Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/WvhCqNq9EUvgNhlN_6LioGN20gg.roa
File: WvhCqNq9EUvgNhlN_6LioGN20gg.roa (raw, json)
Hash identifier: Uld5tNA9b/N4blODT9G0Kskd9KccBTfCAQUve/xbO4Y=
Subject key identifier: 5A:F8:42:A8:DA:BD:11:4B:E0:36:19:4D:FF:A2:E2:A0:63:76:D2:08
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 018B85357901B41F5A07E28809CF949B0474
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/WvhCqNq9EUvgNhlN_6LioGN20gg.roa
Signing time: Tue 31 Oct 2023 10:09:15 +0000
ROA not before: Tue 31 Oct 2023 10:09:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 137409
IP address blocks: 91.193.28.0/24 maxlen: 24
31.135.4.0/23 maxlen: 23
91.193.29.0/24 maxlen: 24
176.112.80.0/22 maxlen: 24
109.207.139.0/24 maxlen: 24
109.207.137.0/24 maxlen: 24
109.207.136.0/24 maxlen: 24
109.207.138.0/24 maxlen: 24
176.96.95.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:85:35:79:01:b4:1f:5a:07:e2:88:09:cf:94:9b:04:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Oct 31 10:09:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5af842a8dabd114be036194dffa2e2a06376d208
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:71:aa:29:03:36:fb:9c:76:6c:81:1c:87:33:
ea:59:50:f9:7c:d4:b1:5b:df:39:fa:18:1c:b3:b2:
c1:c8:a7:d7:7e:0d:de:81:d3:0a:76:a2:25:82:dd:
77:56:ab:c9:32:b8:41:55:94:7d:99:09:d3:cf:5c:
2c:a1:01:ec:2c:2d:71:2e:74:aa:e1:c7:9c:84:3d:
71:09:d9:a5:3e:ad:90:c6:f6:00:e2:48:2d:aa:ec:
9c:46:6e:58:f9:d1:ed:c0:89:03:a4:c8:39:7a:37:
61:55:00:bf:da:8b:05:eb:45:ba:22:28:72:09:20:
ad:56:37:12:a3:d4:be:77:3d:7b:06:5e:ca:13:06:
db:c4:a1:dc:0f:db:8d:e6:28:ff:16:d8:0e:0e:eb:
d1:9e:f9:1a:50:20:5d:64:3c:3d:e4:7d:64:65:5e:
b5:af:03:39:db:7a:00:02:c4:1c:73:07:a2:05:07:
bc:8b:68:a3:f4:01:e1:4b:9d:80:5b:0e:1f:95:df:
59:f2:b2:37:87:9d:b7:a6:7f:7d:95:33:5a:9b:84:
83:c9:ce:1e:91:9d:48:ff:e2:bf:e0:c5:86:a5:a7:
d4:bb:a9:14:41:f5:97:8a:d6:ff:ed:4b:98:cc:0e:
17:57:c1:9a:0f:27:f3:40:f9:6b:80:7f:4f:b7:38:
6f:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:F8:42:A8:DA:BD:11:4B:E0:36:19:4D:FF:A2:E2:A0:63:76:D2:08
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/WvhCqNq9EUvgNhlN_6LioGN20gg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.135.4.0/23
91.193.28.0/23
109.207.136.0/22
176.96.95.0/24
176.112.80.0/22
Signature Algorithm: sha256WithRSAEncryption
28:19:90:7a:f3:6c:05:5d:ae:f7:36:05:78:6d:d2:41:28:29:
4e:c0:c5:9d:0a:5b:fb:d8:ab:62:db:af:65:cb:1a:21:39:35:
d1:88:cd:4a:21:9e:43:1d:f9:00:e5:5a:77:79:2a:d5:9e:44:
b5:87:b1:e7:75:87:86:ba:57:76:13:2a:b6:de:9f:d9:46:10:
61:01:65:db:fb:b0:af:43:03:a6:db:d9:d5:50:cc:71:ec:72:
d3:0e:4c:e9:c2:93:06:67:02:90:bc:13:63:80:90:26:f6:33:
39:18:fc:77:11:03:48:06:f5:6f:50:8f:70:d1:28:39:ad:38:
2c:a0:23:0b:2b:c1:a3:0a:ff:a4:43:f6:c0:49:16:5f:37:50:
98:b1:6a:73:24:6d:c0:54:4a:d4:3e:8a:3f:b4:9a:4b:01:d5:
85:35:87:57:f2:cb:e5:4f:0f:8d:e2:d1:48:f6:52:fb:93:9c:
61:c7:88:14:cd:0d:cc:2b:6b:8a:1b:6e:1b:c8:4e:7e:95:f1:
86:7b:39:e4:16:36:65:94:2f:7f:33:c2:8a:1b:f5:5c:e2:a3:
65:fe:0f:c6:44:49:6c:6e:9b:ed:0a:06:1d:81:70:1c:5b:54:
9a:ca:35:c4:84:52:9a:07:87:cf:9a:4f:c4:d3:ae:3d:57:4a:
b9:4d:07:5b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYuFNXkBtB9aB+KICc+UmwR0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMxMDMxMTAwOTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWY4NDJhOGRhYmQxMTRiZTAzNjE5NGRmZmEyZTJhMDYzNzZkMjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3GqKQM2+5x2bIEchzPqWVD5fNSx
W985+hgcs7LByKfXfg3egdMKdqIlgt13VqvJMrhBVZR9mQnTz1wsoQHsLC1xLnSq
4cechD1xCdmlPq2QxvYA4kgtquycRm5Y+dHtwIkDpMg5ejdhVQC/2osF60W6Iihy
CSCtVjcSo9S+dz17Bl7KEwbbxKHcD9uN5ij/FtgODuvRnvkaUCBdZDw95H1kZV61
rwM523oAAsQccweiBQe8i2ij9AHhS52AWw4fld9Z8rI3h523pn99lTNam4SDyc4e
kZ1I/+K/4MWGpafUu6kUQfWXitb/7UuYzA4XV8GaDyfzQPlrgH9PtzhvkQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFFr4QqjavRFL4DYZTf+i4qBjdtIIMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvV3ZoQ3FOcTlFVXZnTmhsTl82TGlvR04yMGdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBH4cEAwQB
W8EcAwQCbc+IAwQAsGBfAwQCsHBQMA0GCSqGSIb3DQEBCwUAA4IBAQAoGZB682wF
Xa73NgV4bdJBKClOwMWdClv72Kti269lyxohOTXRiM1KIZ5DHfkA5Vp3eSrVnkS1
h7HndYeGuld2Eyq23p/ZRhBhAWXb+7CvQwOm29nVUMxx7HLTDkzpwpMGZwKQvBNj
gJAm9jM5GPx3EQNIBvVvUI9w0Sg5rTgsoCMLK8GjCv+kQ/bASRZfN1CYsWpzJG3A
VErUPoo/tJpLAdWFNYdX8svlTw+N4tFI9lL7k5xhx4gUzQ3MK2uKG24byE5+lfGG
eznkFjZllC9/M8KKG/Vc4qNl/g/GRElsbpvtCgYdgXAcW1SayjXEhFKaB4fPmk/E
0649V0q5TQdb
-----END CERTIFICATE-----
Generated at Fri Dec 29 16:35:38 2023 by rpki-client on console-ams.rpki-client.org