Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/kNGEjmtFGDPUCD56HFVH8tvcr_Q.roa
File: kNGEjmtFGDPUCD56HFVH8tvcr_Q.roa (raw, json)
Hash identifier: rDecyZQHRTD1DeF376unaV13p/e9UDWIaVBNp1AFfaY=
Subject key identifier: 90:D1:84:8E:6B:45:18:33:D4:08:3E:7A:1C:55:47:F2:DB:DC:AF:F4
Certificate issuer: /CN=51f866f32b47c69d478ad95354e257e51a236a57
Certificate serial: 018570674DAC2634B1EF9193A2362F2FA9C3
Authority key identifier: 51:F8:66:F3:2B:47:C6:9D:47:8A:D9:53:54:E2:57:E5:1A:23:6A:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ufhm8ytHxp1HitlTVOJX5Rojalc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/kNGEjmtFGDPUCD56HFVH8tvcr_Q.roa
Signing time: Mon 02 Jan 2023 02:54:56 +0000
ROA not before: Mon 02 Jan 2023 02:54:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39288
IP address blocks: 158.255.92.0/23 maxlen: 24
158.255.92.0/22 maxlen: 24
193.138.118.0/24 maxlen: 24
46.21.208.0/21 maxlen: 21
46.21.208.0/20 maxlen: 20
46.21.216.0/21 maxlen: 21
94.232.152.0/22 maxlen: 22
94.232.152.0/21 maxlen: 21
158.255.88.0/21 maxlen: 24
158.255.88.0/22 maxlen: 22
94.232.156.0/22 maxlen: 22
2a02:2928::/32 maxlen: 32
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:67:4d:ac:26:34:b1:ef:91:93:a2:36:2f:2f:a9:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=51f866f32b47c69d478ad95354e257e51a236a57
Validity
Not Before: Jan 2 02:54:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=90d1848e6b451833d4083e7a1c5547f2dbdcaff4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:af:a9:66:87:5c:63:ce:58:a5:11:0f:03:8f:
b6:90:a8:fa:b8:df:0d:61:f3:c1:17:55:75:0f:88:
15:10:83:d9:11:40:5f:1f:68:01:ad:92:d0:dc:b9:
16:3e:ae:4c:ec:e4:f1:67:70:e7:5d:ff:92:41:d2:
39:5a:bf:61:8c:3c:82:a8:d5:fa:13:cc:29:92:f3:
26:53:7e:c2:f4:27:0a:fb:5e:e3:8d:f4:9d:cd:a6:
dc:7c:78:9a:a1:05:14:a1:cd:48:32:f4:7f:8c:11:
14:9b:3a:31:06:8e:7f:b1:a5:33:bf:5a:96:2c:fd:
96:85:14:11:47:1b:3e:5a:64:ff:44:71:d8:05:b3:
db:95:fd:99:02:2d:71:ec:a5:cf:74:5c:2c:fc:09:
9e:de:85:96:d7:d3:c2:02:b1:99:2c:ed:8a:d9:3b:
19:19:ec:f4:00:ad:2c:41:c7:bb:7a:13:7d:67:38:
3f:66:78:6a:89:a9:5a:07:43:ee:30:0c:ca:ed:6c:
bc:d3:e4:85:e1:33:5a:ef:ee:89:9d:4e:a9:66:de:
06:76:68:68:86:80:0e:09:a2:d7:d9:78:ab:07:f6:
d7:1a:04:d3:19:d1:89:ea:fd:1e:e9:7a:b2:94:9a:
50:73:28:93:96:11:1e:20:17:0e:d1:05:37:ef:78:
09:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:D1:84:8E:6B:45:18:33:D4:08:3E:7A:1C:55:47:F2:DB:DC:AF:F4
X509v3 Authority Key Identifier:
keyid:51:F8:66:F3:2B:47:C6:9D:47:8A:D9:53:54:E2:57:E5:1A:23:6A:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ufhm8ytHxp1HitlTVOJX5Rojalc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/kNGEjmtFGDPUCD56HFVH8tvcr_Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/Ufhm8ytHxp1HitlTVOJX5Rojalc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.21.208.0/20
94.232.152.0/21
158.255.88.0/21
193.138.118.0/24
IPv6:
2a02:2928::/32
Signature Algorithm: sha256WithRSAEncryption
8a:62:78:08:70:3f:e7:d7:34:75:84:73:40:d5:39:f4:80:fd:
18:0d:c4:b6:e4:74:51:f3:13:46:d2:6c:09:fd:e7:db:b4:de:
3b:c0:12:6f:22:f7:2f:98:24:31:2d:23:c0:f1:4b:07:3c:97:
df:33:78:50:b4:5b:77:c7:f4:fd:65:1e:f5:f5:25:61:6b:b8:
58:64:6f:f0:3e:e6:dd:f3:91:8a:d1:d4:4c:bc:13:d0:86:10:
43:c1:cb:de:71:47:5f:9c:ea:75:df:a1:c3:99:d6:9b:17:a8:
59:74:aa:6b:2b:5b:18:bd:ac:ed:00:9f:9e:dd:fd:f5:3c:c7:
51:d2:e8:5c:6e:81:21:f2:52:25:9a:85:ce:31:50:72:4a:0d:
a8:05:d1:ba:c8:d7:07:d6:94:dc:7a:be:f5:bc:23:1c:32:a0:
9f:b8:87:99:99:2c:96:b0:09:e5:45:94:f6:f7:f5:46:7b:94:
f1:25:8a:d8:19:98:9c:41:01:21:9c:9b:80:39:7e:8a:a1:24:
bc:c9:be:ea:ed:a2:28:6d:63:6b:bb:4b:95:5a:c3:b4:a6:9d:
5e:c0:4d:04:bc:ff:c0:7a:c5:c6:b4:fa:0d:06:5f:f4:0e:c7:
e8:b8:14:f0:63:18:13:e3:53:b3:78:8e:df:7b:d7:f5:04:25:
2f:a4:31:31
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVwZ02sJjSx75GTojYvL6nDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZjg2NmYzMmI0N2M2OWQ0NzhhZDk1MzU0ZTI1N2U1MWEy
MzZhNTcwHhcNMjMwMTAyMDI1NDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQxODQ4ZTZiNDUxODMzZDQwODNlN2ExYzU1NDdmMmRiZGNhZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6+pZodcY85YpREPA4+2kKj6uN8N
YfPBF1V1D4gVEIPZEUBfH2gBrZLQ3LkWPq5M7OTxZ3DnXf+SQdI5Wr9hjDyCqNX6
E8wpkvMmU37C9CcK+17jjfSdzabcfHiaoQUUoc1IMvR/jBEUmzoxBo5/saUzv1qW
LP2WhRQRRxs+WmT/RHHYBbPblf2ZAi1x7KXPdFws/Ame3oWW19PCArGZLO2K2TsZ
Gez0AK0sQce7ehN9Zzg/ZnhqialaB0PuMAzK7Wy80+SF4TNa7+6JnU6pZt4Gdmho
hoAOCaLX2XirB/bXGgTTGdGJ6v0e6XqylJpQcyiTlhEeIBcO0QU373gJOQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJDRhI5rRRgz1Ag+ehxVR/Lb3K/0MB8GA1UdIwQY
MBaAFFH4ZvMrR8adR4rZU1TiV+UaI2pXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWZobTh5dEh4cDFIaXRsVFZPSlg1Um9qYWxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9kY2I2ZmItMGU4Ni00ZDM0LWFkYzMt
ZDkzZmQ0OWFlOGVmLzEva05HRWptdEZHRFBVQ0Q1NkhGVkg4dHZjcl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9kY2I2ZmItMGU4Ni00ZDM0LWFkYzMtZDkzZmQ0OWFlOGVm
LzEvVWZobTh5dEh4cDFIaXRsVFZPSlg1Um9qYWxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQELhXQAwQD
XuiYAwQDnv9YAwQAwYp2MA0EAgACMAcDBQAqAikoMA0GCSqGSIb3DQEBCwUAA4IB
AQCKYngIcD/n1zR1hHNA1Tn0gP0YDcS25HRR8xNG0mwJ/efbtN47wBJvIvcvmCQx
LSPA8UsHPJffM3hQtFt3x/T9ZR719SVha7hYZG/wPubd85GK0dRMvBPQhhBDwcve
cUdfnOp136HDmdabF6hZdKprK1sYvaztAJ+e3f31PMdR0uhcboEh8lIlmoXOMVBy
Sg2oBdG6yNcH1pTcer71vCMcMqCfuIeZmSyWsAnlRZT29/VGe5TxJYrYGZicQQEh
nJuAOX6KoSS8yb7q7aIobWNru0uVWsO0pp1ewE0EvP/AesXGtPoNBl/0DsfouBTw
YxgT41OzeI7fe9f1BCUvpDEx
-----END CERTIFICATE-----
Generated at Tue Jan 2 11:34:59 2024 by rpki-client on console-ams.rpki-client.org