Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0cafoEXn5QCFbN7acfLo5QjsGcs.roa
File: 0cafoEXn5QCFbN7acfLo5QjsGcs.roa (raw, json)
Hash identifier: RWxr2EwIxilwH0Fxx4HCf69Fw6vsUaqMo8qI2ESHbP0=
Subject key identifier: D1:C6:9F:A0:45:E7:E5:00:85:6C:DE:DA:71:F2:E8:E5:08:EC:19:CB
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 01857368229D8D6E49D34F814A816451BD5F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0cafoEXn5QCFbN7acfLo5QjsGcs.roa
Signing time: Mon 02 Jan 2023 16:54:42 +0000
ROA not before: Mon 02 Jan 2023 16:54:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203790
IP address blocks: 45.148.116.0/24 maxlen: 24
45.148.119.0/24 maxlen: 24
194.50.111.0/24 maxlen: 24
2a0e:97c0:460::/44 maxlen: 48
2a0e:b107:12a0::/44 maxlen: 48
2a10:cc40:1d0::/44 maxlen: 48
2a0e:b101::/32 maxlen: 48
2a10:cc41:110::/44 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:68:22:9d:8d:6e:49:d3:4f:81:4a:81:64:51:bd:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Jan 2 16:54:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d1c69fa045e7e500856cdeda71f2e8e508ec19cb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:ff:0a:0a:c3:bf:78:72:aa:a7:77:ae:8d:ef:
43:18:ba:78:f9:ae:27:6b:97:bd:5f:1c:21:47:90:
81:fa:70:72:5a:6a:2d:47:fb:93:26:1d:cb:f2:27:
aa:00:60:6a:1a:b3:44:09:27:e6:cc:93:18:87:23:
9b:b5:0b:30:80:90:42:d8:d2:c2:1c:bc:81:fc:ca:
f4:3d:8b:6a:01:b7:9d:e3:e4:b9:f8:f9:51:55:ab:
58:46:64:98:6e:17:b6:8f:ad:d9:65:75:5e:ad:5a:
e4:73:96:57:54:4b:ff:0d:a4:3e:e6:6b:8e:26:d6:
16:ff:c3:6c:7c:02:aa:70:57:54:2d:85:4b:81:66:
c2:6a:16:c0:72:74:b3:8a:4d:42:67:7c:4e:9a:83:
41:e9:aa:5d:61:75:d2:85:12:27:a1:cb:89:10:f7:
45:0b:72:b3:b2:94:05:0b:06:62:fb:fc:12:7b:cc:
25:a8:b0:b1:ff:c7:11:2b:f2:cc:8b:94:8b:dd:4b:
77:e6:da:78:30:59:49:19:6a:a1:d6:68:09:ba:83:
a0:a9:a8:ea:f4:7b:18:44:39:da:8d:90:77:dc:aa:
fc:83:cc:e3:23:2c:14:9a:e4:88:9d:5a:68:3a:e2:
cd:25:df:56:18:33:02:99:85:db:a0:66:84:e6:96:
d3:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:C6:9F:A0:45:E7:E5:00:85:6C:DE:DA:71:F2:E8:E5:08:EC:19:CB
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/0cafoEXn5QCFbN7acfLo5QjsGcs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.148.116.0/24
45.148.119.0/24
194.50.111.0/24
IPv6:
2a0e:97c0:460::/44
2a0e:b101::/32
2a0e:b107:12a0::/44
2a10:cc40:1d0::/44
2a10:cc41:110::/44
Signature Algorithm: sha256WithRSAEncryption
45:25:30:53:5e:a7:40:cb:47:9f:df:ee:53:ba:7e:83:24:1c:
7d:c0:44:4d:02:d6:21:8c:2c:db:5d:f8:8a:31:2b:44:f5:78:
ce:02:a9:c6:f7:64:46:e3:a2:fb:c3:2e:b7:29:2a:c5:3f:e7:
a8:72:ad:23:e2:cf:aa:81:15:cb:71:d0:c7:37:f0:09:9a:86:
41:e0:89:ff:44:d9:49:11:e7:48:c0:98:9a:3d:75:db:33:b0:
ff:38:f4:56:b2:0a:90:0c:22:10:bb:84:e4:33:10:6e:eb:80:
cc:f1:b0:17:6c:a8:e9:2c:7a:71:48:a8:c9:44:68:d1:a8:f2:
92:38:10:43:41:3c:a4:fb:7d:b7:5f:07:94:cb:34:07:5c:43:
a8:54:a5:81:10:5d:15:24:3f:cb:00:ba:1b:e7:b1:21:a1:f9:
c2:de:2e:62:65:bd:c6:6c:8c:08:d2:b4:64:9d:64:61:db:ba:
5f:58:b1:d4:68:17:89:a5:d4:86:62:f7:e9:aa:d0:2a:77:74:
e7:b8:5d:69:7d:ac:38:8a:46:36:8b:6e:69:9d:49:d7:49:d3:
81:ac:1b:a7:a1:86:5e:a0:04:3a:c6:3d:5e:08:c0:c0:fc:e7:
82:7c:c4:73:98:bd:9d:9c:17:09:58:9a:35:21:8f:87:03:45:
bf:b4:26:b7
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVzaCKdjW5J00+BSoFkUb1fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMTY1NDQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWM2OWZhMDQ1ZTdlNTAwODU2Y2RlZGE3MWYyZThlNTA4ZWMxOWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmP8KCsO/eHKqp3euje9DGLp4+a4n
a5e9XxwhR5CB+nByWmotR/uTJh3L8ieqAGBqGrNECSfmzJMYhyObtQswgJBC2NLC
HLyB/Mr0PYtqAbed4+S5+PlRVatYRmSYbhe2j63ZZXVerVrkc5ZXVEv/DaQ+5muO
JtYW/8NsfAKqcFdULYVLgWbCahbAcnSzik1CZ3xOmoNB6apdYXXShRInocuJEPdF
C3KzspQFCwZi+/wSe8wlqLCx/8cRK/LMi5SL3Ut35tp4MFlJGWqh1mgJuoOgqajq
9HsYRDnajZB33Kr8g8zjIywUmuSInVpoOuLNJd9WGDMCmYXboGaE5pbTnQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFNHGn6BF5+UAhWze2nHy6OUI7BnLMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMGNhZm9FWG41UUNGYk43YWNmTG81UWpzR2NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAYBAIAATASAwQALZR0AwQA
LZR3AwQAwjJvMDEEAgACMCsDBwQqDpfABGADBQAqDrEBAwcEKg6xBxKgAwcEKhDM
QAHQAwcEKhDMQQEQMA0GCSqGSIb3DQEBCwUAA4IBAQBFJTBTXqdAy0ef3+5Tun6D
JBx9wERNAtYhjCzbXfiKMStE9XjOAqnG92RG46L7wy63KSrFP+eocq0j4s+qgRXL
cdDHN/AJmoZB4In/RNlJEedIwJiaPXXbM7D/OPRWsgqQDCIQu4TkMxBu64DM8bAX
bKjpLHpxSKjJRGjRqPKSOBBDQTyk+323XweUyzQHXEOoVKWBEF0VJD/LALob57Eh
ofnC3i5iZb3GbIwI0rRknWRh27pfWLHUaBeJpdSGYvfpqtAqd3TnuF1pfaw4ikY2
i25pnUnXSdOBrBunoYZeoAQ6xj1eCMDA/OeCfMRzmL2dnBcJWJo1IY+HA0W/tCa3
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:51:53 2023 by rpki-client on console-ams.rpki-client.org