Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/HbYxPmV8INZlZ5mAfvthpW3gBo4.roa
File: HbYxPmV8INZlZ5mAfvthpW3gBo4.roa (raw, json)
Hash identifier: A/4ZLLCiq5mtMaBwKMi0fiSsnRHLkzoI9HEmQNnp29s=
Subject key identifier: 1D:B6:31:3E:65:7C:20:D6:65:67:99:80:7E:FB:61:A5:6D:E0:06:8E
Certificate issuer: /CN=704ab9688427073ff7e179de5af002e09f236013
Certificate serial: 01859698DEC2E58280B6412FDE74727B4917
Authority key identifier: 70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/HbYxPmV8INZlZ5mAfvthpW3gBo4.roa
Signing time: Mon 09 Jan 2023 12:54:38 +0000
ROA not before: Mon 09 Jan 2023 12:54:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 52102
IP address blocks: 5.102.136.0/24 maxlen: 24
5.102.136.0/23 maxlen: 23
5.102.138.0/23 maxlen: 23
5.102.138.0/24 maxlen: 24
5.102.137.0/24 maxlen: 24
5.102.139.0/24 maxlen: 24
5.102.143.0/24 maxlen: 24
5.102.142.0/24 maxlen: 24
5.102.142.0/23 maxlen: 23
5.102.140.0/24 maxlen: 24
5.102.140.0/23 maxlen: 23
5.102.141.0/24 maxlen: 24
91.221.230.0/23 maxlen: 24
91.221.230.0/24 maxlen: 24
91.221.231.0/24 maxlen: 24
2a04:8880::/32 maxlen: 32
2a04:8881::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:96:98:de:c2:e5:82:80:b6:41:2f:de:74:72:7b:49:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=704ab9688427073ff7e179de5af002e09f236013
Validity
Not Before: Jan 9 12:54:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1db6313e657c20d6656799807efb61a56de0068e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:67:43:63:e5:e2:3f:b8:51:0d:9a:99:a5:e8:
6d:f7:89:b1:98:ac:c9:8a:c8:32:19:a5:04:cd:ed:
a1:9b:38:eb:97:5b:ff:6a:26:80:90:20:9e:4e:dd:
4a:c0:18:d1:39:d5:10:1f:89:0a:b0:ab:d2:7c:f0:
f1:63:a0:62:c8:a8:55:ca:a3:91:a7:41:a7:17:c9:
59:e0:c1:92:83:c2:6c:20:1f:8c:96:a7:b3:d5:f0:
d2:da:f7:0f:f0:4f:06:02:33:48:fc:b9:99:6b:51:
2f:a2:96:d9:83:40:85:4a:60:27:2d:03:29:78:20:
1e:0c:dc:9c:d0:f6:77:26:2f:e3:38:dc:3f:32:f6:
48:1b:fb:f4:85:c7:c8:67:de:f4:74:95:76:06:f6:
96:5b:62:5a:ff:c8:d2:aa:2d:7d:ba:12:0a:2e:2a:
e6:ed:a3:cb:db:53:d6:02:f0:7a:9c:89:84:0c:55:
d0:4c:1b:8a:3a:9b:b1:92:ec:06:8f:4c:5d:88:8a:
d0:37:ad:03:e6:9a:28:06:b0:06:52:e1:05:18:a9:
35:68:9d:9c:44:35:5c:dd:c3:20:82:f1:0a:38:b3:
69:84:b5:e0:ec:98:0d:f3:49:79:a8:09:92:cc:98:
ca:52:a9:1e:db:77:79:cb:7d:8d:e7:97:d4:f1:b3:
1e:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:B6:31:3E:65:7C:20:D6:65:67:99:80:7E:FB:61:A5:6D:E0:06:8E
X509v3 Authority Key Identifier:
keyid:70:4A:B9:68:84:27:07:3F:F7:E1:79:DE:5A:F0:02:E0:9F:23:60:13
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cEq5aIQnBz_34XneWvAC4J8jYBM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/HbYxPmV8INZlZ5mAfvthpW3gBo4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/59/c244b3-8fc1-4685-8fb2-46a8b191a374/1/cEq5aIQnBz_34XneWvAC4J8jYBM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.136.0/21
91.221.230.0/23
IPv6:
2a04:8880::/31
Signature Algorithm: sha256WithRSAEncryption
64:9e:45:a1:02:5e:46:f2:7d:e6:2f:a3:6c:43:3a:07:7e:75:
04:b0:ac:4e:f6:21:9e:0d:26:9b:83:8a:d8:2b:4a:51:f6:55:
35:06:bc:6d:02:b8:20:4a:88:a0:e7:bc:67:31:82:62:a6:e0:
cf:f8:15:29:23:45:13:0f:3e:5e:c7:d2:89:8a:39:b8:28:3a:
30:82:44:1a:dd:8a:1e:40:9e:af:bb:5a:71:71:58:87:a7:94:
92:5f:d2:85:09:4c:61:38:8d:2f:e6:5a:74:da:35:39:60:3b:
61:1b:75:c2:1a:a0:0a:76:25:5e:e9:9e:00:56:f9:a3:38:e6:
23:5a:02:ed:eb:df:73:a1:02:0f:f4:58:9e:01:0d:63:df:76:
11:06:8a:d1:2c:92:5a:80:68:d5:ae:2b:0f:13:20:59:57:26:
f8:10:36:30:10:19:7b:1b:57:d6:e6:91:2b:86:e2:dd:53:57:
2b:7a:8a:6e:0d:73:13:c7:40:1e:99:fa:0f:83:f4:89:81:d5:
76:ce:dd:51:5d:3c:e6:93:8b:55:e9:dc:3c:23:c2:e8:8e:b6:
4c:4c:18:44:fe:7f:a5:6d:f6:21:81:9b:ff:c8:97:05:62:70:
58:7a:f1:4f:07:d7:c3:72:ac:7c:50:1b:7e:b3:ca:30:d4:75:
c7:15:10:f1
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYWWmN7C5YKAtkEv3nRye0kXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNGFiOTY4ODQyNzA3M2ZmN2UxNzlkZTVhZjAwMmUwOWYy
MzYwMTMwHhcNMjMwMTA5MTI1NDM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGI2MzEzZTY1N2MyMGQ2NjU2Nzk5ODA3ZWZiNjFhNTZkZTAwNjhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2dDY+XiP7hRDZqZpeht94mxmKzJ
isgyGaUEze2hmzjrl1v/aiaAkCCeTt1KwBjROdUQH4kKsKvSfPDxY6BiyKhVyqOR
p0GnF8lZ4MGSg8JsIB+Mlqez1fDS2vcP8E8GAjNI/LmZa1EvopbZg0CFSmAnLQMp
eCAeDNyc0PZ3Ji/jONw/MvZIG/v0hcfIZ970dJV2BvaWW2Ja/8jSqi19uhIKLirm
7aPL21PWAvB6nImEDFXQTBuKOpuxkuwGj0xdiIrQN60D5pooBrAGUuEFGKk1aJ2c
RDVc3cMggvEKOLNphLXg7JgN80l5qAmSzJjKUqke23d5y32N55fU8bMeCwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFB22MT5lfCDWZWeZgH77YaVt4AaOMB8GA1UdIwQY
MBaAFHBKuWiEJwc/9+F53lrwAuCfI2ATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjIt
NDZhOGIxOTFhMzc0LzEvSGJZeFBtVjhJTlpsWjVtQWZ2dGhwVzNnQm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9jMjQ0YjMtOGZjMS00Njg1LThmYjItNDZhOGIxOTFhMzc0
LzEvY0VxNWFJUW5Cel8zNFhuZVd2QUM0SjhqWUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDBWaIAwQB
W93mMA0EAgACMAcDBQEqBIiAMA0GCSqGSIb3DQEBCwUAA4IBAQBknkWhAl5G8n3m
L6NsQzoHfnUEsKxO9iGeDSabg4rYK0pR9lU1BrxtArggSoig57xnMYJipuDP+BUp
I0UTDz5ex9KJijm4KDowgkQa3YoeQJ6vu1pxcViHp5SSX9KFCUxhOI0v5lp02jU5
YDthG3XCGqAKdiVe6Z4AVvmjOOYjWgLt699zoQIP9FieAQ1j33YRBorRLJJagGjV
risPEyBZVyb4EDYwEBl7G1fW5pErhuLdU1creopuDXMTx0AemfoPg/SJgdV2zt1R
XTzmk4tV6dw8I8LojrZMTBhE/n+lbfYhgZv/yJcFYnBYevFPB9fDcqx8UBt+s8ow
1HXHFRDx
-----END CERTIFICATE-----
Generated at Mon Jan 1 17:14:08 2024 by rpki-client on console-ams.rpki-client.org