Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/5a6d3c-17da-44d3-a402-86236bac1308/1/18CXhUfcOrj9j0Q2XLcTsUprbeQ.roa
File: 18CXhUfcOrj9j0Q2XLcTsUprbeQ.roa (raw, json)
Hash identifier: tZPEx8AUlt8kB4bshxQ5x3Pj844UyXGwlxvU6M6cR0U=
Subject key identifier: D7:C0:97:85:47:DC:3A:B8:FD:8F:44:36:5C:B7:13:B1:4A:6B:6D:E4
Certificate issuer: /CN=d1dda832769c31681f825685147368af3a11f6f8
Certificate serial: 01857169DE55EA4C9B4BA49AAA4FF39CAE2D
Authority key identifier: D1:DD:A8:32:76:9C:31:68:1F:82:56:85:14:73:68:AF:3A:11:F6:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0d2oMnacMWgfglaFFHNorzoR9vg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/14/5a6d3c-17da-44d3-a402-86236bac1308/1/18CXhUfcOrj9j0Q2XLcTsUprbeQ.roa
Signing time: Mon 02 Jan 2023 07:37:21 +0000
ROA not before: Mon 02 Jan 2023 07:37:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 57300
IP address blocks: 91.109.173.0/24 maxlen: 24
91.109.174.0/24 maxlen: 24
91.109.175.0/24 maxlen: 24
185.73.164.0/24 maxlen: 24
185.73.165.0/24 maxlen: 24
185.73.166.0/24 maxlen: 24
185.73.167.0/24 maxlen: 24
91.109.168.0/24 maxlen: 24
91.109.169.0/24 maxlen: 24
91.109.170.0/24 maxlen: 24
91.109.171.0/24 maxlen: 24
91.109.172.0/24 maxlen: 24
95.87.124.0/24 maxlen: 24
95.87.125.0/24 maxlen: 24
95.87.120.0/24 maxlen: 24
95.87.121.0/24 maxlen: 24
95.87.122.0/24 maxlen: 24
95.87.123.0/24 maxlen: 24
95.87.126.0/24 maxlen: 24
95.87.127.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:69:de:55:ea:4c:9b:4b:a4:9a:aa:4f:f3:9c:ae:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d1dda832769c31681f825685147368af3a11f6f8
Validity
Not Before: Jan 2 07:37:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d7c0978547dc3ab8fd8f44365cb713b14a6b6de4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:8b:c4:11:5a:2f:86:73:0b:e2:c4:de:39:6a:
6e:2e:c1:11:ca:97:b4:6b:21:6b:64:6b:e0:31:ec:
53:8d:54:d8:11:d7:c6:1f:dd:03:54:1a:2a:1b:ea:
64:33:37:0d:91:9c:70:39:5b:be:c6:1d:74:de:28:
99:bc:3d:ce:c2:63:a5:5d:df:13:27:be:da:63:de:
af:01:e1:8f:d6:af:61:48:0c:b9:ee:51:79:a1:40:
cc:5e:3a:33:59:6e:10:52:07:90:da:2e:98:d6:3f:
ab:ec:f8:b4:63:7b:26:14:c4:24:ea:39:93:df:ed:
46:80:ba:4b:8c:64:63:36:c5:db:f2:6d:d3:62:fa:
40:ee:37:19:7e:7a:d0:86:1c:3a:04:bf:f4:ae:05:
bc:03:5c:8b:5c:a5:6d:2d:77:19:d9:07:2a:33:71:
81:d5:dd:a8:60:b6:41:75:99:88:35:85:42:d7:aa:
5c:eb:8a:9f:78:ef:5a:57:dc:1c:e7:71:0d:dd:4a:
9e:77:1c:39:34:12:f6:f6:2b:fb:39:d0:73:76:61:
19:88:c1:0b:39:5f:a2:78:37:a1:fa:a6:eb:ba:57:
5a:e8:20:b5:e4:81:76:84:12:6a:35:c1:fa:07:8d:
ac:f0:57:b4:9b:b6:47:8d:f0:a3:bb:0f:3f:72:12:
5a:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:C0:97:85:47:DC:3A:B8:FD:8F:44:36:5C:B7:13:B1:4A:6B:6D:E4
X509v3 Authority Key Identifier:
keyid:D1:DD:A8:32:76:9C:31:68:1F:82:56:85:14:73:68:AF:3A:11:F6:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d2oMnacMWgfglaFFHNorzoR9vg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5a6d3c-17da-44d3-a402-86236bac1308/1/18CXhUfcOrj9j0Q2XLcTsUprbeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5a6d3c-17da-44d3-a402-86236bac1308/1/0d2oMnacMWgfglaFFHNorzoR9vg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.109.168.0/21
95.87.120.0/21
185.73.164.0/22
Signature Algorithm: sha256WithRSAEncryption
66:96:70:b6:02:53:5c:3e:90:60:f0:4e:de:68:9d:48:50:2b:
34:8e:9d:7a:f1:7c:55:5c:f5:3f:f5:00:08:b8:e9:6a:65:44:
19:e8:25:ae:21:c6:3b:12:04:b7:45:bb:52:f1:48:28:8b:7f:
a0:cc:09:6b:81:2e:b4:44:2a:35:76:bd:94:d2:8f:41:b7:25:
ec:a1:21:74:a4:df:b5:83:70:3c:42:d2:d0:22:79:71:96:ad:
de:14:df:b4:21:e3:6d:d0:84:62:63:9e:9f:77:2c:23:e3:e6:
a1:f8:80:c4:e1:e2:07:c3:fd:04:c9:79:d2:a9:83:5b:77:89:
97:6a:22:da:5f:04:8b:0b:59:64:2f:fa:42:fc:c8:21:9f:6a:
22:cd:dc:47:c1:87:c5:f4:4a:76:84:59:57:09:7c:62:28:ca:
e7:b2:fd:ce:40:a6:f3:e2:00:4b:17:5a:6e:0e:a9:67:72:6d:
a4:7a:07:17:7a:e7:cc:bd:c7:b6:7e:a9:74:05:ce:d3:d7:7b:
c0:8b:ad:19:3e:f4:ae:3c:ca:60:6a:e1:b3:72:10:0a:f0:32:
37:ff:eb:ec:8c:e6:49:b0:9b:eb:1e:a4:2e:b4:49:09:0f:0f:
b7:d5:c9:7d:09:5a:ab:f3:53:63:c8:fc:f4:a6:0f:c3:36:48:
81:5e:29:b2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVxad5V6kybS6Saqk/znK4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGRhODMyNzY5YzMxNjgxZjgyNTY4NTE0NzM2OGFmM2Ex
MWY2ZjgwHhcNMjMwMTAyMDczNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2MwOTc4NTQ3ZGMzYWI4ZmQ4ZjQ0MzY1Y2I3MTNiMTRhNmI2ZGU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkYvEEVovhnML4sTeOWpuLsERype0
ayFrZGvgMexTjVTYEdfGH90DVBoqG+pkMzcNkZxwOVu+xh103iiZvD3OwmOlXd8T
J77aY96vAeGP1q9hSAy57lF5oUDMXjozWW4QUgeQ2i6Y1j+r7Pi0Y3smFMQk6jmT
3+1GgLpLjGRjNsXb8m3TYvpA7jcZfnrQhhw6BL/0rgW8A1yLXKVtLXcZ2QcqM3GB
1d2oYLZBdZmINYVC16pc64qfeO9aV9wc53EN3Uqedxw5NBL29iv7OdBzdmEZiMEL
OV+ieDeh+qbrulda6CC15IF2hBJqNcH6B42s8Fe0m7ZHjfCjuw8/chJaHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNfAl4VH3Dq4/Y9ENly3E7FKa23kMB8GA1UdIwQY
MBaAFNHdqDJ2nDFoH4JWhRRzaK86Efb4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQyb01uYWNNV2dmZ2xhRkZITm9yem9SOXZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC81YTZkM2MtMTdkYS00NGQzLWE0MDIt
ODYyMzZiYWMxMzA4LzEvMThDWGhVZmNPcmo5ajBRMlhMY1RzVXByYmVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC81YTZkM2MtMTdkYS00NGQzLWE0MDItODYyMzZiYWMxMzA4
LzEvMGQyb01uYWNNV2dmZ2xhRkZITm9yem9SOXZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDW22oAwQD
X1d4AwQCuUmkMA0GCSqGSIb3DQEBCwUAA4IBAQBmlnC2AlNcPpBg8E7eaJ1IUCs0
jp168XxVXPU/9QAIuOlqZUQZ6CWuIcY7EgS3RbtS8Ugoi3+gzAlrgS60RCo1dr2U
0o9BtyXsoSF0pN+1g3A8QtLQInlxlq3eFN+0IeNt0IRiY56fdywj4+ah+IDE4eIH
w/0EyXnSqYNbd4mXaiLaXwSLC1lkL/pC/Mghn2oizdxHwYfF9Ep2hFlXCXxiKMrn
sv3OQKbz4gBLF1puDqlncm2kegcXeufMvce2fql0Bc7T13vAi60ZPvSuPMpgauGz
chAK8DI3/+vsjOZJsJvrHqQutEkJDw+31cl9CVqr81NjyPz0pg/DNkiBXimy
-----END CERTIFICATE-----
Generated at Tue Jan 2 14:35:55 2024 by rpki-client on console-fra.rpki-client.org