Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Kdnk0o67JN-1TVw2LhwgEVivBXY.roa
File: Kdnk0o67JN-1TVw2LhwgEVivBXY.roa (raw, json)
Hash identifier: KbKpSAQYvkCzbTkSSW1SdLHwsWMmLa/iPLrAyQYP1h0=
Subject key identifier: 29:D9:E4:D2:8E:BB:24:DF:B5:4D:5C:36:2E:1C:20:11:58:AF:05:76
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 01857246F810BF8E1D0E45DCBD39688AFADB
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Kdnk0o67JN-1TVw2LhwgEVivBXY.roa
Signing time: Mon 02 Jan 2023 11:38:51 +0000
ROA not before: Mon 02 Jan 2023 11:38:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5433
IP address blocks: 91.151.176.0/20 maxlen: 20
91.151.186.0/24 maxlen: 24
91.151.190.0/24 maxlen: 24
91.151.189.0/24 maxlen: 24
2a01:8380::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:46:f8:10:bf:8e:1d:0e:45:dc:bd:39:68:8a:fa:db
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Jan 2 11:38:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=29d9e4d28ebb24dfb54d5c362e1c201158af0576
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:68:78:6d:16:ce:d1:47:cf:63:13:b9:b9:a2:
7a:9a:64:d3:9d:d4:e1:3f:8f:6e:68:bb:a8:8c:83:
61:b4:4d:4e:bb:24:a4:68:11:30:86:ae:d5:a7:0a:
9d:e4:4f:29:42:d8:8e:09:10:36:b4:9c:0e:27:20:
39:b2:26:3b:cf:fe:57:09:45:78:19:68:24:ea:6a:
9e:bd:eb:6b:b6:94:48:ce:96:0c:35:68:48:0e:2c:
27:57:b0:02:25:a4:81:03:b1:71:1b:7f:97:ab:9f:
af:02:e3:d5:1d:1c:eb:03:21:fc:74:9d:b4:a4:8d:
87:91:fd:1a:e9:62:6e:e4:d1:4f:a1:eb:67:55:74:
61:04:9c:0f:0a:63:ef:39:c5:20:b3:cf:b1:40:cc:
58:15:a6:00:c1:4d:06:23:fd:10:e0:86:6f:78:d9:
1a:f8:92:66:16:5a:f8:25:7b:92:b6:91:b5:bc:45:
7c:0e:e1:4d:cc:51:e0:f1:ac:c8:0c:dd:4d:cf:d5:
13:d8:a3:37:91:05:50:6e:17:3b:3d:87:77:a9:9d:
fd:fe:e1:1e:95:bb:d0:30:f5:a0:4f:df:e5:5a:08:
d8:e2:2b:28:49:9b:8d:5c:a8:ff:82:de:91:5a:39:
b8:cc:68:22:27:3e:02:76:47:d3:b5:a9:3c:70:be:
03:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
29:D9:E4:D2:8E:BB:24:DF:B5:4D:5C:36:2E:1C:20:11:58:AF:05:76
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Kdnk0o67JN-1TVw2LhwgEVivBXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.151.176.0/20
IPv6:
2a01:8380::/32
Signature Algorithm: sha256WithRSAEncryption
11:b8:53:85:b7:22:99:26:4e:3c:d6:1f:9e:6b:92:88:dc:d9:
e2:a9:56:c8:c2:e8:de:1c:5e:c8:f5:1b:88:3e:58:92:9e:6c:
dd:52:f2:f9:bb:92:52:4e:ab:ae:d5:fc:20:7d:56:7d:5c:81:
ff:11:10:f5:d8:99:af:86:e0:3a:fb:eb:cf:28:71:dc:e5:28:
17:a8:06:5f:3c:e7:24:0e:b7:96:de:6d:d8:5a:2c:78:a2:98:
d3:18:17:0b:5e:1c:04:8c:cc:dc:d4:b9:5d:b6:fe:e4:ce:b2:
1b:b8:ab:9b:ad:75:07:2f:4b:5b:7b:b8:9f:9e:89:f7:30:ce:
0c:a7:b2:0e:80:bc:8a:5e:34:ea:99:c6:0a:d6:0a:11:da:68:
24:f4:67:f5:27:04:e9:2e:78:5e:39:0b:c7:b2:99:e5:89:57:
b2:63:f8:73:9a:c7:b1:3e:62:58:db:4e:7c:5a:bf:ae:b3:3e:
4a:ec:8d:c0:2a:f2:64:28:55:e3:af:cb:82:e2:1d:c4:5d:fe:
65:a6:c4:21:4d:76:27:27:88:85:1c:8c:9a:51:8d:14:37:11:
22:d7:c2:82:20:0b:a9:1e:91:ff:46:6a:34:f2:8f:73:0b:6a:
22:7c:ae:0a:10:8b:d3:17:d6:15:f2:68:b4:4e:81:e0:53:11:
24:c6:90:eb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVyRvgQv44dDkXcvTloivrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjMwMTAyMTEzODUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWQ5ZTRkMjhlYmIyNGRmYjU0ZDVjMzYyZTFjMjAxMTU4YWYwNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mh4bRbO0UfPYxO5uaJ6mmTTndTh
P49uaLuojINhtE1OuySkaBEwhq7Vpwqd5E8pQtiOCRA2tJwOJyA5siY7z/5XCUV4
GWgk6mqevetrtpRIzpYMNWhIDiwnV7ACJaSBA7FxG3+Xq5+vAuPVHRzrAyH8dJ20
pI2Hkf0a6WJu5NFPoetnVXRhBJwPCmPvOcUgs8+xQMxYFaYAwU0GI/0Q4IZveNka
+JJmFlr4JXuStpG1vEV8DuFNzFHg8azIDN1Nz9UT2KM3kQVQbhc7PYd3qZ39/uEe
lbvQMPWgT9/lWgjY4isoSZuNXKj/gt6RWjm4zGgiJz4CdkfTtak8cL4D5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCnZ5NKOuyTftU1cNi4cIBFYrwV2MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvS2RuazBvNjdKTi0xVFZ3Mkxod2dFVml2QlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEW5ewMA0E
AgACMAcDBQAqAYOAMA0GCSqGSIb3DQEBCwUAA4IBAQARuFOFtyKZJk481h+ea5KI
3NniqVbIwujeHF7I9RuIPliSnmzdUvL5u5JSTquu1fwgfVZ9XIH/ERD12JmvhuA6
++vPKHHc5SgXqAZfPOckDreW3m3YWix4opjTGBcLXhwEjMzc1Lldtv7kzrIbuKub
rXUHL0tbe7ifnon3MM4Mp7IOgLyKXjTqmcYK1goR2mgk9Gf1JwTpLnheOQvHspnl
iVeyY/hzmsexPmJY2058Wr+usz5K7I3AKvJkKFXjr8uC4h3EXf5lpsQhTXYnJ4iF
HIyaUY0UNxEi18KCIAupHpH/Rmo08o9zC2oifK4KEIvTF9YV8mi0ToHgUxEkxpDr
-----END CERTIFICATE-----
Generated at Mon Jan 1 17:13:47 2024 by rpki-client on console-ams.rpki-client.org