Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wthnwwI3F-FhszC1czBKsbachZs.roa
File: wthnwwI3F-FhszC1czBKsbachZs.roa (raw, json)
Hash identifier: tjfqH5Z9VI7JToHZrHoZ46KDOcdfESzuhRVTt/wq/8g=
Subject key identifier: C2:D8:67:C3:02:37:17:E1:61:B3:30:B5:73:30:4A:B1:B6:9C:85:9B
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 018ACD1FA43A0A05F786D0AD503495EF5651
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wthnwwI3F-FhszC1czBKsbachZs.roa
Signing time: Mon 25 Sep 2023 16:15:17 +0000
ROA not before: Mon 25 Sep 2023 16:15:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 397423
IP address blocks: 64.137.16.0/24 maxlen: 24
104.249.25.0/24 maxlen: 24
104.249.63.0/24 maxlen: 24
104.249.62.0/24 maxlen: 24
216.173.112.0/21 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:cd:1f:a4:3a:0a:05:f7:86:d0:ad:50:34:95:ef:56:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Sep 25 16:15:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c2d867c3023717e161b330b573304ab1b69c859b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:a6:ed:87:c7:41:eb:9e:5d:4b:d3:11:69:bb:
51:e0:14:f0:ca:1f:0c:70:39:7a:d1:24:46:17:f2:
96:72:ca:29:45:ea:29:6c:fe:07:15:52:3b:a1:f7:
36:65:7e:e0:f2:bd:dc:a2:01:c3:63:7c:9f:9d:0a:
70:5e:c1:ce:7a:26:93:33:e4:48:97:45:49:b1:44:
fe:31:c7:d4:26:b1:1a:ff:53:9d:cf:a2:dd:f8:7a:
40:98:b6:cc:67:c1:01:70:0e:76:56:35:46:19:40:
c8:1d:69:b1:c5:ad:bc:94:8f:ae:85:0e:85:94:ad:
b5:d7:1e:f3:88:ee:81:42:64:20:33:46:8b:d9:ca:
cf:1e:6b:29:09:80:2d:3b:ce:fd:ed:ec:60:0d:c8:
8a:be:43:08:6c:18:ce:d3:86:46:37:aa:b1:7e:55:
52:36:ba:22:f1:f7:00:a5:a8:2e:53:3c:0d:25:d4:
50:07:80:96:b5:fe:77:b7:4d:0e:13:61:85:61:59:
46:12:1e:a3:3f:f8:82:f3:b4:98:0a:82:58:f9:08:
62:6d:f7:11:36:cc:6e:5e:2d:97:93:ff:1d:12:5c:
69:7d:55:9e:c5:0c:7b:13:11:ce:e3:14:24:05:89:
a1:a8:cf:03:89:dc:c4:e4:93:4c:6a:26:da:5c:1b:
c0:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C2:D8:67:C3:02:37:17:E1:61:B3:30:B5:73:30:4A:B1:B6:9C:85:9B
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/wthnwwI3F-FhszC1czBKsbachZs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
64.137.16.0/24
104.249.25.0/24
104.249.62.0/23
216.173.112.0/21
Signature Algorithm: sha256WithRSAEncryption
0a:ba:ae:72:3c:31:cf:46:b8:fd:48:8f:83:0a:cf:ae:4f:4b:
e3:14:3b:71:81:9e:4d:01:e9:a5:86:5f:0c:b4:b6:3f:97:b9:
89:40:d9:de:35:aa:b6:27:99:44:89:2c:7a:1f:8b:66:3a:e5:
b7:cd:ce:24:56:ae:e6:bb:6d:96:09:a3:e0:2d:d4:be:d3:87:
96:95:27:2a:8e:a5:35:e2:ae:75:f1:e6:eb:0e:5d:04:50:fa:
4e:ea:72:8a:18:70:80:6a:5f:ee:8c:f3:df:78:55:8a:90:78:
c2:dc:ad:8c:61:2d:b9:41:a2:63:22:86:d5:e2:03:12:1b:a3:
06:c4:f9:6b:c1:c2:4f:b0:e4:60:32:1c:9e:0b:db:c6:64:b2:
f5:2f:a1:40:44:7e:ba:4c:f1:47:00:f8:95:ae:af:c3:25:a8:
3c:80:40:96:94:4c:65:6f:20:2f:70:84:d2:0a:de:b0:f3:1b:
1d:b5:b1:73:ee:f1:4f:0d:fd:d7:1a:76:25:42:62:d9:e6:73:
eb:3a:62:87:51:75:13:7b:b1:de:7d:cb:86:87:04:10:88:d9:
7e:c2:7a:6a:67:b7:79:ef:29:f8:de:6f:52:81:e4:af:cf:06:
2c:3a:d4:b5:ad:0d:8e:56:c9:5a:0c:01:eb:39:ea:2c:53:5c:
4c:93:c8:c1
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYrNH6Q6CgX3htCtUDSV71ZRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjMwOTI1MTYxNTE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmQ4NjdjMzAyMzcxN2UxNjFiMzMwYjU3MzMwNGFiMWI2OWM4NTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKbth8dB655dS9MRabtR4BTwyh8M
cDl60SRGF/KWcsopReopbP4HFVI7ofc2ZX7g8r3cogHDY3yfnQpwXsHOeiaTM+RI
l0VJsUT+McfUJrEa/1Odz6Ld+HpAmLbMZ8EBcA52VjVGGUDIHWmxxa28lI+uhQ6F
lK211x7ziO6BQmQgM0aL2crPHmspCYAtO8797exgDciKvkMIbBjO04ZGN6qxflVS
Nroi8fcApaguUzwNJdRQB4CWtf53t00OE2GFYVlGEh6jP/iC87SYCoJY+QhibfcR
NsxuXi2Xk/8dElxpfVWexQx7ExHO4xQkBYmhqM8DidzE5JNMaibaXBvAbwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMLYZ8MCNxfhYbMwtXMwSrG2nIWbMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvd3Robnd3STNGLUZoc3pDMWN6QktzYmFjaFpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAQIkQAwQA
aPkZAwQBaPk+AwQD2K1wMA0GCSqGSIb3DQEBCwUAA4IBAQAKuq5yPDHPRrj9SI+D
Cs+uT0vjFDtxgZ5NAemlhl8MtLY/l7mJQNneNaq2J5lEiSx6H4tmOuW3zc4kVq7m
u22WCaPgLdS+04eWlScqjqU14q518ebrDl0EUPpO6nKKGHCAal/ujPPfeFWKkHjC
3K2MYS25QaJjIobV4gMSG6MGxPlrwcJPsORgMhyeC9vGZLL1L6FARH66TPFHAPiV
rq/DJag8gECWlExlbyAvcITSCt6w8xsdtbFz7vFPDf3XGnYlQmLZ5nPrOmKHUXUT
e7HefcuGhwQQiNl+wnpqZ7d57yn43m9SgeSvzwYsOtS1rQ2OVslaDAHrOeosU1xM
k8jB
-----END CERTIFICATE-----
Generated at Tue Jan 2 04:22:40 2024 by rpki-client on console-fra.rpki-client.org