Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/KNkiH0qYmunH-CENC0f0A1Nfftg.roa
File: KNkiH0qYmunH-CENC0f0A1Nfftg.roa (raw, json)
Hash identifier: WydHi2zXGFTt9xTvGfFQPrKbrepbP7IN+cgJ1XN33j0=
Subject key identifier: 28:D9:22:1F:4A:98:9A:E9:C7:F8:21:0D:0B:47:F4:03:53:5F:7E:D8
Certificate issuer: /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial: 018AEA841858718C611D036D8DB9C1D63EFF
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/KNkiH0qYmunH-CENC0f0A1Nfftg.roa
Signing time: Sun 01 Oct 2023 09:14:00 +0000
ROA not before: Sun 01 Oct 2023 09:14:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 141.226.240.0/24 maxlen: 24
141.226.246.0/24 maxlen: 24
141.226.244.0/24 maxlen: 24
141.226.247.0/24 maxlen: 24
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ea:84:18:58:71:8c:61:1d:03:6d:8d:b9:c1:d6:3e:ff
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
Validity
Not Before: Oct 1 09:14:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=28d9221f4a989ae9c7f8210d0b47f403535f7ed8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:3e:cf:cd:54:eb:37:76:27:bb:71:a5:44:4d:
97:1f:1a:9d:a6:29:7c:8b:80:fb:da:46:6e:27:5c:
3c:fd:4c:f0:52:26:d4:3f:c7:31:fe:db:11:58:35:
80:cf:ad:f7:12:f0:72:10:b0:81:58:2e:52:ba:03:
6a:c9:03:d0:3b:42:89:19:a3:8a:13:95:87:df:c0:
51:b0:dd:13:78:61:5c:8f:ab:22:28:53:7b:b9:a1:
25:54:a9:b7:84:fd:d3:ce:ce:cf:6d:84:42:6f:70:
1f:6a:fa:97:16:83:ce:e5:7d:53:8d:d8:6b:c1:98:
07:d3:27:ce:da:47:14:e7:4a:cd:24:64:98:a8:0a:
b9:19:7d:bb:1b:96:13:55:9d:66:df:bd:f4:c9:ea:
7f:40:d9:c3:c5:5f:7f:03:88:fa:d5:4d:e2:22:65:
2c:ee:85:8e:bc:ae:c1:c9:9f:38:67:48:a6:ef:2d:
7d:5a:1e:27:89:ea:08:dd:3e:83:45:a5:b2:cd:79:
03:d1:03:14:84:ee:39:bc:44:2e:76:ad:ef:95:e6:
a7:53:10:70:f7:42:ce:42:39:85:0e:6f:b6:e8:02:
d1:0c:a2:4c:f6:12:60:f5:c6:13:f7:87:18:d7:f8:
26:5c:89:0a:8d:63:13:23:02:b5:c1:b7:ef:a6:a5:
2c:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:D9:22:1F:4A:98:9A:E9:C7:F8:21:0D:0B:47:F4:03:53:5F:7E:D8
X509v3 Authority Key Identifier:
keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/KNkiH0qYmunH-CENC0f0A1Nfftg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.226.240.0/24
141.226.244.0/24
141.226.246.0/23
Signature Algorithm: sha256WithRSAEncryption
3c:e1:0c:58:fa:45:3e:8d:69:04:eb:b4:c5:e8:f7:15:82:b3:
90:f9:6f:d5:f2:1a:f0:52:14:dd:f8:41:4b:e8:6f:20:03:17:
1b:21:5b:84:31:be:ba:8b:9d:9b:83:32:e3:93:38:03:3b:d2:
03:6d:4a:d0:5c:83:3a:af:2e:82:14:be:34:ba:22:fe:b2:50:
6e:57:79:db:0c:f2:b1:53:ac:b7:7c:35:e1:0b:a6:2e:4a:61:
4a:6c:00:fb:cb:d1:83:4c:d7:df:5c:21:0d:b2:3c:7f:e7:da:
38:fa:05:7b:16:cc:d9:0e:ba:1f:0a:13:06:0d:8b:18:ad:11:
73:6a:3b:6c:31:1f:91:40:8c:01:6f:00:67:c6:b9:1b:43:1e:
76:27:1b:c2:61:44:b1:33:5b:46:e3:14:df:73:62:f2:47:68:
e9:0d:29:b7:5d:a3:7a:58:50:b1:df:4a:a8:88:f1:d9:a2:e5:
3d:1b:1a:f5:5b:37:72:09:84:47:ba:a3:20:63:d2:d0:ab:68:
b4:61:2b:36:2c:e3:ac:70:d2:7e:07:ae:d3:e8:16:d5:52:0b:
a1:71:33:9f:ff:24:f8:d3:82:39:d7:d7:8e:f3:74:84:83:bd:
3c:8a:81:2e:c0:46:3c:50:86:30:d6:e0:08:c8:9f:58:32:e4:
d3:f9:da:15
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYrqhBhYcYxhHQNtjbnB1j7/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjMxMDAxMDkxNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGQ5MjIxZjRhOTg5YWU5YzdmODIxMGQwYjQ3ZjQwMzUzNWY3ZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhz7PzVTrN3Ynu3GlRE2XHxqdpil8
i4D72kZuJ1w8/UzwUibUP8cx/tsRWDWAz633EvByELCBWC5SugNqyQPQO0KJGaOK
E5WH38BRsN0TeGFcj6siKFN7uaElVKm3hP3Tzs7PbYRCb3AfavqXFoPO5X1Tjdhr
wZgH0yfO2kcU50rNJGSYqAq5GX27G5YTVZ1m3730yep/QNnDxV9/A4j61U3iImUs
7oWOvK7ByZ84Z0im7y19Wh4nieoI3T6DRaWyzXkD0QMUhO45vEQudq3vleanUxBw
90LOQjmFDm+26ALRDKJM9hJg9cYT94cY1/gmXIkKjWMTIwK1wbfvpqUssQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCjZIh9KmJrpx/ghDQtH9ANTX37YMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvS05raUgwcVltdW5ILUNFTkMwZjBBMU5mZnRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjeLwAwQA
jeL0AwQBjeL2MA0GCSqGSIb3DQEBCwUAA4IBAQA84QxY+kU+jWkE67TF6PcVgrOQ
+W/V8hrwUhTd+EFL6G8gAxcbIVuEMb66i52bgzLjkzgDO9IDbUrQXIM6ry6CFL40
uiL+slBuV3nbDPKxU6y3fDXhC6YuSmFKbAD7y9GDTNffXCENsjx/59o4+gV7FszZ
DrofChMGDYsYrRFzajtsMR+RQIwBbwBnxrkbQx52JxvCYUSxM1tG4xTfc2LyR2jp
DSm3XaN6WFCx30qoiPHZouU9Gxr1WzdyCYRHuqMgY9LQq2i0YSs2LOOscNJ+B67T
6BbVUguhcTOf/yT404I519eO83SEg708ioEuwEY8UIYw1uAIyJ9YMuTT+doV
-----END CERTIFICATE-----
Generated at Tue Oct 3 16:21:09 2023 by rpki-client on console-fra.rpki-client.org