Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/4acb83-f940-4766-bca9-608e7d779bc7/1/QITpmwpjmo140R9DxXUpG-F_lrE.roa
File: QITpmwpjmo140R9DxXUpG-F_lrE.roa (raw, json)
Hash identifier: nehfALAg0sg0I0UnRs+lB9Z86iceswwWdk5H3Eg8+ew=
Subject key identifier: 40:84:E9:9B:0A:63:9A:8D:78:D1:1F:43:C5:75:29:1B:E1:7F:96:B1
Certificate issuer: /CN=b46320188098520c366277f749a4f77a1d444439
Certificate serial: 01856B1305DC8BBC9C1EE4A8E42533C89944
Authority key identifier: B4:63:20:18:80:98:52:0C:36:62:77:F7:49:A4:F7:7A:1D:44:44:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tGMgGICYUgw2Ynf3SaT3eh1ERDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/4acb83-f940-4766-bca9-608e7d779bc7/1/QITpmwpjmo140R9DxXUpG-F_lrE.roa
Signing time: Sun 01 Jan 2023 02:04:46 +0000
ROA not before: Sun 01 Jan 2023 02:04:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50957
IP address blocks: 78.31.104.0/21 maxlen: 21
185.98.196.0/22 maxlen: 22
5.153.248.0/21 maxlen: 21
213.170.0.0/19 maxlen: 19
31.25.184.0/21 maxlen: 21
37.128.128.0/21 maxlen: 21
89.200.136.0/21 maxlen: 21
77.73.0.0/21 maxlen: 21
2a02:24e0::/32 maxlen: 32
Validation: Failed, certificate revoked on Mon 01 Jan 2024 18:31:18 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:13:05:dc:8b:bc:9c:1e:e4:a8:e4:25:33:c8:99:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b46320188098520c366277f749a4f77a1d444439
Validity
Not Before: Jan 1 02:04:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4084e99b0a639a8d78d11f43c575291be17f96b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:83:41:95:c9:33:db:c1:ce:1f:cc:c4:73:a0:
7a:7e:9b:89:b7:3d:b5:54:cf:5a:48:78:c6:d4:8e:
50:3e:79:0f:19:f6:e8:02:45:b2:1f:fc:96:b8:cc:
91:64:ea:77:29:08:01:46:5b:37:ea:3d:e2:71:e5:
8d:33:5a:9f:d6:22:22:e5:b7:6e:36:fc:38:bc:68:
1f:58:de:ff:2d:80:6d:d9:13:b6:28:2e:26:6e:02:
f2:98:d3:01:93:35:c3:d0:60:6f:42:fd:b6:ff:4b:
06:c1:0c:97:be:94:c0:29:f5:bb:e5:02:9f:d0:d8:
78:75:44:c4:53:99:62:8b:37:0c:2f:68:da:df:e0:
4a:3a:5e:99:0d:4c:75:12:87:d2:43:a1:c8:c9:9c:
d9:9b:37:3e:cc:5f:4f:88:3a:e1:b4:90:25:9f:c8:
32:23:08:ea:16:eb:9a:49:5c:22:c9:84:5e:fe:00:
c6:53:f2:6c:f8:13:36:b8:27:22:c1:c3:12:62:44:
4f:6c:79:cf:bd:c5:26:02:7b:40:79:2d:6b:8b:16:
ce:60:55:bc:b7:4e:a3:e7:3e:cb:f8:52:91:05:ae:
50:ad:07:ea:cd:fa:37:e4:bb:37:69:91:ca:cc:e1:
39:0b:5f:ef:20:cd:79:a9:95:d2:73:2c:65:51:6d:
32:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:84:E9:9B:0A:63:9A:8D:78:D1:1F:43:C5:75:29:1B:E1:7F:96:B1
X509v3 Authority Key Identifier:
keyid:B4:63:20:18:80:98:52:0C:36:62:77:F7:49:A4:F7:7A:1D:44:44:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tGMgGICYUgw2Ynf3SaT3eh1ERDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/4acb83-f940-4766-bca9-608e7d779bc7/1/QITpmwpjmo140R9DxXUpG-F_lrE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/4acb83-f940-4766-bca9-608e7d779bc7/1/tGMgGICYUgw2Ynf3SaT3eh1ERDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.153.248.0/21
31.25.184.0/21
37.128.128.0/21
77.73.0.0/21
78.31.104.0/21
89.200.136.0/21
185.98.196.0/22
213.170.0.0/19
IPv6:
2a02:24e0::/32
Signature Algorithm: sha256WithRSAEncryption
44:fc:67:7b:e6:73:f1:61:cd:74:00:19:1e:c0:35:8e:7a:43:
8e:58:fd:87:60:61:59:cf:fc:11:16:8f:0a:4f:ee:c1:c1:10:
2e:2c:44:ae:c3:94:84:24:15:a3:96:ff:73:3e:29:2d:49:29:
1a:b7:bb:71:4c:8f:53:b3:a0:d2:31:b5:65:1a:f9:49:21:f4:
84:e7:5c:91:c8:bc:b2:35:47:c7:79:65:24:83:ed:75:13:22:
6e:0f:7d:df:e6:a2:2a:96:c1:06:25:e3:60:7e:b5:c5:36:17:
74:73:a5:5d:d1:cf:eb:60:29:d5:4c:4e:9b:ee:9e:6d:3c:07:
32:d3:03:8e:6b:da:0d:5a:68:3d:b1:53:e5:77:db:7a:2d:77:
cb:fb:f8:3a:b1:8d:da:8f:b0:7d:b8:c9:b6:54:54:79:ed:0d:
93:74:06:61:52:3a:35:87:4b:0a:69:0d:07:16:00:37:e1:7c:
e8:a0:1f:57:69:5f:a5:85:80:d2:82:a4:bb:5b:b0:e5:58:ae:
79:d0:71:10:9f:3e:f0:72:cd:37:98:a4:08:bb:53:0f:37:03:
f6:26:10:e8:0b:d2:2d:26:84:08:d5:65:df:0d:7d:69:01:53:
16:5d:23:1f:ed:fb:7f:b9:0b:cc:bc:78:41:bc:72:6a:59:c4:
2a:1b:e8:67
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVrEwXci7ycHuSo5CUzyJlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NjMyMDE4ODA5ODUyMGMzNjYyNzdmNzQ5YTRmNzdhMWQ0
NDQ0MzkwHhcNMjMwMTAxMDIwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDg0ZTk5YjBhNjM5YThkNzhkMTFmNDNjNTc1MjkxYmUxN2Y5NmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArINBlckz28HOH8zEc6B6fpuJtz21
VM9aSHjG1I5QPnkPGfboAkWyH/yWuMyRZOp3KQgBRls36j3iceWNM1qf1iIi5bdu
Nvw4vGgfWN7/LYBt2RO2KC4mbgLymNMBkzXD0GBvQv22/0sGwQyXvpTAKfW75QKf
0Nh4dUTEU5liizcML2ja3+BKOl6ZDUx1EofSQ6HIyZzZmzc+zF9PiDrhtJAln8gy
IwjqFuuaSVwiyYRe/gDGU/Js+BM2uCciwcMSYkRPbHnPvcUmAntAeS1rixbOYFW8
t06j5z7L+FKRBa5QrQfqzfo35Ls3aZHKzOE5C1/vIM15qZXScyxlUW0yJwIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFECE6ZsKY5qNeNEfQ8V1KRvhf5axMB8GA1UdIwQY
MBaAFLRjIBiAmFIMNmJ390mk93odREQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEdNZ0dJQ1lVZ3cyWW5mM1NhVDNlaDFFUkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC80YWNiODMtZjk0MC00NzY2LWJjYTkt
NjA4ZTdkNzc5YmM3LzEvUUlUcG13cGptbzE0MFI5RHhYVXBHLUZfbHJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC80YWNiODMtZjk0MC00NzY2LWJjYTktNjA4ZTdkNzc5YmM3
LzEvdEdNZ0dJQ1lVZ3cyWW5mM1NhVDNlaDFFUkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDBZn4AwQD
Hxm4AwQDJYCAAwQDTUkAAwQDTh9oAwQDWciIAwQCuWLEAwQF1aoAMA0EAgACMAcD
BQAqAiTgMA0GCSqGSIb3DQEBCwUAA4IBAQBE/Gd75nPxYc10ABkewDWOekOOWP2H
YGFZz/wRFo8KT+7BwRAuLESuw5SEJBWjlv9zPiktSSkat7txTI9Ts6DSMbVlGvlJ
IfSE51yRyLyyNUfHeWUkg+11EyJuD33f5qIqlsEGJeNgfrXFNhd0c6Vd0c/rYCnV
TE6b7p5tPAcy0wOOa9oNWmg9sVPld9t6LXfL+/g6sY3aj7B9uMm2VFR57Q2TdAZh
Ujo1h0sKaQ0HFgA34XzooB9XaV+lhYDSgqS7W7DlWK550HEQnz7wcs03mKQIu1MP
NwP2JhDoC9ItJoQI1WXfDX1pAVMWXSMf7ft/uQvMvHhBvHJqWcQqG+hn
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:01 2024 by rpki-client on console-ams.rpki-client.org