Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/gQR3TgdE0f3ZPvUxnquwxCvJcWM.roa
File: gQR3TgdE0f3ZPvUxnquwxCvJcWM.roa (raw, json)
Hash identifier: tUbpjcQ8BI6XcHeKBhCs8sVgZkZhCN8tXrz9j/Yuiwg=
Subject key identifier: 81:04:77:4E:07:44:D1:FD:D9:3E:F5:31:9E:AB:B0:C4:2B:C9:71:63
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 018B1982FA53C0170D7FB44A6FEB4E8A81D9
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/gQR3TgdE0f3ZPvUxnquwxCvJcWM.roa
Signing time: Tue 10 Oct 2023 12:14:55 +0000
ROA not before: Tue 10 Oct 2023 12:14:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 196755
IP address blocks: 157.143.248.0/21 maxlen: 21
178.157.24.0/23 maxlen: 23
178.157.18.0/23 maxlen: 23
178.157.20.0/22 maxlen: 22
178.157.28.0/22 maxlen: 22
80.251.110.0/23 maxlen: 23
178.157.26.0/23 maxlen: 23
80.251.108.0/23 maxlen: 23
217.181.252.0/23 maxlen: 23
178.157.40.0/22 maxlen: 22
178.157.44.0/22 maxlen: 22
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:19:82:fa:53:c0:17:0d:7f:b4:4a:6f:eb:4e:8a:81:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Oct 10 12:14:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8104774e0744d1fdd93ef5319eabb0c42bc97163
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:e8:5f:9a:d1:d1:79:a1:59:9c:81:0e:c9:70:
0a:eb:ae:28:66:54:f3:cb:0b:dd:59:b8:4a:ec:ca:
b4:99:16:ed:f2:fb:6f:d0:62:7a:a9:48:3e:eb:6b:
c3:67:c7:b8:5e:ff:b3:04:7f:22:de:b3:68:4f:70:
f3:ca:c0:21:c2:1f:01:bd:32:2d:17:12:4c:a8:9b:
09:43:4c:05:7c:ea:6e:d7:9e:6d:0f:7f:02:4d:bb:
73:12:93:b7:7a:0c:d8:06:87:08:f7:29:2c:c4:e1:
af:13:06:2c:1a:c6:83:57:1b:4d:db:0d:a5:4a:de:
21:9b:5f:db:e2:b2:db:2e:f2:32:a2:4c:ce:bf:ba:
0d:5b:09:8c:ac:24:7f:61:dd:b9:68:da:8d:3e:06:
25:fa:14:a5:cf:b6:e2:21:2d:e1:59:9e:e7:2f:4d:
7f:6c:bc:65:43:f7:45:f0:d9:f2:5b:e9:60:a9:99:
85:9b:40:76:e3:60:47:25:0f:48:cc:91:c7:7a:93:
c3:32:62:cc:89:c1:cc:69:8f:03:26:d5:68:dd:25:
1e:3e:09:2f:55:33:25:82:9d:a5:ba:fb:49:5f:db:
06:62:ba:13:79:76:8a:26:72:0b:36:d2:89:93:6e:
c8:ce:3a:87:ee:87:e9:7a:9a:ba:42:1f:3f:12:2e:
8f:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:04:77:4E:07:44:D1:FD:D9:3E:F5:31:9E:AB:B0:C4:2B:C9:71:63
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/gQR3TgdE0f3ZPvUxnquwxCvJcWM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.251.108.0/22
157.143.248.0/21
178.157.18.0-178.157.31.255
178.157.40.0/21
217.181.252.0/23
Signature Algorithm: sha256WithRSAEncryption
ab:40:f9:a9:aa:0f:a9:81:5c:27:0d:98:9a:03:c6:c3:87:75:
89:8d:16:d2:d8:b0:b5:94:10:ed:1b:4f:86:42:dc:2c:1f:72:
ec:4e:9f:be:5a:88:89:50:8a:8b:0e:4f:01:f5:50:3a:fb:32:
11:c5:93:0d:79:1b:c9:7d:25:82:81:f9:29:2f:50:b8:18:fd:
bd:8d:d7:68:a5:24:da:2e:f0:04:07:22:1b:b5:39:1a:f7:79:
0a:31:f5:e3:1f:65:4b:d6:3b:66:b4:fd:a7:aa:e6:bc:75:35:
92:5d:a6:01:24:69:91:9c:9e:ef:35:2d:91:a8:f7:53:a3:0c:
e7:5c:bd:62:32:2b:a7:4d:71:89:3c:e3:db:27:81:89:8f:38:
e2:2c:dc:c6:67:0e:92:be:07:f0:ad:55:1c:52:05:8a:ef:e6:
b0:e7:9c:81:c3:7e:15:4b:db:e6:ed:7a:e4:b6:75:4b:d5:2a:
4a:2e:11:e3:c8:48:0d:b4:7f:45:5a:8a:4f:93:e8:68:87:0e:
68:89:81:cf:ac:ef:bd:2e:a1:ad:f9:b8:13:60:bb:9a:71:ac:
dc:f1:77:f3:2c:79:6b:a1:57:74:f0:51:44:10:f6:f1:36:3f:
21:2f:9f:c3:19:ed:79:36:08:8d:c6:68:5e:fa:66:73:e8:52:
f9:f0:41:fb
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYsZgvpTwBcNf7RKb+tOioHZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjMxMDEwMTIxNDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTA0Nzc0ZTA3NDRkMWZkZDkzZWY1MzE5ZWFiYjBjNDJiYzk3MTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh+hfmtHReaFZnIEOyXAK664oZlTz
ywvdWbhK7Mq0mRbt8vtv0GJ6qUg+62vDZ8e4Xv+zBH8i3rNoT3DzysAhwh8BvTIt
FxJMqJsJQ0wFfOpu155tD38CTbtzEpO3egzYBocI9yksxOGvEwYsGsaDVxtN2w2l
St4hm1/b4rLbLvIyokzOv7oNWwmMrCR/Yd25aNqNPgYl+hSlz7biIS3hWZ7nL01/
bLxlQ/dF8NnyW+lgqZmFm0B242BHJQ9IzJHHepPDMmLMicHMaY8DJtVo3SUePgkv
VTMlgp2luvtJX9sGYroTeXaKJnILNtKJk27IzjqH7ofpepq6Qh8/Ei6PuQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFIEEd04HRNH92T71MZ6rsMQryXFjMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvZ1FSM1RnZEUwZjNaUHZVeG5xdXd4Q3ZKY1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQCUPtsAwQD
nY/4MAwDBAGynRIDBAWynQADBAOynSgDBAHZtfwwDQYJKoZIhvcNAQELBQADggEB
AKtA+amqD6mBXCcNmJoDxsOHdYmNFtLYsLWUEO0bT4ZC3CwfcuxOn75aiIlQiosO
TwH1UDr7MhHFkw15G8l9JYKB+SkvULgY/b2N12ilJNou8AQHIhu1ORr3eQox9eMf
ZUvWO2a0/aeq5rx1NZJdpgEkaZGcnu81LZGo91OjDOdcvWIyK6dNcYk849sngYmP
OOIs3MZnDpK+B/CtVRxSBYrv5rDnnIHDfhVL2+bteuS2dUvVKkouEePISA20f0Va
ik+T6GiHDmiJgc+s770uoa35uBNgu5pxrNzxd/MseWuhV3TwUUQQ9vE2PyEvn8MZ
7Xk2CI3GaF76ZnPoUvnwQfs=
-----END CERTIFICATE-----
Generated at Wed Oct 11 15:15:38 2023 by rpki-client on console-fra.rpki-client.org