Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/20f805-df63-4631-99bd-a256177739c6/1/sffz8wo0RJ4IhwsHDr1aLs2xXRE.roa
File: sffz8wo0RJ4IhwsHDr1aLs2xXRE.roa (raw, json)
Hash identifier: KGgwSihc2MDfuRR+cbloMviyEZ/cX8E3P/YnAtWjJ94=
Subject key identifier: B1:F7:F3:F3:0A:34:44:9E:08:87:0B:07:0E:BD:5A:2E:CD:B1:5D:11
Certificate issuer: /CN=94db4b1e9ed68bb5c33228ae30e9cdd252b32fb8
Certificate serial: 01856DE64CBFC4BFC9F7C2BD8D85B3FFA16A
Authority key identifier: 94:DB:4B:1E:9E:D6:8B:B5:C3:32:28:AE:30:E9:CD:D2:52:B3:2F:B8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lNtLHp7Wi7XDMiiuMOnN0lKzL7g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0d/20f805-df63-4631-99bd-a256177739c6/1/sffz8wo0RJ4IhwsHDr1aLs2xXRE.roa
Signing time: Sun 01 Jan 2023 15:14:47 +0000
ROA not before: Sun 01 Jan 2023 15:14:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35366
IP address blocks: 81.7.0.0/18 maxlen: 19
185.2.8.0/22 maxlen: 23
84.23.64.0/19 maxlen: 20
81.89.96.0/20 maxlen: 21
85.31.184.0/21 maxlen: 23
91.143.80.0/20 maxlen: 21
2a02:180::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:e6:4c:bf:c4:bf:c9:f7:c2:bd:8d:85:b3:ff:a1:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94db4b1e9ed68bb5c33228ae30e9cdd252b32fb8
Validity
Not Before: Jan 1 15:14:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b1f7f3f30a34449e08870b070ebd5a2ecdb15d11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c0:eb:e3:a2:32:8f:7c:09:66:3e:e8:0b:ce:
cf:2b:0e:61:13:a9:fb:f0:16:56:7d:d9:1b:f0:ac:
c2:af:23:39:d5:51:a9:5d:fc:ec:48:86:89:be:84:
5f:19:64:48:66:e5:24:44:eb:32:a4:84:45:8e:d7:
34:0f:98:b6:7e:85:0a:b3:a9:da:53:0f:41:d7:5c:
39:a7:ec:95:b8:62:85:e5:c9:b2:a0:6a:b8:8e:ad:
e7:8e:6a:48:49:33:45:68:12:fe:77:3d:87:9c:e7:
42:3e:9f:6f:d3:e3:ea:30:74:1e:e6:25:24:f8:83:
4d:04:4f:d9:ef:ff:5a:96:fc:63:e7:2d:08:a3:53:
c8:34:6e:63:5f:1f:4c:29:3f:d3:1a:b3:ba:11:42:
7e:95:c9:e0:97:5d:6f:eb:6e:71:56:94:17:95:77:
72:43:64:11:9b:8a:d0:df:e8:9b:6f:c5:54:c0:81:
ce:83:21:4d:9b:fe:66:a9:13:dc:40:37:0e:df:20:
c2:0d:a3:02:30:db:12:ae:90:4f:fd:3c:01:3d:36:
39:a9:60:f6:85:57:ef:e7:9f:fe:c2:06:90:11:3e:
ca:2c:c7:69:7c:4c:f1:d3:92:62:47:50:90:1c:31:
18:aa:64:d5:05:b4:5f:e5:cc:e0:cf:c7:a1:39:43:
2a:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:F7:F3:F3:0A:34:44:9E:08:87:0B:07:0E:BD:5A:2E:CD:B1:5D:11
X509v3 Authority Key Identifier:
keyid:94:DB:4B:1E:9E:D6:8B:B5:C3:32:28:AE:30:E9:CD:D2:52:B3:2F:B8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lNtLHp7Wi7XDMiiuMOnN0lKzL7g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/20f805-df63-4631-99bd-a256177739c6/1/sffz8wo0RJ4IhwsHDr1aLs2xXRE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/20f805-df63-4631-99bd-a256177739c6/1/lNtLHp7Wi7XDMiiuMOnN0lKzL7g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.7.0.0/18
81.89.96.0/20
84.23.64.0/19
85.31.184.0/21
91.143.80.0/20
185.2.8.0/22
IPv6:
2a02:180::/32
Signature Algorithm: sha256WithRSAEncryption
87:22:f2:26:bc:aa:5d:55:32:5f:98:60:c9:90:d0:b1:a3:d2:
f7:a8:4a:4b:6b:0c:af:5c:a9:63:a7:c4:f2:52:08:3d:d7:b9:
c7:88:20:45:71:99:bd:ed:30:0a:d9:bc:f5:e8:1f:03:eb:ec:
0a:06:09:14:ee:bd:dc:14:1b:98:5c:cd:b3:c7:ed:89:e7:7c:
25:06:b4:20:4c:a3:66:97:61:12:62:8a:8f:5d:ac:a6:e5:10:
8e:18:61:53:e6:d7:76:ff:0c:75:e4:9a:dd:e7:dd:10:99:5b:
80:b5:0b:e5:b1:43:ca:71:c0:ae:f1:f2:f9:0e:65:4d:8a:4a:
71:0c:d8:30:46:28:96:88:0f:88:dc:9e:38:6c:72:65:18:4e:
37:4d:87:14:10:4e:15:b6:44:3f:75:6c:a2:34:e7:fb:79:e7:
b3:0d:61:84:34:ed:2d:2a:33:f0:c6:b6:d4:1d:73:3e:65:16:
cf:3c:1d:ff:d5:ce:81:76:e0:34:47:cd:9f:02:c8:ea:9d:92:
06:a9:ae:17:5b:5e:00:5f:49:c3:9c:52:cb:1d:1b:48:ae:cc:
25:bc:c4:22:8e:0d:97:86:c6:cf:08:0c:f4:cb:1e:fa:03:2b:
75:01:57:51:55:77:b3:2f:86:4f:a7:9f:47:9e:87:3e:74:d8:
ea:25:f5:f0
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgISAYVt5ky/xL/J98K9jYWz/6FqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0ZGI0YjFlOWVkNjhiYjVjMzMyMjhhZTMwZTljZGQyNTJi
MzJmYjgwHhcNMjMwMTAxMTUxNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWY3ZjNmMzBhMzQ0NDllMDg4NzBiMDcwZWJkNWEyZWNkYjE1ZDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMDr46Iyj3wJZj7oC87PKw5hE6n7
8BZWfdkb8KzCryM51VGpXfzsSIaJvoRfGWRIZuUkROsypIRFjtc0D5i2foUKs6na
Uw9B11w5p+yVuGKF5cmyoGq4jq3njmpISTNFaBL+dz2HnOdCPp9v0+PqMHQe5iUk
+INNBE/Z7/9alvxj5y0Io1PING5jXx9MKT/TGrO6EUJ+lcngl11v625xVpQXlXdy
Q2QRm4rQ3+ibb8VUwIHOgyFNm/5mqRPcQDcO3yDCDaMCMNsSrpBP/TwBPTY5qWD2
hVfv55/+wgaQET7KLMdpfEzx05JiR1CQHDEYqmTVBbRf5czgz8ehOUMqNwIDAQAB
o4ICNjCCAjIwHQYDVR0OBBYEFLH38/MKNESeCIcLBw69Wi7NsV0RMB8GA1UdIwQY
MBaAFJTbSx6e1ou1wzIorjDpzdJSsy+4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE50TEhwN1dpN1hETWlpdU1Pbk4wbEt6TDdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8yMGY4MDUtZGY2My00NjMxLTk5YmQt
YTI1NjE3NzczOWM2LzEvc2Zmejh3bzBSSjRJaHdzSERyMWFMczJ4WFJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8yMGY4MDUtZGY2My00NjMxLTk5YmQtYTI1NjE3NzczOWM2
LzEvbE50TEhwN1dpN1hETWlpdU1Pbk4wbEt6TDdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEwGCCsGAQUFBwEHAQH/BD0wOzAqBAIAATAkAwQGUQcAAwQE
UVlgAwQFVBdAAwQDVR+4AwQEW49QAwQCuQIIMA0EAgACMAcDBQAqAgGAMA0GCSqG
SIb3DQEBCwUAA4IBAQCHIvImvKpdVTJfmGDJkNCxo9L3qEpLawyvXKljp8TyUgg9
17nHiCBFcZm97TAK2bz16B8D6+wKBgkU7r3cFBuYXM2zx+2J53wlBrQgTKNml2ES
YoqPXaym5RCOGGFT5td2/wx15Jrd590QmVuAtQvlsUPKccCu8fL5DmVNikpxDNgw
RiiWiA+I3J44bHJlGE43TYcUEE4VtkQ/dWyiNOf7eeezDWGENO0tKjPwxrbUHXM+
ZRbPPB3/1c6BduA0R82fAsjqnZIGqa4XW14AX0nDnFLLHRtIrswlvMQijg2XhsbP
CAz0yx76Ayt1AVdRVXezL4ZPp59Hnoc+dNjqJfXw
-----END CERTIFICATE-----
Generated at Tue Jan 2 08:59:26 2024 by rpki-client on console-ams.rpki-client.org