Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/tsk7JwqXEY0yA-q2zR5YBoN_oag.roa
File: tsk7JwqXEY0yA-q2zR5YBoN_oag.roa (raw, json)
Hash identifier: hWztTQjLpG6aqHR3eHZDFQc+oIRSEcIjuQw8TZqQ5Pg=
Subject key identifier: B6:C9:3B:27:0A:97:11:8D:32:03:EA:B6:CD:1E:58:06:83:7F:A1:A8
Certificate issuer: /CN=678cebf7eec3d5e0121e401170ce01ff3888d4ec
Certificate serial: 01856F2FD1FE56DCA1F605F2F8B4D3D09A35
Authority key identifier: 67:8C:EB:F7:EE:C3:D5:E0:12:1E:40:11:70:CE:01:FF:38:88:D4:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z4zr9-7D1eASHkARcM4B_ziI1Ow.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/tsk7JwqXEY0yA-q2zR5YBoN_oag.roa
Signing time: Sun 01 Jan 2023 21:14:42 +0000
ROA not before: Sun 01 Jan 2023 21:14:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43588
IP address blocks: 91.228.111.0/24 maxlen: 24
91.228.108.0/24 maxlen: 24
91.228.108.0/22 maxlen: 22
91.228.110.0/24 maxlen: 24
31.131.0.0/22 maxlen: 22
31.131.1.0/24 maxlen: 24
31.131.2.0/24 maxlen: 24
31.131.3.0/24 maxlen: 24
31.131.4.0/24 maxlen: 24
31.131.4.0/23 maxlen: 23
31.131.6.0/24 maxlen: 24
31.131.7.0/24 maxlen: 24
31.131.5.0/24 maxlen: 24
91.216.47.0/24 maxlen: 24
2a0a:6480::/29 maxlen: 29
Validation: Failed, certificate revoked on Mon 01 Jan 2024 06:29:52 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:2f:d1:fe:56:dc:a1:f6:05:f2:f8:b4:d3:d0:9a:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=678cebf7eec3d5e0121e401170ce01ff3888d4ec
Validity
Not Before: Jan 1 21:14:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b6c93b270a97118d3203eab6cd1e5806837fa1a8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:95:d0:35:4c:48:38:d7:ff:fd:4d:0f:fa:5e:
44:34:3e:ba:5e:63:ca:ea:5d:2d:81:a4:17:bc:e7:
82:18:2d:99:45:ea:63:d4:4d:07:d7:8f:7a:cf:51:
cd:db:31:e0:3e:22:6d:a8:25:9c:b0:b9:1e:42:a3:
00:fe:15:ed:5d:5e:3f:79:d2:14:ba:91:97:4d:8a:
87:2f:de:4a:91:51:45:36:98:b1:3a:3b:f4:6b:6a:
77:43:83:4e:58:52:02:ed:64:18:ce:67:c8:e7:34:
84:17:41:37:d7:ed:37:eb:1e:25:c2:8c:4a:0a:b0:
1b:9e:e2:c0:70:40:1a:01:70:e6:8d:c4:9d:5b:ed:
aa:90:b0:87:fb:e2:7c:c4:38:f6:27:ba:53:55:69:
6a:d4:67:30:69:34:f2:43:5b:f6:cc:68:4d:3d:19:
6c:b6:8b:dc:81:85:61:e4:29:87:c3:72:eb:6a:d3:
82:55:3a:d4:04:0b:65:87:2d:73:31:f9:f9:aa:1b:
bd:dd:93:1f:8f:d8:a7:3a:d5:5a:6f:06:7d:49:dd:
93:d2:08:35:93:e8:f6:17:a3:81:db:7d:be:66:d9:
71:96:78:4f:92:27:f2:e9:f6:60:b9:f0:bf:1f:71:
b0:82:7a:50:58:66:26:d2:ec:eb:a3:41:01:d6:c0:
0f:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:C9:3B:27:0A:97:11:8D:32:03:EA:B6:CD:1E:58:06:83:7F:A1:A8
X509v3 Authority Key Identifier:
keyid:67:8C:EB:F7:EE:C3:D5:E0:12:1E:40:11:70:CE:01:FF:38:88:D4:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z4zr9-7D1eASHkARcM4B_ziI1Ow.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/tsk7JwqXEY0yA-q2zR5YBoN_oag.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f2b87b-95e9-4cf8-abeb-6dfbba4edd59/1/Z4zr9-7D1eASHkARcM4B_ziI1Ow.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.131.0.0/21
91.216.47.0/24
91.228.108.0/22
IPv6:
2a0a:6480::/29
Signature Algorithm: sha256WithRSAEncryption
ba:81:00:21:3a:fa:4b:1c:ea:bd:97:07:d0:7d:09:5c:dd:2a:
a0:77:d6:db:03:2c:78:91:01:af:94:8b:24:1f:77:85:17:98:
89:9b:d2:1e:43:d2:3a:d7:01:7a:9c:1d:fb:75:6d:20:38:8f:
16:f5:9c:0a:26:66:1e:77:78:59:f1:31:be:7c:4a:cb:6c:4f:
8f:f3:b6:68:4c:59:7e:47:91:15:af:1c:1c:32:f4:3e:cf:a4:
f8:bf:63:22:39:ed:e2:b3:7f:49:25:8b:82:93:02:fd:b5:58:
de:29:93:38:73:c6:bb:42:97:b1:6b:b0:1b:70:c0:d0:b0:18:
e9:fe:d3:6f:50:76:7a:68:d1:16:18:f3:e7:35:a4:40:f0:ee:
9b:42:c6:9b:de:43:3e:30:e5:60:46:47:c3:1c:c1:92:6e:12:
d1:76:dd:06:71:c8:9b:70:07:21:9e:af:c3:66:93:60:c8:39:
bd:cc:c2:ab:b4:e5:d9:1c:d9:3d:c8:a8:13:39:50:f3:a4:28:
1f:7f:6f:90:5e:c3:8b:b5:d9:03:ec:b5:84:ed:eb:91:8c:74:
34:01:ce:ee:76:01:7e:de:97:c0:2d:8e:90:f8:43:ae:8c:27:
fb:19:ec:ac:e1:1d:ca:e5:9a:be:e4:fe:7a:7d:3e:b1:ef:0d:
5b:d4:b4:0d
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVvL9H+Vtyh9gXy+LTT0Jo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OGNlYmY3ZWVjM2Q1ZTAxMjFlNDAxMTcwY2UwMWZmMzg4
OGQ0ZWMwHhcNMjMwMTAxMjExNDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmM5M2IyNzBhOTcxMThkMzIwM2VhYjZjZDFlNTgwNjgzN2ZhMWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZXQNUxIONf//U0P+l5END66XmPK
6l0tgaQXvOeCGC2ZRepj1E0H1496z1HN2zHgPiJtqCWcsLkeQqMA/hXtXV4/edIU
upGXTYqHL95KkVFFNpixOjv0a2p3Q4NOWFIC7WQYzmfI5zSEF0E31+036x4lwoxK
CrAbnuLAcEAaAXDmjcSdW+2qkLCH++J8xDj2J7pTVWlq1GcwaTTyQ1v2zGhNPRls
tovcgYVh5CmHw3LratOCVTrUBAtlhy1zMfn5qhu93ZMfj9inOtVabwZ9Sd2T0gg1
k+j2F6OB232+ZtlxlnhPkify6fZgufC/H3GwgnpQWGYm0uzro0EB1sAPiQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLbJOycKlxGNMgPqts0eWAaDf6GoMB8GA1UdIwQY
MBaAFGeM6/fuw9XgEh5AEXDOAf84iNTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjR6cjktN0QxZUFTSGtBUmNNNEJfemlJMU93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mMmI4N2ItOTVlOS00Y2Y4LWFiZWIt
NmRmYmJhNGVkZDU5LzEvdHNrN0p3cVhFWTB5QS1xMnpSNVlCb05fb2FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mMmI4N2ItOTVlOS00Y2Y4LWFiZWItNmRmYmJhNGVkZDU5
LzEvWjR6cjktN0QxZUFTSGtBUmNNNEJfemlJMU93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQDH4MAAwQA
W9gvAwQCW+RsMA0EAgACMAcDBQMqCmSAMA0GCSqGSIb3DQEBCwUAA4IBAQC6gQAh
OvpLHOq9lwfQfQlc3Sqgd9bbAyx4kQGvlIskH3eFF5iJm9IeQ9I61wF6nB37dW0g
OI8W9ZwKJmYed3hZ8TG+fErLbE+P87ZoTFl+R5EVrxwcMvQ+z6T4v2MiOe3is39J
JYuCkwL9tVjeKZM4c8a7Qpexa7AbcMDQsBjp/tNvUHZ6aNEWGPPnNaRA8O6bQsab
3kM+MOVgRkfDHMGSbhLRdt0GccibcAchnq/DZpNgyDm9zMKrtOXZHNk9yKgTOVDz
pCgff2+QXsOLtdkD7LWE7euRjHQ0Ac7udgF+3pfALY6Q+EOujCf7Geys4R3K5Zq+
5P56fT6x7w1b1LQN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:05:30 2024 by rpki-client on console-ams.rpki-client.org