Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Ga5os0aRVjXNSy8B9cZEzQOIngc.roa
File: Ga5os0aRVjXNSy8B9cZEzQOIngc.roa (raw, json)
Hash identifier: VftkYw3n1/1mYp/RIM8oSXGR/JrJIg+et5ZL0KDmEWM=
Subject key identifier: 19:AE:68:B3:46:91:56:35:CD:4B:2F:01:F5:C6:44:CD:03:88:9E:07
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 0186183A758769859850E7B36BE2A828A47F
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Ga5os0aRVjXNSy8B9cZEzQOIngc.roa
Signing time: Fri 03 Feb 2023 17:02:09 +0000
ROA not before: Fri 03 Feb 2023 17:02:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 396356
IP address blocks: 64.137.121.0/24 maxlen: 24
64.137.37.0/24 maxlen: 24
64.137.36.0/24 maxlen: 24
216.173.104.0/24 maxlen: 24
216.173.105.0/24 maxlen: 24
104.239.28.0/24 maxlen: 24
104.239.44.0/24 maxlen: 24
104.238.7.0/24 maxlen: 24
104.239.73.0/24 maxlen: 24
104.239.88.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:18:3a:75:87:69:85:98:50:e7:b3:6b:e2:a8:28:a4:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Feb 3 17:02:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=19ae68b346915635cd4b2f01f5c644cd03889e07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:ab:d5:08:98:32:9c:ba:a0:ef:83:f5:07:58:
33:f5:83:f8:2c:f3:80:76:ac:df:c9:57:c2:a3:db:
b1:af:f8:75:93:7b:80:74:26:d7:a9:92:5d:60:08:
0f:f7:1a:bb:c2:91:40:bd:eb:b6:3a:69:16:55:d6:
e2:38:3a:2d:3b:94:c7:76:7d:c5:3e:d0:05:39:67:
ad:1f:b3:57:a6:67:55:9f:a4:0c:b5:5b:5a:a6:79:
69:7e:76:2e:93:e7:43:b5:d8:9b:69:78:d9:b4:be:
05:54:d0:d7:b4:78:34:ff:08:42:82:be:cd:93:e0:
bc:93:99:28:a7:a3:ab:3e:36:04:a6:55:5c:fd:5f:
d5:50:a2:60:9b:a9:78:14:0e:57:36:a8:ef:37:7f:
ba:fc:b6:2a:f3:5b:13:e5:34:91:ad:81:55:07:3b:
a1:7b:45:a4:82:88:7a:ae:e5:2a:61:d6:5f:43:37:
65:28:c3:52:17:69:29:4e:42:c9:e8:bc:09:3c:65:
58:50:b5:22:a1:ec:62:8b:90:5a:8c:7b:54:e2:26:
d7:08:5b:95:e8:7d:a5:b8:75:b4:45:a5:b1:6d:28:
4e:e5:9c:da:0b:87:dd:27:fe:95:32:ab:1a:a6:78:
9d:2c:6a:4f:61:94:ed:c4:89:a9:84:e7:19:47:f2:
b0:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:AE:68:B3:46:91:56:35:CD:4B:2F:01:F5:C6:44:CD:03:88:9E:07
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Ga5os0aRVjXNSy8B9cZEzQOIngc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.137.36.0/23
64.137.121.0/24
104.238.7.0/24
104.239.28.0/24
104.239.44.0/24
104.239.73.0/24
104.239.88.0/24
216.173.104.0/23
Signature Algorithm: sha256WithRSAEncryption
04:d6:db:0b:09:c2:b6:93:60:b5:88:2c:03:1e:a0:92:ac:2a:
0c:be:c2:d6:48:3d:30:ef:d8:4e:4f:6c:02:f4:9a:9c:9a:a3:
30:1e:ac:76:c0:61:f9:ba:b7:86:4b:96:1f:4b:68:c5:9f:44:
f1:40:cc:3a:57:d4:4a:7b:5f:20:0b:99:67:2e:3e:42:53:62:
23:5e:80:ad:46:fb:84:e9:cf:8c:39:be:0c:f4:93:97:df:94:
a9:c4:e5:c7:60:a5:46:ea:d8:fc:36:c6:7d:c3:16:61:eb:1c:
db:bf:b5:aa:7a:1b:68:cb:a5:c1:d6:13:68:c2:16:30:ee:92:
d0:74:bc:b1:b1:c5:6d:27:7f:2c:5c:bf:d1:93:08:c1:00:1c:
bf:75:d9:98:d6:63:c9:6b:9a:ad:cf:5c:92:d8:71:05:71:4f:
26:6e:22:38:76:a2:a9:a3:04:3a:5f:34:28:19:67:ed:dc:e8:
71:fc:40:02:29:e1:88:8d:9b:5f:c5:2b:7a:ee:db:b7:c5:7d:
94:78:90:db:97:e2:0e:dc:6f:d7:6a:f0:8d:ad:11:48:a7:ef:
d3:fb:cc:27:d1:04:32:5a:cc:c2:72:ca:62:91:70:5b:db:19:
de:07:16:17:01:4c:ba:59:1c:99:5b:c1:85:f1:83:5d:1d:c2:
6c:12:7c:c5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYYYOnWHaYWYUOeza+KoKKR/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMjAzMTcwMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWFlNjhiMzQ2OTE1NjM1Y2Q0YjJmMDFmNWM2NDRjZDAzODg5ZTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6vVCJgynLqg74P1B1gz9YP4LPOA
dqzfyVfCo9uxr/h1k3uAdCbXqZJdYAgP9xq7wpFAveu2OmkWVdbiODotO5THdn3F
PtAFOWetH7NXpmdVn6QMtVtapnlpfnYuk+dDtdibaXjZtL4FVNDXtHg0/whCgr7N
k+C8k5kop6OrPjYEplVc/V/VUKJgm6l4FA5XNqjvN3+6/LYq81sT5TSRrYFVBzuh
e0Wkgoh6ruUqYdZfQzdlKMNSF2kpTkLJ6LwJPGVYULUioexii5BajHtU4ibXCFuV
6H2luHW0RaWxbShO5ZzaC4fdJ/6VMqsapnidLGpPYZTtxImphOcZR/KwWwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBmuaLNGkVY1zUsvAfXGRM0DiJ4HMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvR2E1b3MwYVJWalhOU3k4QjljWkV6UU9JbmdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBQIkkAwQA
QIl5AwQAaO4HAwQAaO8cAwQAaO8sAwQAaO9JAwQAaO9YAwQB2K1oMA0GCSqGSIb3
DQEBCwUAA4IBAQAE1tsLCcK2k2C1iCwDHqCSrCoMvsLWSD0w79hOT2wC9JqcmqMw
Hqx2wGH5ureGS5YfS2jFn0TxQMw6V9RKe18gC5lnLj5CU2IjXoCtRvuE6c+MOb4M
9JOX35SpxOXHYKVG6tj8NsZ9wxZh6xzbv7Wqehtoy6XB1hNowhYw7pLQdLyxscVt
J38sXL/RkwjBABy/ddmY1mPJa5qtz1yS2HEFcU8mbiI4dqKpowQ6XzQoGWft3Ohx
/EACKeGIjZtfxSt67tu3xX2UeJDbl+IO3G/XavCNrRFIp+/T+8wn0QQyWszCcspi
kXBb2xneBxYXAUy6WRyZW8GF8YNdHcJsEnzF
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:09:54 2024 by rpki-client on console-ams.rpki-client.org