Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/qbrVGPV3Wchag-WEx6m8Gv6KPm8.roa
File: qbrVGPV3Wchag-WEx6m8Gv6KPm8.roa (raw, json)
Hash identifier: ztEksL0KdSaokeyOq1yPnsqq67Ln0Rk8yVBLyhDVZKY=
Subject key identifier: A9:BA:D5:18:F5:77:59:C8:5A:83:E5:84:C7:A9:BC:1A:FE:8A:3E:6F
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 0186182F78E7A3A1D7CCC106B3E394548F0B
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/qbrVGPV3Wchag-WEx6m8Gv6KPm8.roa
Signing time: Fri 03 Feb 2023 16:50:09 +0000
ROA not before: Fri 03 Feb 2023 16:50:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 149428
IP address blocks: 104.239.96.0/23 maxlen: 23
64.137.28.0/24 maxlen: 24
104.238.14.0/24 maxlen: 24
104.239.84.0/23 maxlen: 23
138.128.159.0/24 maxlen: 24
104.238.19.0/24 maxlen: 24
104.238.20.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:18:2f:78:e7:a3:a1:d7:cc:c1:06:b3:e3:94:54:8f:0b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Feb 3 16:50:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a9bad518f57759c85a83e584c7a9bc1afe8a3e6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:22:65:de:b9:a8:21:dc:93:93:b4:c1:fb:95:
26:ad:40:68:de:a4:d5:97:54:83:07:64:55:e9:06:
20:45:f2:9c:e1:b7:98:7f:6b:41:44:a8:44:61:0b:
7f:6d:4e:c6:7d:0c:80:49:9f:32:70:7f:02:8f:30:
34:53:c5:33:5d:a4:9c:0c:62:51:4b:1b:ed:f4:be:
cd:ec:d7:20:fc:a5:e9:b7:6d:97:17:5f:6c:6d:96:
e9:94:a7:49:f5:f3:8d:83:73:8b:5f:e1:6e:0d:19:
7d:2f:1f:80:a9:eb:1a:81:d6:e2:c4:df:2f:04:1b:
ec:5d:aa:2f:19:13:55:f2:1b:46:f1:2c:c4:ba:52:
45:db:c5:2f:e9:a0:76:87:aa:2e:7e:6b:f9:f1:28:
2e:6d:42:7f:be:b2:f1:33:d1:c9:b5:ff:ec:a7:f0:
3e:64:d3:dc:cd:f8:94:5f:2e:07:3f:59:a5:71:89:
2d:67:02:9c:11:f0:7f:d5:aa:3b:a7:8a:1b:22:c7:
de:69:85:5f:f0:83:37:4e:50:65:02:19:d2:b6:24:
7e:e3:a3:9b:03:f0:a5:a5:c8:8d:23:81:17:05:65:
71:64:24:42:8a:93:74:6d:62:b4:32:8f:24:35:d5:
7b:e4:cb:ef:b6:9f:f6:75:de:de:dc:9f:53:50:ed:
56:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A9:BA:D5:18:F5:77:59:C8:5A:83:E5:84:C7:A9:BC:1A:FE:8A:3E:6F
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/qbrVGPV3Wchag-WEx6m8Gv6KPm8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.137.28.0/24
104.238.14.0/24
104.238.19.0-104.238.20.255
104.239.84.0/23
104.239.96.0/23
138.128.159.0/24
Signature Algorithm: sha256WithRSAEncryption
01:61:b6:41:68:30:b8:10:0a:5c:f0:7b:af:7a:16:33:8d:6b:
c6:cf:48:ce:fc:46:09:00:cc:07:4d:ee:79:2c:67:83:ce:2c:
c6:20:a3:a1:a7:b1:a9:38:12:12:6e:39:27:0d:3e:ea:e1:62:
e9:39:84:0c:90:8d:2b:71:53:36:30:bc:b0:ea:d9:d7:fd:d2:
b6:55:65:84:81:69:41:cd:77:56:59:03:99:3b:ad:2e:ba:f8:
26:76:1d:7b:04:4e:65:38:d4:a9:5f:47:fe:cb:cb:0e:6c:77:
de:cc:32:ba:cb:47:1a:bc:3c:bd:d6:ec:94:47:af:14:80:36:
bb:dd:aa:45:60:22:d9:f5:ff:27:17:22:91:f1:b2:b4:6b:02:
f3:6e:f5:24:c7:26:83:b0:aa:90:d4:d8:54:8b:5d:1e:61:bc:
c6:0c:93:bf:2b:18:c1:34:f5:d6:80:82:98:b4:f2:21:ec:a0:
69:43:25:fc:e1:e6:98:9e:a7:af:a3:1d:17:4b:1e:a3:c2:db:
19:d3:ab:03:52:1d:b3:55:39:6c:9b:66:0c:27:b0:4f:06:6c:
1a:b2:cd:f7:4b:8b:a9:e2:4e:a1:ca:84:b8:d7:c2:da:ac:f0:
9c:af:4b:ad:36:32:20:bf:ee:52:7e:e8:fa:bc:2a:15:e0:60:
cb:2f:b4:56
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYYYL3jno6HXzMEGs+OUVI8LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwMjAzMTY1MDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWJhZDUxOGY1Nzc1OWM4NWE4M2U1ODRjN2E5YmMxYWZlOGEzZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyJl3rmoIdyTk7TB+5UmrUBo3qTV
l1SDB2RV6QYgRfKc4beYf2tBRKhEYQt/bU7GfQyASZ8ycH8CjzA0U8UzXaScDGJR
Sxvt9L7N7Ncg/KXpt22XF19sbZbplKdJ9fONg3OLX+FuDRl9Lx+AqesagdbixN8v
BBvsXaovGRNV8htG8SzEulJF28Uv6aB2h6oufmv58SgubUJ/vrLxM9HJtf/sp/A+
ZNPczfiUXy4HP1mlcYktZwKcEfB/1ao7p4obIsfeaYVf8IM3TlBlAhnStiR+46Ob
A/ClpciNI4EXBWVxZCRCipN0bWK0Mo8kNdV75Mvvtp/2dd7e3J9TUO1WyQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFKm61Rj1d1nIWoPlhMepvBr+ij5vMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvcWJyVkdQVjNXY2hhZy1XRXg2bThHdjZLUG04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAQIkcAwQA
aO4OMAwDBABo7hMDBABo7hQDBAFo71QDBAFo72ADBACKgJ8wDQYJKoZIhvcNAQEL
BQADggEBAAFhtkFoMLgQClzwe696FjONa8bPSM78RgkAzAdN7nksZ4POLMYgo6Gn
sak4EhJuOScNPurhYuk5hAyQjStxUzYwvLDq2df90rZVZYSBaUHNd1ZZA5k7rS66
+CZ2HXsETmU41KlfR/7Lyw5sd97MMrrLRxq8PL3W7JRHrxSANrvdqkVgItn1/ycX
IpHxsrRrAvNu9STHJoOwqpDU2FSLXR5hvMYMk78rGME09daAgpi08iHsoGlDJfzh
5piep6+jHRdLHqPC2xnTqwNSHbNVOWybZgwnsE8GbBqyzfdLi6niTqHKhLjXwtqs
8JyvS602MiC/7lJ+6Pq8KhXgYMsvtFY=
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:22:40 2024 by rpki-client on console-fra.rpki-client.org