Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QgKH2bTlz0dzaWeH4lORF5ZPHGw.roa
File: QgKH2bTlz0dzaWeH4lORF5ZPHGw.roa (raw, json)
Hash identifier: t0l4zEV4RrwPKrNS8WMOwfrAQdhP2lg4FHGV3aU7scI=
Subject key identifier: 42:02:87:D9:B4:E5:CF:47:73:69:67:87:E2:53:91:17:96:4F:1C:6C
Certificate issuer: /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial: 018CC4020F6EC890823EC51EB9830A9FEED7
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QgKH2bTlz0dzaWeH4lORF5ZPHGw.roa
Signing time: Mon 01 Jan 2024 07:51:58 +0000
ROA not before: Mon 01 Jan 2024 07:51:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 2856
IP address blocks: 163.5.67.0/24 maxlen: 24
163.5.98.0/24 maxlen: 24
163.5.208.0/24 maxlen: 24
163.5.217.0/24 maxlen: 24
163.5.222.0/24 maxlen: 24
163.5.115.0/24 maxlen: 24
163.5.122.0/24 maxlen: 24
163.5.249.0/24 maxlen: 24
163.5.37.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:02:0f:6e:c8:90:82:3e:c5:1e:b9:83:0a:9f:ee:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Validity
Not Before: Jan 1 07:51:58 2024 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=420287d9b4e5cf4773696787e2539117964f1c6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:8f:ed:42:0d:a8:83:98:ae:0c:d4:73:96:41:
ff:5d:ea:70:9c:53:f3:32:fb:42:15:71:44:95:58:
9f:91:2e:c7:69:6a:02:87:d5:25:c3:13:a9:b8:0e:
f6:db:24:6c:19:be:ea:ac:c9:37:fd:cf:92:d2:d7:
13:dd:e7:44:da:c9:8c:6a:3b:e5:04:cb:c0:51:5b:
34:f0:a0:80:d4:6d:27:fe:42:3c:ac:c9:c2:17:25:
aa:df:98:df:0e:71:5b:c4:8a:c6:72:96:fc:64:e3:
7f:79:bd:04:6e:f6:1e:e9:e8:fe:27:cd:bf:39:9c:
ac:37:50:5a:72:9b:61:10:e4:17:f2:f1:a2:d8:dd:
39:ce:0a:56:bd:73:17:88:de:ed:a6:af:2a:7d:50:
53:3e:96:24:31:1e:5c:ba:e5:a7:06:5d:81:24:0c:
b0:aa:ac:0c:cd:8f:54:00:a0:bc:a5:eb:97:9c:ba:
2f:49:35:e2:35:78:5b:88:19:80:b0:7a:15:64:1c:
a4:31:c0:90:1f:45:1c:54:62:b0:43:b3:b0:04:c7:
8a:73:2e:2f:38:f7:b2:0e:0c:46:59:40:29:0b:fb:
2e:2d:2e:ea:ca:99:49:d5:e4:78:11:8b:3d:3d:c5:
28:a4:27:3a:f1:50:e5:8f:69:c7:55:23:e3:d2:5a:
13:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:02:87:D9:B4:E5:CF:47:73:69:67:87:E2:53:91:17:96:4F:1C:6C
X509v3 Authority Key Identifier:
keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/QgKH2bTlz0dzaWeH4lORF5ZPHGw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
163.5.37.0/24
163.5.67.0/24
163.5.98.0/24
163.5.115.0/24
163.5.122.0/24
163.5.208.0/24
163.5.217.0/24
163.5.222.0/24
163.5.249.0/24
Signature Algorithm: sha256WithRSAEncryption
ab:7c:9c:6d:6c:b3:40:0f:9c:e3:b9:c4:69:71:25:7a:ec:8b:
d8:75:eb:a6:19:79:60:9c:b7:4b:6f:28:04:60:16:47:20:00:
9d:51:06:48:90:a4:60:c5:22:16:4f:62:78:ce:5c:df:d3:f3:
43:cb:95:3c:eb:b5:88:0b:10:a0:62:cf:63:dc:95:e9:c8:0c:
e9:d6:6a:88:ae:ee:f5:ef:1d:71:6a:32:26:43:f3:2a:94:b3:
b9:fb:7b:8d:8b:da:c3:3a:c6:0b:c6:18:e7:b0:1f:e8:dd:04:
a6:4c:63:94:89:bf:1a:d4:e5:00:78:7d:5f:52:07:26:a2:df:
ec:71:59:b8:ea:54:6d:42:35:03:3b:43:47:91:e1:5b:a5:58:
4b:ea:8e:25:be:c5:50:18:94:4e:41:2b:f9:c9:41:57:c1:4d:
32:8e:8a:1c:21:ac:6e:ba:6c:c0:9b:c8:24:00:10:ee:56:00:
3d:30:61:92:b8:bc:28:19:43:18:3f:ea:07:83:fb:ae:be:92:
69:e0:c5:6d:7e:55:8e:bd:aa:40:aa:2b:37:39:e1:b3:67:8f:
bc:b2:97:09:3c:7e:50:51:3c:9f:9d:c6:2f:09:0c:32:76:a5:
67:15:41:27:a2:79:9b:13:78:32:0d:2b:7a:83:4b:e4:4a:d2:
69:70:1b:cb
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzEAg9uyJCCPsUeuYMKn+7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjQwMTAxMDc1MTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjAyODdkOWI0ZTVjZjQ3NzM2OTY3ODdlMjUzOTExNzk2NGYxYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuo/tQg2og5iuDNRzlkH/XepwnFPz
MvtCFXFElVifkS7HaWoCh9UlwxOpuA722yRsGb7qrMk3/c+S0tcT3edE2smMajvl
BMvAUVs08KCA1G0n/kI8rMnCFyWq35jfDnFbxIrGcpb8ZON/eb0EbvYe6ej+J82/
OZysN1BacpthEOQX8vGi2N05zgpWvXMXiN7tpq8qfVBTPpYkMR5cuuWnBl2BJAyw
qqwMzY9UAKC8peuXnLovSTXiNXhbiBmAsHoVZBykMcCQH0UcVGKwQ7OwBMeKcy4v
OPeyDgxGWUApC/suLS7qyplJ1eR4EYs9PcUopCc68VDlj2nHVSPj0loTYQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEICh9m05c9Hc2lnh+JTkReWTxxsMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvUWdLSDJiVGx6MGR6YVdlSDRsT1JGNVpQSEd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAowUlAwQA
owVDAwQAowViAwQAowVzAwQAowV6AwQAowXQAwQAowXZAwQAowXeAwQAowX5MA0G
CSqGSIb3DQEBCwUAA4IBAQCrfJxtbLNAD5zjucRpcSV67IvYdeumGXlgnLdLbygE
YBZHIACdUQZIkKRgxSIWT2J4zlzf0/NDy5U867WICxCgYs9j3JXpyAzp1mqIru71
7x1xajImQ/MqlLO5+3uNi9rDOsYLxhjnsB/o3QSmTGOUib8a1OUAeH1fUgcmot/s
cVm46lRtQjUDO0NHkeFbpVhL6o4lvsVQGJROQSv5yUFXwU0yjoocIaxuumzAm8gk
ABDuVgA9MGGSuLwoGUMYP+oHg/uuvpJp4MVtflWOvapAqis3OeGzZ4+8spcJPH5Q
UTyfncYvCQwydqVnFUEnonmbE3gyDSt6g0vkStJpcBvL
-----END CERTIFICATE-----
Generated at Mon Jan 1 11:39:19 2024 by rpki-client on console-fra.rpki-client.org