Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/r3KvmscXmFaZgiZyvKI7Ra6lWTI.roa
File: r3KvmscXmFaZgiZyvKI7Ra6lWTI.roa (raw, json)
Hash identifier: lpNUwvuZrzIStZZWsT6+rI+jhOZhuLPmkf/Gp3bANNo=
Subject key identifier: AF:72:AF:9A:C7:17:98:56:99:82:26:72:BC:A2:3B:45:AE:A5:59:32
Certificate issuer: /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial: 018B9113317EAFD2A5ABF75301CBB85E58DE
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/r3KvmscXmFaZgiZyvKI7Ra6lWTI.roa
Signing time: Thu 02 Nov 2023 17:27:15 +0000
ROA not before: Thu 02 Nov 2023 17:27:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2895
IP address blocks: 147.45.194.0/23 maxlen: 23
147.45.0.0/19 maxlen: 19
147.45.32.0/23 maxlen: 23
193.233.4.0/24 maxlen: 24
193.233.0.0/22 maxlen: 22
147.45.64.0/24 maxlen: 24
193.233.10.0/23 maxlen: 23
193.233.8.0/24 maxlen: 24
2001:640::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:91:13:31:7e:af:d2:a5:ab:f7:53:01:cb:b8:5e:58:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
Validity
Not Before: Nov 2 17:27:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=af72af9ac717985699822672bca23b45aea55932
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:d4:ff:5d:13:2b:0f:ad:d3:30:13:ac:6e:46:
1a:69:4c:08:aa:b7:8d:56:e9:a6:0a:05:c6:90:ca:
66:75:cf:0f:a8:24:5b:5c:1c:dd:9a:00:c2:83:c6:
ab:44:be:27:47:00:fa:ce:4a:62:78:2f:8c:64:2d:
c2:84:ae:e4:d9:f9:bb:0a:10:c2:93:08:2d:03:ba:
5e:3f:f0:59:29:41:bc:2f:ea:e2:af:d3:d0:1c:c4:
f4:01:b3:88:c5:a1:a2:d5:6e:74:a6:41:90:e6:8f:
6a:ec:60:fa:bf:e6:ae:f6:1d:1e:26:c3:1a:63:f1:
0e:fc:5b:49:3c:5c:cd:1f:f6:3b:23:f1:63:da:87:
fc:b4:cb:c8:ae:eb:2a:3c:6d:4a:e8:65:1a:2e:dc:
fa:4b:43:7d:72:47:d2:d3:ea:87:aa:1b:4d:23:ce:
fe:dc:bb:00:c1:92:a9:b0:63:4a:b9:29:53:c6:5d:
36:e4:d3:cd:9e:cf:4c:79:48:77:c1:49:22:36:89:
93:cb:5e:61:52:6c:94:c8:cf:23:21:14:2d:3d:87:
ee:23:c6:79:77:9b:17:09:eb:9e:58:cc:37:d4:c9:
04:af:83:af:0d:c3:1d:df:20:ef:33:f3:eb:cf:da:
13:38:4c:9a:6a:0f:0e:20:68:a2:30:f2:4b:80:61:
41:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:72:AF:9A:C7:17:98:56:99:82:26:72:BC:A2:3B:45:AE:A5:59:32
X509v3 Authority Key Identifier:
keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/r3KvmscXmFaZgiZyvKI7Ra6lWTI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
147.45.0.0-147.45.33.255
147.45.64.0/24
147.45.194.0/23
193.233.0.0-193.233.4.255
193.233.8.0/24
193.233.10.0/23
IPv6:
2001:640::/32
Signature Algorithm: sha256WithRSAEncryption
05:b9:66:fc:36:b9:fa:f9:30:3f:df:e5:d3:01:b9:f0:d6:e4:
06:41:a9:47:58:c9:0d:1d:88:fd:19:49:04:7c:01:67:c8:d4:
97:9b:7d:7f:df:0b:35:60:6e:1e:a3:a8:5a:65:cd:eb:c3:18:
b7:51:ca:45:be:e0:6f:99:18:ed:73:33:8b:7f:9e:0c:fe:1c:
3a:f0:6e:90:f5:a6:89:b1:cb:ac:d0:48:a3:a1:eb:a3:1c:dc:
82:11:63:1d:a7:61:c9:20:6f:02:e9:81:43:09:84:bb:fc:2e:
54:a6:40:01:10:22:ea:fd:f8:a8:69:60:14:d7:2f:3d:0f:64:
e4:08:03:53:ac:18:56:45:1c:48:02:84:82:94:72:b0:7b:9d:
dd:8e:f6:8b:16:df:f7:42:a8:0b:7d:7d:0c:05:3a:34:92:a7:
43:09:0a:ed:1c:63:05:7d:fa:0b:cf:1d:09:c0:65:e8:a6:82:
fb:3a:b4:10:70:bc:ed:97:1c:68:a5:4c:61:52:28:8f:a9:7d:
5d:66:34:2c:f8:a9:8e:81:83:bd:8d:54:f0:16:25:a1:9e:53:
00:65:ed:44:29:36:31:a5:81:db:4c:52:53:7a:99:4b:2f:8f:
01:ea:fc:18:5c:61:a7:ad:79:4f:43:07:9d:31:50:48:99:3b:
cd:6e:a6:14
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYuREzF+r9Klq/dTAcu4XljeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjMxMTAyMTcyNzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjcyYWY5YWM3MTc5ODU2OTk4MjI2NzJiY2EyM2I0NWFlYTU1OTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNT/XRMrD63TMBOsbkYaaUwIqreN
VummCgXGkMpmdc8PqCRbXBzdmgDCg8arRL4nRwD6zkpieC+MZC3ChK7k2fm7ChDC
kwgtA7peP/BZKUG8L+rir9PQHMT0AbOIxaGi1W50pkGQ5o9q7GD6v+au9h0eJsMa
Y/EO/FtJPFzNH/Y7I/Fj2of8tMvIrusqPG1K6GUaLtz6S0N9ckfS0+qHqhtNI87+
3LsAwZKpsGNKuSlTxl025NPNns9MeUh3wUkiNomTy15hUmyUyM8jIRQtPYfuI8Z5
d5sXCeueWMw31MkEr4OvDcMd3yDvM/Prz9oTOEyaag8OIGiiMPJLgGFBNQIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFK9yr5rHF5hWmYImcryiO0WupVkyMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvcjNLdm1zY1htRmFaZ2laeXZLSTdSYTZsV1RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyMAsDAwCTLQME
AZMtIAMEAJMtQAMEAZMtwjALAwMAwekDBADB6QQDBADB6QgDBAHB6QowDQQCAAIw
BwMFACABBkAwDQYJKoZIhvcNAQELBQADggEBAAW5Zvw2ufr5MD/f5dMBufDW5AZB
qUdYyQ0diP0ZSQR8AWfI1JebfX/fCzVgbh6jqFplzevDGLdRykW+4G+ZGO1zM4t/
ngz+HDrwbpD1pomxy6zQSKOh66Mc3IIRYx2nYckgbwLpgUMJhLv8LlSmQAEQIur9
+KhpYBTXLz0PZOQIA1OsGFZFHEgChIKUcrB7nd2O9osW3/dCqAt9fQwFOjSSp0MJ
Cu0cYwV9+gvPHQnAZeimgvs6tBBwvO2XHGilTGFSKI+pfV1mNCz4qY6Bg72NVPAW
JaGeUwBl7UQpNjGlgdtMUlN6mUsvjwHq/BhcYaeteU9DB50xUEiZO81uphQ=
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:09:21 2024 by rpki-client on console-ams.rpki-client.org