Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/b1016c-121a-4988-b890-ecc4c1c36b0d/1/KNOkpzLYm-4IYDxGk2cNGpDn8FQ.roa
File: KNOkpzLYm-4IYDxGk2cNGpDn8FQ.roa (raw, json)
Hash identifier: XNi3W44rMxP7wADyWTajMBfWKSafPVoDe3IDHJqDITE=
Subject key identifier: 28:D3:A4:A7:32:D8:9B:EE:08:60:3C:46:93:67:0D:1A:90:E7:F0:54
Certificate issuer: /CN=03590f562050d9769ed57b07b1bc931ecddf1397
Certificate serial: 01857139F31EE0C93C06449B76D709A62D50
Authority key identifier: 03:59:0F:56:20:50:D9:76:9E:D5:7B:07:B1:BC:93:1E:CD:DF:13:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/A1kPViBQ2Xae1XsHsbyTHs3fE5c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/b1016c-121a-4988-b890-ecc4c1c36b0d/1/KNOkpzLYm-4IYDxGk2cNGpDn8FQ.roa
Signing time: Mon 02 Jan 2023 06:45:01 +0000
ROA not before: Mon 02 Jan 2023 06:45:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47322
IP address blocks: 171.25.227.0/24 maxlen: 24
195.182.52.0/24 maxlen: 24
185.151.74.0/24 maxlen: 24
185.151.75.0/24 maxlen: 24
185.151.72.0/24 maxlen: 24
185.151.73.0/24 maxlen: 24
171.25.226.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:39:f3:1e:e0:c9:3c:06:44:9b:76:d7:09:a6:2d:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=03590f562050d9769ed57b07b1bc931ecddf1397
Validity
Not Before: Jan 2 06:45:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=28d3a4a732d89bee08603c4693670d1a90e7f054
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:15:a6:10:d1:93:b5:cb:4c:11:45:a9:8d:7f:
05:c0:b0:9b:fe:ed:c2:01:f2:5c:2e:74:05:5e:ed:
33:91:ee:21:c5:5a:71:7d:93:22:20:e4:bb:7e:7c:
d8:05:d5:c2:2b:b1:44:c8:b5:9c:ac:ad:e7:26:6b:
ca:d9:3a:d5:b5:14:41:44:52:23:5f:d2:57:f7:87:
f8:59:36:1f:f9:b4:51:0c:d0:58:ef:36:69:aa:f4:
97:84:59:0d:82:fa:73:51:33:d9:c5:1d:9d:89:4f:
6f:23:bb:54:31:f4:1a:32:9d:e6:18:c3:05:64:c7:
26:66:85:b4:1a:38:e6:53:48:da:c5:58:32:d6:67:
99:15:ee:74:1e:20:01:d2:1e:a2:a2:cd:65:82:9e:
78:8e:05:1c:9c:b9:6e:8d:e4:14:ea:f3:0f:f7:7e:
2c:5c:3c:5d:4f:ed:25:77:13:87:b9:5a:f6:48:b7:
39:38:70:b9:4a:5a:3b:4f:9d:d4:6f:2c:31:e3:3a:
01:9e:e6:d9:95:09:d8:86:64:a3:eb:36:d3:d2:f3:
f6:95:bb:50:ac:a9:33:1c:b6:2b:00:ef:ae:9c:50:
fb:ee:e7:3c:58:52:c0:44:30:b9:f3:53:21:ed:ee:
9f:92:99:6e:0c:53:6c:a4:53:18:99:17:29:c1:4f:
46:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:D3:A4:A7:32:D8:9B:EE:08:60:3C:46:93:67:0D:1A:90:E7:F0:54
X509v3 Authority Key Identifier:
keyid:03:59:0F:56:20:50:D9:76:9E:D5:7B:07:B1:BC:93:1E:CD:DF:13:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A1kPViBQ2Xae1XsHsbyTHs3fE5c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/b1016c-121a-4988-b890-ecc4c1c36b0d/1/KNOkpzLYm-4IYDxGk2cNGpDn8FQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/b1016c-121a-4988-b890-ecc4c1c36b0d/1/A1kPViBQ2Xae1XsHsbyTHs3fE5c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.25.226.0/23
185.151.72.0/22
195.182.52.0/24
Signature Algorithm: sha256WithRSAEncryption
a6:d8:3a:a9:0a:62:ca:44:6c:dc:df:28:eb:3d:66:f5:ea:41:
2f:81:42:86:ac:de:6b:66:d5:e4:1e:7d:c3:bf:d7:72:84:64:
be:7f:fd:45:bc:d0:ab:2c:9e:43:31:bb:3f:68:0d:51:e3:38:
f0:f4:f7:18:85:60:c3:ee:e9:f5:05:db:e5:79:00:ec:7f:0c:
f6:36:15:eb:36:0e:ab:59:e7:70:4b:20:1e:4e:5a:f4:a3:21:
53:10:e6:95:dd:e6:2a:fb:12:b9:3a:5d:84:6c:5a:a5:29:7a:
e7:07:3c:d3:50:02:97:e1:c3:71:1f:ae:e4:16:e6:64:08:29:
02:7c:7f:64:63:1a:e3:b4:f7:07:4c:ad:30:01:ea:a8:03:34:
fe:28:93:6c:db:03:0b:3e:93:9e:46:94:3a:03:33:b7:61:1a:
78:86:a3:66:39:22:28:09:45:b1:48:eb:20:40:42:db:dd:1e:
65:e7:60:89:b2:e1:6b:42:87:27:3c:de:74:26:8f:46:65:6f:
52:f4:b4:26:41:55:7f:64:e0:df:de:d7:2b:f0:c3:1e:4f:fe:
3b:18:4c:f6:07:a0:5c:2c:e1:02:ab:30:45:81:54:25:6c:7f:
93:99:2d:28:17:12:15:1c:4e:68:ab:02:2a:cc:ab:43:e1:73:
7e:45:23:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVxOfMe4Mk8BkSbdtcJpi1QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAzNTkwZjU2MjA1MGQ5NzY5ZWQ1N2IwN2IxYmM5MzFlY2Rk
ZjEzOTcwHhcNMjMwMTAyMDY0NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQzYTRhNzMyZDg5YmVlMDg2MDNjNDY5MzY3MGQxYTkwZTdmMDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshWmENGTtctMEUWpjX8FwLCb/u3C
AfJcLnQFXu0zke4hxVpxfZMiIOS7fnzYBdXCK7FEyLWcrK3nJmvK2TrVtRRBRFIj
X9JX94f4WTYf+bRRDNBY7zZpqvSXhFkNgvpzUTPZxR2diU9vI7tUMfQaMp3mGMMF
ZMcmZoW0GjjmU0jaxVgy1meZFe50HiAB0h6ios1lgp54jgUcnLlujeQU6vMP934s
XDxdT+0ldxOHuVr2SLc5OHC5Slo7T53Ubywx4zoBnubZlQnYhmSj6zbT0vP2lbtQ
rKkzHLYrAO+unFD77uc8WFLARDC581Mh7e6fkpluDFNspFMYmRcpwU9GOwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCjTpKcy2JvuCGA8RpNnDRqQ5/BUMB8GA1UdIwQY
MBaAFANZD1YgUNl2ntV7B7G8kx7N3xOXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQTFrUFZpQlEyWGFlMVhzSHNieVRIczNmRTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9iMTAxNmMtMTIxYS00OTg4LWI4OTAt
ZWNjNGMxYzM2YjBkLzEvS05Pa3B6TFltLTRJWUR4R2syY05HcERuOEZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9iMTAxNmMtMTIxYS00OTg4LWI4OTAtZWNjNGMxYzM2YjBk
LzEvQTFrUFZpQlEyWGFlMVhzSHNieVRIczNmRTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBqxniAwQC
uZdIAwQAw7Y0MA0GCSqGSIb3DQEBCwUAA4IBAQCm2DqpCmLKRGzc3yjrPWb16kEv
gUKGrN5rZtXkHn3Dv9dyhGS+f/1FvNCrLJ5DMbs/aA1R4zjw9PcYhWDD7un1Bdvl
eQDsfwz2NhXrNg6rWedwSyAeTlr0oyFTEOaV3eYq+xK5Ol2EbFqlKXrnBzzTUAKX
4cNxH67kFuZkCCkCfH9kYxrjtPcHTK0wAeqoAzT+KJNs2wMLPpOeRpQ6AzO3YRp4
hqNmOSIoCUWxSOsgQELb3R5l52CJsuFrQocnPN50Jo9GZW9S9LQmQVV/ZODf3tcr
8MMeT/47GEz2B6BcLOECqzBFgVQlbH+TmS0oFxIVHE5oqwIqzKtD4XN+RSMO
-----END CERTIFICATE-----
Generated at Mon Jan 1 04:56:31 2024 by rpki-client on console-fra.rpki-client.org