Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zp1CsJVd7FgOUkxfO-9raC6xpCY.roa
File: Zp1CsJVd7FgOUkxfO-9raC6xpCY.roa (raw, json)
Hash identifier: 9/at4h0ea0Rv7snSIayGDyJOcPuof00nZZauvILZSuk=
Subject key identifier: 66:9D:42:B0:95:5D:EC:58:0E:52:4C:5F:3B:EF:6B:68:2E:B1:A4:26
Certificate issuer: /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial: 018572BA9BA5F0747F5832B28998F3DFD962
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zp1CsJVd7FgOUkxfO-9raC6xpCY.roa
Signing time: Mon 02 Jan 2023 13:45:10 +0000
ROA not before: Mon 02 Jan 2023 13:45:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203790
IP address blocks: 45.148.116.0/24 maxlen: 24
45.148.119.0/24 maxlen: 24
194.50.111.0/24 maxlen: 24
2a0e:97c0:460::/44 maxlen: 48
2a0e:b107:12a0::/44 maxlen: 48
2a10:cc40:1d0::/44 maxlen: 48
2a0e:b101::/32 maxlen: 48
2a10:cc41:110::/44 maxlen: 48
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:ba:9b:a5:f0:74:7f:58:32:b2:89:98:f3:df:d9:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Validity
Not Before: Jan 2 13:45:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=669d42b0955dec580e524c5f3bef6b682eb1a426
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:96:00:de:c9:a7:2c:b5:6b:61:c5:ea:2f:3a:
d1:b2:75:3d:72:2e:2d:1f:07:09:24:56:13:6f:b7:
af:8d:b4:fd:3a:54:7c:36:b8:9a:10:c4:fe:c3:3c:
6d:06:9b:9f:5d:91:aa:dd:ff:2b:5d:ce:4d:7b:22:
7a:15:ad:53:81:1d:b9:90:34:6e:e1:63:94:be:de:
7a:35:94:7e:00:43:32:e0:83:86:e9:61:d6:00:ec:
0a:33:9a:1c:ba:f5:7a:5a:d5:4c:f7:5c:16:f7:56:
98:19:89:1e:2b:5b:17:84:7b:67:84:ad:a5:c7:1b:
b1:5d:3a:0c:4a:61:61:09:e0:9f:87:e4:b4:c1:2f:
ff:23:2c:f6:f4:dc:f1:a1:db:92:57:c5:37:6b:b2:
af:55:ec:62:2b:46:3a:d1:ac:6c:09:d0:72:e1:3b:
3a:8e:87:82:aa:36:96:9a:f5:d1:3f:e3:13:29:d1:
fd:5c:80:36:ae:de:7c:a1:a0:d2:84:31:3d:e0:d2:
aa:06:77:db:a2:25:35:5f:78:e8:b3:f9:87:64:36:
2a:af:fd:9b:28:fb:43:0b:79:be:ad:50:35:b2:25:
4b:46:10:7c:4e:87:c0:a7:80:3e:4e:4d:e3:82:10:
15:3c:ce:de:45:57:79:75:1a:a9:b4:3d:03:47:4b:
d2:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
66:9D:42:B0:95:5D:EC:58:0E:52:4C:5F:3B:EF:6B:68:2E:B1:A4:26
X509v3 Authority Key Identifier:
keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Zp1CsJVd7FgOUkxfO-9raC6xpCY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.148.116.0/24
45.148.119.0/24
194.50.111.0/24
IPv6:
2a0e:97c0:460::/44
2a0e:b101::/32
2a0e:b107:12a0::/44
2a10:cc40:1d0::/44
2a10:cc41:110::/44
Signature Algorithm: sha256WithRSAEncryption
23:42:d7:ab:57:8a:14:dd:b4:02:55:74:a0:2e:1b:7a:5b:45:
9c:3b:ad:5a:8f:83:20:ef:cc:21:5b:4b:7b:16:5f:a5:27:b3:
15:b0:84:f0:3b:80:15:4e:b8:2c:2e:cf:51:88:e6:2c:dc:d5:
87:8e:a7:7f:3a:5a:b3:96:35:98:09:88:2d:e2:d2:54:cb:ca:
a8:b3:e8:6f:65:6f:ad:76:72:e2:11:6c:05:31:89:a0:33:17:
0d:af:27:dc:7f:6b:62:ca:95:55:94:d4:52:91:53:35:20:00:
b6:a6:fd:fa:3d:44:0c:04:87:12:71:6f:e4:5b:05:d7:62:b8:
98:8b:49:a6:3e:2b:32:5c:2f:e7:41:3c:2a:2c:17:e2:c3:9c:
53:bf:5e:f2:c2:6f:f8:9d:be:dd:de:ad:d9:77:af:3d:51:18:
fa:60:c3:a6:f1:9c:f9:41:f2:57:49:ab:46:ff:9a:2a:01:ec:
ca:29:94:f1:ab:42:37:99:32:a2:d3:d7:bd:97:f0:97:8c:a1:
6d:7e:00:16:84:1a:20:41:88:5c:93:2f:d7:d2:45:e2:6a:08:
b5:23:4d:0f:df:c2:2f:58:c8:c2:a8:22:49:74:57:d8:32:af:
96:17:e6:50:8c:e9:1a:55:f1:db:31:3b:b7:c7:a8:22:a3:a8:
ba:98:a2:68
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYVyupul8HR/WDKyiZjz39liMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwMTAyMTM0NTEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjlkNDJiMDk1NWRlYzU4MGU1MjRjNWYzYmVmNmI2ODJlYjFhNDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8JYA3smnLLVrYcXqLzrRsnU9ci4t
HwcJJFYTb7evjbT9OlR8NriaEMT+wzxtBpufXZGq3f8rXc5NeyJ6Fa1TgR25kDRu
4WOUvt56NZR+AEMy4IOG6WHWAOwKM5ocuvV6WtVM91wW91aYGYkeK1sXhHtnhK2l
xxuxXToMSmFhCeCfh+S0wS//Iyz29NzxoduSV8U3a7KvVexiK0Y60axsCdBy4Ts6
joeCqjaWmvXRP+MTKdH9XIA2rt58oaDShDE94NKqBnfboiU1X3jos/mHZDYqr/2b
KPtDC3m+rVA1siVLRhB8TofAp4A+Tk3jghAVPM7eRVd5dRqptD0DR0vSQQIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFGadQrCVXexYDlJMXzvva2gusaQmMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWnAxQ3NKVmQ3RmdPVWt4Zk8tOXJhQzZ4cENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF4GCCsGAQUFBwEHAQH/BE8wTTAYBAIAATASAwQALZR0AwQA
LZR3AwQAwjJvMDEEAgACMCsDBwQqDpfABGADBQAqDrEBAwcEKg6xBxKgAwcEKhDM
QAHQAwcEKhDMQQEQMA0GCSqGSIb3DQEBCwUAA4IBAQAjQterV4oU3bQCVXSgLht6
W0WcO61aj4Mg78whW0t7Fl+lJ7MVsITwO4AVTrgsLs9RiOYs3NWHjqd/OlqzljWY
CYgt4tJUy8qos+hvZW+tdnLiEWwFMYmgMxcNryfcf2tiypVVlNRSkVM1IAC2pv36
PUQMBIcScW/kWwXXYriYi0mmPisyXC/nQTwqLBfiw5xTv17ywm/4nb7d3q3Zd689
URj6YMOm8Zz5QfJXSatG/5oqAezKKZTxq0I3mTKi09e9l/CXjKFtfgAWhBogQYhc
ky/X0kXiagi1I00P38IvWMjCqCJJdFfYMq+WF+ZQjOkaVfHbMTu3x6gio6i6mKJo
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:17 2023 by rpki-client on console-fra.rpki-client.org