Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/DqEI2AjNc2RlD_iZTJszQ-mrQ_s.roa
File: DqEI2AjNc2RlD_iZTJszQ-mrQ_s.roa (raw, json)
Hash identifier: JPaA7PLShXdZqIumbXv9A+heCPYSxIgSm4pd4S9mKos=
Subject key identifier: 0E:A1:08:D8:08:CD:73:64:65:0F:F8:99:4C:9B:33:43:E9:AB:43:FB
Certificate issuer: /CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Certificate serial: 01857246FD4E75CEE8E7E0E2A7D3D83BEBCA
Authority key identifier: B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/DqEI2AjNc2RlD_iZTJszQ-mrQ_s.roa
Signing time: Mon 02 Jan 2023 11:38:53 +0000
ROA not before: Mon 02 Jan 2023 11:38:53 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209420
IP address blocks: 192.145.17.0/24 maxlen: 24
192.145.16.0/23 maxlen: 23
192.145.16.0/24 maxlen: 24
192.145.18.0/24 maxlen: 24
152.89.133.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:46:fd:4e:75:ce:e8:e7:e0:e2:a7:d3:d8:3b:eb:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b72588c00eef715809eb5fdd6d6717cc28c0dfac
Validity
Not Before: Jan 2 11:38:53 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0ea108d808cd7364650ff8994c9b3343e9ab43fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:19:98:ef:c4:99:29:e5:ff:65:30:d3:14:c0:
25:73:72:3b:4f:2b:7d:12:c9:9f:a8:bf:57:50:54:
6e:48:4d:3c:b4:ef:0f:ef:e4:96:96:5b:d7:31:e2:
6e:cb:d7:b5:06:4b:a1:28:b9:83:c2:13:c8:b8:d9:
2e:e5:2f:20:d4:3f:72:a8:12:d1:ac:16:c5:b9:9f:
54:4d:18:0a:5a:69:1f:3c:8d:2a:7e:19:a9:9d:78:
06:58:aa:af:8d:12:fa:6f:bb:fa:5a:ff:5f:32:5d:
cf:1e:10:5a:ba:d9:a1:ae:99:d3:dd:d8:db:d7:ff:
98:71:4f:76:17:38:d5:94:b9:aa:e0:2d:e9:b2:8a:
7d:c0:0a:5b:e0:c7:72:26:13:af:7c:86:46:7b:1a:
86:30:e8:9b:0c:66:ee:a9:33:36:5d:f0:7d:a1:18:
a4:df:2f:01:bb:8d:8f:33:f4:78:4d:91:85:a8:f7:
da:1c:27:9e:46:01:3f:96:d6:97:f9:30:e6:4e:ba:
1a:3a:91:ad:63:86:a6:a1:a6:37:57:6b:14:a0:52:
ae:79:ed:12:45:f1:3c:00:62:d7:8e:20:33:d5:33:
cb:c2:0e:ff:a1:30:1f:71:4e:37:b4:85:42:b6:e1:
e6:fa:ca:11:f6:fc:17:c1:64:0a:50:8c:78:f8:44:
b3:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:A1:08:D8:08:CD:73:64:65:0F:F8:99:4C:9B:33:43:E9:AB:43:FB
X509v3 Authority Key Identifier:
keyid:B7:25:88:C0:0E:EF:71:58:09:EB:5F:DD:6D:67:17:CC:28:C0:DF:AC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tyWIwA7vcVgJ61_dbWcXzCjA36w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/DqEI2AjNc2RlD_iZTJszQ-mrQ_s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ebbac9-fee7-4f3b-8cd5-7a41254eaaca/1/tyWIwA7vcVgJ61_dbWcXzCjA36w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.133.0/24
192.145.16.0-192.145.18.255
Signature Algorithm: sha256WithRSAEncryption
57:83:27:99:88:c3:c2:ac:73:b4:86:65:ad:3b:7b:9b:3b:73:
24:0d:35:fb:f6:cd:06:6a:93:b1:dd:d9:d7:b3:32:fa:27:c8:
9b:d3:4a:39:97:56:52:75:8d:34:a4:a6:92:20:4d:49:ae:e4:
5d:16:16:3d:bf:94:75:de:d9:9c:2d:50:00:d2:7e:38:25:d2:
d0:87:9c:ad:e9:a6:b1:70:a9:24:45:4f:ad:fd:16:f7:0a:30:
a4:ff:8f:b9:80:1b:04:7b:70:5a:67:0a:4d:20:22:03:3d:fc:
be:c6:0c:42:20:e0:a4:9b:e8:75:70:1d:e5:89:1f:1d:b7:58:
f2:2a:36:f7:e8:9d:4e:2f:dc:88:ee:1d:0e:bd:6d:bb:28:ca:
f6:86:75:25:e8:8f:e1:db:cb:3b:a4:10:61:63:b0:3c:e6:fc:
7a:ae:03:43:eb:01:92:b2:cd:14:74:be:e4:4a:fc:47:53:36:
c9:a7:a2:ac:69:5f:ed:f0:52:d4:79:84:53:65:9f:6b:3a:64:
8d:88:61:6a:11:2b:c0:a2:2f:53:f0:69:89:59:cc:19:4f:a5:
14:ba:12:15:26:fd:eb:4b:1b:21:1c:c4:89:2b:54:55:20:c0:
28:4d:b9:1a:fe:ee:d5:49:cd:5c:3a:02:6d:d1:2c:70:70:59:
82:34:1a:02
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYVyRv1Odc7o5+Dip9PYO+vKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MjU4OGMwMGVlZjcxNTgwOWViNWZkZDZkNjcxN2NjMjhj
MGRmYWMwHhcNMjMwMTAyMTEzODUzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWExMDhkODA4Y2Q3MzY0NjUwZmY4OTk0YzliMzM0M2U5YWI0M2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxmY78SZKeX/ZTDTFMAlc3I7Tyt9
EsmfqL9XUFRuSE08tO8P7+SWllvXMeJuy9e1BkuhKLmDwhPIuNku5S8g1D9yqBLR
rBbFuZ9UTRgKWmkfPI0qfhmpnXgGWKqvjRL6b7v6Wv9fMl3PHhBautmhrpnT3djb
1/+YcU92FzjVlLmq4C3psop9wApb4MdyJhOvfIZGexqGMOibDGbuqTM2XfB9oRik
3y8Bu42PM/R4TZGFqPfaHCeeRgE/ltaX+TDmTroaOpGtY4amoaY3V2sUoFKuee0S
RfE8AGLXjiAz1TPLwg7/oTAfcU43tIVCtuHm+soR9vwXwWQKUIx4+ESzEQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFA6hCNgIzXNkZQ/4mUybM0Ppq0P7MB8GA1UdIwQY
MBaAFLcliMAO73FYCetf3W1nF8wowN+sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUt
N2E0MTI1NGVhYWNhLzEvRHFFSTJBak5jMlJsRF9pWlRKc3pRLW1yUV9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYmJhYzktZmVlNy00ZjNiLThjZDUtN2E0MTI1NGVhYWNh
LzEvdHlXSXdBN3ZjVmdKNjFfZGJXY1h6Q2pBMzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAmFmFMAwD
BATAkRADBADAkRIwDQYJKoZIhvcNAQELBQADggEBAFeDJ5mIw8Ksc7SGZa07e5s7
cyQNNfv2zQZqk7Hd2dezMvonyJvTSjmXVlJ1jTSkppIgTUmu5F0WFj2/lHXe2Zwt
UADSfjgl0tCHnK3pprFwqSRFT639FvcKMKT/j7mAGwR7cFpnCk0gIgM9/L7GDEIg
4KSb6HVwHeWJHx23WPIqNvfonU4v3IjuHQ69bbsoyvaGdSXoj+HbyzukEGFjsDzm
/HquA0PrAZKyzRR0vuRK/EdTNsmnoqxpX+3wUtR5hFNln2s6ZI2IYWoRK8CiL1Pw
aYlZzBlPpRS6EhUm/etLGyEcxIkrVFUgwChNuRr+7tVJzVw6Am3RLHBwWYI0GgI=
-----END CERTIFICATE-----
Generated at Wed Nov 1 08:44:49 2023 by rpki-client on console-ams.rpki-client.org