Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/l8Gn2jQfwTZic-EgBYP4t6f5cYo.roa
File: l8Gn2jQfwTZic-EgBYP4t6f5cYo.roa (raw, json)
Hash identifier: KI/utFS8AaQAE690WA5ZV5ZY+S7/AOIlSWSdXZ43DSI=
Subject key identifier: 97:C1:A7:DA:34:1F:C1:36:62:73:E1:20:05:83:F8:B7:A7:F9:71:8A
Certificate issuer: /CN=f9856d674f0e9dbf6012d5b5d3d96b43afd76473
Certificate serial: 01856F392B3D57836470529D51EB003B0120
Authority key identifier: F9:85:6D:67:4F:0E:9D:BF:60:12:D5:B5:D3:D9:6B:43:AF:D7:64:73
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-YVtZ08Onb9gEtW109lrQ6_XZHM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/l8Gn2jQfwTZic-EgBYP4t6f5cYo.roa
Signing time: Sun 01 Jan 2023 21:24:55 +0000
ROA not before: Sun 01 Jan 2023 21:24:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39159
IP address blocks: 213.8.65.0/24 maxlen: 24
81.5.20.0/24 maxlen: 24
212.199.62.0/24 maxlen: 24
213.8.151.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:39:2b:3d:57:83:64:70:52:9d:51:eb:00:3b:01:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f9856d674f0e9dbf6012d5b5d3d96b43afd76473
Validity
Not Before: Jan 1 21:24:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=97c1a7da341fc1366273e1200583f8b7a7f9718a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:40:05:ae:cd:60:24:f7:80:96:db:0b:c8:fd:
b2:05:98:7d:ae:d9:b2:41:f3:6d:21:c1:cb:06:c9:
53:ea:68:a8:bf:81:d3:19:e8:25:74:85:7c:22:94:
01:c2:b1:44:41:6f:28:a1:7a:e6:3d:8c:9a:09:e3:
2d:c5:3a:bc:dc:bc:25:fa:3b:65:d2:5a:b5:68:15:
0d:e5:5e:35:0e:1f:b9:a4:51:f4:8c:00:31:85:34:
8c:1b:a7:db:12:f6:74:9d:97:44:05:0c:94:da:c5:
6d:10:5a:0e:27:12:ac:8b:dd:69:c9:ef:29:b3:58:
8c:79:6d:80:dd:84:60:29:cc:b7:43:73:c5:91:cc:
1b:ae:f6:da:e2:6f:48:35:bf:6d:98:78:75:3e:07:
53:53:82:b8:3d:80:a3:c7:e0:65:41:92:65:7c:88:
54:ec:44:4d:63:21:8b:28:cc:ce:25:fe:de:61:ad:
78:64:bc:74:2d:bd:5d:e9:e4:06:b3:cb:71:11:1b:
80:ee:9a:f5:ff:db:92:44:99:ea:c8:bf:3c:e8:e3:
ac:5e:c9:22:60:23:ca:7b:65:b6:75:2a:02:a5:d9:
e7:12:50:87:b8:02:d1:77:14:94:fa:a0:15:50:10:
0e:99:6c:66:81:a0:57:ce:3c:f0:d3:13:4f:30:ae:
e0:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:C1:A7:DA:34:1F:C1:36:62:73:E1:20:05:83:F8:B7:A7:F9:71:8A
X509v3 Authority Key Identifier:
keyid:F9:85:6D:67:4F:0E:9D:BF:60:12:D5:B5:D3:D9:6B:43:AF:D7:64:73
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-YVtZ08Onb9gEtW109lrQ6_XZHM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/l8Gn2jQfwTZic-EgBYP4t6f5cYo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/9f9590-7f0a-41b3-ac4f-efd14db957fb/1/1-YVtZ08Onb9gEtW109lrQ6_XZHM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.5.20.0/24
212.199.62.0/24
213.8.65.0/24
213.8.151.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:b1:96:b9:2b:be:7d:8c:6b:1d:e9:99:e9:b2:d8:f8:ab:c1:
67:6e:9b:1f:68:d7:d5:90:a8:f4:68:a6:c6:79:a1:1a:ba:d2:
9f:78:c1:38:a0:81:11:28:fd:86:4b:53:d0:de:93:1f:ae:05:
af:0b:26:98:f1:09:ed:b5:7d:56:de:ed:32:c1:99:a9:cf:f0:
2c:bf:e0:af:ab:77:c1:67:7f:19:0e:a3:4c:0c:29:0b:b4:39:
24:d5:71:14:35:34:6a:36:3e:db:80:c6:d1:5f:72:6a:25:78:
30:0b:dd:ec:23:51:51:ac:1e:e2:43:43:fc:9b:2d:af:ff:bd:
33:48:db:32:6d:11:63:ac:61:83:a4:b6:ba:0e:e4:af:18:0c:
df:e3:db:c7:16:20:1d:6d:ce:67:a2:34:46:89:8d:cb:a4:15:
ed:f2:02:10:22:77:31:01:b8:80:0e:c3:26:32:03:22:5c:1a:
12:8a:8a:03:b2:09:4f:d6:a4:3e:bd:de:fa:21:c9:ed:9f:d8:
76:e5:c7:fd:eb:7e:3f:14:60:84:76:09:c1:02:c7:24:7e:82:
0d:9b:f3:d3:6b:4c:0b:e7:93:da:71:06:16:74:f0:13:4a:34:
bd:2e:3a:69:30:94:a8:9d:30:9b:ce:c5:e7:95:84:56:a7:00:
ee:5e:2e:5b
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYVvOSs9V4NkcFKdUesAOwEgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5ODU2ZDY3NGYwZTlkYmY2MDEyZDViNWQzZDk2YjQzYWZk
NzY0NzMwHhcNMjMwMTAxMjEyNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2MxYTdkYTM0MWZjMTM2NjI3M2UxMjAwNTgzZjhiN2E3Zjk3MThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkAFrs1gJPeAltsLyP2yBZh9rtmy
QfNtIcHLBslT6miov4HTGegldIV8IpQBwrFEQW8ooXrmPYyaCeMtxTq83Lwl+jtl
0lq1aBUN5V41Dh+5pFH0jAAxhTSMG6fbEvZ0nZdEBQyU2sVtEFoOJxKsi91pye8p
s1iMeW2A3YRgKcy3Q3PFkcwbrvba4m9INb9tmHh1PgdTU4K4PYCjx+BlQZJlfIhU
7ERNYyGLKMzOJf7eYa14ZLx0Lb1d6eQGs8txERuA7pr1/9uSRJnqyL886OOsXski
YCPKe2W2dSoCpdnnElCHuALRdxSU+qAVUBAOmWxmgaBXzjzw0xNPMK7gZwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJfBp9o0H8E2YnPhIAWD+Len+XGKMB8GA1UdIwQY
MBaAFPmFbWdPDp2/YBLVtdPZa0Ov12RzMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ZVnRaMDhPbmI5Z0V0VzEwOWxyUTZfWFpITS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGEvOWY5NTkwLTdmMGEtNDFiMy1hYzRm
LWVmZDE0ZGI5NTdmYi8xL2w4R24yalFmd1RaaWMtRWdCWVA0dDZmNWNZby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMGEvOWY5NTkwLTdmMGEtNDFiMy1hYzRmLWVmZDE0ZGI5NTdm
Yi8xLzEtWVZ0WjA4T25iOWdFdFcxMDlsclE2X1haSE0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMQYIKwYBBQUHAQcBAf8EIjAgMB4EAgABMBgDBABRBRQD
BADUxz4DBADVCEEDBADVCJcwDQYJKoZIhvcNAQELBQADggEBADqxlrkrvn2Max3p
memy2PirwWdumx9o19WQqPRopsZ5oRq60p94wTiggREo/YZLU9Dekx+uBa8LJpjx
Ce21fVbe7TLBmanP8Cy/4K+rd8FnfxkOo0wMKQu0OSTVcRQ1NGo2PtuAxtFfcmol
eDAL3ewjUVGsHuJDQ/ybLa//vTNI2zJtEWOsYYOktroO5K8YDN/j28cWIB1tzmei
NEaJjcukFe3yAhAidzEBuIAOwyYyAyJcGhKKigOyCU/WpD693vohye2f2Hblx/3r
fj8UYIR2CcECxyR+gg2b89NrTAvnk9pxBhZ08BNKNL0uOmkwlKidMJvOxeeVhFan
AO5eLls=
-----END CERTIFICATE-----
Generated at Mon Jan 1 21:27:01 2024 by rpki-client on console-fra.rpki-client.org