Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Q_grnFKssQs7YgsQ2m_M_5PyEaQ.roa
File: Q_grnFKssQs7YgsQ2m_M_5PyEaQ.roa (raw, json)
Hash identifier: V/QkT+79eApHq2LrzaTFQ58WF71zeH2cl6MHlhtX4J4=
Subject key identifier: 43:F8:2B:9C:52:AC:B1:0B:3B:62:0B:10:DA:6F:CC:FF:93:F2:11:A4
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 01864AE5FAECEF6FE434FDD6FA688F85FD7F
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Q_grnFKssQs7YgsQ2m_M_5PyEaQ.roa
Signing time: Mon 13 Feb 2023 13:10:31 +0000
ROA not before: Mon 13 Feb 2023 13:10:31 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 104.239.94.0/24 maxlen: 24
104.167.10.0/24 maxlen: 24
64.137.52.0/23 maxlen: 23
104.239.30.0/23 maxlen: 23
104.238.4.0/24 maxlen: 24
104.238.5.0/24 maxlen: 24
104.238.8.0/24 maxlen: 24
104.238.9.0/24 maxlen: 24
138.128.148.0/24 maxlen: 24
138.128.157.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:4a:e5:fa:ec:ef:6f:e4:34:fd:d6:fa:68:8f:85:fd:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Feb 13 13:10:31 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=43f82b9c52acb10b3b620b10da6fccff93f211a4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:5b:cf:f1:74:97:df:c5:19:2b:c7:5c:28:7e:
7b:6c:e2:54:75:c2:20:5c:7f:dc:29:b7:ed:27:81:
4d:67:e6:48:c3:cc:e0:2c:14:d8:a2:83:c4:89:77:
de:1c:99:b2:24:80:8c:a4:2e:ee:ca:25:62:c5:23:
84:3f:45:dd:78:42:27:70:d0:49:74:0b:e6:80:48:
49:a4:7a:f0:97:4b:de:95:5c:05:e5:b4:7e:cb:0a:
9f:7e:ed:92:f8:ca:2b:2e:f1:73:92:f5:44:f2:52:
00:b3:04:6d:b7:6e:eb:de:bc:60:42:a7:f4:fd:de:
25:80:1d:80:cb:16:dc:5d:f3:37:15:70:b7:f9:f2:
d2:e1:70:9f:80:5c:72:e2:31:88:bb:da:06:04:f0:
db:4b:cc:14:2c:9e:26:08:e1:ff:f9:7b:4b:08:97:
6c:d2:ed:01:8d:90:30:a0:37:c8:bd:33:1e:56:a6:
d0:35:26:3e:fa:97:68:db:c1:cc:d5:e3:2a:76:51:
87:57:09:e7:92:0d:46:10:9d:b0:f8:59:f1:a2:e2:
85:13:9d:84:a8:90:b7:c5:03:1b:1e:f6:29:be:a6:
66:be:f4:56:e2:0a:f8:22:f7:b0:c5:86:ff:a4:4a:
e6:10:ff:26:4d:fe:2c:6a:7c:e0:8e:23:4b:ba:ab:
e0:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:F8:2B:9C:52:AC:B1:0B:3B:62:0B:10:DA:6F:CC:FF:93:F2:11:A4
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/Q_grnFKssQs7YgsQ2m_M_5PyEaQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.137.52.0/23
104.167.10.0/24
104.238.4.0/23
104.238.8.0/23
104.239.30.0/23
104.239.94.0/24
138.128.148.0/24
138.128.157.0/24
Signature Algorithm: sha256WithRSAEncryption
00:57:1e:03:01:16:8b:e5:ea:8e:fc:9a:71:d4:d0:84:4b:5f:
88:a6:f9:26:13:3b:b2:0a:8f:d7:cb:78:ec:11:d7:84:10:71:
da:f9:3d:7b:30:73:d4:78:82:73:f4:18:95:40:4f:bb:d2:4a:
9f:5c:88:1d:ed:1a:24:55:38:55:c9:f6:a9:f0:78:44:37:23:
50:11:eb:2e:de:55:9d:e5:1d:03:01:b5:6b:61:13:81:26:28:
c2:ba:62:d0:46:85:a7:0d:e3:b4:24:94:fc:1e:6a:11:cd:18:
23:0d:e7:0d:16:ce:4e:af:2a:d5:34:29:65:d3:66:a1:de:ca:
ea:4b:7d:a0:48:54:0f:a8:69:35:f1:1d:58:82:19:4b:34:87:
ee:ff:73:29:5d:de:36:1d:99:e1:6d:d5:11:62:56:26:e7:5d:
d1:ce:5e:c6:6f:f9:f7:a5:73:20:8a:95:e2:53:2d:e8:8d:68:
7e:ca:ef:86:4c:fe:47:09:16:25:ee:d3:cd:a9:ec:23:f4:e0:
59:f6:dd:b2:fd:31:50:75:23:dd:f4:bb:fe:3a:fd:1c:7b:24:
44:34:79:40:b4:07:a0:bf:ce:e0:82:b3:13:fd:85:2b:e4:32:
24:b0:3c:f2:64:37:2d:a1:7e:47:36:b7:41:c3:16:ae:17:64:
bb:8f:be:69
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYZK5frs72/kNP3W+miPhf1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMjEzMTMxMDMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2Y4MmI5YzUyYWNiMTBiM2I2MjBiMTBkYTZmY2NmZjkzZjIxMWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlvP8XSX38UZK8dcKH57bOJUdcIg
XH/cKbftJ4FNZ+ZIw8zgLBTYooPEiXfeHJmyJICMpC7uyiVixSOEP0XdeEIncNBJ
dAvmgEhJpHrwl0velVwF5bR+ywqffu2S+MorLvFzkvVE8lIAswRtt27r3rxgQqf0
/d4lgB2AyxbcXfM3FXC3+fLS4XCfgFxy4jGIu9oGBPDbS8wULJ4mCOH/+XtLCJds
0u0BjZAwoDfIvTMeVqbQNSY++pdo28HM1eMqdlGHVwnnkg1GEJ2w+FnxouKFE52E
qJC3xQMbHvYpvqZmvvRW4gr4IvewxYb/pErmEP8mTf4sanzgjiNLuqvgdwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEP4K5xSrLELO2ILENpvzP+T8hGkMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvUV9ncm5GS3NzUXM3WWdzUTJtX01fNVB5RWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBQIk0AwQA
aKcKAwQBaO4EAwQBaO4IAwQBaO8eAwQAaO9eAwQAioCUAwQAioCdMA0GCSqGSIb3
DQEBCwUAA4IBAQAAVx4DARaL5eqO/Jpx1NCES1+IpvkmEzuyCo/Xy3jsEdeEEHHa
+T17MHPUeIJz9BiVQE+70kqfXIgd7RokVThVyfap8HhENyNQEesu3lWd5R0DAbVr
YROBJijCumLQRoWnDeO0JJT8HmoRzRgjDecNFs5OryrVNCll02ah3srqS32gSFQP
qGk18R1YghlLNIfu/3MpXd42HZnhbdURYlYm513Rzl7Gb/n3pXMgipXiUy3ojWh+
yu+GTP5HCRYl7tPNqewj9OBZ9t2y/TFQdSPd9Lv+Ov0ceyRENHlAtAegv87ggrMT
/YUr5DIksDzyZDctoX5HNrdBwxauF2S7j75p
-----END CERTIFICATE-----
Generated at Thu Dec 28 14:03:35 2023 by rpki-client on console-ams.rpki-client.org