Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/vNrlB_x5YIC_nUraufEFMq7Gk-o.roa
File: vNrlB_x5YIC_nUraufEFMq7Gk-o.roa (raw, json)
Hash identifier: 2vYYdm55jUnqG3AMDtcpjtLn8Ex2j+eXHCK+SfD012g=
Subject key identifier: BC:DA:E5:07:FC:79:60:80:BF:9D:4A:DA:B9:F1:05:32:AE:C6:93:EA
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 018CB03209A703553A537586C3115612C2B6
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/vNrlB_x5YIC_nUraufEFMq7Gk-o.roa
Signing time: Thu 28 Dec 2023 11:31:58 +0000
ROA not before: Thu 28 Dec 2023 11:31:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 104.239.94.0/24 maxlen: 24
104.167.10.0/24 maxlen: 24
104.239.30.0/23 maxlen: 23
104.238.4.0/24 maxlen: 24
104.238.5.0/24 maxlen: 24
104.238.8.0/24 maxlen: 24
104.238.9.0/24 maxlen: 24
138.128.148.0/24 maxlen: 24
138.128.157.0/24 maxlen: 24
Validation: Failed, certificate revoked on Tue 02 Jan 2024 00:31:05 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b0:32:09:a7:03:55:3a:53:75:86:c3:11:56:12:c2:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Dec 28 11:31:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bcdae507fc796080bf9d4adab9f10532aec693ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:15:7b:d4:65:5a:28:6c:6f:5e:f3:b6:95:0a:
8e:f6:ff:d8:78:33:da:c9:5c:d1:a6:bd:3b:c9:6d:
aa:e4:35:e9:ef:fa:ba:91:97:67:13:e3:ae:3c:ef:
66:e7:f8:7e:f8:27:87:cf:74:b6:4c:77:b2:87:a9:
52:ce:74:c0:16:72:97:5e:0d:1e:b8:43:23:e8:c2:
85:a7:74:56:25:d1:d7:6e:13:97:08:6f:e9:d0:5a:
fe:7b:98:12:5e:a6:fa:36:fe:4f:05:09:0f:02:10:
11:b7:e8:8e:52:f3:82:ed:1f:a1:a0:72:e2:57:1e:
66:ed:4a:7b:94:27:6d:b7:95:5c:fb:75:c0:db:f3:
2b:ee:11:9e:f2:72:e8:c7:61:4e:2b:9a:41:35:a9:
a0:24:e7:08:ed:8d:db:ce:70:07:de:9f:8e:a9:e5:
1d:1d:53:2c:72:d6:61:38:80:d3:4f:4b:34:bf:2c:
9d:ac:15:43:30:9a:23:dc:02:6b:06:34:5c:0a:97:
1d:48:c5:88:1c:1f:c0:73:cc:80:42:ec:f0:39:db:
e6:c5:33:7d:ec:1d:1a:3d:2b:bc:ce:67:45:3c:e9:
15:60:06:98:a9:bd:fe:54:b7:cb:bd:90:1a:9f:99:
e0:55:d4:2e:2d:54:09:ad:3f:75:3d:93:35:35:46:
95:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:DA:E5:07:FC:79:60:80:BF:9D:4A:DA:B9:F1:05:32:AE:C6:93:EA
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/vNrlB_x5YIC_nUraufEFMq7Gk-o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.167.10.0/24
104.238.4.0/23
104.238.8.0/23
104.239.30.0/23
104.239.94.0/24
138.128.148.0/24
138.128.157.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:44:86:ba:7c:ed:7b:4c:34:18:e0:b8:44:01:3d:b2:34:01:
ee:26:ca:53:30:bf:8d:91:ac:be:d0:07:99:3c:c7:84:8b:c5:
47:09:2f:00:44:9d:3b:d0:4b:48:f9:78:9d:6d:0e:90:cf:20:
d2:8e:76:7d:38:7e:35:24:01:0e:63:b9:61:bd:52:09:f7:5f:
d0:dd:36:31:ae:fb:1e:f7:72:d1:29:38:20:c2:ab:4a:a9:57:
72:8a:fd:96:12:fc:d1:00:34:41:38:e6:05:21:37:7f:1e:54:
92:65:db:54:49:a6:61:3f:e9:42:68:6c:3d:b3:fc:21:09:3c:
16:1e:d4:67:57:63:d6:60:63:23:42:26:d7:54:38:73:55:65:
b0:25:1a:28:41:6c:a6:78:60:22:5b:6a:6f:21:84:c6:c3:56:
ff:76:39:16:77:52:bb:8c:cc:60:d3:82:61:17:38:4c:ab:f4:
18:f3:73:89:86:36:bc:36:a0:85:4e:59:54:72:6c:15:95:84:
ee:d0:bc:6d:ab:c7:6d:6d:a8:fe:35:89:c2:3c:40:8e:ad:dd:
89:0d:13:db:19:ee:e1:e5:d2:4e:40:11:ab:0a:c2:ba:32:08:
a9:fb:af:03:81:2b:20:29:c3:6d:97:44:ea:c1:65:ac:45:1f:
63:91:0f:43
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYywMgmnA1U6U3WGwxFWEsK2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMxMjI4MTEzMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2RhZTUwN2ZjNzk2MDgwYmY5ZDRhZGFiOWYxMDUzMmFlYzY5M2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhV71GVaKGxvXvO2lQqO9v/YeDPa
yVzRpr07yW2q5DXp7/q6kZdnE+OuPO9m5/h++CeHz3S2THeyh6lSznTAFnKXXg0e
uEMj6MKFp3RWJdHXbhOXCG/p0Fr+e5gSXqb6Nv5PBQkPAhARt+iOUvOC7R+hoHLi
Vx5m7Up7lCdtt5Vc+3XA2/Mr7hGe8nLox2FOK5pBNamgJOcI7Y3bznAH3p+OqeUd
HVMsctZhOIDTT0s0vyydrBVDMJoj3AJrBjRcCpcdSMWIHB/Ac8yAQuzwOdvmxTN9
7B0aPSu8zmdFPOkVYAaYqb3+VLfLvZAan5ngVdQuLVQJrT91PZM1NUaVcwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFLza5Qf8eWCAv51K2rnxBTKuxpPqMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvdk5ybEJfeDVZSUNfblVyYXVmRUZNcTdHay1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAaKcKAwQB
aO4EAwQBaO4IAwQBaO8eAwQAaO9eAwQAioCUAwQAioCdMA0GCSqGSIb3DQEBCwUA
A4IBAQA/RIa6fO17TDQY4LhEAT2yNAHuJspTML+Nkay+0AeZPMeEi8VHCS8ARJ07
0EtI+XidbQ6QzyDSjnZ9OH41JAEOY7lhvVIJ91/Q3TYxrvse93LRKTggwqtKqVdy
iv2WEvzRADRBOOYFITd/HlSSZdtUSaZhP+lCaGw9s/whCTwWHtRnV2PWYGMjQibX
VDhzVWWwJRooQWymeGAiW2pvIYTGw1b/djkWd1K7jMxg04JhFzhMq/QY83OJhja8
NqCFTllUcmwVlYTu0Lxtq8dtbaj+NYnCPECOrd2JDRPbGe7h5dJOQBGrCsK6Mgip
+68DgSsgKcNtl0TqwWWsRR9jkQ9D
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:11:45 2024 by rpki-client on console-ams.rpki-client.org