Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/k8gOgFn1muB4RSg2OKcTe5pjnPQ.roa
File: k8gOgFn1muB4RSg2OKcTe5pjnPQ.roa (raw, json)
Hash identifier: pqs1i/6lSHvG47dEXPNMOByMrmx0Q0UrxuMyKBUQzvM=
Subject key identifier: 93:C8:0E:80:59:F5:9A:E0:78:45:28:36:38:A7:13:7B:9A:63:9C:F4
Certificate issuer: /CN=015b6d1596ac0501a71a393447051a62ff1dda16
Certificate serial: 01856E4AFE20F4854CAE60AE1B4A813D3EAF
Authority key identifier: 01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/k8gOgFn1muB4RSg2OKcTe5pjnPQ.roa
Signing time: Sun 01 Jan 2023 17:04:46 +0000
ROA not before: Sun 01 Jan 2023 17:04:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47626
IP address blocks: 193.7.216.0/22 maxlen: 22
5.180.240.0/22 maxlen: 22
176.96.190.0/23 maxlen: 24
176.96.189.0/24 maxlen: 24
78.24.100.0/22 maxlen: 22
91.208.35.0/24 maxlen: 24
91.222.120.0/22 maxlen: 24
188.93.64.0/22 maxlen: 22
2a05:9c00::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:4a:fe:20:f4:85:4c:ae:60:ae:1b:4a:81:3d:3e:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=015b6d1596ac0501a71a393447051a62ff1dda16
Validity
Not Before: Jan 1 17:04:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=93c80e8059f59ae07845283638a7137b9a639cf4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:14:2d:b6:fd:36:e3:0b:ba:56:b5:60:8c:5c:
5d:6b:e5:6d:92:6d:0d:9d:32:b9:79:1e:83:4e:7d:
e7:63:61:aa:f1:0c:64:98:55:25:2b:8f:a3:e3:59:
87:30:4a:f6:15:1c:75:ee:54:6d:da:1d:e0:20:68:
ca:61:d6:de:7f:81:60:2f:5a:9b:8f:2d:3e:62:02:
d8:ab:72:3a:08:21:23:c0:e4:bf:64:da:54:8a:af:
75:0d:a0:e8:97:70:fe:a6:f4:b5:fb:e0:62:83:26:
a6:b7:e3:10:34:61:12:3c:39:3b:de:86:4a:8a:50:
67:d5:d5:a4:13:5d:6a:dc:a8:58:8c:15:05:42:3a:
4b:d7:8d:5f:66:48:90:9e:73:00:05:62:6b:bd:5c:
df:3e:ea:5c:27:60:9a:f8:be:23:10:b2:e5:94:50:
86:01:f6:fb:19:02:86:c8:fb:9a:9f:65:cf:1a:1c:
49:0d:5c:19:df:c3:23:9c:4c:dc:e6:72:4d:96:63:
63:bc:41:25:7d:a0:9c:17:d0:70:96:39:a1:e1:b5:
c5:28:a5:7a:4d:41:c0:bf:31:f1:45:88:cf:2b:35:
c3:9b:73:5b:12:f4:30:d9:27:cb:00:c0:a2:4b:f6:
8a:7e:d7:e0:0a:f3:2c:f5:30:20:44:59:4c:8a:f4:
08:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:C8:0E:80:59:F5:9A:E0:78:45:28:36:38:A7:13:7B:9A:63:9C:F4
X509v3 Authority Key Identifier:
keyid:01:5B:6D:15:96:AC:05:01:A7:1A:39:34:47:05:1A:62:FF:1D:DA:16
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVttFZasBQGnGjk0RwUaYv8d2hY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/k8gOgFn1muB4RSg2OKcTe5pjnPQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/52a88f-e9a2-4851-9148-fee8f3790567/1/AVttFZasBQGnGjk0RwUaYv8d2hY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.240.0/22
78.24.100.0/22
91.208.35.0/24
91.222.120.0/22
176.96.189.0-176.96.191.255
188.93.64.0/22
193.7.216.0/22
IPv6:
2a05:9c00::/29
Signature Algorithm: sha256WithRSAEncryption
74:2c:44:05:9f:8b:68:c1:53:f0:50:9e:21:b7:e7:3f:de:ab:
24:54:4e:0a:cd:e8:97:90:d1:14:7b:60:ff:ad:a9:9c:4a:29:
07:d4:1b:ef:a1:43:b9:f2:71:5d:47:ac:85:dc:a7:84:0b:64:
0e:71:f9:2b:da:d7:f2:4b:4e:9a:82:44:83:f5:c1:aa:18:d0:
d5:fb:ba:29:ff:73:07:ee:c1:8b:14:a5:be:84:39:07:1c:c4:
a0:99:f2:36:f3:a3:79:64:be:21:af:ee:bf:ad:5e:af:68:a4:
46:8c:58:1e:b6:a5:cb:dd:66:7e:74:13:f3:d8:11:e9:d4:0b:
b9:9a:1c:01:0c:8d:1b:31:7d:e8:07:d2:bb:0f:47:50:7a:d0:
43:53:b7:2b:42:e3:7f:83:58:c3:06:64:ea:d4:67:08:51:53:
0e:e6:03:1f:36:a8:5d:27:58:79:44:15:fc:6d:20:e6:b0:92:
ba:bc:89:7a:9e:d1:c9:3b:02:b7:6d:2e:73:10:9b:e2:e3:af:
23:f8:e9:c5:6c:7d:8b:be:41:6b:cf:4c:8f:9b:ab:6e:4d:d8:
93:3b:92:e1:ba:0f:83:32:a1:d6:59:e8:3f:94:bc:45:f8:c6:
34:97:3d:25:34:b6:7f:2b:0d:cc:18:5e:0b:a5:62:91:1c:74:
c8:1f:d1:60
-----BEGIN CERTIFICATE-----
MIIFODCCBCCgAwIBAgISAYVuSv4g9IVMrmCuG0qBPT6vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWI2ZDE1OTZhYzA1MDFhNzFhMzkzNDQ3MDUxYTYyZmYx
ZGRhMTYwHhcNMjMwMTAxMTcwNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2M4MGU4MDU5ZjU5YWUwNzg0NTI4MzYzOGE3MTM3YjlhNjM5Y2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRQttv024wu6VrVgjFxda+Vtkm0N
nTK5eR6DTn3nY2Gq8QxkmFUlK4+j41mHMEr2FRx17lRt2h3gIGjKYdbef4FgL1qb
jy0+YgLYq3I6CCEjwOS/ZNpUiq91DaDol3D+pvS1++Bigyamt+MQNGESPDk73oZK
ilBn1dWkE11q3KhYjBUFQjpL141fZkiQnnMABWJrvVzfPupcJ2Ca+L4jELLllFCG
Afb7GQKGyPuan2XPGhxJDVwZ38MjnEzc5nJNlmNjvEElfaCcF9Bwljmh4bXFKKV6
TUHAvzHxRYjPKzXDm3NbEvQw2SfLAMCiS/aKftfgCvMs9TAgRFlMivQI5wIDAQAB
o4ICRDCCAkAwHQYDVR0OBBYEFJPIDoBZ9ZrgeEUoNjinE3uaY5z0MB8GA1UdIwQY
MBaAFAFbbRWWrAUBpxo5NEcFGmL/HdoWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgt
ZmVlOGYzNzkwNTY3LzEvazhnT2dGbjFtdUI0UlNnMk9LY1RlNXBqblBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC81MmE4OGYtZTlhMi00ODUxLTkxNDgtZmVlOGYzNzkwNTY3
LzEvQVZ0dEZaYXNCUUduR2prMFJ3VWFZdjhkMmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFoGCCsGAQUFBwEHAQH/BEswSTA4BAIAATAyAwQCBbTwAwQC
ThhkAwQAW9AjAwQCW954MAwDBACwYL0DBAawYIADBAK8XUADBALBB9gwDQQCAAIw
BwMFAyoFnAAwDQYJKoZIhvcNAQELBQADggEBAHQsRAWfi2jBU/BQniG35z/eqyRU
TgrN6JeQ0RR7YP+tqZxKKQfUG++hQ7nycV1HrIXcp4QLZA5x+Sva1/JLTpqCRIP1
waoY0NX7uin/cwfuwYsUpb6EOQccxKCZ8jbzo3lkviGv7r+tXq9opEaMWB62pcvd
Zn50E/PYEenUC7maHAEMjRsxfegH0rsPR1B60ENTtytC43+DWMMGZOrUZwhRUw7m
Ax82qF0nWHlEFfxtIOawkrq8iXqe0ck7ArdtLnMQm+LjryP46cVsfYu+QWvPTI+b
q25N2JM7kuG6D4MyodZZ6D+UvEX4xjSXPSU0tn8rDcwYXgulYpEcdMgf0WA=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:47 2023 by rpki-client on console-ams.rpki-client.org