Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KPBpYqy_Vog8CxKNrZ5zkPzZf98.roa
File: KPBpYqy_Vog8CxKNrZ5zkPzZf98.roa (raw, json)
Hash identifier: 9FAoACYqODsVt3g+dC0J1XUP/CE1vsYPZiYaabfgwdE=
Subject key identifier: 28:F0:69:62:AC:BF:56:88:3C:0B:12:8D:AD:9E:73:90:FC:D9:7F:DF
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 018608ED458B2517F67A3126B5A20C5A2D62
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KPBpYqy_Vog8CxKNrZ5zkPzZf98.roa
Signing time: Tue 31 Jan 2023 17:43:32 +0000
ROA not before: Tue 31 Jan 2023 17:43:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 262287
IP address blocks: 64.137.121.0/24 maxlen: 24
64.137.37.0/24 maxlen: 24
64.137.36.0/24 maxlen: 24
216.173.105.0/24 maxlen: 24
216.173.104.0/24 maxlen: 24
104.239.28.0/24 maxlen: 24
104.239.44.0/24 maxlen: 24
104.238.7.0/24 maxlen: 24
104.239.73.0/24 maxlen: 24
104.239.88.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:08:ed:45:8b:25:17:f6:7a:31:26:b5:a2:0c:5a:2d:62
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Jan 31 17:43:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=28f06962acbf56883c0b128dad9e7390fcd97fdf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:67:ee:73:98:21:43:9a:f1:7d:7e:26:97:4f:
ec:5c:46:a4:c9:29:45:66:13:aa:ca:6c:86:81:99:
ef:b9:8d:da:00:ae:0d:ae:b5:1e:0a:3d:ca:b3:7a:
a4:dd:4e:40:92:7a:95:51:47:be:a7:2d:9c:30:09:
66:6c:00:b3:ee:53:7c:ed:0c:21:43:35:ef:0f:37:
7a:3f:9d:94:e1:18:40:e1:f4:f6:6b:ef:b9:12:fe:
58:c4:03:e5:98:46:85:50:e4:3e:fa:87:b1:28:0b:
32:83:ef:8d:3d:1e:77:60:00:a7:7b:ba:b7:cc:78:
08:7a:24:38:ce:db:e9:0c:bc:8d:13:79:ec:0b:df:
80:26:99:29:3e:d6:35:cc:d9:58:1e:ef:3e:19:2c:
9d:6b:4f:57:31:03:54:03:66:69:38:dd:3b:fd:f9:
19:f9:2e:b4:13:d6:a6:c0:92:04:c6:82:20:a5:a6:
79:c5:cd:dc:7b:b5:66:57:f5:5d:2f:cb:54:69:89:
52:69:c9:7a:c9:9a:ac:d6:ad:61:58:4d:22:f4:a5:
72:90:1c:84:49:1e:26:83:17:ad:0e:dc:ec:eb:de:
90:24:59:00:e9:46:54:c5:85:85:8a:e3:ff:35:49:
e6:f9:11:95:ed:45:92:af:09:25:fa:53:d3:c9:0c:
fc:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:F0:69:62:AC:BF:56:88:3C:0B:12:8D:AD:9E:73:90:FC:D9:7F:DF
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/KPBpYqy_Vog8CxKNrZ5zkPzZf98.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.137.36.0/23
64.137.121.0/24
104.238.7.0/24
104.239.28.0/24
104.239.44.0/24
104.239.73.0/24
104.239.88.0/24
216.173.104.0/23
Signature Algorithm: sha256WithRSAEncryption
5a:40:62:2a:62:b1:60:11:af:95:2d:2c:b3:4d:1d:8d:4e:3f:
68:54:37:75:50:2f:25:63:42:5e:d7:b8:ad:54:af:f5:7b:f1:
a6:8e:f2:87:5c:97:5e:c8:86:4d:30:db:a6:24:45:89:50:bf:
49:d9:1f:03:88:0a:75:cd:f6:93:36:ad:89:43:67:5e:d3:04:
13:bc:49:22:d5:bf:d3:e3:eb:68:5d:da:b4:ff:79:21:56:cc:
da:c8:6a:f0:1a:37:15:4b:f9:2d:20:ff:e7:a0:b5:ef:05:e7:
5a:9a:d3:f4:2f:8b:fb:90:fb:c3:03:e8:38:1c:67:69:4d:f0:
0e:41:45:f2:8a:0c:c4:e8:40:8d:33:86:cd:6e:0f:fd:03:4d:
80:3c:64:d3:5d:3f:0f:01:c6:87:cc:98:ad:5d:f7:44:8f:99:
9f:5a:c5:7b:87:ed:57:f0:23:a8:15:fd:a3:dc:1c:ae:13:4d:
c0:c7:3f:8e:29:e4:a8:b4:b8:45:22:35:d8:cf:7e:67:15:ed:
37:12:91:01:3f:9d:56:b4:58:99:c9:2e:5f:85:f6:cf:d4:b8:
51:57:17:c1:16:30:0b:3b:cb:2a:dd:1f:c0:44:18:26:9c:bc:
1b:5d:08:0f:55:3d:b9:ba:6d:9d:7b:bf:29:5f:c1:7f:06:a5:
6a:e9:91:fe
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYYI7UWLJRf2ejEmtaIMWi1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMTMxMTc0MzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGYwNjk2MmFjYmY1Njg4M2MwYjEyOGRhZDllNzM5MGZjZDk3ZmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWfuc5ghQ5rxfX4ml0/sXEakySlF
ZhOqymyGgZnvuY3aAK4NrrUeCj3Ks3qk3U5AknqVUUe+py2cMAlmbACz7lN87Qwh
QzXvDzd6P52U4RhA4fT2a++5Ev5YxAPlmEaFUOQ++oexKAsyg++NPR53YACne7q3
zHgIeiQ4ztvpDLyNE3nsC9+AJpkpPtY1zNlYHu8+GSyda09XMQNUA2ZpON07/fkZ
+S60E9amwJIExoIgpaZ5xc3ce7VmV/VdL8tUaYlSacl6yZqs1q1hWE0i9KVykByE
SR4mgxetDtzs696QJFkA6UZUxYWFiuP/NUnm+RGV7UWSrwkl+lPTyQz8NQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFCjwaWKsv1aIPAsSja2ec5D82X/fMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvS1BCcFlxeV9Wb2c4Q3hLTnJaNXprUHpaZjk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBQIkkAwQA
QIl5AwQAaO4HAwQAaO8cAwQAaO8sAwQAaO9JAwQAaO9YAwQB2K1oMA0GCSqGSIb3
DQEBCwUAA4IBAQBaQGIqYrFgEa+VLSyzTR2NTj9oVDd1UC8lY0Je17itVK/1e/Gm
jvKHXJdeyIZNMNumJEWJUL9J2R8DiAp1zfaTNq2JQ2de0wQTvEki1b/T4+toXdq0
/3khVszayGrwGjcVS/ktIP/noLXvBedamtP0L4v7kPvDA+g4HGdpTfAOQUXyigzE
6ECNM4bNbg/9A02APGTTXT8PAcaHzJitXfdEj5mfWsV7h+1X8COoFf2j3ByuE03A
xz+OKeSotLhFIjXYz35nFe03EpEBP51WtFiZyS5fhfbP1LhRVxfBFjALO8sq3R/A
RBgmnLwbXQgPVT25um2de78pX8F/BqVq6ZH+
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:38 2023 by rpki-client on console-ams.rpki-client.org