Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/O40oX7G0aqSTHOw3B68-okWckLw.roa
File: O40oX7G0aqSTHOw3B68-okWckLw.roa (raw, json)
Hash identifier: WJ3QAZfWd6rMzJgaNvNr/7/Ftjodjl6xSLzOmb6XsCA=
Subject key identifier: 3B:8D:28:5F:B1:B4:6A:A4:93:1C:EC:37:07:AF:3E:A2:45:9C:90:BC
Certificate issuer: /CN=02d0e88885ef48b20c87b76fd85d42e6eb3d7183
Certificate serial: 01856F14B5EE287667C11896225B4BF47731
Authority key identifier: 02:D0:E8:88:85:EF:48:B2:0C:87:B7:6F:D8:5D:42:E6:EB:3D:71:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AtDoiIXvSLIMh7dv2F1C5us9cYM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/O40oX7G0aqSTHOw3B68-okWckLw.roa
Signing time: Sun 01 Jan 2023 20:45:06 +0000
ROA not before: Sun 01 Jan 2023 20:45:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51764
IP address blocks: 46.31.0.0/21 maxlen: 24
46.31.6.0/24 maxlen: 24
91.102.200.0/21 maxlen: 24
91.102.203.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:14:b5:ee:28:76:67:c1:18:96:22:5b:4b:f4:77:31
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=02d0e88885ef48b20c87b76fd85d42e6eb3d7183
Validity
Not Before: Jan 1 20:45:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3b8d285fb1b46aa4931cec3707af3ea2459c90bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:b4:21:52:a7:7b:06:de:75:1c:0a:98:1f:e5:
e3:17:9f:e4:72:39:d4:60:00:df:bd:6c:cf:9a:4e:
19:17:0b:43:1f:f2:59:a1:31:ce:96:ad:c9:f7:cb:
f4:9d:22:9b:14:48:a0:b1:df:7e:8a:db:65:d0:20:
91:be:f0:49:f1:d5:e0:73:f5:5e:a1:91:40:8b:7e:
46:47:f8:a4:14:b8:a4:c3:21:00:ec:90:b9:fc:c6:
0b:c8:1a:9e:02:b9:d8:fb:59:d6:9e:af:ee:c0:3b:
21:65:9b:c4:ed:a6:e5:74:b4:d6:fe:e7:1a:59:49:
93:58:cf:03:74:de:75:3a:4f:6f:69:94:f1:1b:09:
2b:5d:f2:a9:a0:6f:cc:5d:1b:72:05:e8:7c:3f:3a:
e9:3c:c9:50:47:63:eb:4d:b7:15:ce:1e:33:4b:98:
06:60:dd:ff:49:23:44:a7:90:e1:94:9c:e3:5c:39:
1f:7e:b8:57:c0:ff:f2:59:1f:80:ce:c9:58:00:95:
ef:72:b6:31:ac:6d:69:fb:79:93:9b:63:18:34:13:
db:aa:1d:6d:01:ba:2c:af:99:30:93:73:da:0e:d6:
89:40:11:b7:0f:2f:9d:03:67:80:9a:d4:53:6f:99:
5c:cb:0b:28:e2:0c:dc:96:e9:f4:df:da:6c:8b:ac:
0b:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:8D:28:5F:B1:B4:6A:A4:93:1C:EC:37:07:AF:3E:A2:45:9C:90:BC
X509v3 Authority Key Identifier:
keyid:02:D0:E8:88:85:EF:48:B2:0C:87:B7:6F:D8:5D:42:E6:EB:3D:71:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AtDoiIXvSLIMh7dv2F1C5us9cYM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/O40oX7G0aqSTHOw3B68-okWckLw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/5f4eb6-6026-4098-88d7-953c68506d5c/1/AtDoiIXvSLIMh7dv2F1C5us9cYM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.31.0.0/21
91.102.200.0/21
Signature Algorithm: sha256WithRSAEncryption
33:b7:60:7e:0e:53:40:1e:09:57:aa:66:07:11:31:33:0d:86:
7a:f4:1a:c9:29:d7:55:ba:a8:70:6b:c1:7d:05:88:a8:08:44:
c2:37:f7:07:53:1a:c4:ea:fe:51:26:11:7c:80:5a:fb:33:f2:
ba:89:b4:2a:ec:b0:90:85:bf:09:b9:72:6c:9e:ad:ea:eb:6d:
c5:b7:5a:ca:78:55:a5:8e:2e:da:3f:04:ff:dc:02:7b:61:f2:
21:4e:1b:12:a3:11:15:a7:28:9a:2a:cc:b8:d1:60:c6:36:c8:
9c:64:83:74:d2:6c:a6:aa:28:85:58:76:83:2d:08:a6:a3:72:
1c:76:8b:1a:65:ea:a0:af:a5:e7:45:2f:3b:00:da:44:31:3a:
c5:88:0d:e2:2f:b5:fe:a5:30:ce:32:64:cb:ba:61:14:55:01:
97:72:9d:92:5e:2c:7a:92:f3:ed:6a:a4:c6:9c:9f:4a:68:da:
52:5b:fc:17:aa:5c:e8:8e:8e:47:fc:58:b3:f9:3d:cc:34:9b:
6c:d0:46:cb:c8:65:02:1a:1e:a0:32:2b:09:86:66:5f:28:f4:
79:e4:79:77:6c:18:06:66:1e:e2:89:9a:59:74:6e:f6:33:3a:
64:32:f4:06:f8:d4:12:26:6a:a5:52:93:8a:e8:38:e5:c0:d7:
a8:f6:0e:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvFLXuKHZnwRiWIltL9HcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyZDBlODg4ODVlZjQ4YjIwYzg3Yjc2ZmQ4NWQ0MmU2ZWIz
ZDcxODMwHhcNMjMwMTAxMjA0NTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhkMjg1ZmIxYjQ2YWE0OTMxY2VjMzcwN2FmM2VhMjQ1OWM5MGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhrQhUqd7Bt51HAqYH+XjF5/kcjnU
YADfvWzPmk4ZFwtDH/JZoTHOlq3J98v0nSKbFEigsd9+ittl0CCRvvBJ8dXgc/Ve
oZFAi35GR/ikFLikwyEA7JC5/MYLyBqeArnY+1nWnq/uwDshZZvE7abldLTW/uca
WUmTWM8DdN51Ok9vaZTxGwkrXfKpoG/MXRtyBeh8PzrpPMlQR2PrTbcVzh4zS5gG
YN3/SSNEp5DhlJzjXDkffrhXwP/yWR+AzslYAJXvcrYxrG1p+3mTm2MYNBPbqh1t
Abosr5kwk3PaDtaJQBG3Dy+dA2eAmtRTb5lcywso4gzclun039psi6wL/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDuNKF+xtGqkkxzsNwevPqJFnJC8MB8GA1UdIwQY
MBaAFALQ6IiF70iyDIe3b9hdQubrPXGDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQXREb2lJWHZTTElNaDdkdjJGMUM1dXM5Y1lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS81ZjRlYjYtNjAyNi00MDk4LTg4ZDct
OTUzYzY4NTA2ZDVjLzEvTzQwb1g3RzBhcVNUSE93M0I2OC1va1dja0x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS81ZjRlYjYtNjAyNi00MDk4LTg4ZDctOTUzYzY4NTA2ZDVj
LzEvQXREb2lJWHZTTElNaDdkdjJGMUM1dXM5Y1lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLh8AAwQD
W2bIMA0GCSqGSIb3DQEBCwUAA4IBAQAzt2B+DlNAHglXqmYHETEzDYZ69BrJKddV
uqhwa8F9BYioCETCN/cHUxrE6v5RJhF8gFr7M/K6ibQq7LCQhb8JuXJsnq3q623F
t1rKeFWlji7aPwT/3AJ7YfIhThsSoxEVpyiaKsy40WDGNsicZIN00mymqiiFWHaD
LQimo3IcdosaZeqgr6XnRS87ANpEMTrFiA3iL7X+pTDOMmTLumEUVQGXcp2SXix6
kvPtaqTGnJ9KaNpSW/wXqlzojo5H/Fiz+T3MNJts0EbLyGUCGh6gMisJhmZfKPR5
5Hl3bBgGZh7iiZpZdG72MzpkMvQG+NQSJmqlUpOK6DjlwNeo9g6v
-----END CERTIFICATE-----
Generated at Mon Jan 1 15:02:35 2024 by rpki-client on console-ams.rpki-client.org