Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/c921e8-6c94-4cc2-b9fd-06a49968c2d3/1/wBsk59dJvHM8UCDtOuFMvk4KPfU.roa
File: wBsk59dJvHM8UCDtOuFMvk4KPfU.roa (raw, json)
Hash identifier: i2v+WRodgZcAB52ynAFjeuWg+xdFuapmao8e0ilsCs8=
Subject key identifier: C0:1B:24:E7:D7:49:BC:73:3C:50:20:ED:3A:E1:4C:BE:4E:0A:3D:F5
Certificate issuer: /CN=86a8ff4c9c56667d99025d7f01591cbf77ad2f09
Certificate serial: 01856D2F477A66DC546F9604A229299FBDDB
Authority key identifier: 86:A8:FF:4C:9C:56:66:7D:99:02:5D:7F:01:59:1C:BF:77:AD:2F:09
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/hqj_TJxWZn2ZAl1_AVkcv3etLwk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/c921e8-6c94-4cc2-b9fd-06a49968c2d3/1/wBsk59dJvHM8UCDtOuFMvk4KPfU.roa
Signing time: Sun 01 Jan 2023 11:54:53 +0000
ROA not before: Sun 01 Jan 2023 11:54:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209181
IP address blocks: 185.252.3.0/24 maxlen: 24
185.252.2.0/24 maxlen: 24
185.252.1.0/24 maxlen: 24
185.252.0.0/24 maxlen: 24
2.58.192.0/24 maxlen: 24
2.58.192.0/22 maxlen: 22
2.58.195.0/24 maxlen: 24
2.58.194.0/24 maxlen: 24
2.58.193.0/24 maxlen: 24
79.143.17.0/24 maxlen: 24
79.143.16.0/24 maxlen: 24
79.143.18.0/24 maxlen: 24
2a09:e9c0::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:2f:47:7a:66:dc:54:6f:96:04:a2:29:29:9f:bd:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=86a8ff4c9c56667d99025d7f01591cbf77ad2f09
Validity
Not Before: Jan 1 11:54:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c01b24e7d749bc733c5020ed3ae14cbe4e0a3df5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:fd:f8:33:dc:e7:63:c7:8f:c4:4c:dd:b1:e3:
1f:e5:27:b8:ab:d2:e9:02:2a:ba:5f:a5:d2:43:7c:
09:15:0a:9d:36:95:04:97:b7:73:e1:4a:36:f0:9e:
db:91:4f:01:fa:42:87:b4:98:da:a4:a0:bf:21:7d:
d5:8c:2c:3c:97:c0:02:63:e9:6a:85:6e:4c:3a:b1:
a7:b5:2f:6a:cf:7b:62:17:9e:a2:a3:aa:bc:43:7c:
4e:63:b2:0b:02:37:ea:6f:8e:8f:9d:8f:37:99:97:
d4:d9:f9:16:e1:52:da:55:27:d2:b8:b0:6b:ae:45:
04:f9:06:c7:65:e2:f4:cc:5e:b8:90:c9:f3:9d:13:
e0:4c:cc:de:bc:eb:4e:f1:68:05:71:f4:85:ab:ee:
0d:91:1a:ff:5a:87:19:72:2a:27:16:a7:e2:29:27:
9f:0d:b6:11:eb:f9:b1:08:53:57:91:05:8f:76:a3:
b2:eb:1e:c0:65:2e:d0:3d:a4:84:8f:26:3b:fe:a1:
3e:72:93:d8:db:a2:d8:2d:d8:b5:6e:49:cc:a0:c5:
28:71:b2:c2:68:48:77:8f:0d:dd:a0:8d:f2:72:5f:
03:d5:49:cd:bf:38:0a:e3:77:04:fb:0c:fc:58:83:
cd:c4:d3:12:d2:32:15:0d:da:c4:65:bc:ee:e4:35:
f7:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:1B:24:E7:D7:49:BC:73:3C:50:20:ED:3A:E1:4C:BE:4E:0A:3D:F5
X509v3 Authority Key Identifier:
keyid:86:A8:FF:4C:9C:56:66:7D:99:02:5D:7F:01:59:1C:BF:77:AD:2F:09
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hqj_TJxWZn2ZAl1_AVkcv3etLwk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/c921e8-6c94-4cc2-b9fd-06a49968c2d3/1/wBsk59dJvHM8UCDtOuFMvk4KPfU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/c921e8-6c94-4cc2-b9fd-06a49968c2d3/1/hqj_TJxWZn2ZAl1_AVkcv3etLwk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.192.0/22
79.143.16.0-79.143.18.255
185.252.0.0/22
IPv6:
2a09:e9c0::/29
Signature Algorithm: sha256WithRSAEncryption
c1:cd:aa:41:a3:fb:42:59:2b:be:c6:b8:9f:07:7f:92:6b:37:
d4:2b:ac:0e:ee:a0:22:61:b4:6b:3c:18:51:52:cd:ce:68:91:
53:4f:57:e7:51:0f:78:57:65:0b:ac:5c:0e:b2:91:d2:13:ff:
46:46:86:63:12:37:a9:45:cd:e7:03:97:00:fb:c9:34:39:a5:
ba:13:95:ad:26:79:83:8b:57:90:84:1a:ed:cc:a4:06:1b:58:
3a:a3:06:64:5e:fa:72:41:d1:e2:e2:5f:b8:55:38:a2:1c:cf:
f4:73:28:fe:9e:06:a6:a3:c3:e4:dd:36:9e:48:27:03:48:5f:
75:95:a4:e9:36:c9:30:d4:13:52:ca:b3:09:7d:e6:9b:c4:2b:
38:2d:e5:e0:dd:97:c0:74:70:38:05:68:6c:cd:57:49:83:36:
b1:93:f9:66:d2:fc:4f:86:f3:00:5a:73:f7:99:ce:72:16:d3:
6f:f9:4d:99:69:38:ab:dd:a2:c7:8b:14:6b:5c:87:84:ff:2b:
e7:ce:3d:0d:2a:4c:b8:b3:e4:57:37:ff:c4:ad:c6:bf:5c:a1:
ad:66:5e:41:fb:99:0c:f8:ba:3f:fa:0e:57:dc:ab:02:9e:68:
3e:09:c3:b9:80:9c:db:26:e5:7a:c3:c6:cb:df:8a:27:78:b4:
23:14:18:9d
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgISAYVtL0d6ZtxUb5YEoikpn73bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2YThmZjRjOWM1NjY2N2Q5OTAyNWQ3ZjAxNTkxY2JmNzdh
ZDJmMDkwHhcNMjMwMTAxMTE1NDUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDFiMjRlN2Q3NDliYzczM2M1MDIwZWQzYWUxNGNiZTRlMGEzZGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP34M9znY8ePxEzdseMf5Se4q9Lp
Aiq6X6XSQ3wJFQqdNpUEl7dz4Uo28J7bkU8B+kKHtJjapKC/IX3VjCw8l8ACY+lq
hW5MOrGntS9qz3tiF56io6q8Q3xOY7ILAjfqb46PnY83mZfU2fkW4VLaVSfSuLBr
rkUE+QbHZeL0zF64kMnznRPgTMzevOtO8WgFcfSFq+4NkRr/WocZcionFqfiKSef
DbYR6/mxCFNXkQWPdqOy6x7AZS7QPaSEjyY7/qE+cpPY26LYLdi1bknMoMUocbLC
aEh3jw3doI3ycl8D1UnNvzgK43cE+wz8WIPNxNMS0jIVDdrEZbzu5DX3rQIDAQAB
o4ICLDCCAigwHQYDVR0OBBYEFMAbJOfXSbxzPFAg7TrhTL5OCj31MB8GA1UdIwQY
MBaAFIao/0ycVmZ9mQJdfwFZHL93rS8JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHFqX1RKeFdabjJaQWwxX0FWa2N2M2V0THdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9jOTIxZTgtNmM5NC00Y2MyLWI5ZmQt
MDZhNDk5NjhjMmQzLzEvd0JzazU5ZEp2SE04VUNEdE91Rk12azRLUGZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9jOTIxZTgtNmM5NC00Y2MyLWI5ZmQtMDZhNDk5NjhjMmQz
LzEvaHFqX1RKeFdabjJaQWwxX0FWa2N2M2V0THdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEIGCCsGAQUFBwEHAQH/BDMwMTAgBAIAATAaAwQCAjrAMAwD
BARPjxADBABPjxIDBAK5/AAwDQQCAAIwBwMFAyoJ6cAwDQYJKoZIhvcNAQELBQAD
ggEBAMHNqkGj+0JZK77GuJ8Hf5JrN9QrrA7uoCJhtGs8GFFSzc5okVNPV+dRD3hX
ZQusXA6ykdIT/0ZGhmMSN6lFzecDlwD7yTQ5pboTla0meYOLV5CEGu3MpAYbWDqj
BmRe+nJB0eLiX7hVOKIcz/RzKP6eBqajw+TdNp5IJwNIX3WVpOk2yTDUE1LKswl9
5pvEKzgt5eDdl8B0cDgFaGzNV0mDNrGT+WbS/E+G8wBac/eZznIW02/5TZlpOKvd
oseLFGtch4T/K+fOPQ0qTLiz5Fc3/8Stxr9coa1mXkH7mQz4uj/6DlfcqwKeaD4J
w7mAnNsm5XrDxsvfiid4tCMUGJ0=
-----END CERTIFICATE-----
Generated at Tue Jan 2 15:19:48 2024 by rpki-client on console-ams.rpki-client.org