Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/bDXJUXZRFyDh4nLtGXADGJt9APU.roa
File: bDXJUXZRFyDh4nLtGXADGJt9APU.roa (raw, json)
Hash identifier: FZCym/qPjQTutsvrzsrLAF1aQRYms4iw4msk2GuuWZQ=
Subject key identifier: 6C:35:C9:51:76:51:17:20:E1:E2:72:ED:19:70:03:18:9B:7D:00:F5
Certificate issuer: /CN=70ad353cc1a0d16d5e8e14a37575a6f3d60563f8
Certificate serial: 018572C397D1B9CC9EB899F8AABD68BFE43F
Authority key identifier: 70:AD:35:3C:C1:A0:D1:6D:5E:8E:14:A3:75:75:A6:F3:D6:05:63:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cK01PMGg0W1ejhSjdXWm89YFY_g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/bDXJUXZRFyDh4nLtGXADGJt9APU.roa
Signing time: Mon 02 Jan 2023 13:54:59 +0000
ROA not before: Mon 02 Jan 2023 13:54:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 24971
IP address blocks: 149.62.144.0/21 maxlen: 21
178.238.32.0/20 maxlen: 20
77.93.192.0/19 maxlen: 19
83.167.224.0/19 maxlen: 19
80.79.16.0/20 maxlen: 20
81.31.32.0/20 maxlen: 20
185.58.40.0/22 maxlen: 22
85.118.128.0/21 maxlen: 21
89.185.224.0/19 maxlen: 19
2a01:430::/32 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:c3:97:d1:b9:cc:9e:b8:99:f8:aa:bd:68:bf:e4:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70ad353cc1a0d16d5e8e14a37575a6f3d60563f8
Validity
Not Before: Jan 2 13:54:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6c35c95176511720e1e272ed197003189b7d00f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:d8:ad:d1:08:e4:19:51:f5:33:5f:5f:e7:a4:
bf:30:ea:95:b7:ee:59:f3:23:d7:e9:21:59:93:25:
f3:87:e9:0d:f8:a6:c3:c1:61:1c:2f:65:0e:f5:31:
f1:55:f9:3f:cf:bd:76:db:d7:c2:1b:97:51:4f:01:
f7:ef:46:c6:e1:35:7f:0f:1d:f5:a6:14:16:e9:9f:
85:c9:48:51:c2:3e:15:76:5e:dc:fa:cc:20:95:ff:
61:37:60:c2:75:f6:d5:bf:5f:bb:dd:88:38:1b:3d:
86:25:b8:a5:e9:75:40:ad:23:23:dd:a1:23:8c:a0:
b8:4f:75:cb:10:57:bd:77:06:1c:90:56:47:a7:f4:
ea:04:91:8d:d3:01:18:51:ca:34:86:1d:75:3e:61:
23:e2:18:9c:e7:77:02:c3:4e:00:20:1a:01:00:bb:
f5:32:83:f4:ca:8d:32:fd:c1:66:db:7a:0f:28:59:
e5:60:1d:f8:aa:97:bf:d8:2a:f5:c0:82:bc:f1:a4:
85:2f:0e:37:b9:64:13:40:b7:cb:7b:3e:b0:41:8e:
98:71:51:4d:29:00:e2:9c:c0:0e:ba:0d:da:96:9c:
74:2c:c8:67:b9:cf:14:3c:49:7a:1d:e6:22:84:45:
42:6e:0a:56:54:b0:87:8a:09:03:0e:03:15:49:82:
c4:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:35:C9:51:76:51:17:20:E1:E2:72:ED:19:70:03:18:9B:7D:00:F5
X509v3 Authority Key Identifier:
keyid:70:AD:35:3C:C1:A0:D1:6D:5E:8E:14:A3:75:75:A6:F3:D6:05:63:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cK01PMGg0W1ejhSjdXWm89YFY_g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/bDXJUXZRFyDh4nLtGXADGJt9APU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e26d9c-d851-4a69-95f9-1504ea53e255/1/cK01PMGg0W1ejhSjdXWm89YFY_g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.93.192.0/19
80.79.16.0/20
81.31.32.0/20
83.167.224.0/19
85.118.128.0/21
89.185.224.0/19
149.62.144.0/21
178.238.32.0/20
185.58.40.0/22
IPv6:
2a01:430::/32
Signature Algorithm: sha256WithRSAEncryption
1c:d9:9b:a5:ab:3e:36:e7:f2:83:cd:df:a5:89:90:f6:5c:2b:
7c:b7:80:1a:0d:6a:40:96:62:43:25:67:b9:0d:e0:34:9b:42:
ff:b2:36:ea:14:a9:0c:ca:ef:17:7c:4f:61:43:10:2c:74:9a:
90:3c:7e:c8:a0:e9:d3:8e:f2:9e:17:84:dd:fa:94:77:dd:3b:
42:93:06:df:9a:9d:95:00:02:4b:9a:01:f5:12:cc:2d:3c:8a:
07:51:55:e2:ea:b0:c9:f5:5f:db:c9:14:b5:46:9a:de:37:0c:
7e:7a:94:4c:e5:d0:a1:96:04:51:9e:89:7d:74:39:88:a8:0c:
4d:71:18:ea:bf:e7:eb:d6:78:2b:22:91:38:a2:49:b7:b4:08:
04:c6:da:e1:3e:3d:9e:18:66:ad:a1:d3:7c:01:4e:f0:56:ae:
4f:d1:eb:32:ea:f1:03:13:0f:82:00:87:15:74:07:83:f2:92:
bc:bd:f3:11:40:dd:07:5f:b9:2c:24:81:5b:c0:94:ec:12:0a:
d9:e1:b1:ee:9b:06:d2:0e:7d:f1:82:bb:f4:3d:8a:96:fe:10:
38:de:26:9c:27:87:98:31:fb:7f:20:a1:9d:2e:d2:91:cd:b5:
fc:b5:92:5e:1f:e6:94:de:2d:43:a0:a2:e1:3f:0c:88:41:51:
9f:45:09:9e
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVyw5fRucyeuJn4qr1ov+Q/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYWQzNTNjYzFhMGQxNmQ1ZThlMTRhMzc1NzVhNmYzZDYw
NTYzZjgwHhcNMjMwMTAyMTM1NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzM1Yzk1MTc2NTExNzIwZTFlMjcyZWQxOTcwMDMxODliN2QwMGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtit0QjkGVH1M19f56S/MOqVt+5Z
8yPX6SFZkyXzh+kN+KbDwWEcL2UO9THxVfk/z71229fCG5dRTwH370bG4TV/Dx31
phQW6Z+FyUhRwj4Vdl7c+swglf9hN2DCdfbVv1+73Yg4Gz2GJbil6XVArSMj3aEj
jKC4T3XLEFe9dwYckFZHp/TqBJGN0wEYUco0hh11PmEj4hic53cCw04AIBoBALv1
MoP0yo0y/cFm23oPKFnlYB34qpe/2Cr1wIK88aSFLw43uWQTQLfLez6wQY6YcVFN
KQDinMAOug3alpx0LMhnuc8UPEl6HeYihEVCbgpWVLCHigkDDgMVSYLEAwIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGw1yVF2URcg4eJy7RlwAxibfQD1MB8GA1UdIwQY
MBaAFHCtNTzBoNFtXo4Uo3V1pvPWBWP4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0swMVBNR2cwVzFlamhTamRYV204OVlGWV9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMjZkOWMtZDg1MS00YTY5LTk1Zjkt
MTUwNGVhNTNlMjU1LzEvYkRYSlVYWlJGeURoNG5MdEdYQURHSnQ5QVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMjZkOWMtZDg1MS00YTY5LTk1ZjktMTUwNGVhNTNlMjU1
LzEvY0swMVBNR2cwVzFlamhTamRYV204OVlGWV9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTA8BAIAATA2AwQFTV3AAwQE
UE8QAwQEUR8gAwQFU6fgAwQDVXaAAwQFWbngAwQDlT6QAwQEsu4gAwQCuTooMA0E
AgACMAcDBQAqAQQwMA0GCSqGSIb3DQEBCwUAA4IBAQAc2Zulqz425/KDzd+liZD2
XCt8t4AaDWpAlmJDJWe5DeA0m0L/sjbqFKkMyu8XfE9hQxAsdJqQPH7IoOnTjvKe
F4Td+pR33TtCkwbfmp2VAAJLmgH1EswtPIoHUVXi6rDJ9V/byRS1RpreNwx+epRM
5dChlgRRnol9dDmIqAxNcRjqv+fr1ngrIpE4okm3tAgExtrhPj2eGGatodN8AU7w
Vq5P0esy6vEDEw+CAIcVdAeD8pK8vfMRQN0HX7ksJIFbwJTsEgrZ4bHumwbSDn3x
grv0PYqW/hA43iacJ4eYMft/IKGdLtKRzbX8tZJeH+aU3i1DoKLhPwyIQVGfRQme
-----END CERTIFICATE-----
Generated at Tue Jan 2 11:34:35 2024 by rpki-client on console-ams.rpki-client.org