Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/NhQ691T85_ina1KTdCcvQ9bzdIk.roa
File: NhQ691T85_ina1KTdCcvQ9bzdIk.roa (raw, json)
Hash identifier: AttZVdlFYVRMHDozKPKazmBl3i/hjVsuwE1zcaiyPMo=
Subject key identifier: 36:14:3A:F7:54:FC:E7:F8:A7:6B:52:93:74:27:2F:43:D6:F3:74:89
Certificate issuer: /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial: 018AE655D794120A1F883444C1636074510C
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/NhQ691T85_ina1KTdCcvQ9bzdIk.roa
Signing time: Sat 30 Sep 2023 13:44:59 +0000
ROA not before: Sat 30 Sep 2023 13:44:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 77.83.39.0/24 maxlen: 24
85.209.120.0/23 maxlen: 24
193.57.41.0/24 maxlen: 24
45.94.171.0/24 maxlen: 24
45.144.213.0/24 maxlen: 24
2.56.109.0/24 maxlen: 24
2.56.110.0/24 maxlen: 24
45.138.183.0/24 maxlen: 24
195.62.24.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:e6:55:d7:94:12:0a:1f:88:34:44:c1:63:60:74:51:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Validity
Not Before: Sep 30 13:44:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=36143af754fce7f8a76b529374272f43d6f37489
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:cd:57:f3:32:09:8c:18:8b:35:a5:60:4d:7e:
a6:99:5a:97:39:d7:40:36:92:4c:34:3e:8b:db:81:
40:06:ce:a7:62:64:1e:99:75:0f:34:be:c9:70:d6:
6b:d3:bc:21:86:e3:f5:8a:a8:1c:bc:66:28:d2:17:
1b:9c:ae:91:4c:70:ac:10:b7:37:e7:4b:9d:36:8e:
55:77:1d:96:2a:13:66:e5:de:15:07:9e:d4:e6:f1:
fe:da:16:44:de:88:37:87:ac:a0:cb:c1:65:c0:84:
f6:8b:e3:6c:b7:65:9f:6a:f9:e3:70:c9:fd:7e:9e:
d5:25:31:e7:91:9f:05:e9:c4:eb:2f:43:41:2a:fb:
01:3f:43:86:f4:a8:76:85:52:ad:20:fc:1a:ae:36:
ab:f9:fa:a4:18:35:51:d8:d1:38:21:42:02:4b:a8:
87:59:5e:2a:22:fb:34:ab:ff:10:6c:03:e2:fe:79:
c4:83:50:4d:ae:0d:e8:c0:46:d2:8f:23:98:54:6f:
d0:15:8c:fd:5c:2c:6b:42:68:19:ff:45:57:cd:7b:
2f:da:05:88:88:4f:b6:94:33:20:2d:84:8f:ed:65:
7f:9c:4e:ad:53:a6:9b:0b:2f:49:bd:16:6a:cb:9c:
86:43:5b:3f:49:56:ba:34:65:4a:2b:8c:6d:d7:f0:
71:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:14:3A:F7:54:FC:E7:F8:A7:6B:52:93:74:27:2F:43:D6:F3:74:89
X509v3 Authority Key Identifier:
keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/NhQ691T85_ina1KTdCcvQ9bzdIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.109.0-2.56.110.255
45.94.171.0/24
45.138.183.0/24
45.144.213.0/24
77.83.39.0/24
85.209.120.0/23
193.57.41.0/24
195.62.24.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:78:8a:c4:59:31:c1:8c:c6:7b:6d:7b:13:48:92:d3:b5:62:
73:13:14:75:07:1b:45:71:a7:38:7c:ad:fe:db:22:de:65:9b:
19:ca:6c:72:f8:e3:82:22:29:5d:20:16:2e:07:a5:fc:79:6b:
4c:12:a8:35:d7:bd:55:2c:a1:ca:fb:9a:74:09:a2:82:7e:23:
80:c4:4c:69:d0:d2:f9:08:ff:47:c2:02:38:d5:e0:03:43:3b:
ea:60:e5:09:34:c6:02:7f:2d:ab:aa:25:10:05:e5:e0:78:c4:
32:a0:01:a7:56:79:37:9f:7e:c3:30:6f:fc:83:01:10:97:a4:
09:42:34:26:37:5b:1c:c4:45:44:d6:1c:5b:f4:3e:d9:4b:ae:
2c:55:51:15:e0:c5:00:0a:b0:a1:06:55:2d:99:30:62:3e:69:
99:3b:76:7e:43:df:56:e9:7c:34:87:06:15:87:62:fe:ca:e6:
84:54:02:83:c8:9a:5a:1e:ad:eb:ba:7f:fa:eb:13:8a:67:9c:
40:2d:b4:7c:be:9a:13:b5:21:f7:29:f1:b5:dc:07:9a:97:a8:
da:4f:cb:12:1d:1e:d6:3c:9b:7e:dd:0e:26:26:5e:94:57:f0:
be:5d:3f:9c:e8:c9:a1:68:3d:62:3f:0f:01:b0:a4:18:ef:07:
67:30:f2:9f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYrmVdeUEgofiDREwWNgdFEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjMwOTMwMTM0NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjE0M2FmNzU0ZmNlN2Y4YTc2YjUyOTM3NDI3MmY0M2Q2ZjM3NDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms1X8zIJjBiLNaVgTX6mmVqXOddA
NpJMND6L24FABs6nYmQemXUPNL7JcNZr07whhuP1iqgcvGYo0hcbnK6RTHCsELc3
50udNo5Vdx2WKhNm5d4VB57U5vH+2hZE3og3h6ygy8FlwIT2i+Nst2WfavnjcMn9
fp7VJTHnkZ8F6cTrL0NBKvsBP0OG9Kh2hVKtIPwarjar+fqkGDVR2NE4IUICS6iH
WV4qIvs0q/8QbAPi/nnEg1BNrg3owEbSjyOYVG/QFYz9XCxrQmgZ/0VXzXsv2gWI
iE+2lDMgLYSP7WV/nE6tU6abCy9JvRZqy5yGQ1s/SVa6NGVKK4xt1/BxQwIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFDYUOvdU/Of4p2tSk3QnL0PW83SJMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvTmhRNjkxVDg1X2luYTFLVGRDY3ZROWJ6ZElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4MAwDBAACOG0D
BAACOG4DBAAtXqsDBAAtircDBAAtkNUDBABNUycDBAFV0XgDBADBOSkDBADDPhgw
DQYJKoZIhvcNAQELBQADggEBAEp4isRZMcGMxnttexNIktO1YnMTFHUHG0Vxpzh8
rf7bIt5lmxnKbHL444IiKV0gFi4Hpfx5a0wSqDXXvVUsocr7mnQJooJ+I4DETGnQ
0vkI/0fCAjjV4ANDO+pg5Qk0xgJ/LauqJRAF5eB4xDKgAadWeTeffsMwb/yDARCX
pAlCNCY3WxzERUTWHFv0PtlLrixVURXgxQAKsKEGVS2ZMGI+aZk7dn5D31bpfDSH
BhWHYv7K5oRUAoPImloereu6f/rrE4pnnEAttHy+mhO1Ifcp8bXcB5qXqNpPyxId
HtY8m37dDiYmXpRX8L5dP5zoyaFoPWI/DwGwpBjvB2cw8p8=
-----END CERTIFICATE-----
Generated at Mon Oct 2 12:21:42 2023 by rpki-client on console-ams.rpki-client.org