Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/VrQPuiPpBWnV7hV5oVunc5qWdkA.roa
File: VrQPuiPpBWnV7hV5oVunc5qWdkA.roa (raw, json)
Hash identifier: M5bzEgV6mMLMp/QtNca40Pu3+2uN6k4RJzGkJfTqT8Q=
Subject key identifier: 56:B4:0F:BA:23:E9:05:69:D5:EE:15:79:A1:5B:A7:73:9A:96:76:40
Certificate issuer: /CN=3ad734cf90c773428806b968209515b914831a9d
Certificate serial: 018571B9FD11F4842F719A74836317613761
Authority key identifier: 3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/VrQPuiPpBWnV7hV5oVunc5qWdkA.roa
Signing time: Mon 02 Jan 2023 09:04:52 +0000
ROA not before: Mon 02 Jan 2023 09:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48894
IP address blocks: 152.89.232.0/23 maxlen: 23
152.89.235.0/24 maxlen: 24
152.89.234.0/24 maxlen: 24
2a09:37c0::/29 maxlen: 29
Validation: Failed, certificate revoked on Tue 02 Jan 2024 02:30:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:b9:fd:11:f4:84:2f:71:9a:74:83:63:17:61:37:61
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3ad734cf90c773428806b968209515b914831a9d
Validity
Not Before: Jan 2 09:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=56b40fba23e90569d5ee1579a15ba7739a967640
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:3a:92:dc:01:be:0a:d6:c9:88:f5:22:de:5e:
13:22:20:5b:2d:7e:ef:e2:c5:85:94:21:71:dd:ef:
08:4b:10:b3:5b:e3:c9:89:a4:e2:6c:12:00:25:7a:
de:48:25:bc:2a:1c:fb:11:58:ff:35:c4:81:2e:2c:
d7:6f:db:2d:da:cf:1a:6d:11:85:a8:2d:ad:44:3d:
c0:69:94:28:60:6f:2a:e1:10:03:5a:53:cb:5b:19:
b3:f0:c1:45:ff:b4:cb:58:62:c8:c3:21:a6:e1:d7:
e8:29:60:e3:1b:ea:00:b7:5f:be:e3:f8:9e:20:76:
c7:2f:41:0f:b1:1d:b6:74:b6:f3:d4:05:72:71:82:
ea:c4:4a:84:9e:ff:c4:64:71:f9:e2:8d:37:bd:47:
73:2f:a6:a8:cb:d2:41:6b:ad:de:05:e2:4c:fe:74:
41:16:d1:18:34:dd:bb:7e:6a:89:4b:1a:0a:03:6c:
1a:f7:94:f6:e4:fc:12:3f:1f:f8:3a:cb:b6:66:04:
8c:2a:c8:c7:71:1e:60:d7:ac:c2:7d:95:1a:fb:55:
12:11:8b:23:3c:cf:5a:e3:0a:08:81:fb:e9:b0:69:
fb:d2:0d:df:a9:b5:40:85:ae:14:16:42:f2:58:b1:
9f:ca:e1:e7:b6:b0:6d:9d:2f:76:4f:9d:86:4c:02:
8a:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:B4:0F:BA:23:E9:05:69:D5:EE:15:79:A1:5B:A7:73:9A:96:76:40
X509v3 Authority Key Identifier:
keyid:3A:D7:34:CF:90:C7:73:42:88:06:B9:68:20:95:15:B9:14:83:1A:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otc0z5DHc0KIBrloIJUVuRSDGp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/VrQPuiPpBWnV7hV5oVunc5qWdkA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/41/ebf381-00c8-480d-a66c-76a1d4d83197/1/Otc0z5DHc0KIBrloIJUVuRSDGp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
152.89.232.0/22
IPv6:
2a09:37c0::/29
Signature Algorithm: sha256WithRSAEncryption
5d:d7:a0:80:85:af:c7:38:56:db:43:55:79:1c:bb:b0:b7:c0:
c7:58:ee:2d:14:de:94:96:06:17:f0:a3:30:b7:28:1a:67:a1:
7e:41:a8:dc:6f:c5:bb:19:c6:46:bb:15:87:ca:f2:0a:12:0a:
89:7c:f7:3d:06:db:5c:fa:21:dd:3f:f0:86:fc:92:6c:44:f0:
e8:d6:7e:8d:ff:4d:98:e0:c6:e5:0d:25:23:69:8a:fb:aa:de:
8d:a0:85:ac:aa:59:df:28:74:78:37:0b:fb:7d:6c:d0:4e:a6:
20:44:de:e4:22:53:de:ec:77:a1:c0:3d:56:d4:f4:54:aa:4b:
f3:d8:1b:ba:3f:2f:46:06:00:ac:44:29:b1:f5:f3:a6:eb:f7:
db:8f:da:93:23:27:63:96:c7:f9:e4:3f:fd:9e:81:03:7e:94:
88:6e:33:0a:dd:3c:44:b5:ec:b4:e1:fe:df:b3:3a:ca:74:28:
9c:70:5f:b9:d3:53:9f:71:b2:ea:98:89:41:bb:a4:f6:95:7f:
23:92:f3:ef:64:b1:85:c9:a0:d6:2a:2a:27:ba:f7:22:f1:c2:
9a:41:e0:75:e2:db:25:69:7c:dc:8f:ed:7c:f3:2a:9a:e7:2a:
a3:2b:08:98:d3:be:6f:c0:24:6a:95:e2:6c:a1:05:e8:46:10:
55:53:49:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVxuf0R9IQvcZp0g2MXYTdhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZDczNGNmOTBjNzczNDI4ODA2Yjk2ODIwOTUxNWI5MTQ4
MzFhOWQwHhcNMjMwMTAyMDkwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmI0MGZiYTIzZTkwNTY5ZDVlZTE1NzlhMTViYTc3MzlhOTY3NjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjqS3AG+CtbJiPUi3l4TIiBbLX7v
4sWFlCFx3e8ISxCzW+PJiaTibBIAJXreSCW8Khz7EVj/NcSBLizXb9st2s8abRGF
qC2tRD3AaZQoYG8q4RADWlPLWxmz8MFF/7TLWGLIwyGm4dfoKWDjG+oAt1++4/ie
IHbHL0EPsR22dLbz1AVycYLqxEqEnv/EZHH54o03vUdzL6aoy9JBa63eBeJM/nRB
FtEYNN27fmqJSxoKA2wa95T25PwSPx/4Osu2ZgSMKsjHcR5g16zCfZUa+1USEYsj
PM9a4woIgfvpsGn70g3fqbVAha4UFkLyWLGfyuHntrBtnS92T52GTAKKFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFa0D7oj6QVp1e4VeaFbp3OalnZAMB8GA1UdIwQY
MBaAFDrXNM+Qx3NCiAa5aCCVFbkUgxqdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMt
NzZhMWQ0ZDgzMTk3LzEvVnJRUHVpUHBCV25WN2hWNW9WdW5jNXFXZGtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS9lYmYzODEtMDBjOC00ODBkLWE2NmMtNzZhMWQ0ZDgzMTk3
LzEvT3RjMHo1REhjMEtJQnJsb0lKVVZ1UlNER3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCmFnoMA0E
AgACMAcDBQMqCTfAMA0GCSqGSIb3DQEBCwUAA4IBAQBd16CAha/HOFbbQ1V5HLuw
t8DHWO4tFN6UlgYX8KMwtygaZ6F+Qajcb8W7GcZGuxWHyvIKEgqJfPc9Bttc+iHd
P/CG/JJsRPDo1n6N/02Y4MblDSUjaYr7qt6NoIWsqlnfKHR4Nwv7fWzQTqYgRN7k
IlPe7HehwD1W1PRUqkvz2Bu6Py9GBgCsRCmx9fOm6/fbj9qTIydjlsf55D/9noED
fpSIbjMK3TxEtey04f7fszrKdCiccF+501OfcbLqmIlBu6T2lX8jkvPvZLGFyaDW
Kionuvci8cKaQeB14tslaXzcj+188yqa5yqjKwiY075vwCRqleJsoQXoRhBVU0li
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:19 2024 by rpki-client on console-ams.rpki-client.org