Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/QegrPPYeeFApnpH1kPORkggxzSk.roa
File: QegrPPYeeFApnpH1kPORkggxzSk.roa (raw, json)
Hash identifier: ZOOIvqGdAgRxj/AyidDhGMmGv+oR9FnhnTkIsOBEQec=
Subject key identifier: 41:E8:2B:3C:F6:1E:78:50:29:9E:91:F5:90:F3:91:92:08:31:CD:29
Certificate issuer: /CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Certificate serial: 018ABE25B7558978748A2CBA6B1235E5F41B
Authority key identifier: 4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/QegrPPYeeFApnpH1kPORkggxzSk.roa
Signing time: Fri 22 Sep 2023 18:27:37 +0000
ROA not before: Fri 22 Sep 2023 18:27:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39521
IP address blocks: 85.8.160.0/22 maxlen: 22
193.38.44.0/22 maxlen: 22
139.28.240.0/22 maxlen: 22
92.249.60.0/22 maxlen: 22
139.28.48.0/22 maxlen: 22
176.96.128.0/22 maxlen: 22
194.93.48.0/22 maxlen: 22
176.53.156.0/22 maxlen: 22
83.171.244.0/22 maxlen: 22
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:be:25:b7:55:89:78:74:8a:2c:ba:6b:12:35:e5:f4:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4f9509b33da55f3e5d5283eb621d0d35d7aeed5c
Validity
Not Before: Sep 22 18:27:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=41e82b3cf61e7850299e91f590f391920831cd29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:1c:d0:6b:1a:50:17:4d:e6:bd:15:6f:af:d8:
e0:d7:3f:eb:9e:4d:09:fe:2a:29:a4:2d:9f:59:45:
48:c4:68:4b:d7:a2:b8:54:b1:0d:56:15:af:56:3d:
f5:37:8f:e3:fc:5b:ad:02:8f:4c:e9:c2:70:67:de:
47:be:b5:d7:78:3e:de:c9:5c:23:1d:20:16:91:91:
77:f2:05:24:16:d4:52:c0:91:e0:bc:7c:8f:10:43:
4d:7c:ae:37:db:a2:aa:d7:0e:0c:3f:ea:fe:db:11:
2b:f4:f9:9d:8e:e7:c5:8d:96:59:65:3f:59:a4:4e:
b7:eb:db:12:92:6c:f6:dc:3f:a9:22:59:62:2b:6c:
c9:f6:0b:02:46:76:bb:83:8d:0b:17:c7:7f:ca:ea:
21:83:a5:01:f5:84:3f:ce:53:43:d5:68:83:70:a7:
f0:12:5a:3c:13:aa:e9:9e:da:bd:12:6d:32:67:83:
bf:6c:c3:52:50:9a:53:b5:69:cb:93:10:2d:f2:d8:
36:40:19:c1:33:7f:57:f5:e6:a9:0c:39:68:6c:77:
16:1e:58:4f:fb:33:08:cb:2f:fc:16:d5:f8:46:53:
8c:fc:b3:53:89:d5:67:34:34:ff:0b:5a:35:6e:d2:
a5:d1:28:b6:c4:d2:5c:3e:fa:2f:5b:3a:5c:d8:19:
ad:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
41:E8:2B:3C:F6:1E:78:50:29:9E:91:F5:90:F3:91:92:08:31:CD:29
X509v3 Authority Key Identifier:
keyid:4F:95:09:B3:3D:A5:5F:3E:5D:52:83:EB:62:1D:0D:35:D7:AE:ED:5C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/QegrPPYeeFApnpH1kPORkggxzSk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/26/6fc1bc-a5f8-42a8-95e4-60107e2b5109/1/T5UJsz2lXz5dUoPrYh0NNdeu7Vw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.171.244.0/22
85.8.160.0/22
92.249.60.0/22
139.28.48.0/22
139.28.240.0/22
176.53.156.0/22
176.96.128.0/22
193.38.44.0/22
194.93.48.0/22
Signature Algorithm: sha256WithRSAEncryption
52:58:5d:c1:6c:cc:f9:11:b9:e3:39:9d:45:a1:be:51:bd:bf:
01:1b:5a:21:0f:fc:06:7c:40:55:ed:7c:13:7d:5b:60:bb:27:
dd:5c:46:cc:b6:f7:7c:3c:fc:29:76:fa:70:e4:f8:6a:49:35:
2d:82:be:ec:9e:1e:bd:d8:51:90:b5:7f:55:18:72:98:cf:8a:
1f:f1:4c:f6:71:65:d9:0d:db:a7:90:a7:44:84:af:a5:82:91:
07:2d:25:ea:42:08:0b:4c:39:7b:87:1c:89:5b:ba:e4:2e:dd:
5f:d6:e7:db:ef:36:6d:fd:a2:f3:c5:bc:d4:f4:77:b6:15:b1:
b3:f3:17:96:8d:d3:42:cc:aa:b1:2f:f0:43:bb:cb:e7:bc:c4:
08:1c:00:1a:9b:62:74:ce:7a:7f:83:1f:b3:2f:48:b1:bf:6a:
8f:5e:4d:f5:c5:0f:d4:29:0b:e5:28:c0:40:5e:54:3e:55:f5:
b1:60:fa:f5:ee:95:af:bd:7a:9c:90:03:3a:28:f1:03:6e:a5:
34:b8:ed:7d:ee:8b:bf:cb:a4:de:c6:e7:63:e3:44:d5:31:bd:
20:e6:9d:7f:60:41:61:fb:a7:0a:5f:71:4f:03:bf:97:10:f0:
25:8f:73:9b:eb:95:b8:0b:3b:a6:44:6c:c8:db:90:e6:d7:0a:
7d:a7:05:45
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYq+JbdViXh0iiy6axI15fQbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTUwOWIzM2RhNTVmM2U1ZDUyODNlYjYyMWQwZDM1ZDdh
ZWVkNWMwHhcNMjMwOTIyMTgyNzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWU4MmIzY2Y2MWU3ODUwMjk5ZTkxZjU5MGYzOTE5MjA4MzFjZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzxzQaxpQF03mvRVvr9jg1z/rnk0J
/ioppC2fWUVIxGhL16K4VLENVhWvVj31N4/j/FutAo9M6cJwZ95HvrXXeD7eyVwj
HSAWkZF38gUkFtRSwJHgvHyPEENNfK4326Kq1w4MP+r+2xEr9PmdjufFjZZZZT9Z
pE6369sSkmz23D+pIlliK2zJ9gsCRna7g40LF8d/yuohg6UB9YQ/zlND1WiDcKfw
Elo8E6rpntq9Em0yZ4O/bMNSUJpTtWnLkxAt8tg2QBnBM39X9eapDDlobHcWHlhP
+zMIyy/8FtX4RlOM/LNTidVnNDT/C1o1btKl0Si2xNJcPvovWzpc2BmtSQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFEHoKzz2HnhQKZ6R9ZDzkZIIMc0pMB8GA1UdIwQY
MBaAFE+VCbM9pV8+XVKD62IdDTXXru1cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQt
NjAxMDdlMmI1MTA5LzEvUWVnclBQWWVlRkFwbnBIMWtQT1JrZ2d4elNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi82ZmMxYmMtYTVmOC00MmE4LTk1ZTQtNjAxMDdlMmI1MTA5
LzEvVDVVSnN6MmxYejVkVW9QclloME5OZGV1N1Z3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCU6v0AwQC
VQigAwQCXPk8AwQCixwwAwQCixzwAwQCsDWcAwQCsGCAAwQCwSYsAwQCwl0wMA0G
CSqGSIb3DQEBCwUAA4IBAQBSWF3BbMz5EbnjOZ1Fob5Rvb8BG1ohD/wGfEBV7XwT
fVtguyfdXEbMtvd8PPwpdvpw5PhqSTUtgr7snh692FGQtX9VGHKYz4of8Uz2cWXZ
DdunkKdEhK+lgpEHLSXqQggLTDl7hxyJW7rkLt1f1ufb7zZt/aLzxbzU9He2FbGz
8xeWjdNCzKqxL/BDu8vnvMQIHAAam2J0znp/gx+zL0ixv2qPXk31xQ/UKQvlKMBA
XlQ+VfWxYPr17pWvvXqckAM6KPEDbqU0uO197ou/y6Texudj40TVMb0g5p1/YEFh
+6cKX3FPA7+XEPAlj3Ob65W4CzumRGzI25Dm1wp9pwVF
-----END CERTIFICATE-----
Generated at Mon Oct 2 11:16:35 2023 by rpki-client on console-ams.rpki-client.org