Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QdbNF44yNYMX0-3NS8VoO5COVMU.roa
File: QdbNF44yNYMX0-3NS8VoO5COVMU.roa (raw, json)
Hash identifier: 8QODDiaJvfnv0DmFIXFUPZah7U2g4oVKcsucH9sScA8=
Subject key identifier: 41:D6:CD:17:8E:32:35:83:17:D3:ED:CD:4B:C5:68:3B:90:8E:54:C5
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 018B86D7DFED5204AA2176596A79835B56C2
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QdbNF44yNYMX0-3NS8VoO5COVMU.roa
Signing time: Tue 31 Oct 2023 17:46:16 +0000
ROA not before: Tue 31 Oct 2023 17:46:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2856
IP address blocks: 163.5.66.0/24 maxlen: 24
163.5.67.0/24 maxlen: 24
163.5.98.0/24 maxlen: 24
163.5.208.0/24 maxlen: 24
163.5.217.0/24 maxlen: 24
163.5.222.0/24 maxlen: 24
163.5.115.0/24 maxlen: 24
163.5.122.0/24 maxlen: 24
163.5.249.0/24 maxlen: 24
163.5.37.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:86:d7:df:ed:52:04:aa:21:76:59:6a:79:83:5b:56:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Oct 31 17:46:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=41d6cd178e32358317d3edcd4bc5683b908e54c5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:d2:54:a6:9c:7c:62:66:00:f0:a3:67:9e:a4:
ed:04:4a:e6:63:54:63:75:f2:85:98:2b:42:f0:ff:
2b:09:80:ea:fa:8a:05:be:11:ed:0c:4c:dc:a1:11:
d7:10:19:db:08:35:4a:b9:ca:1b:13:61:f9:09:35:
8f:3e:70:87:52:cd:5a:b1:c5:f5:92:83:db:d1:02:
b8:36:3d:07:55:0c:fa:fa:d3:4e:d1:48:ec:f8:53:
4f:87:0b:6f:14:5f:b6:7b:fe:e0:69:ae:5a:fc:98:
0a:fe:c5:39:23:39:52:d5:18:a9:ed:dd:cc:0e:0b:
ea:8d:ea:ef:eb:44:ae:8e:a9:a6:71:98:a2:01:b5:
88:d9:31:c6:26:ee:58:e8:ba:61:ef:6c:04:4d:85:
9d:10:bc:61:17:30:bc:2f:49:f9:77:5d:94:f7:89:
a7:ba:76:cf:04:d9:66:84:5d:02:58:21:30:20:c6:
e0:f3:40:ab:a4:eb:48:77:c7:2c:2d:77:69:c3:3c:
66:89:6c:a9:eb:47:0d:37:5e:2b:ee:9c:57:32:13:
23:12:5b:67:e5:d9:18:ff:24:39:ed:02:a7:54:18:
1c:80:f9:f9:6a:e6:8d:24:00:a3:9a:57:0d:bd:a1:
29:fe:23:fd:88:08:66:a8:c8:1e:ec:3a:7c:f6:89:
01:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:D6:CD:17:8E:32:35:83:17:D3:ED:CD:4B:C5:68:3B:90:8E:54:C5
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QdbNF44yNYMX0-3NS8VoO5COVMU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.37.0/24
163.5.66.0/23
163.5.98.0/24
163.5.115.0/24
163.5.122.0/24
163.5.208.0/24
163.5.217.0/24
163.5.222.0/24
163.5.249.0/24
Signature Algorithm: sha256WithRSAEncryption
b0:7e:e9:ab:4d:b9:e9:b1:7a:eb:22:da:ab:ed:c8:7b:ff:0e:
31:15:4e:58:9a:b8:dd:bd:cf:6a:24:8a:40:6d:e6:cf:f0:a8:
de:b8:23:e2:37:c8:21:8f:ec:32:64:62:79:75:b0:81:7c:45:
c0:9a:42:b0:29:2d:2a:19:27:8e:af:e7:80:64:1b:14:99:0b:
a9:29:24:89:24:2f:58:25:3a:1c:74:6c:44:ce:9a:1e:67:83:
22:6a:b9:7d:71:2b:43:d3:56:8d:5a:74:fa:84:b8:34:3a:58:
4a:7c:c7:21:8c:3a:0c:8b:87:d0:1f:20:5f:6e:9d:07:7e:92:
69:66:ed:a8:91:c8:64:80:78:b2:f2:78:9c:05:e8:d1:2d:8b:
08:e1:56:34:7b:0d:98:2c:03:59:2f:39:07:f3:49:ac:20:62:
f0:fe:21:ad:24:65:3b:ec:ff:73:13:4e:4b:39:14:29:cf:e5:
ec:b8:73:c4:0c:2f:32:96:dc:05:6c:59:fb:64:ad:aa:7b:79:
6a:80:cd:54:08:3f:2c:06:92:1f:12:f4:29:99:5f:b1:9d:32:
ed:de:35:a8:73:aa:60:eb:b9:85:ac:52:da:55:fb:a3:c2:61:
97:5a:2e:c9:b8:d3:23:b4:77:e0:05:6f:d0:5c:66:c8:41:48:
46:55:04:13
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYuG19/tUgSqIXZZanmDW1bCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjMxMDMxMTc0NjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ2Y2QxNzhlMzIzNTgzMTdkM2VkY2Q0YmM1NjgzYjkwOGU1NGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNJUppx8YmYA8KNnnqTtBErmY1Rj
dfKFmCtC8P8rCYDq+ooFvhHtDEzcoRHXEBnbCDVKucobE2H5CTWPPnCHUs1ascX1
koPb0QK4Nj0HVQz6+tNO0Ujs+FNPhwtvFF+2e/7gaa5a/JgK/sU5IzlS1Rip7d3M
Dgvqjerv60SujqmmcZiiAbWI2THGJu5Y6Lph72wETYWdELxhFzC8L0n5d12U94mn
unbPBNlmhF0CWCEwIMbg80CrpOtId8csLXdpwzxmiWyp60cNN14r7pxXMhMjEltn
5dkY/yQ57QKnVBgcgPn5auaNJACjmlcNvaEp/iP9iAhmqMge7Dp89okBtwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEHWzReOMjWDF9PtzUvFaDuQjlTFMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUWRiTkY0NHlOWU1YMC0zTlM4Vm9PNUNPVk1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAowUlAwQB
owVCAwQAowViAwQAowVzAwQAowV6AwQAowXQAwQAowXZAwQAowXeAwQAowX5MA0G
CSqGSIb3DQEBCwUAA4IBAQCwfumrTbnpsXrrItqr7ch7/w4xFU5Ymrjdvc9qJIpA
bebP8KjeuCPiN8ghj+wyZGJ5dbCBfEXAmkKwKS0qGSeOr+eAZBsUmQupKSSJJC9Y
JTocdGxEzpoeZ4Miarl9cStD01aNWnT6hLg0OlhKfMchjDoMi4fQHyBfbp0HfpJp
Zu2okchkgHiy8nicBejRLYsI4VY0ew2YLANZLzkH80msIGLw/iGtJGU77P9zE05L
ORQpz+XsuHPEDC8yltwFbFn7ZK2qe3lqgM1UCD8sBpIfEvQpmV+xnTLt3jWoc6pg
67mFrFLaVfujwmGXWi7JuNMjtHfgBW/QXGbIQUhGVQQT
-----END CERTIFICATE-----
Generated at Mon Jan 1 09:30:03 2024 by rpki-client on console-ams.rpki-client.org