Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/Xot4myv4ZYwO5NDBuA0bWP-RsZU.roa
File: Xot4myv4ZYwO5NDBuA0bWP-RsZU.roa (raw, json)
Hash identifier: 1KKhNasy7uTZ6ES/Deb9NDo3yL23QlFC81SNC5TzQe4=
Subject key identifier: 5E:8B:78:9B:2B:F8:65:8C:0E:E4:D0:C1:B8:0D:1B:58:FF:91:B1:95
Certificate issuer: /CN=0324db1dcf0c2429e121516ae2792fc3253fd3ba
Certificate serial: 018B19D92F84E5E0E6AF9172DD267C08A6BC
Authority key identifier: 03:24:DB:1D:CF:0C:24:29:E1:21:51:6A:E2:79:2F:C3:25:3F:D3:BA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AyTbHc8MJCnhIVFq4nkvwyU_07o.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/Xot4myv4ZYwO5NDBuA0bWP-RsZU.roa
Signing time: Tue 10 Oct 2023 13:49:05 +0000
ROA not before: Tue 10 Oct 2023 13:49:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39783
IP address blocks: 185.35.184.0/22 maxlen: 22
46.226.8.0/21 maxlen: 21
193.93.220.0/22 maxlen: 22
91.192.220.0/22 maxlen: 22
62.122.248.0/21 maxlen: 21
185.7.60.0/22 maxlen: 22
91.189.168.0/21 maxlen: 21
91.189.168.0/24 maxlen: 24
2a02:2690::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:19:d9:2f:84:e5:e0:e6:af:91:72:dd:26:7c:08:a6:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0324db1dcf0c2429e121516ae2792fc3253fd3ba
Validity
Not Before: Oct 10 13:49:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5e8b789b2bf8658c0ee4d0c1b80d1b58ff91b195
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:56:25:86:cc:2f:5b:41:80:5e:9b:6b:33:bf:
de:d0:9a:ca:2e:0d:21:ad:1f:7a:b6:2c:df:78:c4:
3a:18:25:6d:6c:23:4f:2f:c5:00:e0:24:f7:c4:62:
09:c0:b3:f1:93:16:7a:dc:99:96:be:94:0a:f6:cc:
8d:34:6e:f0:8b:78:df:d1:ab:fb:ad:c7:f8:c3:59:
8a:e4:b9:11:f6:c7:61:90:85:14:10:4b:27:74:1a:
f9:fb:ae:3d:c5:0c:8b:32:95:d8:92:b7:49:0d:8f:
a0:8a:f4:d8:b4:9f:47:de:3f:69:cf:7d:1b:d6:ad:
85:01:74:11:77:1f:fe:d1:0a:84:d0:c4:71:4d:51:
c6:7c:36:51:4c:81:33:b3:bf:83:fb:03:d1:cd:e0:
e4:a8:e0:43:bc:70:c5:13:15:bc:9d:f6:c7:7f:65:
06:5c:3d:40:c1:4b:fe:90:22:00:ce:01:01:fd:9e:
e3:e8:79:45:30:26:5c:17:d5:74:66:51:2d:4c:1a:
42:91:73:b6:ed:d7:ac:80:04:8d:15:1f:76:3a:3c:
7b:11:a9:42:6f:88:10:d9:42:fb:14:dd:65:d2:ea:
e4:09:80:1f:f6:5f:82:3b:88:1e:ac:1c:2b:14:0a:
60:c7:8b:76:ea:10:b5:e2:7a:c3:32:a5:fa:c7:b1:
17:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:8B:78:9B:2B:F8:65:8C:0E:E4:D0:C1:B8:0D:1B:58:FF:91:B1:95
X509v3 Authority Key Identifier:
keyid:03:24:DB:1D:CF:0C:24:29:E1:21:51:6A:E2:79:2F:C3:25:3F:D3:BA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AyTbHc8MJCnhIVFq4nkvwyU_07o.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/Xot4myv4ZYwO5NDBuA0bWP-RsZU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/38/90f942-6511-4054-94be-4d2c4da721d4/1/AyTbHc8MJCnhIVFq4nkvwyU_07o.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.226.8.0/21
62.122.248.0/21
91.189.168.0/21
91.192.220.0/22
185.7.60.0/22
185.35.184.0/22
193.93.220.0/22
IPv6:
2a02:2690::/32
Signature Algorithm: sha256WithRSAEncryption
a1:ad:93:e8:4a:72:4f:2f:fe:f1:c2:19:00:4a:b8:a4:41:83:
28:33:7d:28:38:4e:87:51:00:c1:af:b0:d2:30:f1:ae:9d:70:
45:c7:e7:b0:59:07:fc:68:6b:3f:74:84:f8:5e:5c:7f:9b:1a:
f0:13:96:1e:b2:dc:04:0f:d2:74:87:01:92:6b:80:a3:09:ff:
a6:5f:43:0f:ec:9d:4d:a5:9c:7f:06:c7:d6:9d:28:01:89:d3:
b1:bf:90:4c:10:67:57:5d:8c:49:3b:08:2d:1a:bc:42:6d:82:
7a:9c:17:8f:54:0b:e3:a6:e3:9e:d4:c2:1b:06:4b:35:a1:70:
48:f6:89:78:0c:82:63:2d:15:8e:61:7d:69:a4:86:b0:48:42:
0b:62:11:00:94:64:4f:ab:0a:6c:ff:f9:0f:59:96:02:6d:8f:
45:83:f9:3d:d0:96:b5:06:b6:5a:85:88:78:38:79:6c:c9:61:
c2:8e:cb:5d:af:10:22:72:ab:6e:d8:ac:f4:27:21:ca:ae:3b:
d9:5b:bf:f8:46:61:ce:76:1d:ea:78:7b:e3:6c:e9:c8:fb:ce:
c0:73:50:d9:26:16:5f:53:0d:55:fc:96:8d:0c:90:59:84:31:
86:91:c0:0a:8b:47:02:42:37:f9:cd:ef:ee:b2:07:99:4d:cf:
b1:12:f3:06
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYsZ2S+E5eDmr5Fy3SZ8CKa8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzMjRkYjFkY2YwYzI0MjllMTIxNTE2YWUyNzkyZmMzMjUz
ZmQzYmEwHhcNMjMxMDEwMTM0OTA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZThiNzg5YjJiZjg2NThjMGVlNGQwYzFiODBkMWI1OGZmOTFiMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FYlhswvW0GAXptrM7/e0JrKLg0h
rR96tizfeMQ6GCVtbCNPL8UA4CT3xGIJwLPxkxZ63JmWvpQK9syNNG7wi3jf0av7
rcf4w1mK5LkR9sdhkIUUEEsndBr5+649xQyLMpXYkrdJDY+givTYtJ9H3j9pz30b
1q2FAXQRdx/+0QqE0MRxTVHGfDZRTIEzs7+D+wPRzeDkqOBDvHDFExW8nfbHf2UG
XD1AwUv+kCIAzgEB/Z7j6HlFMCZcF9V0ZlEtTBpCkXO27desgASNFR92Ojx7EalC
b4gQ2UL7FN1l0urkCYAf9l+CO4gerBwrFApgx4t26hC14nrDMqX6x7EX6QIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFF6LeJsr+GWMDuTQwbgNG1j/kbGVMB8GA1UdIwQY
MBaAFAMk2x3PDCQp4SFRauJ5L8MlP9O6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXlUYkhjOE1KQ25oSVZGcTRua3Z3eVVfMDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85MGY5NDItNjUxMS00MDU0LTk0YmUt
NGQyYzRkYTcyMWQ0LzEvWG90NG15djRaWXdPNU5EQnVBMGJXUC1Sc1pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85MGY5NDItNjUxMS00MDU0LTk0YmUtNGQyYzRkYTcyMWQ0
LzEvQXlUYkhjOE1KQ25oSVZGcTRua3Z3eVVfMDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQDLuIIAwQD
Pnr4AwQDW72oAwQCW8DcAwQCuQc8AwQCuSO4AwQCwV3cMA0EAgACMAcDBQAqAiaQ
MA0GCSqGSIb3DQEBCwUAA4IBAQChrZPoSnJPL/7xwhkASrikQYMoM30oOE6HUQDB
r7DSMPGunXBFx+ewWQf8aGs/dIT4Xlx/mxrwE5YestwED9J0hwGSa4CjCf+mX0MP
7J1NpZx/BsfWnSgBidOxv5BMEGdXXYxJOwgtGrxCbYJ6nBePVAvjpuOe1MIbBks1
oXBI9ol4DIJjLRWOYX1ppIawSEILYhEAlGRPqwps//kPWZYCbY9Fg/k90Ja1BrZa
hYh4OHlsyWHCjstdrxAicqtu2Kz0JyHKrjvZW7/4RmHOdh3qeHvjbOnI+87Ac1DZ
JhZfUw1V/JaNDJBZhDGGkcAKi0cCQjf5ze/usgeZTc+xEvMG
-----END CERTIFICATE-----
Generated at Mon Jan 1 03:23:11 2024 by rpki-client on console-fra.rpki-client.org