Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ay5OxTlhy5nzp6UCWOUmt9UahNg.roa
File: ay5OxTlhy5nzp6UCWOUmt9UahNg.roa (raw, json)
Hash identifier: 3dqhk86YxVNEyRa+BF9lNrGDEFG+Z2+2ZDfSqs0xqIA=
Subject key identifier: 6B:2E:4E:C5:39:61:CB:99:F3:A7:A5:02:58:E5:26:B7:D5:1A:84:D8
Certificate issuer: /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial: 01856BDCAF114FB223A017142157C82C731B
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ay5OxTlhy5nzp6UCWOUmt9UahNg.roa
Signing time: Sun 01 Jan 2023 05:45:02 +0000
ROA not before: Sun 01 Jan 2023 05:45:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203464
IP address blocks: 91.232.55.0/24 maxlen: 24
91.238.38.0/24 maxlen: 24
176.116.230.0/23 maxlen: 24
91.223.117.0/24 maxlen: 24
91.237.193.0/24 maxlen: 24
91.231.227.0/24 maxlen: 24
91.233.201.0/24 maxlen: 24
91.240.154.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:dc:af:11:4f:b2:23:a0:17:14:21:57:c8:2c:73:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Validity
Not Before: Jan 1 05:45:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6b2e4ec53961cb99f3a7a50258e526b7d51a84d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:6f:e3:f4:62:3c:e8:74:2d:30:25:f3:19:00:
ed:62:67:63:89:6a:5c:f1:d7:b9:13:17:48:1c:73:
08:7e:fc:b4:19:38:78:86:ab:9b:b4:7b:4e:99:9c:
3b:51:07:41:59:30:b0:55:70:28:3b:42:0a:c5:a0:
c8:ef:81:db:f7:19:1b:a2:c9:f6:af:50:ed:79:51:
cd:b9:be:79:7e:66:e3:ed:2e:10:dc:df:68:f6:23:
d3:66:a0:e8:b2:8c:7f:aa:a3:61:c8:30:55:90:d3:
39:6f:a5:f1:0d:ee:32:50:bd:1c:f3:6b:48:63:2f:
08:96:c9:15:25:41:28:64:cf:3b:16:4f:a5:69:c8:
4d:c7:0b:ee:ec:cb:c2:e4:c6:5b:0c:dc:0e:ff:e9:
bd:ca:b2:c2:49:d3:52:e2:bc:fd:81:ae:4c:f4:26:
52:41:91:8d:8e:03:4d:cc:e1:c6:78:ed:9f:68:c3:
3e:c1:7c:39:c1:5a:31:ae:82:4d:49:fa:0b:1d:81:
53:b2:95:d2:48:0e:fc:16:62:8e:f5:e2:3e:f4:ad:
90:cc:52:80:bc:9e:ee:6c:ac:68:b3:ab:57:e7:2c:
15:04:18:96:4d:54:9c:02:bc:19:99:92:93:4f:6c:
f2:6b:b9:6d:df:0b:65:09:a8:ef:36:19:f2:f9:91:
65:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:2E:4E:C5:39:61:CB:99:F3:A7:A5:02:58:E5:26:B7:D5:1A:84:D8
X509v3 Authority Key Identifier:
keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ay5OxTlhy5nzp6UCWOUmt9UahNg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.223.117.0/24
91.231.227.0/24
91.232.55.0/24
91.233.201.0/24
91.237.193.0/24
91.238.38.0/24
91.240.154.0/24
176.116.230.0/23
Signature Algorithm: sha256WithRSAEncryption
20:c4:66:b2:dc:b1:12:37:e0:00:8b:a1:c5:21:7c:28:05:d7:
09:9c:92:19:99:ef:94:21:50:c5:7f:85:5c:ad:ba:2c:a0:5a:
11:09:a4:4b:b4:fe:ff:2b:31:2b:7a:c7:51:bc:5c:72:77:3c:
43:41:1f:78:48:e5:62:15:ba:9f:ab:e5:72:d4:8c:48:5f:fa:
20:3a:e5:9e:1b:88:55:35:de:24:bf:56:2b:1c:e4:5c:8d:9a:
d0:88:00:5a:de:73:c8:1c:39:63:5f:39:53:7f:df:4f:88:9e:
90:19:3c:40:5b:a9:bb:37:9b:93:9b:47:58:cd:26:aa:32:c1:
c3:8f:ca:71:45:e6:d7:3b:94:be:9e:13:fe:d9:00:e0:9f:42:
bc:6b:00:15:fe:71:ef:e3:2b:6a:cd:09:f0:1e:f9:33:66:07:
44:f4:4f:eb:87:d5:e7:be:3b:4e:52:fa:0b:de:2e:ee:e4:15:
58:41:6f:5d:d5:f9:2a:5b:3c:44:c9:70:08:50:a9:fc:25:c0:
84:75:69:60:92:38:45:e8:2e:54:7d:ad:e0:4d:d0:fe:c0:67:
a8:8a:67:1e:b0:b6:d0:39:27:7b:0a:7c:91:e7:63:6f:be:a1:
27:9f:46:a3:78:2b:7a:0c:9c:6f:96:1c:81:0a:b8:b5:b7:c8:
3d:a1:67:9c
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVr3K8RT7IjoBcUIVfILHMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjMwMTAxMDU0NTAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjJlNGVjNTM5NjFjYjk5ZjNhN2E1MDI1OGU1MjZiN2Q1MWE4NGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2/j9GI86HQtMCXzGQDtYmdjiWpc
8de5ExdIHHMIfvy0GTh4hqubtHtOmZw7UQdBWTCwVXAoO0IKxaDI74Hb9xkbosn2
r1DteVHNub55fmbj7S4Q3N9o9iPTZqDosox/qqNhyDBVkNM5b6XxDe4yUL0c82tI
Yy8IlskVJUEoZM87Fk+lachNxwvu7MvC5MZbDNwO/+m9yrLCSdNS4rz9ga5M9CZS
QZGNjgNNzOHGeO2faMM+wXw5wVoxroJNSfoLHYFTspXSSA78FmKO9eI+9K2QzFKA
vJ7ubKxos6tX5ywVBBiWTVScArwZmZKTT2zya7lt3wtlCajvNhny+ZFlzwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGsuTsU5YcuZ86elAljlJrfVGoTYMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvYXk1T3hUbGh5NW56cDZVQ1dPVW10OVVhaE5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAW991AwQA
W+fjAwQAW+g3AwQAW+nJAwQAW+3BAwQAW+4mAwQAW/CaAwQBsHTmMA0GCSqGSIb3
DQEBCwUAA4IBAQAgxGay3LESN+AAi6HFIXwoBdcJnJIZme+UIVDFf4VcrbosoFoR
CaRLtP7/KzEresdRvFxydzxDQR94SOViFbqfq+Vy1IxIX/ogOuWeG4hVNd4kv1Yr
HORcjZrQiABa3nPIHDljXzlTf99PiJ6QGTxAW6m7N5uTm0dYzSaqMsHDj8pxRebX
O5S+nhP+2QDgn0K8awAV/nHv4ytqzQnwHvkzZgdE9E/rh9XnvjtOUvoL3i7u5BVY
QW9d1fkqWzxEyXAIUKn8JcCEdWlgkjhF6C5Ufa3gTdD+wGeoimcesLbQOSd7CnyR
52NvvqEnn0ajeCt6DJxvlhyBCri1t8g9oWec
-----END CERTIFICATE-----
Generated at Tue Jan 2 06:50:10 2024 by rpki-client on console-fra.rpki-client.org