Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/eb26f7-1303-4210-a9d8-1eb3b8a941f7/1/er3UBcugGNUy1BdNVH9NqjU0rmA.roa
File: er3UBcugGNUy1BdNVH9NqjU0rmA.roa (raw, json)
Hash identifier: 2kb7nrR52x25BCJHa3o03H5NH0inogfohUPL1ibkH2Q=
Subject key identifier: 7A:BD:D4:05:CB:A0:18:D5:32:D4:17:4D:54:7F:4D:AA:35:34:AE:60
Certificate issuer: /CN=2f8e83eefe7f14b9e4490a36eebd881e163ccc1b
Certificate serial: 01856FF98FC139DEE102C6F8963BD6AE7924
Authority key identifier: 2F:8E:83:EE:FE:7F:14:B9:E4:49:0A:36:EE:BD:88:1E:16:3C:CC:1B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L46D7v5_FLnkSQo27r2IHhY8zBs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/64/eb26f7-1303-4210-a9d8-1eb3b8a941f7/1/er3UBcugGNUy1BdNVH9NqjU0rmA.roa
Signing time: Mon 02 Jan 2023 00:55:04 +0000
ROA not before: Mon 02 Jan 2023 00:55:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43415
IP address blocks: 176.56.156.0/24 maxlen: 24
176.56.156.0/22 maxlen: 22
176.56.156.0/23 maxlen: 23
176.56.158.0/24 maxlen: 24
176.56.158.0/23 maxlen: 23
176.56.157.0/24 maxlen: 24
176.56.159.0/24 maxlen: 24
185.185.240.0/24 maxlen: 24
185.185.240.0/22 maxlen: 22
185.185.241.0/24 maxlen: 24
185.185.242.0/24 maxlen: 24
185.185.243.0/24 maxlen: 24
2a0e:8300::/29 maxlen: 29
Validation: Failed, certificate revoked
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:f9:8f:c1:39:de:e1:02:c6:f8:96:3b:d6:ae:79:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f8e83eefe7f14b9e4490a36eebd881e163ccc1b
Validity
Not Before: Jan 2 00:55:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7abdd405cba018d532d4174d547f4daa3534ae60
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:c6:bd:45:f5:b8:d3:39:8f:96:3d:1a:07:0f:
a4:c8:67:a1:5f:aa:b3:3a:9c:7f:0e:dc:c7:98:3d:
45:0f:ab:50:c9:ad:09:5e:14:ee:96:76:70:a4:a5:
0f:29:d6:09:71:34:06:e4:cb:3f:2b:5f:26:24:d4:
02:11:09:c1:60:74:d2:8b:d4:c9:6f:88:08:0c:82:
90:4e:ba:8a:0d:a1:17:2b:41:4e:03:6c:0e:7b:ea:
c7:73:c7:54:82:c1:2d:4c:c9:01:80:e2:c2:62:47:
3f:30:ac:90:7f:da:8a:15:8b:d2:f6:0c:fa:7e:31:
b0:5b:a7:01:fa:33:49:39:20:5a:5b:97:7a:70:39:
98:23:ad:e2:2b:ae:43:d1:92:a6:fa:9e:08:ec:80:
01:5b:0a:f5:f3:e1:90:45:40:ca:31:12:86:84:6c:
53:b0:74:d7:a7:81:26:00:b8:3f:67:fa:2d:75:cc:
4f:c7:82:14:ff:69:8f:39:e7:17:4e:7e:47:d5:0c:
d0:3e:54:09:32:ab:5f:1e:87:ee:89:03:0f:94:cb:
da:cd:ac:10:03:03:7a:9f:74:28:15:85:63:80:05:
df:41:0f:4b:d1:29:44:55:ad:58:a9:ed:1b:75:00:
f4:4b:9a:0c:83:59:a8:50:b1:17:c2:ef:9e:71:3c:
a7:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:BD:D4:05:CB:A0:18:D5:32:D4:17:4D:54:7F:4D:AA:35:34:AE:60
X509v3 Authority Key Identifier:
keyid:2F:8E:83:EE:FE:7F:14:B9:E4:49:0A:36:EE:BD:88:1E:16:3C:CC:1B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L46D7v5_FLnkSQo27r2IHhY8zBs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/eb26f7-1303-4210-a9d8-1eb3b8a941f7/1/er3UBcugGNUy1BdNVH9NqjU0rmA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/64/eb26f7-1303-4210-a9d8-1eb3b8a941f7/1/L46D7v5_FLnkSQo27r2IHhY8zBs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.56.156.0/22
185.185.240.0/22
IPv6:
2a0e:8300::/29
Signature Algorithm: sha256WithRSAEncryption
78:a7:96:bf:0d:18:bc:1f:be:61:de:b0:8a:d6:db:96:df:55:
77:60:cc:44:60:67:2b:3f:14:fb:35:2c:50:f7:f4:31:5f:3c:
6d:b5:99:23:f1:31:c7:71:6f:42:d6:b2:de:d7:f9:94:f2:be:
2c:3f:83:6d:23:a2:a8:2b:18:93:9e:69:63:30:94:42:c3:f9:
25:0a:ca:c8:4d:e0:c6:c9:91:83:66:b8:6d:3b:61:f5:f1:64:
16:31:b4:aa:60:b7:5d:97:eb:96:cb:26:ec:52:a4:1f:ba:ba:
dc:d6:b5:64:9c:23:24:eb:22:a8:2f:0d:b8:ad:0c:e9:4f:84:
21:87:69:fd:9b:d5:9d:f5:0a:53:be:b4:ee:94:c0:f3:3e:6b:
f6:39:16:1d:6d:f8:c6:d7:0e:ed:a4:e2:27:85:75:e3:9a:fc:
bb:81:35:af:35:bf:5d:e6:49:35:74:ab:df:da:5f:5c:97:99:
94:d7:b5:0e:fe:4f:18:fb:2f:7b:bb:fe:cc:67:dd:d7:03:6e:
e4:e2:00:21:81:91:f0:8d:a3:e7:11:44:c1:1e:6a:d1:57:e5:
ec:d4:4e:cc:0a:74:59:5d:fa:74:d4:70:31:10:fd:84:86:fc:
0c:7b:54:7f:76:c4:e3:23:31:d1:4e:2e:ae:dc:a6:2c:b2:ca:
3f:ae:d7:9f
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYVv+Y/BOd7hAsb4ljvWrnkkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOGU4M2VlZmU3ZjE0YjllNDQ5MGEzNmVlYmQ4ODFlMTYz
Y2NjMWIwHhcNMjMwMTAyMDA1NTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWJkZDQwNWNiYTAxOGQ1MzJkNDE3NGQ1NDdmNGRhYTM1MzRhZTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8a9RfW40zmPlj0aBw+kyGehX6qz
Opx/DtzHmD1FD6tQya0JXhTulnZwpKUPKdYJcTQG5Ms/K18mJNQCEQnBYHTSi9TJ
b4gIDIKQTrqKDaEXK0FOA2wOe+rHc8dUgsEtTMkBgOLCYkc/MKyQf9qKFYvS9gz6
fjGwW6cB+jNJOSBaW5d6cDmYI63iK65D0ZKm+p4I7IABWwr18+GQRUDKMRKGhGxT
sHTXp4EmALg/Z/otdcxPx4IU/2mPOecXTn5H1QzQPlQJMqtfHofuiQMPlMvazawQ
AwN6n3QoFYVjgAXfQQ9L0SlEVa1Yqe0bdQD0S5oMg1moULEXwu+ecTynrQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHq91AXLoBjVMtQXTVR/Tao1NK5gMB8GA1UdIwQY
MBaAFC+Og+7+fxS55EkKNu69iB4WPMwbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDQ2RDd2NV9GTG5rU1FvMjdyMklIaFk4ekJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lYjI2ZjctMTMwMy00MjEwLWE5ZDgt
MWViM2I4YTk0MWY3LzEvZXIzVUJjdWdHTlV5MUJkTlZIOU5xalUwcm1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lYjI2ZjctMTMwMy00MjEwLWE5ZDgtMWViM2I4YTk0MWY3
LzEvTDQ2RDd2NV9GTG5rU1FvMjdyMklIaFk4ekJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCsDicAwQC
ubnwMA0EAgACMAcDBQMqDoMAMA0GCSqGSIb3DQEBCwUAA4IBAQB4p5a/DRi8H75h
3rCK1tuW31V3YMxEYGcrPxT7NSxQ9/QxXzxttZkj8THHcW9C1rLe1/mU8r4sP4Nt
I6KoKxiTnmljMJRCw/klCsrITeDGyZGDZrhtO2H18WQWMbSqYLddl+uWyybsUqQf
urrc1rVknCMk6yKoLw24rQzpT4Qhh2n9m9Wd9QpTvrTulMDzPmv2ORYdbfjG1w7t
pOInhXXjmvy7gTWvNb9d5kk1dKvf2l9cl5mU17UO/k8Y+y97u/7MZ93XA27k4gAh
gZHwjaPnEUTBHmrRV+Xs1E7MCnRZXfp01HAxEP2EhvwMe1R/dsTjIzHRTi6u3KYs
sso/rtef
-----END CERTIFICATE-----
Generated at Mon Jan 1 02:53:57 2024 by rpki-client on console-ams.rpki-client.org