:cd:53:97:
54:23:63:ab:20:23:58:a6:ff:5a:55:94:10:d0:96:24:09:d4:
7f:ee:d3:06:3c:73:42:fd:76:bb:d3:ca:85:12:9c:0b:bd:7b:
da:06:19:29:eb:ab:36:2e:8d:7a:3c:95:04:32:08:38:03:65:
84:eb:02:f0:e3:64:b0:fc:2b:44:7e:fa:5c:f1:24:75:54:c7:
e6:20:1e:62:77:76:02:1f:14:45:d6:4e:ab:67:39:1a:3e:df:
b1:59:c2:ad
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYV4DHkI5bp00T0q5fPVygwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjFhYTVkMWJlZmQ3YTBmZTNlNGRmZTNhYThkYTczZWZj
ZmJhMzQwHhcNMjMwMTAzMTQzMjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjc2YThkZjUzMDRlMjcwZmJiM2VlMzQ1YzhiYmRhMGE0MjQxOWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiiHt69fQHJ9l6M9RlmgiCzINfrkJ
M0Ocp93ym7QOzmYL2z0sdRONoR12xzffG3DDgH7FTWJmhb4Xe5j4/FtkDbhzpaOv
0TgblpTNmu1wUfxAx9H+tymQsheBGUo98J12Z7OdrF2SXO3oJziD6PuYHrXo7E4R
40bEg66fx9e+2iHWFWTwHIX+8loYm7liVeOp05RnpzvuctukCia51+s0h/zKkxvg
6NfCIG6Y/vDUmdF4gx1jEXr+DV3k/LkSvlcNfxenwvA9+KsPNKKaJumoG81gUjPD
qIYKe/MURY0YrEwh2lX2G/pFj4yIBsVjaXszUt1FElZ8ehR+97ITB57P1wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKZ2qN9TBOJw+7PuNFyLvaCkJBmjMB8GA1UdIwQY
MBaAFB9hql0b79eg/j5N/jqo2nPvz7o0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUt
YzYyMWU4ZGY5NWZmLzEvcG5hbzMxTUU0bkQ3cy00MFhJdTlvS1FrR2FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYWQ0MTQtM2RmMS00YjM4LTg2OWUtYzYyMWU4ZGY5NWZm
LzEvSDJHcVhSdnYxNkQtUGszLU9xamFjLV9QdWpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLV/MMA0E
AgACMAcDBQMqDjlAMA0GCSqGSIb3DQEBCwUAA4IBAQBQ/Vk9Peq+nDxk4nky7ZTM
OSynUjlbrOBd2KcO/vhvAFYtPamBao8IZEwZOLRaJzECe+BLu+vipob5PC06zSB1
a7haE6O1MRRgXjruSEn3d8UoPN/zRvtlJFAAaEwQMTiRPKppOVXr08LhFCJWHgbB
s5mzvm2/MWZPicfRVAuGIumOwDVqq2bwR1VntoIARMidejcPx0T0veyNUl3OHvXN
U5dUI2OrICNYpv9aVZQQ0JYkCdR/7tMGPHNC/Xa708qFEpwLvXvaBhkp66s2Lo16
PJUEMgg4A2WE6wLw42Sw/CtEfvpc8SR1VMfmIB5id3YCHxRF1k6rZzkaPt+xWcKt
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:26 2024 by rpki-client on console-ams.rpki-client.org